Skip navigation links

Oracle Fusion Middleware Crypto FIPS Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10696-05


oracle.security.crypto.core
Class Cipher

java.lang.Object
  extended by oracle.security.crypto.core.Coder
      extended by oracle.security.crypto.core.Cipher

Direct Known Subclasses:
Arcfour, BlockCipher, RSApkcs1

public abstract class Cipher
extends Coder

A generic class for representing Ciphers, which may be BlockCiphers or direct descendants of the Cipher class.

While it is possible to instantiate a Cipher implemetation directly, the static factory methods included in the Cipher class are preferred. To use these methods, the user will need to provide an AlgorithmIdentifier, which specifies an algorithm (such as DES in ECB mode) by its OID (Object ID), as well as any additional parameters the algorithm may require to configure itself (such as initialization vectors for CBC mode).

Because AlgorithmIdentifiers are integral to the correct use of Ciphers and to representing the identity and parameters of an algorithm, the AlgID interface is provided which contains a reference instance of each AlgorithmIdentifier supported in the Phaos Security Engine.

For example, to get an initialized instance of a DES Cipher in ECB (electronic code book) mode that uses no padding and a randomly generated key, the following code might be used:

SymmetricKeyGenerator generator = SymmetricKeyGenerator.getInstance(AlgID.desECB);
SymmetricKey key = generator.generateKey();
Cipher desCipher = Cipher.getInstance(AlgID.desECB, key);

At this point the Cipher instance desCipher is ready to be used for either encryption or decryption (of course, decrypting with a random key is not meaningful).

A more common use case for BlockCiphers involves the use of CBC (cipher block chaining) mode, which requires an Initialization Vector (IV). Because IV's do not need to be hidden or have any special values in order to provide an increased level of security in CBC mode, they are generally randomly generated before encryption. Phaos Security Engine BlockCiphers are designed to generate a random IV when they are initialized into CBC mode but aren't provided with an IV. So, the code example above could be used to create a DES instance in CBC mode by merely substituting AlgID.desCBC for AlgID.desECB.

In cases where decryption (or encryption) must be peformed with a given IV, the CBCAlgorithmIdentifier class can be used to pass the IV to the Cipher as a parameter of the AlgorhithmIdentifier. The following code shows how a BlockCipher instance may be obtained that uses CBC mode with a known IV, and that uses PKCS#5 block padding:

// byte[] iv is already instantiated as an IV that has length equal
// to the Block Size of DES(8 bytes).
CBCAlgorithmIdentifier cbcAlgID = new CBCAlgorithmIdentifier(AlgID.desCBC, iv);
SymmetricKeyGenerator generator = SymmetricKeyGenerator.getInstance(AlgID.desCBC);
SymmetricKey key = generator.generateKey();
Cipher desCipher = Cipher.getInstance(cbcAlgID, key, Padding.PKCS5);

Finally, when using a Cipher, it is important to keep a few rules in mind:


Field Summary
static int CBC
          Cipher Block Chaining (CBC) mode.
static int ECB
          Electronic Code Book (ECB) mode (default).
protected  Key key
          Internal key reference that is used by the cipher for either encryption or decryption operations(depending on which one is performed first).
protected  int mode
          Flags the block Mode that the Cipher is operating in.
protected  RandomBitsSource rbs
          RandomBitsSource the Cipher might use during its operation.

 

Constructor Summary
protected Cipher()
           

 

Method Summary
protected  void assertDecryption()
          Used by subclasses to lock the cipher into Decryption mode.
protected  void assertEncryption()
          Used by subclasses to lock the cipher into Encryption mode.
protected  void assertKeyUnwrap()
          Used by subclasses to lock the cipher into Key-Unwrap mode.
protected  void assertKeyWrap()
          Used by subclasses to lock the cipher into Key-Wrap mode.
 Key cloneKey()
          Returns a clone of the Key held by the Cipher.
 byte[] decodeOp(byte[] input)
          Decrypts an array of bytes by calling Cipher.decrypt(byte[]); This implements the Coder interface.
 byte[] decrypt(byte[] input)
          Decrypts an entire array of bytes and returns the original plaintext message.
 byte[] decrypt(byte[] bytes, boolean unpad)
          Decrypts an entire array of bytes and, if specified, unpads the result.
 byte[] decrypt(byte[] input, int inOff, int len)
          Decrypts a sequence of bytes of specified length and returns the original plaintext message.
abstract  byte[] decrypt(byte[] input, int inOff, int len, boolean unpad)
          Decrypts a sequence of bytes of specified length, and, if specified, returns the unpadded plaintext.
abstract  void decrypt(byte[] input, int inOff, int len, byte[] output, int outOff)
          Decrypts a sequence of bytes of specified length and places the original plaintext message in the given output buffer starting at the given offset.
 byte[] encodeOp(byte[] input)
          Encrypts an array of bytes by calling Cipher.encrypt(byte[]);.
 byte[] encrypt(byte[] input)
          Encrypts an entire array of bytes.
 byte[] encrypt(byte[] bytes, boolean pad)
          Encrypts an entire array of bytes and, if specified, performs padding.
 byte[] encrypt(byte[] input, int inOff, int len)
          Encrypts a sequence of bytes of specified length.
abstract  byte[] encrypt(byte[] input, int inOff, int len, boolean pad)
          Encrypts a sequence of bytes of specified length and, if specified, performs padding.
abstract  void encrypt(byte[] input, int inOff, int len, byte[] output, int outOff)
          Encrypts a sequence of bytes of specified length and places the resulting ciphertext in the given output buffer starting at the given offset.
 void erase()
          Erases any sensitive information (such as buffers and subkey tables) stored in this cipher object.
 void finalize()
          Finalizes this Cipher object by calling the erase() method and erasing all sensitive data.
abstract  AlgorithmIdentifier getAlgID()
          Builds an AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.
abstract  int getBlockSize()
          Returns the block size of the cipher, or 0 if the cipher is not a BlockCipher.
static Cipher getInstance(AlgorithmIdentifier algID, Key key)
          Returns an initialized instance of a Cipher based on an AlgorithmIdentifier's Object ID.
static Cipher getInstance(AlgorithmIdentifier algID, Key key, RandomBitsSource rbs)
          Returns an initialized instance of a Cipher based on an AlgorithmIdentifier's Object ID.
static Cipher getInstance(AlgorithmIdentifier algID, SymmetricKey key, Padding.ID paddingID)
          Returns an initialized instance of a BlockCipher based on an AlgorithmIdentifier's Object ID.
static Cipher getInstance(AlgorithmIdentifier algID, SymmetricKey key, Padding.ID paddingID, RandomBitsSource rbs)
          Returns an initialized instance of a BlockCipher based on an AlgorithmIdentifier's Object ID.
static Cipher getInstance(PrivateKey key)
          Returns an initialized instance of the cipher based on the Object ID of the AlgorithmIdentifier contained by the parameter Key.
static Cipher getInstance(PublicKey key)
          Returns an initialized instance of the cipher based on the Object ID of the AlgorithmIdentifier contained by the parameter Key.
 byte[] getIV()
          Returns a clone of the initialization vector that was used by the Cipher instance, or null if the Cipher does not use an initialiation vector.
 int getMode()
          Returns the block mode used by this cipher.
 Padding.ID getPaddingID()
          Gets the ID of the Padding used by the Cipher.
 void initialize(AlgorithmIdentifier algID, Key key)
          This method verifies the AlgorithmIdentifier's Object ID and configures the Cipher appropriately with the params of the AlgorithmIdentifier in addition to the Key.
abstract  void initialize(AlgorithmIdentifier algID, Key key, RandomBitsSource rbs)
          This method verifies the AlgorithmIdentifier's Object ID and configures the Cipher appropriately with the params of the AlgorithmIdentifier in addition to the Key.
 void initialize(AlgorithmIdentifier algID, SymmetricKey key, Padding.ID paddingID)
          This method may be used to initialize a BlockCipher with the given algorithm parameters, symmetric key, and padding descriptor.
 void initialize(AlgorithmIdentifier algID, SymmetricKey key, Padding.ID paddingID, RandomBitsSource rbs)
          This method may be used to initialize a BlockCipher with the given algorithm parameters, symmetric key, and padding descriptor.
protected  void releaseOp()
          Used by subclasses to release the Cipher instance for use by another operation.
abstract  PrivateKey unwrapPrivateKey(byte[] encKey)
          Unwraps a private key using this cipher.
abstract  SymmetricKey unwrapSymmetricKey(byte[] encKey, AlgorithmIdentifier algID)
          Unwraps a symmetric key using this cipher.
abstract  byte[] wrapKey(PrivateKey key)
          Wraps a private key using this cipher.
abstract  byte[] wrapKey(SymmetricKey key)
          Wraps a symmetric key using this cipher.

