Contents | Package | Class | Tree | Deprecated | Index | Help
PREV | NEXT SHOW LISTS | HIDE LISTS

Class javax.crypto.Cipher

java.lang.Object
    |
    +----javax.crypto.Cipher
Subclasses:
NullCipher

public class Cipher
extends java.lang.Object
This class provides the functionality of a cryptographic cipher for encryption and decryption. It forms the core of the Java Cryptographic Extension (JCE) framework.

In order to create a Cipher object, the application calls the Cipher's getInstance method, and passes the name of the requested transformation to it. Optionally, the name of a provider may be specified.

A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm (e.g., DES), and may be followed by a feedback mode and padding scheme. A transformation is of the form: "algorithm" or "algorithm/mode/padding" (in the former case, provider-specific defaults are used for mode and padding). For example, "DES/CBC/PKCS5Padding" represents a valid transformation.

When requesting a block cipher in stream cipher mode (e.g., DES in CFB or OFB mode), the user may optionally specify the number of bits to be processed at a time, by appending this number to the mode name as shown in the "DES/CFB8/NoPadding" and "DES/OFB32/PKCS5Padding" transformations. If no such number is specified, a provider-specific default is used. (For example, the SunJCE provider uses a default of 64 bits.)

See Also:
KeyGenerator, SecretKey, java.security.KeyPairGenerator, java.security.PublicKey, java.security.PrivateKey, java.security.AlgorithmParameters, java.security.spec.AlgorithmParameterSpec

Field Summary
static int  DECRYPT_MODE
 
static int  ENCRYPT_MODE
 
 

Constructor Summary
 Cipher(CipherSpi cipherSpi, java.security.Provider provider, java.lang.String transformation)
Creates a Cipher object.
 

Method Summary
byte[]  doFinal()
Finishes a multiple-part encryption or decryption operation, depending on how this cipher was initialized.
int  doFinal(byte[] output, int outputOffset)
Finishes a multiple-part encryption or decryption operation, depending on how this cipher was initialized.
byte[]  doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
byte[]  doFinal(byte[] input, int inputOffset, int inputLen)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
int  doFinal(byte[] input, int inputOffset, int inputLen, byte[] output)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
int  doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
int  getBlockSize()
Returns the block size (in bytes).
static Cipher  getInstance(java.lang.String transformation)
Generates a Cipher object that implements the specified transformation.
static Cipher  getInstance(java.lang.String transformation, java.lang.String provider)
Creates a Cipher object that implements the specified transformation, as supplied by the specified provider.
byte[]  getIV()
Returns the initialization vector (IV) in a new buffer.
int  getOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
java.security.Provider  getProvider()
Returns the provider of this Cipher object.
void  init(int opmode, java.security.Key key)
Initializes this cipher with a key.
void  init(int opmode, java.security.Key key, java.security.SecureRandom random)
Initializes this cipher with a key and a source of randomness.
void  init(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params)
Initializes this cipher with a key and a set of algorithm parameters.
void  init(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
byte[]  update(byte[] input)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
byte[]  update(byte[] input, int inputOffset, int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
int  update(byte[] input, int inputOffset, int inputLen, byte[] output)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
int  update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
 
Methods inherited from class java.lang.Object
 clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ENCRYPT_MODE

public static final int ENCRYPT_MODE

DECRYPT_MODE

public static final int DECRYPT_MODE
Constructor Detail

Cipher

protected Cipher(CipherSpi cipherSpi,
                 java.security.Provider provider,
                 java.lang.String transformation)
Creates a Cipher object.
Parameters:
cipherSpi - the delegate
provider - the provider
transformation - the transformation
Method Detail

getInstance

public static final Cipher getInstance(java.lang.String transformation) throws java.security.NoSuchAlgorithmException, NoSuchPaddingException
Generates a Cipher object that implements the specified transformation. If the default provider package provides an implementation of the requested transformation, an instance of Cipher containing that implementation is returned. If the transformation is not available in the default provider package, other provider packages are searched.
Parameters:
transformation - the string representation of the requested transformation, e.g., DES/CBC/PKCS5Padding
Returns:
a cipher that implements the requested transformation
Throws:
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
NoSuchPaddingException - if the requested padding mechanism is not available

getInstance

public static final Cipher getInstance(java.lang.String transformation,
                                       java.lang.String provider) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, NoSuchPaddingException
Creates a Cipher object that implements the specified transformation, as supplied by the specified provider.
Parameters:
transformation - the string representation of the requested transformation, e.g., DES/CBC/PKCS5Padding
provider - the name of the cipher provider
Returns:
a cipher that implements the requested transformation
Throws:
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
java.security.NoSuchProviderException - if the requested provider is not available
NoSuchPaddingException - if the requested padding mechanism is not available
See Also:
java.security.Provider

getProvider

public final java.security.Provider getProvider()
Returns the provider of this Cipher object.
Returns:
the provider of this Cipher object

getBlockSize

public final int getBlockSize()
Returns the block size (in bytes).
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

getOutputSize

public final int getOutputSize(int inputLen) throws java.lang.IllegalStateException
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not yet been initialized)

getIV

public final byte[] getIV()
Returns the initialization vector (IV) in a new buffer.

