com.dyadicsec.advapi.SDEKey Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.dyadicsec.advapi;
import com.unbound.client.*;
import com.unbound.client.kmip.KMIPDeriveOper;
import com.unbound.client.pkcs11.PKCS11Client;
import com.unbound.client.pkcs11.PKCS11DeriveOper;
import com.unbound.client.pkcs11.PKCS11SecretKey;
import com.unbound.client.pkcs11.PKCS11Session;
import com.unbound.common.Converter;
import com.unbound.common.crypto.AES;
import com.unbound.common.crypto.CryptoRandom;
import com.unbound.provider.KeyParameters;
import javax.crypto.AEADBadTagException;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
/**
* This class includes the methods for application level encryption, see Application-Level Encryption in the UKC Developers Guide for more information.
*/
public final class SDEKey
{
/**
* Use this session key purpose for one way encryption (PRF)
*/
public static final int PURPOSE_ONE_WAY = 0;
/**
* Use this session key purpose for generic type preserving encryption (besides String)
*/
public static final int PURPOSE_SP_ENC = -1;
/**
* Use this session key purpose for order preserving encryption
*/
public static final int PURPOSE_OP_ENC = -2;
/**
* Use this session key purpose for email format preserving encryption
*/
public static final int PURPOSE_EMAIL_ENC = -3;
/**
* Use this session key purpose for credit card number format preserving encryption
*/
public static final int PURPOSE_CREDIT_CARD_ENC = -4;
/**
* Use this session key purpose for US phone format preserving encryption
*/
public static final int PURPOSE_US_PHONE_ENC = -5;
/**
* Use this session key purpose for SSN format preserving encryption
*/
public static final int PURPOSE_SSN_ENC = -6;
/**
* Use this session key purpose for String format preserving encryption (type and size)
*/
public static final int PURPOSE_STRING_ENC = -7;
private static final int AES_BLOCK_LEN = 16;
ECPRFKey prfKey = null;
PKCS11Session pkcs11Session = null;
private SDEKey(ECPRFKey prfKey)
{
this.prfKey = prfKey;
}
public void destroy()
{
if (prfKey!=null) prfKey.delete();
prfKey=null;
}
public static SDEKey generate(Partition partition, String keyName)
{
ECPRFKey key = partition.generateEcprfKey(keyName, null);
if (key==null) return null;
return new SDEKey(key);
}
@Override
protected void finalize() throws Throwable
{
if (pkcs11Session!=null) pkcs11Session.release();
pkcs11Session = null;
}
private static SDEKey find(Partition partition, long uid)
{
if (partition == null) return null;
ECPRFKey key = (ECPRFKey) partition.locate(ObjectType.ECPrf, new LocateParams(uid));
if (key==null) return null;
return new SDEKey(key);
}
private static SDEKey find(Partition partition, String name)
{
if (partition==null) return null;
ECPRFKey key = (ECPRFKey) partition.locate(ObjectType.ECPrf, new LocateParams(name));
if (key==null) return null;
return new SDEKey(key);
}
/**
* Find an application level encryption key, located by its name
*
* @param name The key name
* @return The key handle or null if the key is not found
*/
public static SDEKey findKey(String name)
{
return find(Partition.getDefault(), name);
}
/**
* Find an application level encryption key in a specific EKM partition.
* The key is located based on its name
*
* @param slotName The partition name
* @param name The key name
* @return The key handle or null if the key is not found
*/
public static SDEKey findKey(String slotName, String name)
{
if (slotName==null) return null;
return find(Partition.get(slotName), name);
}
/**
* Get the unique identifier of a key, can be used in future time to decrypt with a specific key version
*
* @return The unique ID of the key
*/
public long getUID()
{
return prfKey.getUid();
}
/**
* Return the previous key used for encryption in case Re-Key was used
*
* @return The previous key handle or null if no previous key exists
*/
public SDEKey getPreviousKey()
{
long replacedUID = prfKey.getReplacedUid();
return find(prfKey.getPartition(), replacedUID);
}
/**
* Find an application level encryption key, located by its UID
*
* @param uid The key UID
* @return The key handle or null if the key is not found
*/
public static SDEKey findKey(long uid)
{
return find(Partition.getDefault(), uid);
}
/**
* Find an application level encryption key in a specific EKM partition.
