All Packages Class Hierarchy This Package Previous Next Index
Class javax.crypto.Cipher
java.lang.Object
|
+----javax.crypto.Cipher
- public class Cipher
- extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption. It forms the core of the Java Cryptographic
Extension (JCE) framework.
In order to create a Cipher object, the application calls the
Cipher's getInstance
method, and passes the name of the
requested transformation to it. Optionally, the name of a provider
may be specified.
A transformation is a string that describes the operation (or
set of operations) to be performed on the given input, to produce some
output. A transformation always includes the name of a cryptographic
algorithm (e.g., DES), and may be followed by a feedback mode and
padding scheme. A transformation is of the form:
"algorithm" or "algorithm/mode/padding" (in the former case,
provider-specific defaults are used for mode and padding). For example,
"DES/CBC/PKCS5Padding" represents a valid transformation.
When requesting a block cipher in stream cipher mode (e.g.,
DES
in CFB
or OFB
mode), the user may
optionally specify the number of bits to be
processed at a time, by appending this number to the mode name as shown in
the "DES/CFB8/NoPadding" and "DES/OFB32/PKCS5Padding"
transformations. If no such number is specified, a provider-specific default
is used. (For example, the Sun JCE provider uses a default of 64 bits.)
- See Also:
- KeyGenerator, SecretKey, java.security.KeyPairGenerator, java.security.PublicKey, java.security.PrivateKey, java.security.AlgorithmParameters, java.security.spec.AlgorithmParameterSpec
DECRYPT_MODE-
ENCRYPT_MODE-
Cipher(CipherSpi, Provider, String)
- Creates a Cipher object.
doFinal()
- Finishes a multiple-part encryption or decryption operation, depending
on how this cipher was initialized.
doFinal(byte[])
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation.
doFinal(byte[], int)
- Finishes a multiple-part encryption or decryption operation, depending
on how this cipher was initialized.
doFinal(byte[], int, int)
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation.
doFinal(byte[], int, int, byte[])
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation.
doFinal(byte[], int, int, byte[], int)
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation.
getBlockSize()
- Returns the block size (in bytes).
getInstance(String)
- Creates a
Cipher
object that implements the specified
transformation, as supplied by the default provider.
getInstance(String, String)
- Creates a
Cipher
object that implements the specified
transformation, as supplied by the specified provider.
getIV()
- Returns the initialization vector (IV) in a new buffer.
getOutputSize(int)
- Returns the length in bytes that an output buffer would need to be in
order to hold the result of the next
update
or
doFinal
operation, given the input length
inputLen
(in bytes).
getProvider()
- Returns the provider of this
Cipher
object.
init(int, Key)
- Initializes this cipher with a key.
init(int, Key, AlgorithmParameterSpec)
- Initializes this cipher with a key and a set of algorithm
parameters.
init(int, Key, AlgorithmParameterSpec, SecureRandom)
- Initializes this cipher with a key, a set of algorithm
parameters, and a source of randomness.
init(int, Key, SecureRandom)
- Initializes this cipher with a key and a source of randomness.
update(byte[])
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
update(byte[], int, int)
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
update(byte[], int, int, byte[])
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
update(byte[], int, int, byte[], int)
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
ENCRYPT_MODE
public static final int ENCRYPT_MODE
DECRYPT_MODE
public static final int DECRYPT_MODE
Cipher
protected Cipher(CipherSpi cipherSpi,
Provider provider,
String transformation)
- Creates a Cipher object.
- Parameters:
- cipherSpi - the delegate
- provider - the provider
- transformation - the transformation
getInstance
public static final Cipher getInstance(String transformation) throws NoSuchAlgorithmException, NoSuchPaddingException
- Creates a
Cipher
object that implements the specified
transformation, as supplied by the default provider.
- Parameters:
- transformation - the string representation of the requested
transformation, e.g., DES/CBC/PKCS5Padding
- Returns:
- a cipher that implements the requested transformation
- Throws:
NoSuchAlgorithmException
- if the requested algorithm is not
available
- Throws:
NoSuchPaddingException
- if the requested padding mechanism is
not available
getInstance
public static final Cipher getInstance(String transformation,
String provider) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException
- Creates a
Cipher
object that implements the specified
transformation, as supplied by the specified provider.
