org.apache.commons.ssl

Class OpenSSL

java.lang.Object

org.apache.commons.ssl.OpenSSL

public class OpenSSL
extends Object

Class for encrypting or decrypting data with a password (PBE - password based encryption). Compatible with "openssl enc" unix utility. An OpenSSL compatible cipher name must be specified along with the password (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

 // Encrypt!
 byte[] encryptedData = OpenSSL.encrypt( "des3", password, data );
 

If you want to specify a raw key and iv directly (without using PBE), use the methods that take byte[] key, byte[] iv. Those byte[] arrays can be the raw binary, or they can be ascii (hex representation: '0' - 'F'). If you want to use PBE to derive the key and iv, then use the methods that take char[] password.

This class is able to decrypt files encrypted with "openssl" unix utility.

The "openssl" unix utility is able to decrypt files encrypted by this class.

This class is also able to encrypt and decrypt its own files.

Since:

18-Oct-2007

Author:

juliusdavies@gmail.com

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OpenSSL.CipherInfo

Constructor Summary

Constructors

Constructor and Description
OpenSSL()

Method Summary

Modifier and Type	Method and Description
static byte[]	decrypt(String cipher, byte[] key, byte[] iv, byte[] encrypted)
static InputStream	decrypt(String cipher, byte[] key, byte[] iv, InputStream encrypted)
static byte[]	decrypt(String cipher, char[] pwd, byte[] encrypted) Decrypts data using a password and an OpenSSL compatible cipher name.
static InputStream	decrypt(String cipher, char[] pwd, InputStream encrypted) Decrypts data using a password and an OpenSSL compatible cipher name.
static DerivedKey	deriveKey(char[] password, byte[] salt, int keySize, boolean des2)
static DerivedKey	deriveKey(char[] password, byte[] salt, int keySize, int ivSize, boolean des2)
static byte[]	encrypt(String cipher, byte[] key, byte[] iv, byte[] data)
static byte[]	encrypt(String cipher, byte[] key, byte[] iv, byte[] data, boolean toBase64)
static InputStream	encrypt(String cipher, byte[] key, byte[] iv, InputStream data)
static InputStream	encrypt(String cipher, byte[] key, byte[] iv, InputStream data, boolean toBase64)
static byte[]	encrypt(String cipher, char[] pwd, byte[] data) Encrypts data using a password and an OpenSSL compatible cipher name.
static byte[]	encrypt(String cipher, char[] pwd, byte[] data, boolean toBase64) Encrypts data using a password and an OpenSSL compatible cipher name.
static byte[]	encrypt(String cipher, char[] pwd, byte[] data, boolean toBase64, boolean useSalt) Encrypts data using a password and an OpenSSL compatible cipher name.
static InputStream	encrypt(String cipher, char[] pwd, InputStream data) Encrypts data using a password and an OpenSSL compatible cipher name.
static InputStream	encrypt(String cipher, char[] pwd, InputStream data, boolean toBase64) Encrypts data using a password and an OpenSSL compatible cipher name.
static InputStream	encrypt(String cipher, char[] pwd, InputStream data, boolean toBase64, boolean useSalt) Encrypts data using a password and an OpenSSL compatible cipher name.
static OpenSSL.CipherInfo	lookup(String openSSLCipher) Converts the way OpenSSL names its ciphers into a Java-friendly naming.
static void	main(String[] args)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenSSL

public OpenSSL()

Method Detail

decrypt

public static byte[] decrypt(String cipher,
                             char[] pwd,
                             byte[] encrypted)
                      throws IOException,
                             GeneralSecurityException

Decrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE decryption

encrypted - byte array to decrypt. Can be raw, or base64.

Returns:

decrypted bytes

Throws:

IOException - problems with encrypted bytes (unlikely!)

GeneralSecurityException - problems decrypting

decrypt

public static InputStream decrypt(String cipher,
                                  char[] pwd,
                                  InputStream encrypted)
                           throws IOException,
                                  GeneralSecurityException

Decrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE decryption

encrypted - InputStream to decrypt. Can be raw, or base64.

Returns:

decrypted bytes as an InputStream

Throws:

IOException - problems with InputStream

GeneralSecurityException - problems decrypting

encrypt

public static byte[] encrypt(String cipher,
                             char[] pwd,
                             byte[] data)
                      throws IOException,
                             GeneralSecurityException

Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE encryption

data - byte array to encrypt

Returns:

encrypted bytes as an array in base64. First 16 bytes include the special OpenSSL "Salted__" info encoded into base64.

Throws:

IOException - problems with the data byte array

GeneralSecurityException - problems encrypting

encrypt

public static InputStream encrypt(String cipher,
                                  char[] pwd,
                                  InputStream data)
                           throws IOException,
                                  GeneralSecurityException

Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE encryption

data - InputStream to encrypt

Returns:

encrypted bytes as an InputStream. First 16 bytes include the special OpenSSL "Salted__" info encoded into base64.

