public abstract class ContentCryptoScheme extends Object
| Modifier and Type | Field and Description |
|---|---|
static ContentCryptoScheme |
AES_CBC
Encryption Only (EO) scheme.
|
static ContentCryptoScheme |
AES_CTR
This is an auxiliary scheme used for range retrieval when object is
encrypted via AES/GCM.
|
static ContentCryptoScheme |
AES_GCM
Authenticated Encryption (AE) scheme.
|
static long |
MAX_GCM_BLOCKS
The maximum number of 16-byte blocks that can be encrypted with a
GCM cipher.
|
static long |
MAX_GCM_BYTES
The maximum number of bytes that can be encrypted with a
GCM cipher.
|
| Constructor and Description |
|---|
ContentCryptoScheme() |
| Modifier and Type | Method and Description |
|---|---|
byte[] |
adjustIV(byte[] iv,
long startingBytePos) |
CipherLite |
createCipherLite(SecretKey cek,
byte[] iv,
int cipherMode)
Creates and initializes a cipher lite for content encrypt/decryption.
|
CipherLite |
createCipherLite(SecretKey cek,
byte[] iv,
int cipherMode,
Provider provider,
boolean alwaysUseProvider)
Creates and initializes a
CipherLite for content
encrypt/decryption. |
static ContentCryptoScheme |
fromCEKAlgo(String cekAlgo)
Returns the content crypto scheme of the given content encryption algorithm.
|
static ContentCryptoScheme |
fromCEKAlgo(String cekAlgo,
boolean isRangeGet) |
abstract int |
getBlockSizeInBytes() |
abstract String |
getCipherAlgorithm() |
abstract int |
getIVLengthInBytes() |
abstract String |
getKeyGeneratorAlgorithm() |
abstract int |
getKeyLengthInBits() |
String |
getKeySpec()
A convenient method motivated by KMS.
|
String |
getPreferredCipherProvider()
Returns the preferred security provider to use for this crypto scheme.
|
int |
getTagLengthInBits() |
static byte[] |
incrementBlocks(byte[] counter,
long blockDelta)
Increment the rightmost 32 bits of a 16-byte counter by the specified
delta.
|
String |
toString() |
public static final long MAX_GCM_BLOCKS
Reference: NIST Special Publication 800-38D..
public static final long MAX_GCM_BYTES
public static final ContentCryptoScheme AES_CBC
public static final ContentCryptoScheme AES_GCM
public static final ContentCryptoScheme AES_CTR
public abstract String getKeyGeneratorAlgorithm()
public abstract String getCipherAlgorithm()
public String getPreferredCipherProvider()
AesGcm prefers to use the
BouncyCastle provider.public abstract int getKeyLengthInBits()
public abstract int getBlockSizeInBytes()
public abstract int getIVLengthInBytes()
public int getTagLengthInBits()
public byte[] adjustIV(byte[] iv,
long startingBytePos)
public static byte[] incrementBlocks(byte[] counter,
long blockDelta)
counter - a 16-byte counter used in AES/CTRblockDelta - the number of blocks (16-byte) to incrementpublic static ContentCryptoScheme fromCEKAlgo(String cekAlgo)
public static ContentCryptoScheme fromCEKAlgo(String cekAlgo, boolean isRangeGet)
public CipherLite createCipherLite(SecretKey cek, byte[] iv, int cipherMode, Provider provider, boolean alwaysUseProvider)
CipherLite for content
encrypt/decryption.cek - content encrypting keyiv - initialization vectorcipherMode - such as Cipher.ENCRYPT_MODEprovider - the security provider the user specified. For backwards
compatibility, if this scheme defines a preferred provider,
the user-specified provider is by default ignored.alwaysUseProvider - if true, always use the user-specified provider above, even
if this scheme has a preferred provider.public CipherLite createCipherLite(SecretKey cek, byte[] iv, int cipherMode) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException
cek - content encrypting keyiv - initialization vectorcipherMode - such as Cipher.ENCRYPT_MODEInvalidKeyExceptionNoSuchAlgorithmExceptionNoSuchProviderExceptionNoSuchPaddingExceptionInvalidAlgorithmParameterExceptionpublic final String getKeySpec()