- Parameters:
- transformation - the string representation of the requested
transformation, e.g., DES/CBC/PKCS5Padding
- provider - the name of the cipher provider
- Returns:
- a cipher that implements the requested transformation
- Throws:
NoSuchAlgorithmException
- if the requested algorithm is not
available
- Throws:
NoSuchProviderException
- if the requested provider is
not available
- Throws:
NoSuchPaddingException
- if the requested padding mechanism is
not available
- See Also:
- java.security.Provider
getProvider
public final Provider getProvider()
- Returns the provider of this
Cipher
object.
- Returns:
- the provider of this
Cipher
object
getBlockSize
public final int getBlockSize()
- Returns the block size (in bytes).
- Returns:
- the block size (in bytes), or 0 if the underlying algorithm is
not a block cipher
getOutputSize
public final int getOutputSize(int inputLen) throws IllegalStateException
- Returns the length in bytes that an output buffer would need to be in
order to hold the result of the next
update
or
doFinal
operation, given the input length
inputLen
(in bytes).
This call takes into account any unprocessed (buffered) data from a
previous update
call, and padding.
The actual output length of the next update
or
doFinal
call may be smaller than the length returned by
this method.
- Parameters:
- inputLen - the input length (in bytes)
- Returns:
- the required output buffer size (in bytes)
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not yet been initialized)
getIV
public final byte[] getIV()
- Returns the initialization vector (IV) in a new buffer.
This is useful in the case where a random IV has been created
(see init),
or in the context of password-based encryption or
decryption, where the IV is derived from a user-provided passphrase.
- Returns:
- the initialization vector in a new buffer, or null if the
underlying algorithm does not use an IV, or if the IV has not yet
been set.
init
public final void init(int opmode,
Key key) throws InvalidKeyException
- Initializes this cipher with a key.
The cipher is initialized for encryption or decryption, depending on
the value of opmode
.
If this cipher requires an initialization vector (IV), it will get
it from a system-provided source of randomness. The random IV can be
retrieved using getIV.
This behaviour should only be used in encryption mode, however.
When initializing a cipher that requires an IV for decryption, the IV
(same IV that was used for encryption) must be provided explicitly as a
parameter, in order to get the correct result.
Note that when a Cipher object is initialized, it loses all
previously-acquired state. In other words, initializing a Cipher is
equivalent to creating a new instance of that Cipher, and initializing
it.
- Parameters:
- opmode - the operation mode of this cipher (this is either
ENCRYPT_MODE
or DECRYPT_MODE
)
- key - the key
- Throws:
InvalidKeyException
- if the given key is inappropriate for
initializing this cipher
init
public final void init(int opmode,
Key key,
SecureRandom random) throws InvalidKeyException
- Initializes this cipher with a key and a source of randomness.
The cipher is initialized for encryption or decryption, depending on
the value of opmode
.
If this cipher requires an initialization vector (IV), it will get
it from random
. The random IV can be
retrieved using getIV.
This behaviour should only be used in encryption mode, however.
When initializing a cipher that requires an IV for decryption, the IV
(same IV that was used for encryption) must be provided explicitly as a
parameter, in order to get the correct result.
Note that when a Cipher object is initialized, it loses all
previously-acquired state. In other words, initializing a Cipher is
equivalent to creating a new instance of that Cipher, and initializing
it.
- Parameters:
- opmode - the operation mode of this cipher (this is either
ENCRYPT_MODE
or DECRYPT_MODE
)
- key - the encryption key
- random - the source of randomness
- Throws:
InvalidKeyException
- if the given key is inappropriate for
initializing this cipher
init
public final void init(int opmode,
Key key,
AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException
- Initializes this cipher with a key and a set of algorithm
parameters.
The cipher is initialized for encryption or decryption, depending on
the value of opmode
.
Note that when a Cipher object is initialized, it loses all
previously-acquired state. In other words, initializing a Cipher is
equivalent to creating a new instance of that Cipher, and initializing
it.
