public static int getMaxAllowedKeyLength(final String algorithm) { if (StringUtils.isEmpty(algorithm)) { return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } String parsedCipher = CipherUtility.parseCipherFromAlgorithm(algorithm); try { return Cipher.getMaxAllowedKeyLength(parsedCipher); } catch (NoSuchAlgorithmException e) { // Default algorithm max key length on unmodified JRE return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } }
public static int getMaxAllowedKeyLength(final String algorithm) { if (StringUtils.isEmpty(algorithm)) { return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } String parsedCipher = CipherUtility.parseCipherFromAlgorithm(algorithm); try { return Cipher.getMaxAllowedKeyLength(parsedCipher); } catch (NoSuchAlgorithmException e) { // Default algorithm max key length on unmodified JRE return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } }
/** * Extracts the cipher "family" (i.e. "AES", "DES", "RC4") from the full algorithm name. * * @param algorithm the algorithm ({@link EncryptionMethod#algorithm}) * @return the cipher family * @throws EncryptionException if the algorithm is null/empty or not supported */ private String extractKeyTypeFromAlgorithm(String algorithm) throws EncryptionException { if (StringUtils.isBlank(algorithm)) { throw new EncryptionException("The algorithm cannot be null or empty"); } String parsedCipher = CipherUtility.parseCipherFromAlgorithm(algorithm); if (parsedCipher.equals(algorithm)) { throw new EncryptionException("No supported algorithm detected"); } else { return parsedCipher; } }
String cipher = parseCipherFromAlgorithm(algorithm); switch (cipher.toUpperCase()) { case "DESEDE":
/** * Returns the cipher key length from the full algorithm name. Useful for getting key lengths, etc. * <p/> * Ex: PBEWITHMD5AND128BITAES-CBC-OPENSSL -> 128 * * @param algorithm the full algorithm name * @return the key length or -1 if one cannot be extracted */ public static int parseKeyLengthFromAlgorithm(final String algorithm) { int keyLength = parseActualKeyLengthFromAlgorithm(algorithm); if (keyLength != -1) { return keyLength; } else { // Key length not explicitly named in algorithm String cipher = parseCipherFromAlgorithm(algorithm); return getDefaultKeyLengthForCipher(cipher); } }
final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName);
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); } if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with Bcrypt"); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } String algorithm = encryptionMethod.getAlgorithm(); String provider = encryptionMethod.getProvider(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } String bcryptSalt = formatSaltForBcrypt(salt); String hash = BCrypt.hashpw(password, bcryptSalt); /* The SHA-512 hash is required in order to derive a key longer than 184 bits (the resulting size of the Bcrypt hash) and ensuring the avalanche effect causes higher key entropy (if all derived keys follow a consistent pattern, it weakens the strength of the encryption) */ MessageDigest digest = MessageDigest.getInstance("SHA-512", provider); byte[] dk = digest.digest(hash.getBytes(StandardCharsets.UTF_8)); dk = Arrays.copyOf(dk, keyLength / 8); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
public KeyedEncryptor(final EncryptionMethod encryptionMethod, final byte[] keyBytes, final byte[] iv) { super(); try { if (encryptionMethod == null) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with null encryption method"); } if (!encryptionMethod.isKeyedCipher()) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with encryption method " + encryptionMethod.name()); } this.encryptionMethod = encryptionMethod; if (keyBytes == null || keyBytes.length == 0) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with empty key"); } if (!CipherUtility.isValidKeyLengthForAlgorithm(keyBytes.length * 8, encryptionMethod.getAlgorithm())) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with key of length " + keyBytes.length); } String cipherName = CipherUtility.parseCipherFromAlgorithm(encryptionMethod.getAlgorithm()); this.key = new SecretKeySpec(keyBytes, cipherName); this.iv = iv; } catch (Exception e) { throw new ProcessException(e); } }