Throws:

IOException - problems with the data InputStream

GeneralSecurityException - problems encrypting

encrypt

public static byte[] encrypt(String cipher,
                             char[] pwd,
                             byte[] data,
                             boolean toBase64)
                      throws IOException,
                             GeneralSecurityException

Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE encryption

data - byte array to encrypt

toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.

Returns:

encrypted bytes as an array. First 16 bytes include the special OpenSSL "Salted__" info.

Throws:

IOException - problems with the data byte array

GeneralSecurityException - problems encrypting

encrypt

public static InputStream encrypt(String cipher,
                                  char[] pwd,
                                  InputStream data,
                                  boolean toBase64)
                           throws IOException,
                                  GeneralSecurityException

Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE encryption

data - InputStream to encrypt

toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.

Returns:

encrypted bytes as an InputStream. First 16 bytes include the special OpenSSL "Salted__" info.

Throws:

IOException - problems with the data InputStream

GeneralSecurityException - problems encrypting

encrypt

public static byte[] encrypt(String cipher,
                             char[] pwd,
                             byte[] data,
                             boolean toBase64,
                             boolean useSalt)
                      throws IOException,
                             GeneralSecurityException

Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE encryption

data - byte array to encrypt

toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.

useSalt - true if a salt should be used to derive the key.
false otherwise. (Best security practises always recommend using a salt!).

Returns:

encrypted bytes as an array. First 16 bytes include the special OpenSSL "Salted__" info if useSalt is true.

Throws:

IOException - problems with the data InputStream

GeneralSecurityException - problems encrypting

encrypt

public static InputStream encrypt(String cipher,
                                  char[] pwd,
                                  InputStream data,
                                  boolean toBase64,
                                  boolean useSalt)
                           throws IOException,
                                  GeneralSecurityException

Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:

cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:

• des, des3, des-ede3-cbc
• aes128, aes192, aes256, aes-256-cbc
• rc2, rc4, bf

pwd - password to use for this PBE encryption

data - InputStream to encrypt

toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.

useSalt - true if a salt should be used to derive the key.
false otherwise. (Best security practises always recommend using a salt!).

Returns:

encrypted bytes as an InputStream. First 16 bytes include the special OpenSSL "Salted__" info if useSalt is true.

Throws:

IOException - problems with the data InputStream

GeneralSecurityException - problems encrypting

decrypt

public static byte[] decrypt(String cipher,
                             byte[] key,
                             byte[] iv,
                             byte[] encrypted)
                      throws IOException,
                             GeneralSecurityException

Throws:

IOException

GeneralSecurityException

decrypt

public static InputStream decrypt(String cipher,
                                  byte[] key,
                                  byte[] iv,
                                  InputStream encrypted)
                           throws IOException,
                                  GeneralSecurityException

Throws:

IOException

GeneralSecurityException

encrypt

public static byte[] encrypt(String cipher,
                             byte[] key,
                             byte[] iv,
                             byte[] data)
                      throws IOException,
                             GeneralSecurityException

Throws:

IOException

GeneralSecurityException

encrypt

public static byte[] encrypt(String cipher,
                             byte[] key,
                             byte[] iv,
                             byte[] data,
                             boolean toBase64)
                      throws IOException,
                             GeneralSecurityException

Throws:

IOException

GeneralSecurityException

encrypt

public static InputStream encrypt(String cipher,
                                  byte[] key,
                                  byte[] iv,
                                  InputStream data)
                           throws IOException,
                                  GeneralSecurityException

Throws:

IOException

GeneralSecurityException

encrypt

public static InputStream encrypt(String cipher,
                                  byte[] key,
                                  byte[] iv,
                                  InputStream data,
                                  boolean toBase64)
                           throws IOException,
                                  GeneralSecurityException

Throws:

IOException

GeneralSecurityException

deriveKey

public static DerivedKey deriveKey(char[] password,
                                   byte[] salt,
                                   int keySize,
                                   boolean des2)
                            throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

deriveKey

public static DerivedKey deriveKey(char[] password,
                                   byte[] salt,
                                   int keySize,
                                   int ivSize,
                                   boolean des2)
                            throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

lookup

public static OpenSSL.CipherInfo lookup(String openSSLCipher)

Converts the way OpenSSL names its ciphers into a Java-friendly naming.

Parameters:

openSSLCipher - OpenSSL cipher name, e.g. "des3" or "des-ede3-cbc". Try "man enc" on a unix box to see what's possible.

Returns:

CipherInfo object with the Java-friendly cipher information.

main

public static void main(String[] args)
                 throws IOException,
                        GeneralSecurityException

Parameters:

args - command line arguments: [password] [cipher] [file-to-decrypt]
[cipher] == OpenSSL cipher name, e.g. "des3" or "des-ede3-cbc". Try "man enc" on a unix box to see what's possible.

Throws:

IOException - problems with the [file-to-decrypt]

GeneralSecurityException - decryption problems