 

Methods inherited from class oracle.security.crypto.core.Coder
algName, decode, decode, encode, encode

 

Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Field Detail

mode

protected int mode
Flags the block Mode that the Cipher is operating in.

key

protected Key key
Internal key reference that is used by the cipher for either encryption or decryption operations(depending on which one is performed first). This member is erased when the Cipher's erase method is called.

rbs

protected RandomBitsSource rbs
RandomBitsSource the Cipher might use during its operation.

ECB

public static final int ECB
Electronic Code Book (ECB) mode (default).
See Also:
Constant Field Values

CBC

public static final int CBC
Cipher Block Chaining (CBC) mode.
See Also:
Constant Field Values

Constructor Detail

Cipher

protected Cipher()

Method Detail

getInstance

public static Cipher getInstance(AlgorithmIdentifier algID,
                                 Key key)
                          throws AlgorithmIdentifierException,
                                 InvalidKeyException,
                                 CipherException
Returns an initialized instance of a Cipher based on an AlgorithmIdentifier's Object ID.

The resulting instance has been initialized with the given Key, AlgorithmIdentifer and no RandomBitsSource because the Cipher will load the default RandomBitsSource if it is required.

Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will used by the cipher internally.
Returns:
An initialized Cipher instance loaded based on the given AlgorithmIdentifer's Object ID.
Throws:
AlgorithmIdentifierException - If the algID's Object ID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's Object ID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

getInstance

public static Cipher getInstance(AlgorithmIdentifier algID,
                                 Key key,
                                 RandomBitsSource rbs)
                          throws AlgorithmIdentifierException,
                                 InvalidKeyException,
                                 CipherException
Returns an initialized instance of a Cipher based on an AlgorithmIdentifier's Object ID.

The resulting instance has been initialized with the given Key, AlgorithmIdentifer and no RandomBitsSource because the Cipher will load the default RandomBitsSource if it is required.

Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will used by the cipher internally.
rbs - The RandomBitsSourfce to use in this cipher.
Returns:
An initialized Cipher instance loaded based on the given AlgorithmIdentifer's Object ID.
Throws:
AlgorithmIdentifierException - If the algID's Object ID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's Object ID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

getInstance

public static Cipher getInstance(AlgorithmIdentifier algID,
                                 SymmetricKey key,
                                 Padding.ID paddingID)
                          throws AlgorithmIdentifierException,
                                 InvalidKeyException,
                                 CipherException
Returns an initialized instance of a BlockCipher based on an AlgorithmIdentifier's Object ID.

The resulting instance has been initialized with the given Key, AlgorithmIdentifer, Padding.ID and no RandomBitsSource because the Cipher will load the default RandomBitsSource if it is required.

Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will used by the cipher internally.
paddingID - Used to indicate the type of padding that the Cipher should use. Options are Padding.NONE or Padding.PKCS5. A Cipher must be re-initialized before being used with the other Padding type.
Returns:
An initialized Cipher instance loaded based on the given AlgorithmIdentifer's Object ID.
Throws:
AlgorithmIdentifierException - If the algID's Object ID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's Object ID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

getInstance

public static Cipher getInstance(AlgorithmIdentifier algID,
                                 SymmetricKey key,
                                 Padding.ID paddingID,
                                 RandomBitsSource rbs)
                          throws AlgorithmIdentifierException,
                                 InvalidKeyException,
                                 CipherException
Returns an initialized instance of a BlockCipher based on an AlgorithmIdentifier's Object ID.

The resulting instance has been initialized with the given Key, AlgorithmIdentifer, Padding.ID and no RandomBitsSource because the Cipher will load the default RandomBitsSource if it is required.

Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will used by the cipher internally.
paddingID - Used to indicate the type of padding that the Cipher should use. Options are Padding.NONE or Padding.PKCS5. A Cipher must be re-initialized before being used with the other Padding type.
rbs - The RandomBitsSourfce to use in this cipher.
Returns:
An initialized Cipher instance loaded based on the given AlgorithmIdentifer's Object ID.
Throws:
AlgorithmIdentifierException - If the algID's Object ID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's Object ID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

getInstance

public static Cipher getInstance(PrivateKey key)
                          throws AlgorithmIdentifierException,
                                 InvalidKeyException
Returns an initialized instance of the cipher based on the Object ID of the AlgorithmIdentifier contained by the parameter Key. The Cipher is then initialized with the given Key, the key's AlgorithmIdentifier, and no RandomBitsSource because the Cipher will load the default RandomBitsSource if it is required.