- Parameters:
- opmode - the operation mode of this cipher (this is either
ENCRYPT_MODE
or DECRYPT_MODE
)
- key - the encryption key
- params - the algorithm parameters
- Throws:
InvalidKeyException
- if the given key is inappropriate for
initializing this cipher
- Throws:
InvalidAlgorithmParameterException
- if the given algorithm
parameters are inappropriate for this cipher
init
public final void init(int opmode,
Key key,
AlgorithmParameterSpec params,
SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
- Initializes this cipher with a key, a set of algorithm
parameters, and a source of randomness.
The cipher is initialized for encryption or decryption, depending on
the value of opmode
.
If this cipher (including its underlying feedback or padding scheme)
requires any random bytes, it will get them from random
.
Note that when a Cipher object is initialized, it loses all
previously-acquired state. In other words, initializing a Cipher is
equivalent to creating a new instance of that Cipher, and initializing
it.
- Parameters:
- opmode - the operation mode of this cipher (this is either
ENCRYPT_MODE
or DECRYPT_MODE
)
- key - the encryption key
- params - the algorithm parameters
- random - the source of randomness
- Throws:
InvalidKeyException
- if the given key is inappropriate for
initializing this cipher
- Throws:
InvalidAlgorithmParameterException
- if the given algorithm
parameters are inappropriate for this cipher
update
public final byte[] update(byte[] input) throws IllegalStateException
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
The bytes in the input
buffer are processed, and the
result is stored in a new buffer.
- Parameters:
- input - the input buffer
- Returns:
- the new buffer with the result, or null if the underlying
cipher is a block cipher and the input data is too short to result in a
new block.
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
update
public final byte[] update(byte[] input,
int inputOffset,
int inputLen) throws IllegalStateException
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
The first inputLen
bytes in the input
buffer, starting at inputOffset
, are processed, and the
result is stored in a new buffer.
- Parameters:
- input - the input buffer
- inputOffset - the offset in
input
where the input
starts
- inputLen - the input length
- Returns:
- the new buffer with the result, or null if the underlying
cipher is a block cipher and the input data is too short to result in a
new block.
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
update
public final int update(byte[] input,
int inputOffset,
int inputLen,
byte[] output) throws IllegalStateException, ShortBufferException
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
The first inputLen
bytes in the input
buffer, starting at inputOffset
, are processed, and the
result is stored in the output
buffer.
If the output
buffer is too small to hold the result,
a ShortBufferException
is thrown. In this case, repeat this
call with a larger output buffer. Use
getOutputSize to determine how big the
output buffer should be.
- Parameters:
- input - the input buffer
- inputOffset - the offset in
input
where the input
starts
- inputLen - the input length
- output - the buffer for the result
- Returns:
- the number of bytes stored in
output
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
ShortBufferException
- if the given output buffer is too small
to hold the result
update
public final int update(byte[] input,
int inputOffset,
int inputLen,
byte[] output,
int outputOffset) throws IllegalStateException, ShortBufferException
- Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.
The first inputLen
bytes in the input
buffer, starting at inputOffset
, are processed, and the
result is stored in the output
buffer, starting at
outputOffset
.
If the output
buffer is too small to hold the result,
a ShortBufferException
is thrown. In this case, repeat this
call with a larger output buffer. Use
getOutputSize to determine how big the
output buffer should be.
- Parameters:
- input - the input buffer
- inputOffset - the offset in
input
where the input
starts
- inputLen - the input length
- output - the buffer for the result
- outputOffset - the offset in
output
where the result
is stored
- Returns:
- the number of bytes stored in
output
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
ShortBufferException
- if the given output buffer is too small
to hold the result
doFinal
public final byte[] doFinal() throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
- Finishes a multiple-part encryption or decryption operation, depending
on how this cipher was initialized.
Input data that may have been buffered during a previous
update
operation is processed, with padding (if requested)
being applied.
The result is stored in a new buffer.
