ewe.security
Class Encryptor

java.lang.Object
  ewe.security.Encryptor

All Implemented Interfaces:

DataProcessor

Direct Known Subclasses:

Decryptor

public class Encryptor

extends Object

implements DataProcessor

Field Summary

protected static SHA1	digest
static int	ENCRYPT_WITHOUT_COMPRESSION
protected boolean	isDecryptor

Constructor Summary

Encryptor(byte[] key)

Encryptor(String key)

Method Summary

void	closeProcess() This aborts any on-going processing and frees resources associated with the processor.
byte[]	encrypt(byte[] plaintext, int offset, int length) Encrypt a "salted" version of the provided plaintext data without compressing the data before encryption and without signing the salted data.
ByteArray	encrypt(ByteArray dest, byte[] plaintext, int offset, int length) Encrypt a "salted" version of the provided plaintext data without compressing the data before encryption and optionally signing the salted data.
ByteArray	encrypt(ByteArray dest, byte[] plaintext, int offset, int length, int options, Signature signature) Encrypt a "salted" version of the provided plaintext data optionally compressing the data before encryption and optionally signing the salted/compressed data.
static ByteArray	encrypt(DataProcessor processor, ByteArray dest, byte[] plaintext, int offset, int length, int options, Signature signature) Using a particular DataProcessor, encrypt a "salted" version of the provided plaintext data optionally compressing the data before encryption and optionally signing the salted/compressed data.
int	getBlockSize() This returns the size of a block to be processed - any data blocks presented for processing must be multiples of this size.
int	getMaxBlockSize() This returns the largest block that can be processed.
static ByteArray	makeEncryptorTest(DataProcessor encryptor, int minSize, ByteArray out) Produce a random block of bytes that may be used to later test a decryptor.
ByteArray	processBlock(byte[] source, int offset, int length, boolean last, ByteArray dest) This processes a block of data and places the output in the provided ByteArray.
protected void	reset()
static byte[]	stringToKey(String sPassword)
static boolean	testDecryptor(DataProcessor decryptor, byte[] src, int offset, int length) Test a decryptor to see if it is able to decrypt data encrypted by an encryptor that generated the source test block of data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, toString

Field Detail

isDecryptor

protected boolean isDecryptor

digest

protected static SHA1 digest

ENCRYPT_WITHOUT_COMPRESSION

public static final int ENCRYPT_WITHOUT_COMPRESSION

See Also:

Constant Field Values

Constructor Detail

Encryptor

public Encryptor(String key)

Encryptor

public Encryptor(byte[] key)

Method Detail

stringToKey

public static byte[] stringToKey(String sPassword)

reset

protected void reset()

getBlockSize

public int getBlockSize()

Description copied from interface: DataProcessor

This returns the size of a block to be processed - any data blocks presented for processing must be multiples of this size. If it is less than or equal to 1 it is assumed to be 1.

Specified by:

getBlockSize in interface DataProcessor

getMaxBlockSize

public int getMaxBlockSize()

Description copied from interface: DataProcessor

This returns the largest block that can be processed. Any data blocks presented for processing must be a multiple of getBlockSize() and must be less than or equal to getMaxBlockSize(). If this returns less than or equal to zero then there is no maximum size.

Specified by:

getMaxBlockSize in interface DataProcessor

closeProcess

public void closeProcess()

Description copied from interface: DataProcessor

This aborts any on-going processing and frees resources associated with the processor. The processor should not be used again after this. An IOException should be thrown if there was an error closing the process.

Specified by:

closeProcess in interface DataProcessor

processBlock

public ByteArray processBlock(byte[] source,
                              int offset,
                              int length,
                              boolean last,
                              ByteArray dest)

Description copied from interface: DataProcessor

This processes a block of data and places the output in the provided ByteArray. If the ByteArray is null a new one will be created. The ByteArray will be expanded if necessary to hold the output data.

isLastBlock should be set true if this is the last set of data to be processed. If you want to end a processing run, but have no more data to provide - you can set length to be zero (you can then also set inputData to be null) and set isLastBlock true.

If isLastBlock is true the DataProcessor should accept any input data, complete processing and output ALL of any remaining processed data. It should then reset itself so that the next call of processBlock is considered to be the start of a new sequence of data.

If there is an error processing the data, an IOException should be thrown.

Specified by:

processBlock in interface DataProcessor

makeEncryptorTest

public static ByteArray makeEncryptorTest(DataProcessor encryptor,
                                          int minSize,
                                          ByteArray out)
                                   throws IOException

Produce a random block of bytes that may be used to later test a decryptor. The provided encryptor is used to process the block of data and later using testDecryptor(), a decryptor is tested to see if it successfully decrypts the data.

Parameters:

encryptor - the encryptor to use.

minSize - a minimum number of bytes to use. By default it is 8.

out - an optional output ByteArray.

Returns:

the output ByteArray or a new ByteArray.

