private void validateKeySize(int numBytes) { if (numBytes != 16 && numBytes != 24 && numBytes != 32) { throw new OInvalidStorageEncryptionKeyException(INVALID_KEY_ERROR); } }
private SecretKey createKey(String base64EncodedKey) { if (base64EncodedKey == null) { throw new OSecurityException(format(MISSING_KEY_ERROR, OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey())); } try { final byte[] keyBytes = Base64.getDecoder().decode(base64EncodedKey.getBytes()); validateKeySize(keyBytes.length); return new SecretKeySpec(keyBytes, ALGORITHM_NAME); } catch (IllegalArgumentException e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException(INVALID_KEY_ERROR), e); } }
private Cipher getAndInitializeCipher(final int mode, final byte[] nonce) { try { Cipher cipher = CIPHER.get(); cipher.init(mode, key, gcmParameterSpec(nonce)); return cipher; } catch (InvalidKeyException e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException(e.getMessage()), e); } catch (InvalidAlgorithmParameterException e) { throw new IllegalArgumentException("Invalid or re-used nonce.", e); } }
@Override public byte[] encrypt(final byte[] content, final int offset, final int length) { try { return encryptOrDecrypt(Cipher.ENCRYPT_MODE, content, offset, length); } catch (Exception e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException("Cannot encrypt content"), e); } };
@Override public byte[] decrypt(final byte[] content, final int offset, final int length) { try { return encryptOrDecrypt(Cipher.DECRYPT_MODE, content, offset, length); } catch (Exception e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException("Cannot decrypt content"), e); } }; }
public OEncryption configure(final String iOptions) { initialized = false; if (iOptions == null) throw new OSecurityException( "AES encryption has been selected, but no key was found. Please configure it by passing the key as property at database create/open. The property key is: '" + OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey() + "'"); try { final byte[] key = Base64.getDecoder().decode(iOptions); theKey = new SecretKeySpec(key, ALGORITHM_NAME); // AES } catch (Exception e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException( "Cannot initialize AES encryption with current key. Assure the key is a BASE64 - 128 oe 256 bits long"), e); } this.initialized = true; return this; }
public OEncryption configure(final String iOptions) { initialized = false; if (iOptions == null) throw new OSecurityException( "DES encryption has been selected, but no key was found. Please configure it by passing the key as property at database create/open. The property key is: '" + OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey() + "'"); try { final byte[] key = Base64.getDecoder().decode(iOptions); final DESKeySpec desKeySpec = new DESKeySpec(key); final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM_NAME); theKey = keyFactory.generateSecret(desKeySpec); cipher = Cipher.getInstance(TRANSFORMATION); } catch (Exception e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException( "Cannot initialize DES encryption with current key. Assure the key is a BASE64 - 64 bits long"), e); } this.initialized = true; return this; }