0
# Encryption and Decryption
1
2
Symmetric encryption services for both text and binary data using AES and RSA algorithms with various cipher modes and configurations.
3
4
## Capabilities
5
6
### BytesEncryptor Interface
7
8
Service interface for symmetric data encryption of byte arrays.
9
10
```java { .api }
11
/**
12
* Service interface for symmetric data encryption
13
*/
14
interface BytesEncryptor {
15
/**
16
* Encrypt the byte array
17
* @param byteArray the bytes to encrypt
18
* @return the encrypted bytes
19
*/
20
byte[] encrypt(byte[] byteArray);
21
22
/**
23
* Decrypt the byte array
24
* @param encryptedByteArray the encrypted bytes
25
* @return the decrypted bytes
26
*/
27
byte[] decrypt(byte[] encryptedByteArray);
28
}
29
```
30
31
### TextEncryptor Interface
32
33
Service interface for symmetric text encryption.
34
35
```java { .api }
36
/**
37
* Service interface for symmetric text encryption
38
*/
39
interface TextEncryptor {
40
/**
41
* Encrypt the text string
42
* @param text the text to encrypt
43
* @return the encrypted text
44
*/
45
String encrypt(String text);
46
47
/**
48
* Decrypt the text string
49
* @param encryptedText the encrypted text
50
* @return the decrypted text
51
*/
52
String decrypt(String encryptedText);
53
}
54
```
55
56
### Encryptors Factory
57
58
Factory for commonly used encryptor implementations.
59
60
```java { .api }
61
/**
62
* Factory for commonly used encryptors
63
*/
64
class Encryptors {
65
/**
66
* Creates a 256-bit AES encryptor using GCM mode
67
* @param password the password to use to generate the key
68
* @param salt the salt to use to generate the key
69
* @return the bytes encryptor
70
*/
71
static BytesEncryptor stronger(CharSequence password, CharSequence salt);
72
73
/**
74
* Creates a standard 256-bit AES encryptor
75
* @param password the password to use to generate the key
76
* @param salt the salt to use to generate the key
77
* @return the bytes encryptor
78
*/
79
static BytesEncryptor standard(CharSequence password, CharSequence salt);
80
81
/**
82
* Creates a stronger text encryptor using AES/GCM
83
* @param password the password to use to generate the key
84
* @param salt the salt to use to generate the key
85
* @return the text encryptor
86
*/
87
static TextEncryptor delux(CharSequence password, CharSequence salt);
88
89
/**
90
* Creates a standard text encryptor using AES/CBC
91
* @param password the password to use to generate the key
92
* @param salt the salt to use to generate the key
93
* @return the text encryptor
94
*/
95
static TextEncryptor text(CharSequence password, CharSequence salt);
96
97
/**
98
* Creates a no-operation text encryptor (for testing)
99
* @return the no-op text encryptor
100
*/
101
static TextEncryptor noOpText();
102
}
103
```
104
105
**Usage Example:**
106
107
```java
108
import org.springframework.security.crypto.encrypt.Encryptors;
109
import org.springframework.security.crypto.encrypt.TextEncryptor;
110
import org.springframework.security.crypto.encrypt.BytesEncryptor;
111
112
// Text encryption
113
TextEncryptor textEncryptor = Encryptors.text("myPassword", "mySalt");
114
String encrypted = textEncryptor.encrypt("Hello World");
115
String decrypted = textEncryptor.decrypt(encrypted);
116
117
// Stronger text encryption with GCM
118
TextEncryptor strongerTextEncryptor = Encryptors.delux("myPassword", "mySalt");
119
String strongerEncrypted = strongerTextEncryptor.encrypt("Sensitive Data");
120
121
// Bytes encryption
122
BytesEncryptor bytesEncryptor = Encryptors.standard("myPassword", "mySalt");
123
byte[] data = "Hello World".getBytes();
124
byte[] encryptedBytes = bytesEncryptor.encrypt(data);
125
byte[] decryptedBytes = bytesEncryptor.decrypt(encryptedBytes);
126
```
127
128
### AES Bytes Encryptor
129
130
AES-based bytes encryptor with configurable cipher algorithms.
131
132
```java { .api }
133
/**
134
* An Encryptor equivalent to AES/CBC/PKCS5Padding or AES/GCM/NoPadding
135
*/
136
class AesBytesEncryptor implements BytesEncryptor {
137
/**
138
* Creates an AES bytes encryptor
139
* @param password the password to derive the key from
140
* @param salt the salt to use for key derivation
141
*/
142
AesBytesEncryptor(String password, CharSequence salt);
143
144
/**
145
* Creates an AES bytes encryptor with cipher algorithm
146
* @param password the password to derive the key from
147
* @param salt the salt to use for key derivation
148
* @param algorithm the cipher algorithm to use
149
*/
150
AesBytesEncryptor(String password, CharSequence salt, CipherAlgorithm algorithm);
151
152
enum CipherAlgorithm {
153
CBC("AES/CBC/PKCS5Padding"),
154
GCM("AES/GCM/NoPadding");
155
156
private final String algorithm;
157
158
CipherAlgorithm(String algorithm) {
159
this.algorithm = algorithm;
160
}
161
162
public String getAlgorithm() {
163
return this.algorithm;
164
}
165
}
166
}
167
```
168
169
### RSA Encryption
170
171
RSA-based encryption implementations for asymmetric cryptography.
