final class JCECipherFactory extends java.lang.Object implements CipherFactory
CipherFactory
Modifier and Type | Class and Description |
---|---|
private static class |
JCECipherFactory.EncryptedKeyResult |
Modifier and Type | Field and Description |
---|---|
private static java.lang.String |
AES |
private static int |
AES_IV_LENGTH
AES encryption takes in an default Initialization vector length (IV) length of 16 bytes
This is needed to generate an IV to use for encryption and decryption process
|
private static int |
BLOCK_LENGTH |
private java.lang.String |
cryptoAlgorithm |
private java.lang.String |
cryptoAlgorithmShort |
private java.lang.String |
cryptoProvider |
private java.lang.String |
cryptoProviderShort |
private static java.lang.String |
DEFAULT_ALGORITHM |
private static java.lang.String |
DES |
private static java.lang.String |
DESede |
private int |
encodedKeyLength |
private int |
keyLengthBits |
private byte[] |
mainIV |
private javax.crypto.SecretKey |
mainSecretKey |
private static java.lang.String |
MESSAGE_DIGEST |
private java.security.MessageDigest |
messageDigest |
private java.util.Properties |
persistentProperties |
private static java.lang.String |
TripleDES |
private static int |
VERIFYKEY_DATALEN
Amount of data that is used for verification of external encryption key
This does not include the MD5 checksum bytes
|
DECRYPT, ENCRYPT, MIN_BOOTPASS_LENGTH
Constructor and Description |
---|
JCECipherFactory(boolean create,
java.util.Properties props,
boolean newAttributes) |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
changeBootPassword(java.lang.String changeString,
java.util.Properties properties,
CipherProvider verify) |
CipherProvider |
createNewCipher(int mode)
Returns a CipherProvider which is the encryption or decryption engine.
|
private CipherProvider |
createNewCipher(int mode,
javax.crypto.SecretKey secretKey,
byte[] iv) |
private byte[] |
decryptKey(java.lang.String encryptedKey,
int encodedKeyCharLength,
byte[] bootPassword)
Decrypt the secretKey with the user key .
|
private int |
digest(byte[] input) |
private JCECipherFactory.EncryptedKeyResult |
encryptKey(byte[] secretKey,
byte[] bootPassword)
Encrypt the secretKey with the boot password.
|
private byte[] |
generateIV(byte[] secretKey)
Generate an IV using the input secretKey that can be used by
JCECipherProvider to encrypt or decrypt.
|
private javax.crypto.SecretKey |
generateKey(byte[] secretKey)
Generate a Key object using the input secretKey that can be used by
JCECipherProvider to encrypt or decrypt.
|
private byte[] |
generateUniqueBytes() |
private byte[] |
getDatabaseSecretKey(java.util.Properties properties,
byte[] bootPassword,
java.lang.String errorState)
get the secretkey used for encryption and decryption when boot password mechanism is used for encryption
Steps include
retrieve the stored key, decrypt the stored key and verify if the correct boot password was passed
There is a possibility that the decrypted key includes the original key and padded bytes in order to have
been block size aligned during encryption phase.
|
private byte[] |
getMD5Checksum(byte[] data)
Use MD5 MessageDigest algorithm to generate checksum
|
private byte[] |
getMuckFromBootPassword(byte[] bootPassword,
int encodedKeyByteLength) |
java.security.SecureRandom |
getSecureRandom() |
private byte[] |
handleBootPassword(boolean create,
java.util.Properties properties,
boolean newPasswd) |
private void |
init(boolean create,
java.util.Properties properties,
boolean newAttrs) |
private byte[] |
padKey(byte[] secretKey,
int blockSizeAlign)
For block ciphers, and algorithms using the NoPadding scheme, the data that has
to be encrypted needs to be a multiple of the expected block size for the cipher
Pad the key with appropriate padding to make it blockSize align
|
private StorageRandomAccessFile |
privAccessFile(StorageFactory storageFactory,
java.lang.String fileName,
java.lang.String filePerms)
access a file for either read/write
|
private java.io.InputStream |
privAccessGetInputStream(StorageFactory storageFactory,
java.lang.String fileName)
access a InputStream for a given file for reading.
|
(package private) static java.lang.String |
providerErrorName(java.lang.String cps) |
void |
saveProperties(java.util.Properties properties) |
private java.lang.String |
saveSecretKey(byte[] secretKey,
byte[] bootPassword) |
void |
verifyKey(boolean create,
StorageFactory sf,
java.util.Properties properties)
The database can be encrypted with an encryption key given in connection url.
|
private void |
vetCipherProviders(CipherProvider decrypter,
CipherProvider encrypter,
java.lang.String sqlState)
Verify that a decrypter matches an encrypter.