- Returns:
- the new buffer with the result
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
- Throws:
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytes
doFinal
public final int doFinal(byte[] output,
int outputOffset) throws IllegalStateException, IllegalBlockSizeException, ShortBufferException, BadPaddingException
- Finishes a multiple-part encryption or decryption operation, depending
on how this cipher was initialized.
Input data that may have been buffered during a previous
update
operation is processed, with padding (if requested)
being applied.
The result is stored in the output
buffer, starting at
outputOffset
.
If the output
buffer is too small to hold the result,
a ShortBufferException
is thrown. In this case, repeat this
call with a larger output buffer. Use
getOutputSize to determine how big the
output buffer should be.
- Parameters:
- output - the buffer for the result
- outputOffset - the offset in
output
where the result
is stored
- Returns:
- the number of bytes stored in
output
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
- Throws:
ShortBufferException
- if the given output buffer is too small
to hold the result
- Throws:
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytes
doFinal
public final byte[] doFinal(byte[] input) throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation. The data is encrypted or decrypted,
depending on how this cipher was initialized.
The bytes in the input
buffer, and any input bytes that
may have been buffered during a previous update
operation,
are processed, with padding (if requested) being applied.
The result is stored in a new buffer.
- Parameters:
- input - the input buffer
- Returns:
- the new buffer with the result
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
- Throws:
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytes
doFinal
public final byte[] doFinal(byte[] input,
int inputOffset,
int inputLen) throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation. The data is encrypted or decrypted,
depending on how this cipher was initialized.
The first inputLen
bytes in the input
buffer, starting at inputOffset
, and any input bytes that
may have been buffered during a previous update
operation, are processed, with padding (if requested) being applied.
The result is stored in a new buffer.
- Parameters:
- input - the input buffer
- inputOffset - the offset in
input
where the input
starts
- inputLen - the input length
- Returns:
- the new buffer with the result
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
- Throws:
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytes
doFinal
public final int doFinal(byte[] input,
int inputOffset,
int inputLen,
byte[] output) throws IllegalStateException, ShortBufferException, IllegalBlockSizeException, BadPaddingException
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation. The data is encrypted or decrypted,
depending on how this cipher was initialized.
The first inputLen
bytes in the input
buffer, starting at inputOffset
, and any input bytes that
may have been buffered during a previous update
operation, are processed, with padding (if requested) being applied.
The result is stored in the output
buffer.
If the output
buffer is too small to hold the result,
a ShortBufferException
is thrown. In this case, repeat this
call with a larger output buffer. Use
getOutputSize to determine how big the
output buffer should be.
- Parameters:
- input - the input buffer
- inputOffset - the offset in
input
where the input
starts
- inputLen - the input length
- output - the buffer for the result
- Returns:
- the number of bytes stored in
output
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
- Throws:
ShortBufferException
- if the given output buffer is too small
to hold the result
- Throws:
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytes
doFinal
public final int doFinal(byte[] input,
int inputOffset,
int inputLen,
byte[] output,
int outputOffset) throws IllegalStateException, ShortBufferException, IllegalBlockSizeException, BadPaddingException
- Encrypts or decrypts data in a single-part operation, or finishes a
multiple-part operation. The data is encrypted or decrypted,
depending on how this cipher was initialized.
The first inputLen
bytes in the input
buffer, starting at inputOffset
, and any input bytes that
may have been buffered during a previous update
operation,
are processed, with padding (if requested) being applied.
The result is stored in the output
buffer, starting at
outputOffset
.
If the output
buffer is too small to hold the result,
a ShortBufferException
is thrown. In this case, repeat this
call with a larger output buffer. Use
getOutputSize to determine how big the
output buffer should be.
- Parameters:
- input - the input buffer
- inputOffset - the offset in
input
where the input
starts
- inputLen - the input length
- output - the buffer for the result
- outputOffset - the offset in
output
where the result
is stored
- Returns:
- the number of bytes stored in
output
- Throws:
IllegalStateException
- if this cipher is in a wrong state
(e.g., has not been initialized)
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
- Throws:
ShortBufferException
- if the given output buffer is too small
to hold the result
- Throws:
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytes
All Packages Class Hierarchy This Package Previous Next Index