This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.

Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

init

public final void init(int opmode,
                       java.security.Key key) throws java.security.InvalidKeyException
Initializes this cipher with a key.

The cipher is initialized for encryption or decryption, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from a system-provided source of randomness. The random IV can be retrieved using getIV. This behaviour should only be used in encryption mode, however. When initializing a cipher that requires an IV for decryption, the IV (same IV that was used for encryption) must be provided explicitly as a parameter, in order to get the correct result.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher, and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is either ENCRYPT_MODE or DECRYPT_MODE)
key - the key
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

init

public final void init(int opmode,
                       java.security.Key key,
                       java.security.SecureRandom random) throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for encryption or decryption, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. The random IV can be retrieved using getIV. This behaviour should only be used in encryption mode, however. When initializing a cipher that requires an IV for decryption, the IV (same IV that was used for encryption) must be provided explicitly as a parameter, in order to get the correct result.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher, and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is either ENCRYPT_MODE or DECRYPT_MODE)
key - the encryption key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

init

public final void init(int opmode,
                       java.security.Key key,
                       java.security.spec.AlgorithmParameterSpec params) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key and a set of algorithm parameters.

The cipher is initialized for encryption or decryption, depending on the value of opmode.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher, and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is either ENCRYPT_MODE or DECRYPT_MODE)
key - the encryption key
params - the algorithm parameters
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

init

public final void init(int opmode,
                       java.security.Key key,
                       java.security.spec.AlgorithmParameterSpec params,
                       java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for encryption or decryption, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher, and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is either ENCRYPT_MODE or DECRYPT_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

update

public final byte[] update(byte[] input) throws java.lang.IllegalStateException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The bytes in the input buffer are processed, and the result is stored in a new buffer.

Parameters:
input - the input buffer
Returns:
the new buffer with the result, or null if the underlying cipher is a block cipher and the input data is too short to result in a new block.
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

update

public final byte[] update(byte[] input,
                           int inputOffset,
                           int inputLen) throws java.lang.IllegalStateException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result, or null if the underlying cipher is a block cipher and the input data is too short to result in a new block.
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

update

public final int update(byte[] input,
                        int inputOffset,
                        int inputLen,
                        byte[] output) throws java.lang.IllegalStateException, ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
Returns:
the number of bytes stored in output
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
ShortBufferException - if the given output buffer is too small to hold the result

update

public final int update(byte[] input,
                        int inputOffset,
                        int inputLen,
                        byte[] output,
                        int outputOffset) throws java.lang.IllegalStateException, ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
ShortBufferException - if the given output buffer is too small to hold the result

doFinal

public final byte[] doFinal() throws java.lang.IllegalStateException, IllegalBlockSizeException, BadPaddingException
Finishes a multiple-part encryption or decryption operation, depending on how this cipher was initialized.

Input data that may have been buffered during a previous update operation is processed, with padding (if requested) being applied. The result is stored in a new buffer.

Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

doFinal

public final int doFinal(byte[] output,
                         int outputOffset) throws java.lang.IllegalStateException, IllegalBlockSizeException, ShortBufferException, BadPaddingException
Finishes a multiple-part encryption or decryption operation, depending on how this cipher was initialized.

Input data that may have been buffered during a previous update operation is processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Parameters:
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
ShortBufferException - if the given output buffer is too small to hold the result
BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

doFinal

public final byte[] doFinal(byte[] input) throws java.lang.IllegalStateException, IllegalBlockSizeException, BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The bytes in the input buffer, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

Parameters:
input - the input buffer
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

doFinal

public final byte[] doFinal(byte[] input,
                            int inputOffset,
                            int inputLen) throws java.lang.IllegalStateException, IllegalBlockSizeException, BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

doFinal

public final int doFinal(byte[] input,
                         int inputOffset,
                         int inputLen,
                         byte[] output) throws java.lang.IllegalStateException, ShortBufferException, IllegalBlockSizeException, BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
Returns:
the number of bytes stored in output
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
ShortBufferException - if the given output buffer is too small to hold the result
BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

doFinal

public final int doFinal(byte[] input,
                         int inputOffset,
                         int inputLen,
                         byte[] output,
                         int outputOffset) throws java.lang.IllegalStateException, ShortBufferException, IllegalBlockSizeException, BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
ShortBufferException - if the given output buffer is too small to hold the result
BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

Contents | Package | Class | Tree | Deprecated | Index | Help
PREV | NEXT SHOW LISTS | HIDE LISTS