* The key is located based on its UID
*
* @param slotName The partition name
* @param uid The key UID
* @return The key handle or null if the key is not found
*/
public static SDEKey findKey(String slotName, long uid)
{
if (slotName==null) return null;
return find(Partition.get(slotName), uid);
}
private static void destroySessionKey(SDESessionKey sessionKey)
{
if (sessionKey!=null) sessionKey.destroy();
}
/**
* Generic encryption function, implements strong AES-GCM none-deterministic encryption and also takes care
* of key versioning by appending key UID to the cipher text. This encryption mode is not size preserving
*
* @param aad Additional Authentication Data, can be used to further authenticate the cipher text,
* see reference at https://en.wikipedia.org/wiki/Galois/Counter_Mode
* @param in The data to encrypt
* @return Encrypted cipher text
* @throws SecurityException In case of operation error
*/
public byte[] encrypt(byte[] aad, byte[] in) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
byte[] tweak = CryptoRandom.generate(16); //PRF_TWEAK_LEN
sessionKey = generateSessionKey(0, tweak);
byte[] keyValue = sessionKey.getKeyMaterial();
byte[] blocks = new byte[AES_BLOCK_LEN*3]; // zero
blocks[AES_BLOCK_LEN*1-1] = 0;
blocks[AES_BLOCK_LEN*2-1] = 1;
blocks[AES_BLOCK_LEN*2-1] = 2;
byte[] e = new AES(keyValue).encrypt(blocks);
byte[] KValue = Arrays.copyOfRange(e, 0, AES_BLOCK_LEN*2);
byte[] IV = Arrays.copyOfRange(e, AES_BLOCK_LEN*2, AES_BLOCK_LEN*3);
byte[] enc = AES.GCM.encrypt(KValue, IV, aad, 12, in);
byte[] out = new byte[8 + tweak.length + enc.length];
Converter.setBE8(out, 0, getUID());
System.arraycopy(tweak, 0, out, 8, tweak.length);
System.arraycopy(enc, 0, out, 8+tweak.length, enc.length);
return out;
}
finally { destroySessionKey(sessionKey); }
}
/**
* Generic decryption function, implements strong AES-GCM none-deterministic encryption and also takes care
* of key versioning by appending key UID to the cipher text. This encryption mode is not size preserving
*
* @param aad Additional Authentication Data, can be used to further authenticate the cipher text,
* see reference at https://en.wikipedia.org/wiki/Galois/Counter_Mode
* @param in The data to encrypt
* @return Encrypted cipher text
* @throws SecurityException In case of operation error
*/
public byte[] decrypt(byte[] aad, byte[] in) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
if (in.length < 8+16) throw new SecurityException("Invalid encrypted data length");
long uid = Converter.getBE8(in, 0);
byte[] tweak = Arrays.copyOfRange(in, 8, 8+16);
byte[] enc = Arrays.copyOfRange(in, 8+16, in.length);
SDEKey sdeKey = SDEKey.find(prfKey.getPartition(), uid);
sessionKey = generateSessionKey(0, tweak);
byte[] keyValue = sessionKey.getKeyMaterial();
byte[] blocks = new byte[AES_BLOCK_LEN*3]; // zero
blocks[AES_BLOCK_LEN*1-1] = 0;
blocks[AES_BLOCK_LEN*2-1] = 1;
blocks[AES_BLOCK_LEN*2-1] = 2;
byte[] e = new AES(keyValue).encrypt(blocks);
byte[] KValue = Arrays.copyOfRange(e, 0, AES_BLOCK_LEN*2);
byte[] IV = Arrays.copyOfRange(e, AES_BLOCK_LEN*2, AES_BLOCK_LEN*3);
return AES.GCM.decrypt(KValue, IV, aad, 12, enc);
}
catch (AEADBadTagException e) { throw new SecurityException(e); }
finally { destroySessionKey(sessionKey); }
}
private SDESessionKey generateSessionKey(int purpose, byte[] tweak) throws SecurityException
{
DeriveOper oper = null;
boolean isPkcs11 = Client.isNative();
if (isPkcs11)
{
synchronized (this)
{
if (pkcs11Session==null) pkcs11Session = (PKCS11Session) prfKey.getPartition().acquireSession();
}
oper = new PKCS11DeriveOper(pkcs11Session);
}
else
{
oper = new KMIPDeriveOper();
}
oper.mode = DeriveMode.ECPRF;
oper.prfPurpose = purpose;
oper.prfTweak = tweak;
oper.resultLen = 32;
oper.keyObject = prfKey;
if (isPkcs11)
{
KeyParameters kp = new KeyParameters();
kp.setToken(false);
kp.setSensitive(false);
ObjectType objectType = (purpose == PURPOSE_ONE_WAY) ? ObjectType.GenericSecret : ObjectType.AES;
PKCS11SecretKey derivedKey = (PKCS11SecretKey)oper.deriveKey(objectType, null, kp);
return new SDESessionKey(this, purpose, derivedKey);
}
byte[] keyValue = oper.derive();
return new SDESessionKey(this, purpose, keyValue);
}
/**
* Generate a session key which can be used for multiple encryption operations
* Use the proper purpose per the values and encryption modes which you will use this key with
*
* @param purpose Determines the type and mode of encryption to be used with this session key
* @param tweak The tweak associated with this session key
* @return The derived session key
* @throws SecurityException In case of operation error
*/
public SDESessionKey generateSessionKey(int purpose, String tweak) throws SecurityException
{
try
{
return generateSessionKey(purpose, SDEUtils.generateTweak(tweak));
}
catch (UnsupportedEncodingException e)
{
throw new SecurityException(e);
}
}
/**
* Creates a unique searchable token from a byte array
*
* @param tweak The tweak used for the process
* @param data The input data
* @return Searchable token of size 16 bytes
* @throws SecurityException In case of encryption error
*/
public byte[] encryptPRF(String tweak, byte[] data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_ONE_WAY, tweak);
return sessionKey.encryptPRF(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a byte array
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt, where the length of the array should be even or at least 16 bytes
* @return The encrypted value, where the size of the encrypted data equals to the size of the input
* @throws SecurityException In case of encryption error
* @throws IllegalArgumentException In case data length is odd and length is smaller than 16
*/
public byte[] encryptTypePreserving(String tweak, byte[] data) throws SecurityException,
IllegalArgumentException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt a byte array
*
* @param tweak The tweak used for encryption
* @param encData The encrypted data
* @return Decrryped byte array
* @throws SecurityException In case of decryption error
*/
public byte[] decryptTypePreserving(String tweak, byte[] encData) throws SecurityException,
IllegalArgumentException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a string value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptTypePreserving(String tweak, String data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_STRING_ENC, tweak);
