public class Key extends Object
Copyright © 2017 Carlos Macasaet.
Modifier | Constructor and Description |
---|---|
protected |
Key(byte[] concatenatedKeys) |
protected |
Key(byte[] signingKey,
byte[] encryptionKey)
Create a Key from individual components.
|
|
Key(String string) |
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(byte[] cipherText,
IvParameterSpec initializationVector)
Decrypt the payload of a Fernet token.
|
byte[] |
encrypt(byte[] payload,
IvParameterSpec initializationVector)
Encrypt a payload to embed in a Fernet token
|
static Key |
generateKey(Random random)
Generate a random key
|
protected String |
getCipherTransformation() |
protected Base64.Encoder |
getEncoder() |
protected String |
getEncryptionAlgorithm() |
protected byte[] |
getEncryptionKey() |
protected SecretKeySpec |
getEncryptionKeySpec() |
protected String |
getSigningAlgorithm() |
protected byte[] |
getSigningKey() |
protected SecretKeySpec |
getSigningKeySpec() |
protected int |
getTokenPrefixBytes() |
String |
serialise() |
byte[] |
sign(byte version,
Instant timestamp,
IvParameterSpec initializationVector,
byte[] cipherText)
Generate an HMAC SHA-256 signature from the components of a Fernet token.
|
void |
writeTo(OutputStream outputStream)
Write the raw bytes of this key to the specified output stream.
|
protected Key(byte[] signingKey, byte[] encryptionKey)
signingKey
- a 128-bit (16 byte) key for signing tokens.encryptionKey
- a 128-bit (16 byte) key for encrypting and decrypting token contents.protected Key(byte[] concatenatedKeys)
concatenatedKeys
- an array of 32 bytes of which the first 16 is the signing key and the last 16 is the
encryption/decryption keypublic Key(String string)
string
- a Base 64 URL string in the format Signing-key (128 bits) || Encryption-key (128 bits)public static Key generateKey(Random random)
random
- source of entropypublic byte[] sign(byte version, Instant timestamp, IvParameterSpec initializationVector, byte[] cipherText)
version
- the Fernet version numbertimestamp
- the seconds after the epoch that the token was generatedinitializationVector
- the encryption and decryption initialization vectorcipherText
- the encrypted content of the tokenprotected SecretKeySpec getSigningKeySpec()
protected SecretKeySpec getEncryptionKeySpec()
public byte[] encrypt(byte[] payload, IvParameterSpec initializationVector)
payload
- the raw bytes of the data to store in a tokeninitializationVector
- random bytes from a high-entropy source to initialise the AES cipherdecrypt(byte[], IvParameterSpec)
public byte[] decrypt(byte[] cipherText, IvParameterSpec initializationVector)
cipherText
- the padded encrypted payload of a token. The length must be a multiple of 16 (128 bits).initializationVector
- the random bytes used in the AES encryption of the tokenencrypt(byte[], IvParameterSpec)
public String serialise()
public void writeTo(OutputStream outputStream) throws IOException
outputStream
- the targetIOException
- if the underlying I/O device cannot be written toprotected byte[] getSigningKey()
protected byte[] getEncryptionKey()
protected int getTokenPrefixBytes()
protected String getSigningAlgorithm()
protected String getEncryptionAlgorithm()
protected Base64.Encoder getEncoder()
protected String getCipherTransformation()
Copyright © 2017. All rights reserved.