-
public interface FileNameCryptorProvides deterministic encryption capabilities as filenames must not change on subsequent encryption attempts, otherwise each change results in major directory structure changes which would be a terrible idea for cloud storage encryption.- See Also:
- Wikipedia on deterministic encryption
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description StringdecryptFilename(com.google.common.io.BaseEncoding encoding, String ciphertextName, byte[]... associatedData)StringencryptFilename(com.google.common.io.BaseEncoding encoding, String cleartextName, byte[]... associatedData)StringhashDirectoryId(String cleartextDirectoryId)
-
-
-
Method Detail
-
hashDirectoryId
String hashDirectoryId(String cleartextDirectoryId)
- Parameters:
cleartextDirectoryId- an arbitrary directory id to be passed to one-way hash function- Returns:
- constant length string, that is unlikely to collide with any other name.
-
encryptFilename
String encryptFilename(com.google.common.io.BaseEncoding encoding, String cleartextName, byte[]... associatedData)
- Parameters:
encoding- Encoding to use to encode the returned ciphertextcleartextName- original filename including cleartext file extensionassociatedData- optional associated data, that will not get encrypted but needs to be provided during decryption- Returns:
- encrypted filename without any file extension
-
decryptFilename
String decryptFilename(com.google.common.io.BaseEncoding encoding, String ciphertextName, byte[]... associatedData) throws AuthenticationFailedException
- Parameters:
encoding- Encoding to use to decodeciphertextNameciphertextName- Ciphertext only, with any additional strings like file extensions stripped first.associatedData- the same associated data used during encryption, otherwise andAuthenticationFailedExceptionwill be thrown- Returns:
- cleartext filename, probably including its cleartext file extension.
- Throws:
AuthenticationFailedException- if the ciphertext is malformed
-
-