172
173
```java { .api }
174
/**
175
* Interface for RSA key holders
176
*/
177
interface RsaKeyHolder {
178
String getPublicKey();
179
PrivateKey getPrivateKey();
180
}
181
182
/**
183
* RSA raw encryption implementation
184
*/
185
class RsaRawEncryptor implements BytesEncryptor, TextEncryptor, RsaKeyHolder {
186
/**
187
* Creates an RSA raw encryptor
188
* @param publicKey the public key for encryption
189
* @param privateKey the private key for decryption
190
*/
191
RsaRawEncryptor(RSAPublicKey publicKey, RSAPrivateKey privateKey);
192
193
/**
194
* Creates an RSA raw encryptor with algorithm
195
* @param publicKey the public key for encryption
196
* @param privateKey the private key for decryption
197
* @param algorithm the RSA algorithm to use
198
*/
199
RsaRawEncryptor(RSAPublicKey publicKey, RSAPrivateKey privateKey, RsaAlgorithm algorithm);
200
}
201
202
/**
203
* RSA secret encryption implementation
204
*/
205
class RsaSecretEncryptor implements BytesEncryptor, TextEncryptor, RsaKeyHolder {
206
/**
207
* Creates an RSA secret encryptor
208
* @param publicKey the public key for encryption
209
* @param privateKey the private key for decryption
210
* @param secret the secret key for AES encryption
211
* @param salt the salt for key derivation
212
*/
213
RsaSecretEncryptor(RSAPublicKey publicKey, RSAPrivateKey privateKey, String secret, CharSequence salt);
214
}
215
216
/**
217
* RSA algorithm specifications
218
*/
219
enum RsaAlgorithm {
220
DEFAULT("RSA"),
221
OAEP("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
222
223
private final String algorithm;
224
225
RsaAlgorithm(String algorithm) {
226
this.algorithm = algorithm;
227
}
228
229
public String getAlgorithm() {
230
return this.algorithm;
231
}
232
}
233
```
234
235
### BouncyCastle Encryptors
236
237
BouncyCastle-based AES encryptor implementations.
238
239
```java { .api }
240
/**
241
* BouncyCastle AES bytes encryptor base class
242
*/
243
abstract class BouncyCastleAesBytesEncryptor implements BytesEncryptor {
244
/**
245
* Creates a BouncyCastle AES encryptor
246
* @param password the password for key derivation
247
* @param salt the salt for key derivation
248
*/
249
BouncyCastleAesBytesEncryptor(String password, CharSequence salt);
250
}
251
252
/**
253
* BouncyCastle AES CBC implementation
254
*/
255
class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryptor {
256
BouncyCastleAesCbcBytesEncryptor(String password, CharSequence salt);
257
}
258
259
/**
260
* BouncyCastle AES GCM implementation
261
*/
262
class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryptor {
263
BouncyCastleAesGcmBytesEncryptor(String password, CharSequence salt);
264
}
265
```
266
267
### Hex Encoding Text Encryptor
268
269
Text encryptor that applies hex encoding to encrypted bytes.
270
271
```java { .api }
272
/**
273
* A TextEncryptor that applies hex encoding to encrypted bytes
274
*/
275
class HexEncodingTextEncryptor implements TextEncryptor {
276
/**
277
* Creates a hex encoding text encryptor
278
* @param encryptor the underlying bytes encryptor
279
*/
280
HexEncodingTextEncryptor(BytesEncryptor encryptor);
281
}
282
```
283
284
### KeyStore Key Factory
285
286
Factory for creating keys from a keystore.
287
288
```java { .api }
289
/**
290
* A factory for creating key pairs and public/private keys from a keystore
291
*/
292
class KeyStoreKeyFactory {
293
/**
294
* Creates a keystore key factory
295
* @param resource the keystore resource
296
* @param password the keystore password
297
*/
298
KeyStoreKeyFactory(Resource resource, char[] password);
299
300
/**
301
* Gets a key pair from the keystore
302
* @param alias the key alias
303
* @return the key pair
304
*/
305
KeyPair getKeyPair(String alias);
306
307
/**
308
* Gets a key pair with custom password
309
* @param alias the key alias
310
* @param password the key password
311
* @return the key pair
312
*/
313
KeyPair getKeyPair(String alias, char[] password);
314
}
315
```
316
317
**Usage Example:**
318
319
```java
320
import org.springframework.security.crypto.encrypt.*;
321
import java.security.KeyPair;
322
import java.security.interfaces.RSAPrivateKey;
323
import java.security.interfaces.RSAPublicKey;
324
325
// RSA encryption setup
326
KeyPair keyPair = generateRSAKeyPair(); // your key generation logic
327
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
328
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
329
330
RsaRawEncryptor rsaEncryptor = new RsaRawEncryptor(publicKey, privateKey);
331
String encrypted = rsaEncryptor.encrypt("Secret Message");
332
String decrypted = rsaEncryptor.decrypt(encrypted);
333
334
// AES with specific algorithm
335
AesBytesEncryptor aesEncryptor = new AesBytesEncryptor("password", "salt",
336
AesBytesEncryptor.CipherAlgorithm.GCM);
337
byte[] encryptedData = aesEncryptor.encrypt("data".getBytes());
338
byte[] decryptedData = aesEncryptor.decrypt(encryptedData);
339
```