Class EncryptionUtil


  • public final class EncryptionUtil
    extends Object
    Encryption utilities for secrets protection.
    • Method Detail

      • decryptRsa

        public static String decryptRsa​(PrivateKey key,
                                        String encryptedBase64)
                                 throws ConfigEncryptionException
        Decrypt using RSA with OAEP. Expects message encrypted with the public key.
        Parameters:
        key - private key used to decrypt
        encryptedBase64 - base64 encoded encrypted secret
        Returns:
        Secret value
        Throws:
        ConfigEncryptionException - If any problem with decryption occurs
      • decryptRsaLegacy

        public static String decryptRsaLegacy​(Key key,
                                              String encryptedBase64)
                                       throws ConfigEncryptionException
        Decrypt using RSA (private or public key). Expects message encrypted with the other key.
        Parameters:
        key - private or public key to use to decrypt
        encryptedBase64 - base64 encoded encrypted secret
        Returns:
        Secret value
        Throws:
        ConfigEncryptionException - If any problem with decryption occurs
      • encryptAes

        public static String encryptAes​(char[] masterPassword,
                                        String secret)
                                 throws ConfigEncryptionException
        Encrypt using AES with GCM method, key is derived from password with random salt.
        Parameters:
        masterPassword - master password
        secret - secret to encrypt
        Returns:
        Encrypted value base64 encoded
        Throws:
        ConfigEncryptionException - If any problem with encryption occurs
      • encryptAesBytes

        @Deprecated(since="2.2.0")
        public static String encryptAesBytes​(char[] masterPassword,
                                             byte[] secret)
                                      throws ConfigEncryptionException
        Deprecated.
        this method will be removed once a separate module for encryption is created
        Encrypt using AES with GCM method, key is derived from password with random salt.
        Parameters:
        masterPassword - master password
        secret - secret to encrypt
        Returns:
        Encrypted value base64 encoded
        Throws:
        ConfigEncryptionException - If any problem with encryption occurs
      • decryptAesLegacy

        public static String decryptAesLegacy​(char[] masterPassword,
                                              String encryptedBase64)
        Decrypt using legacy AES. Will only decrypt messages encrypted with previously used AES method.
        Parameters:
        masterPassword - master password
        encryptedBase64 - encrypted secret, base64 encoded
        Returns:
        Decrypted secret
      • decryptAes

        public static String decryptAes​(char[] masterPassword,
                                        String encryptedBase64)
                                 throws ConfigEncryptionException
        Decrypt using AES. Will only decrypt messages encrypted with encryptAes(char[], String) as the algorithm used is quite custom (number of bytes of seed, of salt and approach).
        Parameters:
        masterPassword - master password
        encryptedBase64 - encrypted secret, base64 encoded
        Returns:
        Decrypted secret
        Throws:
        ConfigEncryptionException - if something bad happens during decryption (e.g. wrong password)
      • decryptAesBytes

        @Deprecated(since="2.2.0")
        public static byte[] decryptAesBytes​(char[] masterPassword,
                                             String encryptedBase64)
        Deprecated.
        This method will be moved to a new module
        Decrypt using AES. Will only decrypt messages encrypted with encryptAes(char[], String) as the algorithm used is quite custom (number of bytes of seed, of salt and approach).
        Parameters:
        masterPassword - master password
        encryptedBase64 - encrypted secret, base64 encoded
        Returns:
        Decrypted secret
        Throws:
        ConfigEncryptionException - if something bad happens during decryption (e.g. wrong password)