Class BlockCipherWithPadding
- java.lang.Object
-
- org.silverpeas.core.security.encryption.cipher.BlockCipherWithPadding
-
- All Implemented Interfaces:
Cipher
- Direct Known Subclasses:
AESCipher
,CAST5Cipher
public abstract class BlockCipherWithPadding extends Object implements Cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data.A block cipher by itself allows encryption only of a single data block of the cipher's block length. For a variable-length message, the data must first be partitioned into separate cipher blocks. In the simplest case, known as the electronic codebook (ECB) mode, a message is first split into separate blocks of the cipher's block size (possibly extending the last block with padding bits), and then each block is encrypted and decrypted independently. However, such a naive method is generally insecure because equal plaintext blocks will always generate equal ciphertext blocks (for the same key), so patterns in the plaintext message become evident in the ciphertext output. To overcome this limitation, several so-called block cipher modes of operation have been designed and specified in national recommendations such as NIST 800-38A and BSI TR-02102 and international standards such as ISO/IEC 10116. The general concept is to use randomization of the plaintext data based on an additional input value, frequently called an initialization vector (IV), to create what is termed probabilistic encryption. In the popular cipher block chaining (CBC) mode, for encryption to be secure the initialization vector passed along with the plaintext message must be a random or pseudo-random value, which is added in an exclusive-or manner to the first plaintext block before it is being encrypted. The resultant ciphertext block is then used as the new initialization vector for the next plaintext block. In the cipher feedback (CFB) mode, which emulates a self-synchronizing stream cipher, the initialization vector is first encrypted and then added to the plaintext block. The output feedback (OFB) mode repeatedly encrypts the initialization vector to create a key stream for the emulation of a synchronous stream cipher. The newer counter (CTR) mode similarly creates a key stream, but has the advantage of only needing unique and not (pseudo-)random values as initialization vectors; the needed randomness is derived internally by using the initialization vector as a block counter and encrypting this counter for each block.
Some modes such as the CBC mode only operate on complete plaintext blocks. Simply extending the last block of a message with zero-bits is insufficient since it does not allow a receiver to easily distinguish messages that differ only in the amount of padding bits. More importantly, such a simple solution gives rise to very efficient padding oracle attacks. A suitable padding scheme is therefore needed to extend the last plaintext block to the cipher's block size. While many popular schemes described in standards and in the literature have been shown to be vulnerable to padding oracle attacks, a solution which adds a one-bit and then extends the last block with zero-bits, standardized as "padding method 2" in ISO/IEC 9797-1, has been proven secure against these attacks.
This class is the base one of all block ciphers which use a padding scheme to complete the data to encrypt when it is not divisible into blocks of expected size. All the subclasses will use the CBC operation mode with the PKCS#5 padding scheme.
The encrypted data computed by this cipher is a combination of both the ciphertext and the initialization vector (IV) used in the encryption. So this block cipher implementation can retrieve both the ciphertext to decrypt and the IV that was used in the encryption and that is required by the decryption. This characteristic is important because the encrypted data cannot therefore be directly decrypted by another implementation of the same algorithm, even it uses the same operation mode and padding scheme, and this implementation cannot anymore to decrypt a ciphertext coming from another implementation. Nevertheless, to facilitate the encryption/decryption of a ciphertext between two implementation of the same cryptographic algorithm, this class provides two methods to combine or to extract the IV and the ciphertext to/from an encrypted data.
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
BlockCipherWithPadding()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static byte[]
combineEncryptionData(byte[] cipherText, byte[] iv)
An helper method to produce a unique encrypted data by combining the specified ciphertext and the IV (Initialization Vector) used in the ciphertext computation.String
decrypt(byte[] encryptedData, CipherKey keyCode)
Decrypt the specified code or cipher by using the specified cryptographic key.byte[]
encrypt(String data, CipherKey keyCode)
Encrypts the specified data by using the specified cryptographic key.static byte[][]
extractEncryptionData(byte[] encryptedData, BlockCipherWithPadding cipher)
A helper method to retrieve both the ciphertext and the IV (Initialization Vector) from the encrypted data that was produced by the specified block cipher instance.CipherKey
generateCipherKey()
Generates randomly a cipher key that can be used in the encryption and in the decryption of data with this cipher.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.silverpeas.core.security.encryption.cipher.Cipher
getAlgorithmName
-
-
-
-
Method Detail
-
combineEncryptionData
public static byte[] combineEncryptionData(byte[] cipherText, byte[] iv)
An helper method to produce a unique encrypted data by combining the specified ciphertext and the IV (Initialization Vector) used in the ciphertext computation. This method is for using this AES cipher implementation to decrypt ciphertexts that were computed by another AES cipher implementation (only if they use the same mode of cryptographic operation).- Parameters:
cipherText
- the ciphertext produced by an AES cipher.iv
- the IV used in the ciphertext computation.- Returns:
- the resulting encrypted data understandable by this AES cipher implementation.
-
extractEncryptionData
public static byte[][] extractEncryptionData(byte[] encryptedData, BlockCipherWithPadding cipher) throws CryptoException
A helper method to retrieve both the ciphertext and the IV (Initialization Vector) from the encrypted data that was produced by the specified block cipher instance. This method consists in extracting the necessary information to other implementations of AES encryption can decrypt the ciphertext (only if they use the same mode of cryptographic operation).- Parameters:
encryptedData
- the encrypted data computed by this AES cipher implementation.- Returns:
- an array with both the ciphertext (at index 0) and the IV that was used in the ciphertext computation (at index 1).
- Throws:
CryptoException
- if the extraction of the ciphertext and of the IV failed.
-
encrypt
public byte[] encrypt(String data, CipherKey keyCode) throws CryptoException
Encrypts the specified data by using the specified cryptographic key.The String objects handled by the encryption is done according the UTF-8 charset.
- Specified by:
encrypt
in interfaceCipher
- Parameters:
data
- the data to encode.keyCode
- the key to use in the encryption.- Returns:
- the encrypted data in bytes.
- Throws:
CryptoException
- if an error has occurred in the data encryption.
-
decrypt
public String decrypt(byte[] encryptedData, CipherKey keyCode) throws CryptoException
Decrypt the specified code or cipher by using the specified cryptographic key.The String objects handled by the encryption is done according the UTF-8 charset.
- Specified by:
decrypt
in interfaceCipher
- Parameters:
encryptedData
- the data in bytes encrypted by this cipher.keyCode
- the key to use in the decryption.- Returns:
- the decrypted data.
- Throws:
CryptoException
- if an error has occurred in the data decryption.
-
generateCipherKey
public CipherKey generateCipherKey() throws CryptoException
Description copied from interface:Cipher
Generates randomly a cipher key that can be used in the encryption and in the decryption of data with this cipher.- Specified by:
generateCipherKey
in interfaceCipher
- Returns:
- a computed key that can be used with this cipher in the encryption and in the decryption of data.
- Throws:
CryptoException
- if an error has occurred in the key generation.
-
-