com.hissenit.crypto.compactencryption

Class CompactPasswordKey

java.lang.Object

com.hissenit.crypto.compactencryption.CompactPasswordKey

All Implemented Interfaces:

ISecretKey

public class CompactPasswordKey
extends java.lang.Object
implements ISecretKey

All write* methods do NOT write the actual key in plain, they only write the parameters for the key generation in the compact format. The password/passphrase/secret is required to restore the key at runtime.

Default iteration count is at the moment 100000. If you have performance issues, you can set this down to minimum of 1000 to have a good balance between security and performance. Use CryptoMain.setDefaultKeyIterationCount(int) to globally set an iteration count for the whole application or use CompactPasswordKey.GenerationParametersCPK to set the iteration count individually.

Use case: For single encryption operations only. If the password is a user account password, a password change process has to be considered. Hence, a CompactRawKey should be wrapped with a CompactPasswordKey. WrapUtil is a helper class to easily wrap and re-wrap encryption keys for this case.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CompactPasswordKey.GenerationParametersCPK None of these parameters have to be set, defaults will be used instead for each single parameter being not set.

Method Summary

Methods

Modifier and Type	Method and Description
static CompactPasswordKey.GenerationParametersCPK	createParameters() Create an empty parameters object to set single parameters that shall be changed from defaults
static CompactPasswordKey.GenerationParametersCPK	createParameters(java.lang.String hmacAlgorithm, int keyLengthInBytes, int saltLengthInBytes, int iterationCount, java.lang.String checksumEncryptionAlgorithm) None of these parameters have to be set, defaults will be used instead for each single parameter being not set.
static CompactPasswordKey	generateKey(Secret passwordOrSecret)
static CompactPasswordKey	generateKey(Secret passwordOrSecret, boolean passwordChecksum)
static CompactPasswordKey	generateKey(Secret passwordOrSecret, boolean passwordChecksum, CompactPasswordKey.GenerationParametersCPK parameters)
static CompactPasswordKey	generateKey(Secret passwordOrSecret, CompactPasswordKey.GenerationParametersCPK parameters)
java.lang.String	getHMACAlgorithm()
int	getIterationCount()
javax.crypto.spec.SecretKeySpec	getJCESecretKeySpec()
byte[]	getKeyCloneInBytes() Returns a new copy of the key
byte[]	getKeyInBytes()
byte[]	getSaltInBytes()
boolean	hasChecksum()
boolean	isPasswordValid()
static CompactPasswordKey	newInstance(Secret passwordOrSecret) Creates an uninitialized key.
CompactPasswordKey	readFromBase64(java.lang.String base64)
CompactPasswordKey	readFromBytes(byte[] bytes)
CompactPasswordKey	readFromFile(java.io.File file)
CompactPasswordKey	readFromFile(java.lang.String file)
CompactPasswordKey	readFromHex(java.lang.String hex)
CompactPasswordKey	readFromJsonObject(morg.json.JSONObject json)
CompactPasswordKey	readFromJsonString(java.lang.String json)
CompactPasswordKey	readFromStream(java.io.InputStream in)
void	wipe() Wipes the key (bytes) in this object - meaning overwrites it with arbitrary data.
java.lang.String	writeToBase64() Base64 URL-safe by default
byte[]	writeToBytes()
void	writeToFile(java.io.File file)
void	writeToFile(java.lang.String file)
java.lang.String	writeToHex()
morg.json.JSONObject	writeToJsonObject()
java.lang.String	writeToJsonString()
void	writeToStream(java.io.OutputStream out)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getKeyInBytes

public byte[] getKeyInBytes()

Specified by:

getKeyInBytes in interface ISecretKey

getKeyCloneInBytes

public byte[] getKeyCloneInBytes()

Returns a new copy of the key

Returns:

the symmetric encryption key as byte array

getSaltInBytes

public byte[] getSaltInBytes()

getIterationCount

public int getIterationCount()

getHMACAlgorithm

public java.lang.String getHMACAlgorithm()

hasChecksum

public boolean hasChecksum()

isPasswordValid

public boolean isPasswordValid()

writeToBytes

public byte[] writeToBytes()

writeToBase64

public java.lang.String writeToBase64()

Base64 URL-safe by default

writeToHex

public java.lang.String writeToHex()

writeToJsonString

public java.lang.String writeToJsonString()

writeToJsonObject

public morg.json.JSONObject writeToJsonObject()

writeToStream

public void writeToStream(java.io.OutputStream out)

writeToFile

public void writeToFile(java.lang.String file)

writeToFile

public void writeToFile(java.io.File file)

readFromBytes

public CompactPasswordKey readFromBytes(byte[] bytes)

readFromBase64

public CompactPasswordKey readFromBase64(java.lang.String base64)

readFromHex

public CompactPasswordKey readFromHex(java.lang.String hex)

readFromJsonString

public CompactPasswordKey readFromJsonString(java.lang.String json)

readFromJsonObject

public CompactPasswordKey readFromJsonObject(morg.json.JSONObject json)

readFromStream

public CompactPasswordKey readFromStream(java.io.InputStream in)

readFromFile

public CompactPasswordKey readFromFile(java.lang.String file)

readFromFile

public CompactPasswordKey readFromFile(java.io.File file)

getJCESecretKeySpec

public javax.crypto.spec.SecretKeySpec getJCESecretKeySpec()

wipe

public void wipe()

Wipes the key (bytes) in this object - meaning overwrites it with arbitrary data. This does not apply for external clones.

Specified by:

wipe in interface ISecretKey

generateKey

public static final CompactPasswordKey generateKey(Secret passwordOrSecret)

generateKey

public static final CompactPasswordKey generateKey(Secret passwordOrSecret,
                             boolean passwordChecksum)

generateKey

public static final CompactPasswordKey generateKey(Secret passwordOrSecret,
                             CompactPasswordKey.GenerationParametersCPK parameters)

generateKey

public static final CompactPasswordKey generateKey(Secret passwordOrSecret,
                             boolean passwordChecksum,
                             CompactPasswordKey.GenerationParametersCPK parameters)

newInstance

public static final CompactPasswordKey newInstance(Secret passwordOrSecret)

Creates an uninitialized key. The key has to be loaded by one of the read* methods.

Parameters:

passwordOrSecret -

Returns:

empty instance, one of the read* methods has to be used to initialize the instance

createParameters

public static final CompactPasswordKey.GenerationParametersCPK createParameters()

Create an empty parameters object to set single parameters that shall be changed from defaults

createParameters

public static final CompactPasswordKey.GenerationParametersCPK createParameters(java.lang.String hmacAlgorithm,
                                                          int keyLengthInBytes,
                                                          int saltLengthInBytes,
                                                          int iterationCount,
                                                          java.lang.String checksumEncryptionAlgorithm)

None of these parameters have to be set, defaults will be used instead for each single parameter being not set.