|
private static final java.lang.String MESSAGE_DIGEST
private static final java.lang.String DEFAULT_ALGORITHM
private static final java.lang.String DES
private static final java.lang.String DESede
private static final java.lang.String TripleDES
private static final java.lang.String AES
private static final int BLOCK_LENGTH
private static final int AES_IV_LENGTH
CipherProvider
,
Constant Field Valuesprivate int keyLengthBits
private int encodedKeyLength
private java.lang.String cryptoAlgorithm
private java.lang.String cryptoAlgorithmShort
private java.lang.String cryptoProvider
private java.lang.String cryptoProviderShort
private java.security.MessageDigest messageDigest
private javax.crypto.SecretKey mainSecretKey
private byte[] mainIV
private java.util.Properties persistentProperties
private static final int VERIFYKEY_DATALEN
JCECipherFactory(boolean create, java.util.Properties props, boolean newAttributes) throws StandardException
StandardException
static java.lang.String providerErrorName(java.lang.String cps)
private byte[] generateUniqueBytes() throws StandardException
StandardException
private JCECipherFactory.EncryptedKeyResult encryptKey(byte[] secretKey, byte[] bootPassword) throws StandardException
StandardException
- Standard Derby error policyprivate byte[] padKey(byte[] secretKey, int blockSizeAlign)
secretKey
- the data that needs blocksize alignmentblockSizeAlign
- secretKey needs to be blocksize alignedprivate byte[] decryptKey(java.lang.String encryptedKey, int encodedKeyCharLength, byte[] bootPassword) throws StandardException
StandardException
- Standard Derby error policyprivate byte[] getMuckFromBootPassword(byte[] bootPassword, int encodedKeyByteLength)
private javax.crypto.SecretKey generateKey(byte[] secretKey) throws StandardException
StandardException
- Standard Derby Error Policyprivate byte[] generateIV(byte[] secretKey)
private int digest(byte[] input)
public java.security.SecureRandom getSecureRandom()
getSecureRandom
in interface CipherFactory
public CipherProvider createNewCipher(int mode) throws StandardException
CipherFactory
createNewCipher
in interface CipherFactory
mode
- is either ENCRYPT or DECRYPT. The CipherProvider can only
do encryption or decryption but not both.StandardException
- Standard Derby Error Policyprivate CipherProvider createNewCipher(int mode, javax.crypto.SecretKey secretKey, byte[] iv) throws StandardException
StandardException
private void init(boolean create, java.util.Properties properties, boolean newAttrs) throws StandardException
StandardException
private byte[] handleBootPassword(boolean create, java.util.Properties properties, boolean newPasswd) throws StandardException
StandardException
public void saveProperties(java.util.Properties properties)
saveProperties
in interface CipherFactory
private byte[] getDatabaseSecretKey(java.util.Properties properties, byte[] bootPassword, java.lang.String errorState) throws StandardException
properties
- properties to retrieve the encrypted keybootPassword
- boot password used to connect to the encrypted databaseerrorState
- errorstate to account for any errors during retrieval /creation of the secretKeyStandardException
private java.lang.String saveSecretKey(byte[] secretKey, byte[] bootPassword) throws StandardException
StandardException
public java.lang.String changeBootPassword(java.lang.String changeString, java.util.Properties properties, CipherProvider verify) throws StandardException
changeBootPassword
in interface CipherFactory
StandardException
private void vetCipherProviders(CipherProvider decrypter, CipherProvider encrypter, java.lang.String sqlState) throws StandardException
Verify that a decrypter matches an encrypter. Raises an exception if they don't. The verification is performed by encrypting a block of text and checking that it decrypts to the same block.
StandardException
public void verifyKey(boolean create, StorageFactory sf, java.util.Properties properties) throws StandardException
verifyKey
in interface CipherFactory
create
- true means database is being created, whereas false
implies that the database has already been createdsf
- storageFactory is used to access any stored data
that might be needed for verification process of the encryption keyproperties
- properties at time of database connection as well as those in service.propertiesStandardException
private byte[] getMD5Checksum(byte[] data) throws StandardException
data
- data to be used to compute the hash valueStandardException
private StorageRandomAccessFile privAccessFile(StorageFactory storageFactory, java.lang.String fileName, java.lang.String filePerms) throws java.io.IOException
storageFactory
- factory used for io accessfileName
- name of the file to create and open for write
The file will be created directly under the database root directoryfilePerms
- file permissions, if "rw" open file with read and write permissions
if "r" , open file with read permissionsjava.io.IOException
- Any exception during accessing the file for read/writeprivate java.io.InputStream privAccessGetInputStream(StorageFactory storageFactory, java.lang.String fileName) throws StandardException
storageFactory
- factory used for io accessfileName
- name of the file to open as a stream for readingjava.io.IOException
- Any exception during accessing the file for readStandardException
Apache Derby V10.13 Internals - Copyright © 2004,2016 The Apache Software Foundation. All Rights Reserved.