|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object ccs.crypt.Cipher
public abstract class Cipher
A superclass for symmetric (single key) cryptography. The Cipher object
provides a CipherOutputStream
and a corresponding
CipherInputStream
. Plaintext written to the
CipherOutputStream
appears on the underlying stream
as ciphertext; conversely, a CipherInputStream will produce plaintext when
attached to an underlying stream of ciphertext (provided, obviously, that
the passwords match and the same cipher is used for encrypt and decrypt).
The standard cryptographic term for the secret piece of information required to transform ciphertext into plaintext and vice-versa is a "key". Unfortunately, this word is also used in database terminology for the piece of information by which a record is located. Since the primary purpose of this framework is to provide encrypted databases, there is a clash. Therefore, the term "password" will be used for a symmetric key in the cryptographic sense. (If the framework should expand to include asymmetric cryptography, this ambiguity is lifted, since "public key" and "private key" are not database terms). "Password" is an unfortunate term since it need not (and should not) be a word - it can be any arbitrary sequence of octets (bytes) within the range of lengths permitted by the Cipher. However, the term is likely to be familiar to users, and the alternatives sound rather contrived.
When this framework was first written, the standard Java crypto API was unavailable outside the USA / Canada due to US export restrictions, which is part of the reason we wrote our own. Since then, the crypto API has been made available, but the current framework works fine, is light weight, and has no tendency to weaken keys without telling you / require user-unfriendly tweaking to enable full strength keys / etc. etc. In short, it ain't broke and we don't intend to fix it.
Field Summary | |
---|---|
protected byte[] |
passwd
|
Constructor Summary | |
---|---|
Cipher()
|
Method Summary | |
---|---|
abstract long |
getCiphertextLength(long plainlen,
boolean isSelfDelimit)
returns the encrypted length of a given length of plaintext. |
abstract CipherInputStream |
getInputStream(java.io.InputStream is,
boolean isSelfDelimit)
Returns a CipherInputStream that reads ciphertext from the
underlying stream and provides plaintext. |
abstract CipherOutputStream |
getOutputStream(java.io.OutputStream os,
long plainlen)
Returns a CipherOutputStream that accepts plaintext and writes
ciphertext to the underlying stream. |
byte[] |
getPasswd()
Returns a copy of the current password. |
abstract long |
getPlaintextLength(long cipherlen,
boolean isSelfDelimit)
returns the length of plaintext resulting from a given length of ciphertext - the inverse of getCiphertextLength . |
protected void |
out(java.lang.String q)
|
void |
setPasswd(byte[] pw)
Sets the password, and should be called at the start of the encryption procedure. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected byte[] passwd
Constructor Detail |
---|
public Cipher()
Method Detail |
---|
public void setPasswd(byte[] pw) throws CipherException
pw
- the new password.
CipherException
- if doesn't like the pass-string (maybe it's too short
/ too long / too boring / too vulnerable to dictionary attack, depending on how
sophisticated the implementation is.)public byte[] getPasswd()
public abstract long getCiphertextLength(long plainlen, boolean isSelfDelimit)
Cipher
s are not supposed to attempt compression.
plainlen
- the length of plaintext.isSelfDelimit
- Whether the stream includes its own length.
Cipher
.public abstract long getPlaintextLength(long cipherlen, boolean isSelfDelimit)
getCiphertextLength
. However, this
is generally difficult or impossible to calculate for a block cipher since
an unknown amount of padding is present.
cipherlen
- the length of ciphertext.isSelfDelimit
- Whether the stream includes its own length.
Cipher
public abstract CipherOutputStream getOutputStream(java.io.OutputStream os, long plainlen) throws CipherException, java.io.IOException
CipherOutputStream
that accepts plaintext and writes
ciphertext to the underlying stream.
os
- The stream to write ciphertext to.plainlen
- The length of plaintext to be written. If known, this
allows the length to be encrypted as part of the stream itself, and
makes the ciphertext self-delimiting; where many ciphertexts are concatenated
onto a stream, no boundary sequences are required in this mode, which is
preferable. (Such sequences leak information.) Supply -1 if you really
don't know; in this case, you must delimit the ciphertext yourself. Note that
the limit is applied to the ciphertext, not the plaintext; the cipher may allow
you to append a few bytes of garbage without complaining (For a block cipher
with an incomplete last block, this does not change the ciphertext length).
CipherException
- if a cryptographic problem occurs.
java.io.IOException
- if the CipherOutputStream
could not be
created for some reason.public abstract CipherInputStream getInputStream(java.io.InputStream is, boolean isSelfDelimit) throws CipherException, java.io.IOException
CipherInputStream
that reads ciphertext from the
underlying stream and provides plaintext.
is
- The stream to read ciphertext from.isSelfDelimit
- Whether the ciphertext is self-delimiting,
ie. it has its own length stored inside itself. If not, the ciphertext
is assumed to extend to EOF.
CipherException
- if a cryptographic problem occurs.
java.io.IOException
- if the CipherInputStream
could not be
created for some reason.protected void out(java.lang.String q)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |