Package io.helidon.config.encryption

Class EncryptionUtil

java.lang.Object

io.helidon.config.encryption.EncryptionUtil

public final class EncryptionUtil
extends Object

Encryption utilities for secrets protection.

Method Summary

Modifier and Type	Method	Description
static String	decryptAes(char[] masterPassword, String encryptedBase64)	Decrypt using AES.
static String	decryptAesLegacy(char[] masterPassword, String encryptedBase64)	Decrypt using legacy AES.
static String	decryptRsa(PrivateKey key, String encryptedBase64)	Decrypt using RSA with OAEP.
static String	decryptRsaLegacy(Key key, String encryptedBase64)	Decrypt using RSA (private or public key).
static String	encryptAes(char[] masterPassword, String secret)	Encrypt using AES with GCM method, key is derived from password with random salt.
static String	encryptRsa(PublicKey key, String secret)	Encrypt secret using RSA with OAEP.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

decryptRsa

public static String decryptRsa(PrivateKey key,
                                String encryptedBase64)
                         throws ConfigEncryptionException

Decrypt using RSA with OAEP. Expects message encrypted with the public key.

Parameters:

key - private key used to decrypt

encryptedBase64 - base64 encoded encrypted secret

Returns:

Secret value

Throws:

ConfigEncryptionException - If any problem with decryption occurs

decryptRsaLegacy

public static String decryptRsaLegacy(Key key,
                                      String encryptedBase64)
                               throws ConfigEncryptionException

Decrypt using RSA (private or public key). Expects message encrypted with the other key.

Parameters:

key - private or public key to use to decrypt

encryptedBase64 - base64 encoded encrypted secret

Returns:

Secret value

Throws:

ConfigEncryptionException - If any problem with decryption occurs

encryptRsa

public static String encryptRsa(PublicKey key,
                                String secret)
                         throws ConfigEncryptionException

Encrypt secret using RSA with OAEP.

Parameters:

key - public key used to encrypt

secret - secret to encrypt

Returns:

base64 encoded encrypted bytes

Throws:

ConfigEncryptionException - If any problem with encryption occurs

encryptAes

public static String encryptAes(char[] masterPassword,
                                String secret)
                         throws ConfigEncryptionException

Encrypt using AES with GCM method, key is derived from password with random salt.

Parameters:

masterPassword - master password

secret - secret to encrypt

Returns:

Encrypted value base64 encoded

Throws:

ConfigEncryptionException - If any problem with encryption occurs

decryptAesLegacy

public static String decryptAesLegacy(char[] masterPassword,
                                      String encryptedBase64)

Decrypt using legacy AES. Will only decrypt messages encrypted with previously used AES method.

Parameters:

masterPassword - master password

encryptedBase64 - encrypted secret, base64 encoded

Returns:

Decrypted secret

decryptAes

public static String decryptAes(char[] masterPassword,
                                String encryptedBase64)
                         throws ConfigEncryptionException

Decrypt using AES. Will only decrypt messages encrypted with encryptAes(char[], String) as the algorithm used is quite custom (number of bytes of seed, of salt and approach).

Parameters:

masterPassword - master password

encryptedBase64 - encrypted secret, base64 encoded

Returns:

Decrypted secret

Throws:

ConfigEncryptionException - if something bad happens during decryption (e.g. wrong password)