The resulting instance is ready to be used.

Parameters:
key - The PrivateKey whose AlgorithmIdentifier will be retrieved and used for its Object ID to locate an appropriate Cipher instance.
Returns:
A Cipher instance that has been initialized with the given Key's AlgorithmIdentifier in addition to the key itself and the default RandomBitsSource.
Throws:
AlgorithmIdentifierException - If the algID's Object ID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's Object ID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.

getInstance

public static Cipher getInstance(PublicKey key)
                          throws AlgorithmIdentifierException,
                                 InvalidKeyException
Returns an initialized instance of the cipher based on the Object ID of the AlgorithmIdentifier contained by the parameter Key. The Cipher is then intiialized with the given Key, the key's AlgorithmIdentifier, and the default RandomBitsSource.

The resulting instance is ready to be used.

Parameters:
key - The PublicKey whose AlgorithmIdentifier will be retrieved and used for its Object ID to locate an appropriate Cipher instance.
Returns:
A Cipher instance that has been initialized with the given Key's AlgorithmIdentifier in addition to the key itself and the default RandomBitsSource.
Throws:
AlgorithmIdentifierException - If no suitable Cipher can be found for the given AlgorithmIdentifier or if there is a problem initializing the Cipher instance with the given AlgorithmIdentifier.
InvalidKeyException - If there is a problem initializing the Cipher with the Key.

initialize

public void initialize(AlgorithmIdentifier algID,
                       Key key)
                throws AlgorithmIdentifierException,
                       InvalidKeyException,
                       CipherException
This method verifies the AlgorithmIdentifier's Object ID and configures the Cipher appropriately with the params of the AlgorithmIdentifier in addition to the Key. All properties not specified in the method arguments are set to their Cipher-specific default values.
Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will be used by the cipher internally.
Throws:
AlgorithmIdentifierException - If the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

initialize

public abstract void initialize(AlgorithmIdentifier algID,
                                Key key,
                                RandomBitsSource rbs)
                         throws AlgorithmIdentifierException,
                                InvalidKeyException,
                                CipherException
This method verifies the AlgorithmIdentifier's Object ID and configures the Cipher appropriately with the params of the AlgorithmIdentifier in addition to the Key. All properties not specified in the method arguments are set to their Cipher-specific default values.
Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will be used by the cipher internally.
rbs - The RandomBitsSourfce to use in this cipher.
Throws:
AlgorithmIdentifierException - If the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

initialize

public void initialize(AlgorithmIdentifier algID,
                       SymmetricKey key,
                       Padding.ID paddingID)
                throws AlgorithmIdentifierException,
                       InvalidKeyException,
                       CipherException
This method may be used to initialize a BlockCipher with the given algorithm parameters, symmetric key, and padding descriptor.
Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will be used by the cipher internally.
paddingID - Used to indicate the type of padding that the Cipher should use. Options are Padding.NONE or Padding.PKCS5. A Cipher must be re-initialized before being used with the other Padding type.
Throws:
AlgorithmIdentifierException - If the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

initialize

public void initialize(AlgorithmIdentifier algID,
                       SymmetricKey key,
                       Padding.ID paddingID,
                       RandomBitsSource rbs)
                throws AlgorithmIdentifierException,
                       InvalidKeyException,
                       CipherException
This method may be used to initialize a BlockCipher with the given algorithm parameters, symmetric key, and padding descriptor.
Parameters:
algID - The AlgorithmIdentifier whose params will be used to configure the cipher.
key - The Key instance that will be used by the cipher internally.
paddingID - Used to indicate the type of padding that the Cipher should use. Options are Padding.NONE or Padding.PKCS5. A Cipher must be re-initialized before being used with the other Padding type.
rbs - The RandomBitsSourfce to use in this cipher.
Throws:
AlgorithmIdentifierException - If the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.
InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.
CipherException - If there is a problem initializing the Cipher.

cloneKey

public Key cloneKey()
Returns a clone of the Key held by the Cipher.
Returns:
A clone of the Key instance held by the Cipher.

decrypt

public byte[] decrypt(byte[] input)
               throws CipherException
Decrypts an entire array of bytes and returns the original plaintext message. This method will not attempt to unpad the result.
Parameters:
input - The data to be decrypted.
Returns:
The plaintext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for encryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the decryption process.

