SATSA - JSR177

javax.crypto
Class Cipher

java.lang.Object
  |
  +--javax.crypto.Cipher

public class Cipher
extends Object

This class provides the functionality of a cryptographic cipher for encryption and decryption. It forms the core of the Java Cryptographic Extension (JCE) framework.

In order to create a Cipher object, the application calls the Cipher's getInstance method, and passes the name of the requested transformation to it.

A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm (e.g., DES), and may be followed by a feedback mode and padding scheme.

A transformation is of the form:

(in the latter case, provider-specific default values for the mode and padding scheme are used). For example, the following is a valid transformation:

     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
 

When requesting a block cipher in stream cipher mode (e.g., DES in CFB or OFB mode), the user may optionally specify the number of bits to be processed at a time, by appending this number to the mode name as shown in the "DES/CFB8/NoPadding" and "DES/OFB32/PKCS5Padding" transformations. If no such number is specified, a provider-specific default is used.


Field Summary
static int DECRYPT_MODE
          Constant used to initialize cipher to decryption mode.
static int ENCRYPT_MODE
          Constant used to initialize cipher to encryption mode.
 
Method Summary
 int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
static Cipher getInstance(String transformation)
          Generates a Cipher object that implements the specified transformation.
 byte[] getIV()
          Returns the initialization vector (IV) in a new buffer.
 void init(int opmode, Key key)
          Initializes this cipher with a key.
 void init(int opmode, Key key, AlgorithmParameterSpec params)
          Initializes this cipher with a key and a set of algorithm parameters.
 int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ENCRYPT_MODE

public static final int ENCRYPT_MODE
Constant used to initialize cipher to encryption mode.

See Also:
Constant Field Values

DECRYPT_MODE

public static final int DECRYPT_MODE
Constant used to initialize cipher to decryption mode.

See Also:
Constant Field Values
Method Detail

getInstance

public static final Cipher getInstance(String transformation)
                                throws NoSuchAlgorithmException,
                                       NoSuchPaddingException
Generates a Cipher object that implements the specified transformation.

Parameters:
transformation - the name of the transformation, e.g., DES/CBC/PKCS5Padding. See Appendix A in the Java Cryptography Extension Reference Guide for information about standard transformation names.
Returns:
a cipher that implements the requested transformation
Throws:
NoSuchAlgorithmException - if the specified transformation is not available
NoSuchPaddingException - if transformation contains a padding scheme that is not available.

init

public final void init(int opmode,
                       Key key)
                throws InvalidKeyException
Initializes this cipher with a key.

The cipher is initialized for one of the following operations: encryption, decryption, depending on the value of opmode.

If this cipher requires any algorithm parameters that cannot be derived from the given key, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption, and raise an InvalidKeyException if it is being initialized for decryption.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE or DECRYPT_MODE)
key - the key
Throws:
InvalidKeyException - if the given key is inappropriate for initializing this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters that cannot be determined from the given key, or if the given key has a keysize that exceeds the maximum allowable keysize.

init

public final void init(int opmode,
                       Key key,
                       AlgorithmParameterSpec params)
                throws InvalidKeyException,
                       InvalidAlgorithmParameterException
Initializes this cipher with a key and a set of algorithm parameters.

The cipher is initialized for one of the following operations: encryption or decryption depending on the value of opmode.

If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE or DECRYPT_MODE)
key - the encryption key
params - the algorithm parameters
Throws:
InvalidKeyException - if the given key is inappropriate for initializing this cipher, or its keysize exceeds the maximum allowable keysize.
InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or this cipher is being initialized for decryption and requires algorithm parameters and params is null, or the given algorithm parameters imply a cryptographic strength that would exceed the legal limits.

update

public final int update(byte[] input,
                        int inputOffset,
                        int inputLen,
                        byte[] output,
                        int outputOffset)
                 throws IllegalStateException,
                        ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, are processed, and the result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer.

If inputLen is zero, this method returns a length of zero.

Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
ShortBufferException - if the given output buffer is too small to hold the result

doFinal

public final int doFinal(byte[] input,
                         int inputOffset,
                         int inputLen,
                         byte[] output,
                         int outputOffset)
                  throws IllegalStateException,
                         ShortBufferException,
                         IllegalBlockSizeException,
                         BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
ShortBufferException - if the given output buffer is too small to hold the result
BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

getIV

public final byte[] getIV()
Returns the initialization vector (IV) in a new buffer. This is useful in the case where a random IV was created.

Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

SATSA - JSR177

Submit a comment or suggestion Version 1.0 of SATSA Specification
Java is a trademark or registered trademark of Sun Microsystems, Inc. in the US and other countries. Copyright 1993-2004 Sun Microsystems, Inc. 901 San Antonio Road,Palo Alto, California, 94303, U.S.A. All Rights Reserved.