AESKeyedCipherProvider (nifi-security-utils 1.7.0 API)

java.lang.Object
- org.apache.nifi.security.util.crypto.KeyedCipherProvider
- - org.apache.nifi.security.util.crypto.AESKeyedCipherProvider

All Implemented Interfaces:

CipherProvider
```
public class AESKeyedCipherProvider
extends KeyedCipherProvider
```
This is a standard implementation of KeyedCipherProvider which supports AES cipher families with arbitrary modes of operation (currently only CBC, CTR, and GCM are supported as EncryptionMethods.

Field Summary

Fields
Modifier and Type Field and Description

private static int IV_LENGTH

private static org.slf4j.Logger logger

private static List<Integer> VALID_KEY_LENGTHS
- Fields inherited from class org.apache.nifi.security.util.crypto.KeyedCipherProvider
  IV_DELIMITER, MAX_IV_LIMIT

Fields
Modifier and Type	Field and Description
`private static int`	`IV_LENGTH`
`private static org.slf4j.Logger`	`logger`
`private static List<Integer>`	`VALID_KEY_LENGTHS`

Constructor Summary

Constructors
Constructor and Description

AESKeyedCipherProvider()

Constructors
Constructor and Description
`AESKeyedCipherProvider()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`byte[]`	`generateIV()` Generates a new random IV of 16 bytes using `SecureRandom`.
`Cipher`	`getCipher(EncryptionMethod encryptionMethod, SecretKey key, boolean encryptMode)` Returns an initialized cipher for the specified algorithm.
`Cipher`	`getCipher(EncryptionMethod encryptionMethod, SecretKey key, byte[] iv, boolean encryptMode)` Returns an initialized cipher for the specified algorithm.
`protected Cipher`	`getInitializedCipher(EncryptionMethod encryptionMethod, SecretKey key, byte[] iv, boolean encryptMode)`
`private boolean`	`isValidKeyLength(SecretKey key)`

Methods inherited from class org.apache.nifi.security.util.crypto.KeyedCipherProvider
readIV, writeIV

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

IV_LENGTH
```
private static final int IV_LENGTH
```
See Also:

Constant Field Values

VALID_KEY_LENGTHS

private static final List<Integer> VALID_KEY_LENGTHS

Constructor Detail
- AESKeyedCipherProvider
```
public AESKeyedCipherProvider()
```

Method Detail

getCipher
```
public Cipher getCipher(EncryptionMethod encryptionMethod,
                        SecretKey key,
                        byte[] iv,
                        boolean encryptMode)
                 throws Exception
```
Returns an initialized cipher for the specified algorithm. The IV is provided externally to allow for non-deterministic IVs, as IVs deterministically derived from the password are a potential vulnerability and compromise semantic security. See Ilmari Karonen's answer on Crypto Stack Exchange

Specified by:

getCipher in class KeyedCipherProvider

Parameters:

encryptionMethod - the EncryptionMethod

key - the key

iv - the IV or nonce (cannot be all 0x00)

encryptMode - true for encrypt, false for decrypt

Returns:

the initialized cipher

Throws:

Exception - if there is a problem initializing the cipher

getCipher
```
public Cipher getCipher(EncryptionMethod encryptionMethod,
                        SecretKey key,
                        boolean encryptMode)
                 throws Exception
```
Returns an initialized cipher for the specified algorithm. The IV will be generated internally (for encryption). If decryption is requested, it will throw an exception.

Specified by:

getCipher in class KeyedCipherProvider

Parameters:

encryptionMethod - the EncryptionMethod

key - the key

encryptMode - true for encrypt, false for decrypt

Returns:

the initialized cipher

Throws:

Exception - if there is a problem initializing the cipher or if decryption is requested

getInitializedCipher

protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod,
                                      SecretKey key,
                                      byte[] iv,
                                      boolean encryptMode)
                               throws NoSuchAlgorithmException,
                                      NoSuchProviderException,
                                      InvalidKeySpecException,
                                      NoSuchPaddingException,
                                      InvalidKeyException,
                                      InvalidAlgorithmParameterException,
                                      UnsupportedEncodingException

Throws:: NoSuchAlgorithmException; NoSuchProviderException; InvalidKeySpecException; NoSuchPaddingException; InvalidKeyException; InvalidAlgorithmParameterException; UnsupportedEncodingException

isValidKeyLength

private boolean isValidKeyLength(SecretKey key)

generateIV
```
public byte[] generateIV()
```
Generates a new random IV of 16 bytes using SecureRandom.

Specified by:

generateIV in class KeyedCipherProvider

Returns:

the IV

Class AESKeyedCipherProvider

Field Summary

Fields inherited from class org.apache.nifi.security.util.crypto.KeyedCipherProvider

Constructor Summary

Method Summary

Methods inherited from class org.apache.nifi.security.util.crypto.KeyedCipherProvider

Methods inherited from class java.lang.Object

Field Detail

logger

IV_LENGTH

VALID_KEY_LENGTHS

Constructor Detail

AESKeyedCipherProvider

Method Detail

getCipher

getCipher

getInitializedCipher

isValidKeyLength

generateIV