org.springframework.security.crypto.encrypt.BytesEncryptor Java Examples

@Bean
TextEncryptor textEncryptor(@Value("${dm.security.cipher.password}") String password,
                            @Value("${dm.security.cipher.salt}") String salt) {
    // on wrong configuration system will pass prop expressions '${prop}' as value, we need to detect this
    Assert.isTrue(StringUtils.hasText(password) && !password.startsWith("${"), "'dm.security.cipher.password' is invalid.");
    Assert.isTrue(StringUtils.hasText(salt) && !salt.startsWith("${"), "'dm.security.cipher.salt' is invalid.");
    //we use bouncycastle because standard  java does not support keys bigger 128bits
    // but spring also does not provide any way to change key size
    // see also: https://github.com/spring-projects/spring-security/issues/2917
    BytesEncryptor encryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt);
    return new Base64Encryptor(encryptor);
}
 

/**
 * Returns a Base64 string composed by the salt followed by the encrypted
 * data.
 */
@Override
public String encrypt(String plainText) {

    // default StringKeyGenerator returns a 8 bytes hex-encoded string
    String salt = KeyGenerators.string().generateKey();

    BytesEncryptor encryptor = Encryptors.standard(key, salt);
    byte[] encrypted = encryptor.encrypt(plainText.getBytes());

    byte[] saltAndSecret = ArrayUtils.addAll(Hex.decode(salt), encrypted);
    return Base64.getEncoder().encodeToString(saltAndSecret);
}
 

/**
 * Returns decrypted text from a Base64 string composed by the salt followed
 * by the encrypted data.
 */
@Override
public String decrypt(String base64Data) {

    byte[] bytes = Base64.getDecoder().decode(base64Data);
    byte[] saltBytes = ArrayUtils.subarray(bytes, 0, 8);
    byte[] encryptedBytes = ArrayUtils.subarray(bytes, 8, bytes.length);

    String salt = new String(Hex.encode(saltBytes));
    BytesEncryptor encryptor = Encryptors.standard(key, salt);

    return new String(encryptor.decrypt(encryptedBytes));
}
 

public Encryptor(BytesEncryptor bytesEncryptor) {
	this.encryptor = checkNotNull(bytesEncryptor);
}
 

public Base64Encryptor(BytesEncryptor encryptor) {
    this.encryptor = encryptor;
}
 

/**
 * Instantiate symmetric cipher
 *
 * @param secretKey secret key represented in byte array
 * @return instance of {@link BytesEncryptor}
 */
@Override
public BytesEncryptor getSymmetricEncryption(byte[] secretKey) {
    return new AESGCMBytesEncryptor(secretKey, KeyGenerators.secureRandom(16));
}
 

/**
 * Instantiate symmetric cipher
 *
 * @param passphrase password used for deriving key
 * @param salt       salt used for deriving key
 * @return instance of {@link BytesEncryptor}
 */
@Override
public BytesEncryptor getSymmetricEncryption(String passphrase, CharSequence salt, KeyDerivationFunction kdf) {
    return new AESGCMBytesEncryptor(passphrase, kdf, salt, KeyGenerators.secureRandom(16));
}
 

/**
 * Instantiate symmetric cipher
 *
 * @param secretKey secret key represented in byte array
 * @return instance of {@link BytesEncryptor}
 */
BytesEncryptor getSymmetricEncryption(byte[] secretKey);
 

/**
 * Instantiate symmetric cipher
 *
 * @param passphrase password used for deriving key
 * @param salt       salt used for deriving key
 * @param kdf kdf
 * @return instance of {@link BytesEncryptor}
 */
BytesEncryptor getSymmetricEncryption(String passphrase, CharSequence salt, KeyDerivationFunction kdf);