Package org.apache.shiro.crypto.cipher

Enum PaddingScheme

java.lang.Object
java.lang.Enum<PaddingScheme>
org.apache.shiro.crypto.cipher.PaddingScheme
All Implemented Interfaces:
Serializable, Comparable<PaddingScheme>
public enum PaddingScheme extends Enum<PaddingScheme>
A CipherPaddingScheme represents well-known padding schemes supported by JPA providers in a type-safe manner.

When encrypted data is transferred, it is usually desirable to ensure that all 'chunks' transferred are a fixed-length: different length blocks might give cryptanalysts clues about what the data might be, among other reasons. Of course not all data will convert to neat fixed-length blocks, so padding schemes are used to 'fill in' (pad) any remaining space with unintelligible data.

Padding schemes can be used in both asymmetric key ciphers as well as symmetric key ciphers (e.g. block ciphers). Block-ciphers especially regularly use padding schemes as they are based on the notion of fixed-length block sizes.

Since:
1.0
See Also:

  • Enum Constant Details

    • NONE

      public static final PaddingScheme NONE
      No padding. Useful when the block size is 8 bits for block cipher streaming operations. (Because a byte is the most primitive block size, there is nothing to pad).

    • ISO10126

      public static final PaddingScheme ISO10126
      Padding scheme as defined in the W3C's "XML Encryption Syntax and Processing" document, Section 5.2 - Block Encryption Algorithms.

    • OAEP

      public static final PaddingScheme OAEP
      Optimal Asymmetric Encryption Padding defined in RSA's PKSC#1 standard (aka RFC 3447).

      NOTE: using this padding requires initializing Cipher instances with a OAEPParameterSpec object which provides the 1) message digest and 2) mask generation function to use for the scheme.

      Convenient Alternatives

      While using this scheme enables you full customization of the message digest + mask generation function combination, it does require the extra burden of providing your own OAEPParameterSpec object. This is often unnecessary, because most combinations are fairly standard. These common combinations are pre-defined in this enum in the OAEP* variants.

      If you find that these common combinations still do not meet your needs, then you will need to specify your own message digest and mask generation function, either as an OAEPParameterSpec object during Cipher initialization or, maybe more easily, in the scheme name directly. If you want to use scheme name approach, the name format is specified in the Standard Names document in the Cipher Algorithm Padding section.

      See Also:

    • OAEPWithMd5AndMgf1

      public static final PaddingScheme OAEPWithMd5AndMgf1
      Optimal Asymmetric Encryption Padding with MD5 message digest and MGF1 mask generation function.

      This is a convenient pre-defined OAEP padding scheme that embeds the message digest and mask generation function. When using this padding scheme, there is no need to init the Cipher instance with an OAEPParameterSpec object, as it is already 'built in' to the scheme name (unlike the OAEP scheme, which requires a bit more work).

    • OAEPWithSha1AndMgf1

      public static final PaddingScheme OAEPWithSha1AndMgf1
      Optimal Asymmetric Encryption Padding with SHA-1 message digest and MGF1 mask generation function.

      This is a convenient pre-defined OAEP padding scheme that embeds the message digest and mask generation function. When using this padding scheme, there is no need to init the Cipher instance with an OAEPParameterSpec object, as it is already 'built in' to the scheme name (unlike the OAEP scheme, which requires a bit more work).

    • OAEPWithSha256AndMgf1

      public static final PaddingScheme OAEPWithSha256AndMgf1
      Optimal Asymmetric Encryption Padding with SHA-256 message digest and MGF1 mask generation function.

      This is a convenient pre-defined OAEP padding scheme that embeds the message digest and mask generation function. When using this padding scheme, there is no need to init the Cipher instance with an OAEPParameterSpec object, as it is already 'built in' to the scheme name (unlike the OAEP scheme, which requires a bit more work).

    • OAEPWithSha384AndMgf1

      public static final PaddingScheme OAEPWithSha384AndMgf1
      Optimal Asymmetric Encryption Padding with SHA-384 message digest and MGF1 mask generation function.

      This is a convenient pre-defined OAEP padding scheme that embeds the message digest and mask generation function. When using this padding scheme, there is no need to init the Cipher instance with an OAEPParameterSpec object, as it is already 'built in' to the scheme name (unlike the OAEP scheme, which requires a bit more work).

    • OAEPWithSha512AndMgf1

      public static final PaddingScheme OAEPWithSha512AndMgf1
      Optimal Asymmetric Encryption Padding with SHA-512 message digest and MGF1 mask generation function.

      This is a convenient pre-defined OAEP padding scheme that embeds the message digest and mask generation function. When using this padding scheme, there is no need to init the Cipher instance with an OAEPParameterSpec object, as it is already 'built in' to the scheme name (unlike the OAEP scheme, which requires a bit more work).

    • PKCS1

      public static final PaddingScheme PKCS1
      Padding scheme used with the RSA algorithm defined in RSA's PKSC#1 standard (aka RFC 3447).

    • PKCS5

      public static final PaddingScheme PKCS5
      Padding scheme defined in RSA's Password-Based Cryptography Standard.

    • SSL3

      public static final PaddingScheme SSL3
      Padding scheme defined in the SSL 3.0 specification, section 5.2.3.2 (CBC block cipher).

  • Method Details

    • values

      public static PaddingScheme[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.
      Returns:
      an array containing the constants of this enum type, in the order they are declared

    • valueOf

      public static PaddingScheme valueOf(String name)
      Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum type has no constant with the specified name
      NullPointerException - if the argument is null

    • getTransformationName

      public String getTransformationName()
      Returns the actual string name to use when building the Cipher transformation string.
      Returns:
      the actual string name to use when building the Cipher transformation string.
      See Also: