Package org.apache.shiro.crypto.cipher
Class AesCipherService
java.lang.Object
org.apache.shiro.crypto.cipher.JcaCipherService
org.apache.shiro.crypto.cipher.AbstractSymmetricCipherService
org.apache.shiro.crypto.cipher.DefaultBlockCipherService
org.apache.shiro.crypto.cipher.AesCipherService
- All Implemented Interfaces:
CipherService
CipherService using the AES cipher algorithm for all encryption, decryption, and key operations.
The AES algorithm can support key sizes of 128, 192 and 256 bits*. This implementation
defaults to 128 bits.
Note that this class retains changes the parent class's default CBC mode to GCM of operation
instead of the typical JDK default of ECB. ECB should not be used in
security-sensitive environments because ECB does not allow for initialization vectors, which are
considered necessary for strong encryption. See the parent class's JavaDoc and the
JcaCipherService JavaDoc for more on why the JDK default should not be used and is not
used in this implementation.
* Generating and using AES key sizes greater than 128 require installation of the
Java Cryptography Extension (JCE) Unlimited Strength
Jurisdiction Policy files.- Since:
- 1.0
-
Constructor Summary
ConstructorsConstructorDescriptionCreates a newCipherServiceinstance using theAEScipher algorithm with the following important cipher default attributes: Attribute ValuekeySize128bitsblockSize128bits (required forAESmodeGCM*paddingSchemeNoPadding***initializationVectorSize128bitsgenerateInitializationVectorstrue** -
Method Summary
Modifier and TypeMethodDescriptionprotected AlgorithmParameterSpeccreateParameterSpec(byte[] iv, boolean streaming) Methods inherited from class org.apache.shiro.crypto.cipher.DefaultBlockCipherService
generateInitializationVector, getBlockSize, getModeName, getPaddingSchemeName, getStreamingBlockSize, getStreamingModeName, getStreamingPaddingSchemeName, getTransformationString, isGenerateInitializationVectors, setBlockSize, setMode, setModeName, setPaddingScheme, setPaddingSchemeName, setStreamingBlockSize, setStreamingMode, setStreamingModeName, setStreamingPaddingScheme, setStreamingPaddingSchemeNameMethods inherited from class org.apache.shiro.crypto.cipher.AbstractSymmetricCipherService
generateNewKey, generateNewKeyMethods inherited from class org.apache.shiro.crypto.cipher.JcaCipherService
decrypt, decrypt, encrypt, encrypt, ensureSecureRandom, getAlgorithmName, getDefaultSecureRandom, getInitializationVectorSize, getKeySize, getSecureRandom, getStreamingBufferSize, isGenerateInitializationVectors, setGenerateInitializationVectors, setInitializationVectorSize, setKeySize, setSecureRandom, setStreamingBufferSize
-
Constructor Details
-
AesCipherService
public AesCipherService()Creates a newCipherServiceinstance using theAEScipher algorithm with the following important cipher default attributes:
* TheAttribute Value keySize128bitsblockSize128bits (required forAESmodeGCM*paddingSchemeNoPadding***initializationVectorSize128bitsgenerateInitializationVectorstrue**GCMoperation mode is used instead of the JDK defaultECBto ensure strong encryption.ECBshould not be used in security-sensitive environments - see theDefaultBlockCipherServiceclass JavaDoc's "Operation Mode" section for more. **In conjunction with the defaultGCMoperation mode, initialization vectors are generated by default to ensure strong encryption. See theJcaCipherServiceclass JavaDoc for more. **SinceGCMis a stream cipher, padding is implemented in the operation mode and an external padding scheme cannot be used in conjunction withGCM. In fact,AES/GCM/PKCS5Paddingis just an alias in most JVM forAES/GCM/NoPadding. NOTE: As of Java 14, setting a streaming padding for the above example will throw a NoSuchAlgorithmException- See Also:
-
-
Method Details
-
createParameterSpec
- Overrides:
createParameterSpecin classJcaCipherService
-