javax.crypto
Class Cipher

java.lang.Object
  |
  +--javax.crypto.Cipher

public class Cipher

extends Object

This class provides the functionality of a cryptographic cipher for encryption and decryption. It forms the core of the Java Cryptographic Extension (JCE) framework.

In order to create a Cipher object, the application calls the Cipher's getInstance method, and passes the name of the requested transformation to it.

A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm (e.g., DES), and may be followed by a feedback mode and padding scheme.

A transformation is of the form:

• "algorithm/mode/padding" or

• "algorithm"

(in the latter case, provider-specific default values for the mode and padding scheme are used). For example, the following is a valid transformation:

     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
 

When requesting a block cipher in stream cipher mode (e.g., DES in CFB or OFB mode), the user may optionally specify the number of bits to be processed at a time, by appending this number to the mode name as shown in the "DES/CFB8/NoPadding" and "DES/OFB32/PKCS5Padding" transformations. If no such number is specified, a provider-specific default is used.

Field Summary

static int	DECRYPT_MODE Constant used to initialize cipher to decryption mode.
static int	ENCRYPT_MODE Constant used to initialize cipher to encryption mode.

Method Summary

int	doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
static Cipher	getInstance(String transformation) Generates a Cipher object that implements the specified transformation.
byte[]	getIV() Returns the initialization vector (IV) in a new buffer.
void	init(int opmode, Key key) Initializes this cipher with a key.
void	init(int opmode, Key key, AlgorithmParameterSpec params) Initializes this cipher with a key and a set of algorithm parameters.
int	update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENCRYPT_MODE

public static final int ENCRYPT_MODE

Constant used to initialize cipher to encryption mode.

See Also:

Constant Field Values

DECRYPT_MODE

public static final int DECRYPT_MODE

Constant used to initialize cipher to decryption mode.

See Also:

Constant Field Values

Method Detail

getInstance

public static final Cipher getInstance(String transformation)
                                throws NoSuchAlgorithmException,
                                       NoSuchPaddingException

Generates a Cipher object that implements the specified transformation.

Parameters:

transformation - the name of the transformation, e.g., DES/CBC/PKCS5Padding. See Appendix A in the Java Cryptography Extension Reference Guide for information about standard transformation names.

Returns:

a cipher that implements the requested transformation

Throws:

NoSuchAlgorithmException - if the specified transformation is not available

NoSuchPaddingException - if transformation contains a padding scheme that is not available.

init

public final void init(int opmode,
                       Key key)
                throws InvalidKeyException

Initializes this cipher with a key.

The cipher is initialized for one of the following operations: encryption, decryption, depending on the value of opmode.

If this cipher requires any algorithm parameters that cannot be derived from the given key, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption, and raise an InvalidKeyException if it is being initialized for decryption.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Parameters:

opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE or DECRYPT_MODE)

key - the key

Throws:

InvalidKeyException - if the given key is inappropriate for initializing this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters that cannot be determined from the given key, or if the given key has a keysize that exceeds the maximum allowable keysize.

init

public final void init(int opmode,
                       Key key,
                       AlgorithmParameterSpec params)
                throws InvalidKeyException,
                       InvalidAlgorithmParameterException

Initializes this cipher with a key and a set of algorithm parameters.

The cipher is initialized for one of the following operations: encryption or decryption depending on the value of opmode.

If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Parameters:

opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE or DECRYPT_MODE)

key - the encryption key

params - the algorithm parameters

Throws:

InvalidKeyException - if the given key is inappropriate for initializing this cipher, or its keysize exceeds the maximum allowable keysize.

InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or this cipher is being initialized for decryption and requires algorithm parameters and params is null, or the given algorithm parameters imply a cryptographic strength that would exceed the legal limits.

update

public final int update(byte[] input,
                        int inputOffset,
                        int inputLen,
                        byte[] output,
                        int outputOffset)
                 throws IllegalStateException,
                        ShortBufferException

Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, are processed, and the result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer.

If inputLen is zero, this method returns a length of zero.

Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer.

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

output - the buffer for the result

outputOffset - the offset in output where the result is stored

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

ShortBufferException - if the given output buffer is too small to hold the result

doFinal

public final int doFinal(byte[] input,
                         int inputOffset,
                         int inputLen,
                         byte[] output,
                         int outputOffset)
                  throws IllegalStateException,
                         ShortBufferException,
                         IllegalBlockSizeException,
                         BadPaddingException

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer.

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

output - the buffer for the result

outputOffset - the offset in output where the result is stored

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size

ShortBufferException - if the given output buffer is too small to hold the result

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

getIV

public final byte[] getIV()

Returns the initialization vector (IV) in a new buffer. This is useful in the case where a random IV was created.

Returns:

the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.