|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
public interface EncryptionService
Encryption service, used to encrypt data stored in the database. The service must be initialized with one or more keys, each with a separate numeric ID. The keys should come from a different storage location than the data being encrypted. Typically, the keys are configured in a configuration properties file and the encrypted data is in the database.
The service generates ciphertext as a string consisting of the following elements:
The scheme of maintaining several keys and storing the key ID with the ciphertext is meant to facilitate key rotation. Data is always encrypted with the latest key, while data encrypted with a previous key can still be decrypted so long as the key is still configured. To rotate a key, an new key would be generated and appended to the configuration. Then, some application-specific routine would be expected to visit and re-encrypt all existing data. If this routine fails before completion, the system will still be able to function until the update routine can be fixed.
| Method Summary | |
|---|---|
byte[] |
decrypt(String cipherText)
Decrypts the given cipher text to a byte array. |
String |
decryptString(String cipherText)
Decrypts the given cipher text as a UTF-8 encoded string. |
String |
encrypt(byte[] plainText)
Encrypts a byte array. |
String |
encryptString(String plainText)
Encrypts the UTF-8 encoded bytes of the given string. |
String |
generateKey()
Generates a new key for this service. |
| Method Detail |
|---|
byte[] decrypt(String cipherText)
String decryptString(String cipherText)
String encrypt(byte[] plainText)
String encryptString(String plainText)
String generateKey()
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||