4.2 More about the spring security Crypto module

4.2.1 Using key generators

two main types of key generators: BytesKeyGenerator and StringKeyGenerator
the definition of the StringKeyGenerator contract in this code snippet:

  1. public interface StringKeyGenerator {
  2.      String generateKey();
  3. }

how to obtain a StringKeyGenerator instance and how to use it to get a salt value:

  1. StringKeyGenerator keyGenerator = KeyGenerators.string();
  2. String salt = keyGenerator.generateKey();

BytesKeyGenerator is defined as follows:

  1. public interface BytesKeyGenerator {
  2.     int getKeyLength();
  3.     byte[] generateKey();
  5. }

A default ByteKeyGenerator generates keys of 8-byte length:

  1. BytesKeyGenerator keyGenerator = KeyGenerators.secureRandom();
  2. byte [] key = keyGenerator.generateKey();
  3. int keyLength = keyGenerator.getKeyLength();

change the key generator generates keys of 8-byte length

  1. BytesKeyGenerator keyGenerator = KeyGenerators.secureRandom(16);

an implementation that returns the same key value for each call of the same key generator. key1 and key2 have the same value

  1. BytesKeyGenerator keyGenerator = KeyGenerators.shared(16);
  2. byte [] key1 = keyGenerator.generateKey();
  3. byte [] key2 = keyGenerator.generateKey();

4.2.2 Using encryptors for encryption and decryption operations

There are two types of encryptors defined by the SSCM: BytesEncryptor and TextEncryptor
the definition of the TextEncryptor

  1. public interface TextEncryptor {
  2.      String encrypt(String text);
  3.      String decrypt(String encryptedText);
  4. }

the definition of the BytesEncryptor

  1. public interface BytesEncryptor {
  2.      byte[] encrypt(byte[] byteArray);
  3.      byte[] decrypt(byte[] encryptedByteArray);
  4. }

what options we have to build and use an encryptor

  1. String salt = KeyGenerators.string().generateKey();
  2. String password = "secret";
  3. String valueToEncrypt = "HELLO";
  5. BytesEncryptor e = Encryptors.standard(password, salt);
  6. byte [] encrypted = e.encrypt(valueToEncrypt.getBytes());
  7. byte [] decrypted = e.decrypt(encrypted);

To build a stronger instance of the byte encryptor, you can call the Encryptors.stronger()

  1. BytesEncryptor e = Encryptors.stronger(password, salt);

an example of using a TextEncryptor

  1. String valueToEncrypt = "HELLO";
  2. TextEncryptor e = Encryptors.noOpText();
  3. String encrypted = e.encrypt(valueToEncrypt);
  1. String salt = KeyGenerators.string().generateKey();
  2. String password = "secret";
  3. String valueToEncrypt = "HELLO";
  5. TextEncryptor e = Encryptors.text(password, salt); 
  6. String encrypted = e.encrypt(valueToEncrypt);
  7. String decrypted = e.decrypt(encrypted);

In the following example, the value of the encrypted1 equals the value of the encrypted2:

  1. String salt = KeyGenerators.string().generateKey();
  2. String password = "secret";
  3. String valueToEncrypt = "HELLO";
  5. TextEncryptor e = Encryptors.queryableText(password, salt); 
  6. String encrypted1 = e.encrypt(valueToEncrypt);
  7. String encrypted2 = e.encrypt(valueToEncrypt);