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); } if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with PBKDF2"); } String algorithm = encryptionMethod.getAlgorithm(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } if (salt == null || salt.length < DEFAULT_SALT_LENGTH) { throw new IllegalArgumentException("The salt must be at least " + DEFAULT_SALT_LENGTH + " bytes. To generate a salt, use PBKDF2CipherProvider#generateSalt()"); } PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(this.prf); gen.init(password.getBytes(StandardCharsets.UTF_8), salt, getIterationCount()); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(keyLength)).getKey(); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
public static int getMaxAllowedKeyLength(final String algorithm) { if (StringUtils.isEmpty(algorithm)) { return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } String parsedCipher = CipherUtility.parseCipherFromAlgorithm(algorithm); try { return Cipher.getMaxAllowedKeyLength(parsedCipher); } catch (NoSuchAlgorithmException e) { // Default algorithm max key length on unmodified JRE return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } }
public static int getMaxAllowedKeyLength(final String algorithm) { if (StringUtils.isEmpty(algorithm)) { return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } String parsedCipher = CipherUtility.parseCipherFromAlgorithm(algorithm); try { return Cipher.getMaxAllowedKeyLength(parsedCipher); } catch (NoSuchAlgorithmException e) { // Default algorithm max key length on unmodified JRE return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } }
String cipher = parseCipherFromAlgorithm(algorithm); switch (cipher.toUpperCase()) { case "DESEDE":
/** * Returns the cipher key length from the full algorithm name. Useful for getting key lengths, etc. * <p/> * Ex: PBEWITHMD5AND128BITAES-CBC-OPENSSL -> 128 * * @param algorithm the full algorithm name * @return the key length or -1 if one cannot be extracted */ public static int parseKeyLengthFromAlgorithm(final String algorithm) { int keyLength = parseActualKeyLengthFromAlgorithm(algorithm); if (keyLength != -1) { return keyLength; } else { // Key length not explicitly named in algorithm String cipher = parseCipherFromAlgorithm(algorithm); return getDefaultKeyLengthForCipher(cipher); } }
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); } if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with Bcrypt"); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } String algorithm = encryptionMethod.getAlgorithm(); String provider = encryptionMethod.getProvider(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } String bcryptSalt = formatSaltForBcrypt(salt); String hash = BCrypt.hashpw(password, bcryptSalt); /* The SHA-512 hash is required in order to derive a key longer than 184 bits (the resulting size of the Bcrypt hash) and ensuring the avalanche effect causes higher key entropy (if all derived keys follow a consistent pattern, it weakens the strength of the encryption) */ MessageDigest digest = MessageDigest.getInstance("SHA-512", provider); byte[] dk = digest.digest(hash.getBytes(StandardCharsets.UTF_8)); dk = Arrays.copyOf(dk, keyLength / 8); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
public KeyedEncryptor(final EncryptionMethod encryptionMethod, final byte[] keyBytes, final byte[] iv) { super(); try { if (encryptionMethod == null) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with null encryption method"); } if (!encryptionMethod.isKeyedCipher()) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with encryption method " + encryptionMethod.name()); } this.encryptionMethod = encryptionMethod; if (keyBytes == null || keyBytes.length == 0) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with empty key"); } if (!CipherUtility.isValidKeyLengthForAlgorithm(keyBytes.length * 8, encryptionMethod.getAlgorithm())) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with key of length " + keyBytes.length); } String cipherName = CipherUtility.parseCipherFromAlgorithm(encryptionMethod.getAlgorithm()); this.key = new SecretKeySpec(keyBytes, cipherName); this.iv = iv; } catch (Exception e) { throw new ProcessException(e); } }
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); } if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with PBKDF2"); } String algorithm = encryptionMethod.getAlgorithm(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } if (salt == null || salt.length < DEFAULT_SALT_LENGTH) { throw new IllegalArgumentException("The salt must be at least " + DEFAULT_SALT_LENGTH + " bytes. To generate a salt, use PBKDF2CipherProvider#generateSalt()"); } PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(this.prf); gen.init(password.getBytes(StandardCharsets.UTF_8), salt, getIterationCount()); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(keyLength)).getKey(); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName);