Package org.jivesoftware.util

Class AesEncryptor

java.lang.Object
org.jivesoftware.util.AesEncryptor
All Implemented Interfaces:
Encryptor
public class AesEncryptor extends Object implements Encryptor
Utility class providing symmetric AES encryption/decryption. To strengthen the encrypted result, use the setKey(byte[]) method to provide a custom key prior to invoking the encrypt(java.lang.String) or decrypt(java.lang.String) methods.
Author:
Tom Evans

  • Constructor Details

    • AesEncryptor

      public AesEncryptor()
      Default constructor

    • AesEncryptor

      public AesEncryptor(String key)
      Custom key constructor
      Parameters:
      key - the custom key

  • Method Details

    • encrypt

      @Deprecated public String encrypt(String value)
      Deprecated.
      This method uses a hardcoded IV which makes encryption deterministic (same plaintext always produces same ciphertext). This is a security vulnerability as it enables pattern analysis attacks. Use encrypt(String, byte[]) with a randomly generated IV instead. This method is only kept for backward compatibility with existing encrypted values in configuration files.
      Encrypts a string value using AES with hardcoded IV.
      Specified by:
      encrypt in interface Encryptor
      Parameters:
      value - the value to encrypt
      Returns:
      the Base64-encoded encrypted value, or null if input is null
      See Also:

    • encrypt

      public String encrypt(String value, byte[] iv)
      Description copied from interface: Encryptor
      Encrypt a clear text String.
      Specified by:
      encrypt in interface Encryptor
      Parameters:
      value - The clear text attribute
      iv - The IV to use, or null for the default IV
      Returns:
      The encrypted attribute, or null

    • decrypt

      public String decrypt(String value)
      Decrypts a Base64-encoded encrypted string using AES with hardcoded IV. This method is kept for backward compatibility with values encrypted by older versions of Openfire that used a hardcoded IV. For new encryption operations, use encrypt(String, byte[]) with a randomly generated IV and decrypt(String, byte[]) with the same IV for decryption.
      Specified by:
      decrypt in interface Encryptor
      Parameters:
      value - the Base64-encoded encrypted value to decrypt
      Returns:
      the decrypted plaintext value, or null if input is null
      See Also:

    • decrypt

      public String decrypt(String value, byte[] iv)
      Description copied from interface: Encryptor
      Decrypt an encrypted String.
      Specified by:
      decrypt in interface Encryptor
      Parameters:
      value - The encrypted attribute in Base64 encoding
      iv - The IV to use, or null for the default IV
      Returns:
      The clear text attribute, or null

    • setKey

      public void setKey(String key)
      Description copied from interface: Encryptor
      Set the encryption key. This will apply the user-defined key, truncated or filled (via the default key) as needed to meet the key length specifications.
      Specified by:
      setKey in interface Encryptor
      Parameters:
      key - The encryption key