org.graylog2.security

Class AESTools

java.lang.Object

org.graylog2.security.AESTools

public class AESTools
extends Object

Constructor Summary

Constructors

Constructor and Description
AESTools()

Method Summary

Modifier and Type	Method and Description
static String	decrypt(String cipherText, String encryptionKey, String salt) Decrypt the given cipher text value with the given encryption key and the same salt used for encryption using AES CBC.
static String	decryptSiv(String cipherText, byte[] encryptionKey) Decrypt the given cipher text value with the given encryption key using AES SIV.
static String	encrypt(String plainText, String encryptionKey, String salt) Encrypt the given plain text value with the given encryption key and salt using AES CBC.
static String	encryptSiv(String plainText, byte[] encryptionKey) Encrypt the given plain text value with the given encryption key using AES SIV.
static String	generateNewSalt() Generates a new random salt

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AESTools

public AESTools()

Method Detail

encrypt

@Nullable
public static String encrypt(String plainText,
                                       String encryptionKey,
                                       String salt)

Encrypt the given plain text value with the given encryption key and salt using AES CBC. If the supplied encryption key is not of 16, 24 or 32 bytes length, it will be truncated or padded to the next largest key size before encryption.

Parameters:

plainText - the plain text value to encrypt

encryptionKey - the encryption key

salt - the salt

Returns:

the encrypted hexadecimal cipher text or null if encryption failed

decrypt

@Nullable
public static String decrypt(String cipherText,
                                       String encryptionKey,
                                       String salt)

Decrypt the given cipher text value with the given encryption key and the same salt used for encryption using AES CBC. If the supplied encryption key is not of 16, 24 or 32 bytes length, it will be truncated or padded to the next largest key size before encryption.

Parameters:

cipherText - the hexadecimal cipher text value to decrypt

encryptionKey - the encryption key

salt - the salt used for encrypting this cipherText

Returns:

the decrypted cipher text or null if decryption failed

encryptSiv

@Nullable
public static String encryptSiv(String plainText,
                                          byte[] encryptionKey)

Encrypt the given plain text value with the given encryption key using AES SIV. (RFC 5297)

Parameters:

plainText - the plain text value to encrypt

encryptionKey - the encryption key (must be at least 32 bytes)

Returns:

the encrypted cipher text or null if encryption failed

Throws:

IllegalArgumentException - if the encryption key is smaller than 32 bytes

decryptSiv

@Nullable
public static String decryptSiv(String cipherText,
                                          byte[] encryptionKey)

Decrypt the given cipher text value with the given encryption key using AES SIV. (RFC 5297)

Parameters:

cipherText - the cipher text value to decrypt

encryptionKey - the encryption key (must be at least 32 bytes)

Returns:

the decrypted cipher text or null if decryption failed

Throws:

IllegalArgumentException - if the encryption key is smaller than 32 bytes

generateNewSalt

public static String generateNewSalt()

Generates a new random salt

Returns:

the generated random salt as a string of hexadecimal digits.