Package com.babelqueue.gdpr
Class AesGcmCipher
java.lang.Object
com.babelqueue.gdpr.AesGcmCipher
- All Implemented Interfaces:
Cipher
A reference
Cipher built ONLY on the JDK's javax.crypto (AES/GCM/NoPadding):
AES-GCM authenticated encryption with a fresh random 12-byte IV per call, the IV prepended
to the ciphertext, the whole thing Base64-encoded so it drops straight into a JSON string. The key
is the CALLER's — this type performs no key management, rotation or derivation; bind a KMS-backed
Cipher for that.
A 32-byte key selects AES-256-GCM (recommended); 24- and 16-byte keys select AES-192/128-GCM.
GCM authenticates the ciphertext, so decrypt(java.lang.String) rejects any tampered or wrong-key input by
throwing (it never returns corrupt plaintext). It pulls no third-party crypto dependency (GR-7)
and is safe for concurrent use — javax.crypto.Cipher instances are created per call, and
the stored key material is only read.
-
Constructor Summary
ConstructorsConstructorDescriptionAesGcmCipher(byte[] keyBytes) Build an AES-GCM reference cipher from a raw symmetric key. -
Method Summary
Modifier and TypeMethodDescriptionbyte[]Reversesencrypt(byte[]): Base64-decodes, splits off the prepended IV, and opens the GCM ciphertext.encrypt(byte[] plaintext) Sealsplaintextwith a fresh random IV, prepends the IV, and Base64-encodes the result (Base64(iv || ciphertext || tag)).
-
Constructor Details
-
AesGcmCipher
public AesGcmCipher(byte[] keyBytes) Build an AES-GCM reference cipher from a raw symmetric key. The key length selects the AES variant: 32 bytes → AES-256-GCM (recommended), 24 → AES-192, 16 → AES-128.- Parameters:
keyBytes- the raw symmetric key (16, 24, or 32 bytes)- Throws:
InvalidKeySizeException- if the key is not 16, 24, or 32 bytes
-
-
Method Details
-
encrypt
Sealsplaintextwith a fresh random IV, prepends the IV, and Base64-encodes the result (Base64(iv || ciphertext || tag)).- Specified by:
encryptin interfaceCipher- Parameters:
plaintext- the canonical JSON bytes of one field value- Returns:
- the ciphertext, encoded so it is safe to place inside a JSON string
- Throws:
GeneralSecurityException
-
decrypt
Reversesencrypt(byte[]): Base64-decodes, splits off the prepended IV, and opens the GCM ciphertext. A wrong key or tampered input fails GCM authentication and throws (never corrupt plaintext).- Specified by:
decryptin interfaceCipher- Parameters:
ciphertext- a string produced byCipher.encrypt(byte[])- Returns:
- the original field-value JSON bytes
- Throws:
MalformedCiphertextException- if the input is not valid Base64 or is too short to hold an IV (i.e. not something this cipher produced)GeneralSecurityException- if GCM authentication fails (wrong key or tampering)
-