decrypt

public byte[] decrypt(byte[] bytes,
                      boolean unpad)
               throws CipherException
Decrypts an entire array of bytes and, if specified, unpads the result.
Parameters:
bytes - The data to be decrypted.
unpad - true if padding is to be removed, false otherwise.
Returns:
The plaintext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for encryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the decryption process.

decrypt

public byte[] decrypt(byte[] input,
                      int inOff,
                      int len)
               throws CipherException
Decrypts a sequence of bytes of specified length and returns the original plaintext message. This method will not attempt to unpad the result.
Parameters:
input - The buffer in which data to be decrypted is stored.
inOff - The offset within buffer of the start of data.
len - The length of the data.
Returns:
The plaintext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for encryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the decryption process.

decrypt

public abstract byte[] decrypt(byte[] input,
                               int inOff,
                               int len,
                               boolean unpad)
                        throws CipherException
Decrypts a sequence of bytes of specified length, and, if specified, returns the unpadded plaintext.
Parameters:
input - The buffer in which data to be decrypted is stored.
inOff - The offset within buffer of the start of data.
len - The length of the data.
unpad - Specifies whether the plaintext should have padding removed.
Returns:
The plaintext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for encryption without being re-initialized, if the data is not a multiple of the block size and no padding is specified, or if an error occurred during the decryption process.

decrypt

public abstract void decrypt(byte[] input,
                             int inOff,
                             int len,
                             byte[] output,
                             int outOff)
                      throws CipherException
Decrypts a sequence of bytes of specified length and places the original plaintext message in the given output buffer starting at the given offset. This method will not attempt to unpad the result.
Parameters:
input - The buffer in which data to be decrypted is stored.
inOff - The offset within buffer of the start of data.
len - The length of the data.
output - The array to place the decrypted bytes.
outOff - The offset of the start of the decrypted bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for encryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the decryption process.

decodeOp

public final byte[] decodeOp(byte[] input)
                      throws CipherException
Decrypts an array of bytes by calling Cipher.decrypt(byte[]); This implements the Coder interface.
Specified by:
decodeOp in class Coder
Parameters:
input - The data to be decrypted.
Returns:
The decrypted data.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for encryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the decryption process.

encrypt

public byte[] encrypt(byte[] input)
               throws CipherException
Encrypts an entire array of bytes. This method will not attempt to pad the input.
Parameters:
input - The data to be encrypted.
Returns:
The ciphertext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for decryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the encryption process.

encrypt

public byte[] encrypt(byte[] bytes,
                      boolean pad)
               throws CipherException
Encrypts an entire array of bytes and, if specified, performs padding.
Parameters:
bytes - The data to be encrypted.
pad - true if padding is to be used, false otherwise.
Returns:
The ciphertext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for decryption without being re-initialized, if the data is not a multiple of the block size and no padding is specified, or if an error occurred during the encryption process.

encrypt

public byte[] encrypt(byte[] input,
                      int inOff,
                      int len)
               throws CipherException
Encrypts a sequence of bytes of specified length. This method will not attempt to pad the input.
Parameters:
input - The buffer in which data to be encrypted is stored.
inOff - The offset within buffer of the start of the data.
len - The length of the data.
Returns:
The ciphertext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for decryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the encryption process.

encrypt

public abstract byte[] encrypt(byte[] input,
                               int inOff,
                               int len,
                               boolean pad)
                        throws CipherException
Encrypts a sequence of bytes of specified length and, if specified, performs padding.
Parameters:
input - The buffer in which data to be encrypted is stored.
inOff - The offset within buffer of the start of the data.
len - The length of the data.
pad - true if padding is to be used, false otherwise.
Returns:
The ciphertext bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for decryption without being re-initialized, if the data is not a multiple of the block size and no padding is specified, or if an error occurred during the encryption process.

encrypt

public abstract void encrypt(byte[] input,
                             int inOff,
                             int len,
                             byte[] output,
                             int outOff)
                      throws CipherException
Encrypts a sequence of bytes of specified length and places the resulting ciphertext in the given output buffer starting at the given offset. This method will not attempt to unpad the result.
Parameters:
input - The array of bytes to encrypt.
inOff - The offset of the start of data to encrypt.
len - The length of the data to encrypt.
output - The array to place the encrypted bytes.
outOff - The offset of the start of the encrypted bytes.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for decryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the encryption process.

encodeOp

public final byte[] encodeOp(byte[] input)
                      throws CipherException
Encrypts an array of bytes by calling Cipher.encrypt(byte[]);. This implements the Coder interface.
Specified by:
encodeOp in class Coder
Parameters:
input - The data to be encrypted.
Returns:
The encrypted data.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for decryption without being re-initialized, if the data is not a multiple of the block size, or if an error occurred during the encryption process.

