Class EncryptionUtil

java.lang.Object
io.helidon.config.encryption.EncryptionUtil

public final class EncryptionUtil extends Object
Encryption utilities for secrets protection.
  • Method Details

    • decryptRsa

      public static String decryptRsa(PrivateKey key, String encryptedBase64) throws ConfigEncryptionException
      Decrypt using RSA with OAEP. Expects message encrypted with the public key.
      Parameters:
      key - private key used to decrypt
      encryptedBase64 - base64 encoded encrypted secret
      Returns:
      Secret value
      Throws:
      ConfigEncryptionException - If any problem with decryption occurs
    • decryptRsaLegacy

      public static String decryptRsaLegacy(Key key, String encryptedBase64) throws ConfigEncryptionException
      Decrypt using RSA (private or public key). Expects message encrypted with the other key.
      Parameters:
      key - private or public key to use to decrypt
      encryptedBase64 - base64 encoded encrypted secret
      Returns:
      Secret value
      Throws:
      ConfigEncryptionException - If any problem with decryption occurs
    • encryptRsa

      public static String encryptRsa(PublicKey key, String secret) throws ConfigEncryptionException
      Encrypt secret using RSA with OAEP.
      Parameters:
      key - public key used to encrypt
      secret - secret to encrypt
      Returns:
      base64 encoded encrypted bytes
      Throws:
      ConfigEncryptionException - If any problem with encryption occurs
    • encryptAes

      public static String encryptAes(char[] masterPassword, String secret) throws ConfigEncryptionException
      Encrypt using AES with GCM method, key is derived from password with random salt.
      Parameters:
      masterPassword - master password
      secret - secret to encrypt
      Returns:
      Encrypted value base64 encoded
      Throws:
      ConfigEncryptionException - If any problem with encryption occurs
    • encryptAesBytes

      @Deprecated(since="2.2.0") public static String encryptAesBytes(char[] masterPassword, byte[] secret) throws ConfigEncryptionException
      Deprecated.
      this method will be removed once a separate module for encryption is created
      Encrypt using AES with GCM method, key is derived from password with random salt.
      Parameters:
      masterPassword - master password
      secret - secret to encrypt
      Returns:
      Encrypted value base64 encoded
      Throws:
      ConfigEncryptionException - If any problem with encryption occurs
    • decryptAesLegacy

      public static String decryptAesLegacy(char[] masterPassword, String encryptedBase64)
      Decrypt using legacy AES. Will only decrypt messages encrypted with previously used AES method.
      Parameters:
      masterPassword - master password
      encryptedBase64 - encrypted secret, base64 encoded
      Returns:
      Decrypted secret
    • decryptAes

      public static String decryptAes(char[] masterPassword, String encryptedBase64) throws ConfigEncryptionException
      Decrypt using AES. Will only decrypt messages encrypted with encryptAes(char[], String) as the algorithm used is quite custom (number of bytes of seed, of salt and approach).
      Parameters:
      masterPassword - master password
      encryptedBase64 - encrypted secret, base64 encoded
      Returns:
      Decrypted secret
      Throws:
      ConfigEncryptionException - if something bad happens during decryption (e.g. wrong password)
    • decryptAesBytes

      @Deprecated(since="2.2.0") public static byte[] decryptAesBytes(char[] masterPassword, String encryptedBase64)
      Deprecated.
      This method will be moved to a new module
      Decrypt using AES. Will only decrypt messages encrypted with encryptAes(char[], String) as the algorithm used is quite custom (number of bytes of seed, of salt and approach).
      Parameters:
      masterPassword - master password
      encryptedBase64 - encrypted secret, base64 encoded
      Returns:
      Decrypted secret
      Throws:
      ConfigEncryptionException - if something bad happens during decryption (e.g. wrong password)