Package org.graylog2.security

Class AESTools

java.lang.Object
org.graylog2.security.AESTools
public class AESTools extends Object

  • Constructor Summary

    Constructors
    Constructor
    Description
    AESTools()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    decrypt(String cipherText, String encryptionKey, String salt)
    Decrypt the given cipher text value with the given encryption key and the same salt used for encryption using AES CBC.
    static String
    decryptSiv(String cipherText, byte[] encryptionKey)
    Decrypt the given cipher text value with the given encryption key using AES SIV.
    static String
    encrypt(String plainText, String encryptionKey, String salt)
    Encrypt the given plain text value with the given encryption key and salt using AES CBC.
    static String
    encryptSiv(String plainText, byte[] encryptionKey)
    Encrypt the given plain text value with the given encryption key using AES SIV.
    static String
    generateNewSalt()
    Generates a new random salt
    static String
    tryDecrypt(String cipherText, String encryptionKey, String salt)
    Decrypt the given cipher text value with the given encryption key and the same salt used for encryption using AES CBC.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AESTools

      public AESTools()

  • Method Details

    • encrypt

      @Nullable public static String encrypt(String plainText, String encryptionKey, String salt)
      Encrypt the given plain text value with the given encryption key and salt using AES CBC. If the supplied encryption key is not of 16, 24 or 32 bytes length, it will be truncated or padded to the next largest key size before encryption.
      Parameters:
      plainText - the plain text value to encrypt
      encryptionKey - the encryption key
      salt - the salt
      Returns:
      the encrypted hexadecimal cipher text or null if encryption failed

    • decrypt

      @Nullable public static String decrypt(String cipherText, String encryptionKey, String salt)
      Decrypt the given cipher text value with the given encryption key and the same salt used for encryption using AES CBC. If the supplied encryption key is not of 16, 24 or 32 bytes length, it will be truncated or padded to the next largest key size before encryption.
      Parameters:
      cipherText - the hexadecimal cipher text value to decrypt
      encryptionKey - the encryption key
      salt - the salt used for encrypting this cipherText
      Returns:
      the decrypted cipher text or null if decryption failed

    • tryDecrypt

      public static String tryDecrypt(String cipherText, String encryptionKey, String salt) throws org.bouncycastle.crypto.InvalidCipherTextException, GeneralSecurityException
      Decrypt the given cipher text value with the given encryption key and the same salt used for encryption using AES CBC. If the supplied encryption key is not of 16, 24 or 32 bytes length, it will be truncated or padded to the next largest key size before encryption.
      Parameters:
      cipherText - the hexadecimal cipher text value to decrypt
      encryptionKey - the encryption key
      salt - the salt used for encrypting this cipherText
      Returns:
      the decrypted cipher text
      Throws:
      org.bouncycastle.crypto.InvalidCipherTextException
      GeneralSecurityException

    • encryptSiv

      @Nullable public static String encryptSiv(String plainText, byte[] encryptionKey)
      Encrypt the given plain text value with the given encryption key using AES SIV. (RFC 5297)
      Parameters:
      plainText - the plain text value to encrypt
      encryptionKey - the encryption key (must be at least 32 bytes)
      Returns:
      the encrypted cipher text or null if encryption failed
      Throws:
      IllegalArgumentException - if the encryption key is smaller than 32 bytes

    • decryptSiv

      @Nullable public static String decryptSiv(String cipherText, byte[] encryptionKey)
      Decrypt the given cipher text value with the given encryption key using AES SIV. (RFC 5297)
      Parameters:
      cipherText - the cipher text value to decrypt
      encryptionKey - the encryption key (must be at least 32 bytes)
      Returns:
      the decrypted cipher text or null if decryption failed
      Throws:
      IllegalArgumentException - if the encryption key is smaller than 32 bytes

    • generateNewSalt

      public static String generateNewSalt()
      Generates a new random salt
      Returns:
      the generated random salt as a string of hexadecimal digits.