wrapKey

public abstract byte[] wrapKey(PrivateKey key)
                        throws CipherException
Wraps a private key using this cipher. Some ciphers may not be used to wrap a private key.
Parameters:
key - The private key to wrap.
Returns:
The encrypted key.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for wrapping without being re-initialized or if an error occurred during the wrapping process.

wrapKey

public abstract byte[] wrapKey(SymmetricKey key)
                        throws CipherException
Wraps a symmetric key using this cipher.
Parameters:
key - The symmetric key to wrap.
Returns:
The encrypted key.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for wrapping without being re-initialized or if an error occurred during the wrapping process.

unwrapPrivateKey

public abstract PrivateKey unwrapPrivateKey(byte[] encKey)
                                     throws CipherException
Unwraps a private key using this cipher.
Parameters:
encKey - The encrypted key.
Returns:
The unwrapped symmetric key.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for unwrapping without being re-initialized or if an error occurred during the decryption process.

unwrapSymmetricKey

public abstract SymmetricKey unwrapSymmetricKey(byte[] encKey,
                                                AlgorithmIdentifier algID)
                                         throws CipherException
Unwraps a symmetric key using this cipher.
Parameters:
encKey - The encrypted key.
algID - The algorithm identifier of the wrapped symmetric key.
Returns:
The unwrapped symmetric key.
Throws:
CipherException - If the Cipher was not initialized, if the Cipher was used for unwrapping without being re-initialized or if an error occurred during the encryption process.

erase

public void erase()
Erases any sensitive information (such as buffers and subkey tables) stored in this cipher object. Additionally, this will erase the reference of the cipher's key.

finalize

public void finalize()
Finalizes this Cipher object by calling the erase() method and erasing all sensitive data.
Overrides:
finalize in class java.lang.Object

getAlgID

public abstract AlgorithmIdentifier getAlgID()
Builds an AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.

Altering this AlgorithmIdentifier will have no effect on the state of the Cipher.

Returns:
A newly constructed AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.

getMode

public int getMode()
Returns the block mode used by this cipher.

getPaddingID

public Padding.ID getPaddingID()
Gets the ID of the Padding used by the Cipher. If the Cipher instance is not a BlockCipher, a null reference will be returned.
Returns:
the Padding.ID of the Padding used by the Cipher or null if its not a BlockCipher
See Also:
Padding.ID

getBlockSize

public abstract int getBlockSize()
Returns the block size of the cipher, or 0 if the cipher is not a BlockCipher.
Specified by:
getBlockSize in class Coder

getIV

public byte[] getIV()
Returns a clone of the initialization vector that was used by the Cipher instance, or null if the Cipher does not use an initialiation vector.

Note: Only BlockCiphers use initialization vectors

Returns:
a clone of the IV or null if the Cipher isn't using one.

releaseOp

protected final void releaseOp()
Used by subclasses to release the Cipher instance for use by another operation. For example, whenever the Cipher is initialized this method should be called.

assertDecryption

protected final void assertDecryption()
                               throws CipherException
Used by subclasses to lock the cipher into Decryption mode. If the Cipher has already been locked into another mode without having releaseOp called, a CipherException is thrown.
Throws:
CipherException - is thrown if the Cipher is already locked into another mode.

assertEncryption

protected final void assertEncryption()
                               throws CipherException
Used by subclasses to lock the cipher into Encryption mode. If the Cipher has already been locked into another mode without having releaseOp called, a CipherException is thrown.
Throws:
CipherException - is thrown if the Cipher is already locked into another mode.

assertKeyWrap

protected final void assertKeyWrap()
                            throws CipherException
Used by subclasses to lock the cipher into Key-Wrap mode. If the Cipher has already been locked into antoher mode without having releaseOp called, a CipherException is thrown.
Throws:
CipherException - If the Cipher is already locked into another mode.

assertKeyUnwrap

protected final void assertKeyUnwrap()
                              throws CipherException
Used by subclasses to lock the cipher into Key-Unwrap mode. If the Cipher has already been locked into another mode without having releaseOp called, a CipherException is thrown.
Throws:
CipherException - If the Cipher is already locked into another mode.

Skip navigation links

Oracle Fusion Middleware Crypto FIPS Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10696-05


Copyright © 2005, 2013, Oracle. All rights reserved.