Throws:

IOException - if there is an error processing the data.

testDecryptor

public static boolean testDecryptor(DataProcessor decryptor,
                                    byte[] src,
                                    int offset,
                                    int length)

Test a decryptor to see if it is able to decrypt data encrypted by an encryptor that generated the source test block of data.

Note that if a decryptor fails this test then it is defintiely unable to decrypt the encryptor's data, but a return of true indicates only that it is highly likely that it will.

Parameters:

decryptor - the decryptor.

src - the data bytes as produced by makeEncryptorTest().

offset - the offset of the data bytes.

length - the number of data bytes.

Returns:

false if the decryptor definitely does not decrypt the encryptor's data, true if the decryptor will most likely decrypt its data correctly.

encrypt

public byte[] encrypt(byte[] plaintext,
                      int offset,
                      int length)
               throws IOException

Encrypt a "salted" version of the provided plaintext data without compressing the data before encryption and without signing the salted data.

The data is first salted to add some randomness to it. The data is the processed using this Encryptor object and the resulting encrypted data is returned in the provided destination ByteArray (or a new one if it is null).

Parameters:

plaintext - The data to be encrypted.

offset - The offset of the data in the array.

length - The number of bytes to be encrypted.

Returns:

The encrypted data as an array of bytes.

Throws:

IOException - if an error occurs processing the data.

encrypt

public ByteArray encrypt(ByteArray dest,
                         byte[] plaintext,
                         int offset,
                         int length)
                  throws IOException

Encrypt a "salted" version of the provided plaintext data without compressing the data before encryption and optionally signing the salted data.

The data is first salted to add some randomness to it. If the signature parameter is not null the salted version is then signed. The salted version is signed instead of the plaintext version to reduce the chance of the source data being guessed from the signature, based on past signatures.

The data is the processed using this Encryptor object and the resulting encrypted data is returned in the provided destination ByteArray (or a new one if it is null).

Parameters:

dest - The destination ByteArray or null to get a new one.

plaintext - The data to be encrypted.

offset - The offset of the data in the array.

length - The number of bytes to be encrypted.

Returns:

The encrypted data in the destinaton ByteArray, or a new ByteArray.

Throws:

IOException - if an error occurs processing the data.

encrypt

public ByteArray encrypt(ByteArray dest,
                         byte[] plaintext,
                         int offset,
                         int length,
                         int options,
                         Signature signature)
                  throws IOException

Encrypt a "salted" version of the provided plaintext data optionally compressing the data before encryption and optionally signing the salted/compressed data.

The data is first compressed if ENCRYPT_WITHOUT_COMPRESSION is not specified as an option. The data (which may now be compressed) is then salted to add some randomness to it. If the signature parameter is not null the salted version is then signed. The salted version is signed instead of the plaintext version to reduce the chance of the source data being guessed from the signature, based on past signatures.

The data is the processed using this Encryptor object and the resulting encrypted data is returned in the provided destination ByteArray (or a new one if it is null).

Parameters:

dest - The destination ByteArray or null to get a new one.

plaintext - The data to be encrypted.

offset - The offset of the data in the array.

length - The number of bytes to be encrypted.

options - This can be ENCRYPT_WITHOUT_COMPRESSION or 0.

signature - This should be a Signature() object with a valid private key. After this method returns, the signature bytes of this object will hold the correct signature for the data.

Returns:

The encrypted data in the destinaton ByteArray, or a new ByteArray.

Throws:

IOException - if an error occurs processing the data.

encrypt

public static ByteArray encrypt(DataProcessor processor,
                                ByteArray dest,
                                byte[] plaintext,
                                int offset,
                                int length,
                                int options,
                                Signature signature)
                         throws IOException

Using a particular DataProcessor, encrypt a "salted" version of the provided plaintext data optionally compressing the data before encryption and optionally signing the salted/compressed data.

The data is first compressed if ENCRYPT_WITHOUT_COMPRESSION is not specified as an option. The data (which may now be compressed) is then salted to add some randomness to it. If the signature parameter is not null the salted version is then signed. The salted version is signed instead of the plaintext version to reduce the chance of the source data being guessed from the signature, based on past signatures.

The data is the processed using the provided DataProcessor (which is assumed to be some kind of encryption algorithm) and the resulting encrypted data is returned in the provided destination ByteArray (or a new one if it is null).

Parameters:

processor - The DataProcessor to be used for encryption (e.g. an instance of an Encryption object).

dest - The destination ByteArray or null to get a new one.

plaintext - The data to be encrypted.

offset - The offset of the data in the array.

length - The number of bytes to be encrypted.

options - This can be ENCRYPT_WITHOUT_COMPRESSION or 0.

signature - This should be a Signature() object with a valid private key. After this method returns, the signature bytes of this object will hold the correct signature for the data.

Returns:

The encrypted data in the destinaton ByteArray, or a new ByteArray.

Throws:

IOException - if an error occurs processing the data.