return sessionKey.encryptTypePreserving(data, true);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed string value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return String value in plain
* @throws SecurityException In case of decryption error
*/
public String decryptTypePreserving(String tweak, String encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_STRING_ENC, tweak);
return sessionKey.decryptTypePreserving(encData, true);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a string value in order preserving form
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @param size Maximum size of values that should be compared with this value
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptOrderPreserving(String tweak, String data, int size) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_OP_ENC, tweak);
return sessionKey.encryptOrderPreserving(data, size);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt a string value encrypted with order preserving encryption
*
* @param tweak The tweak used for the decryption
* @param encDataStr The encrypted value
* @return String value in plain
* @throws SecurityException In case of decryption error
*/
public String decryptOrderPreserving(String tweak, String encDataStr) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_OP_ENC, tweak);
return sessionKey.decryptOrderPreserving(encDataStr);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a long value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public long encryptTypePreserving(String tweak, long data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed long value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return long value in plain
* @throws SecurityException In case of decryption error
*/
public long decryptTypePreserving(String tweak, long encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a integer value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public int encryptTypePreserving(String tweak, int data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed integer value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return long value in plain
* @throws SecurityException In case of decryption error
*/
public int decryptTypePreserving(String tweak, int encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt an integer value in order preserving form, encrypted value is of type long
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public long encryptOrderPreserving(String tweak, int data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_OP_ENC, tweak);
return sessionKey.encryptOrderPreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an integer value encrypted with order preserving encryption
*
* @param tweak The tweak used for the decryption
* @param encData The encrypted value
* @return Integer value in plain
* @throws SecurityException In case of decryption error
*/
public int decryptOrderPreserving(String tweak, long encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_OP_ENC, tweak);
return sessionKey.decryptOrderPreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a short value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public short encryptTypePreserving(String tweak, short data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed short value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return String value in plain
* @throws SecurityException In case of decryption error
*/
public short decryptTypePreserving(String tweak, short encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a short value in order preserving form, where the return value is of type long
*
* @param tweak The tweak used for the encryption
* @param data The value to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public long encryptOrderPreserving(String tweak, short data) throws SecurityException
{
return encryptOrderPreserving(tweak, (int) data);
}
/**
* Encrypt a float value
*
* @param tweak The tweak used for the encryption
* @param data The value to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public float encryptTypePreserving(String tweak, float data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed float value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Float value in plain
* @throws SecurityException In case of decryption error
*/
public float decryptTypePreserving(String tweak, float encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a double value
*
* @param tweak The tweak used for the encryption
* @param data The value to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public double encryptTypePreserving(String tweak, double data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed double value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Double value in plain
* @throws SecurityException In case of decryption error
*/
public double decryptTypePreserving(String tweak, double encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a Date value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public java.sql.Date encryptTypePreserving(String tweak, java.sql.Date data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed Date value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Date value in plain
* @throws SecurityException In case of decryption error
*/
public java.sql.Date decryptTypePreserving(String tweak, java.sql.Date encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a Time value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public java.sql.Time encryptTypePreserving(String tweak, java.sql.Time data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed Time value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Time value in plain
* @throws SecurityException In case of decryption error
*/
public java.sql.Time decryptTypePreserving(String tweak, java.sql.Time encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a Timestamp value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public java.sql.Timestamp encryptTypePreserving(String tweak, java.sql.Timestamp data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed Timestamp value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Timestamp value in plain
* @throws SecurityException In case of decryption error
*/
public java.sql.Timestamp decryptTypePreserving(String tweak, java.sql.Timestamp encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a Timestamp value in order preserving form, encrypted value is of string type
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptOrderPreserving(String tweak, java.sql.Timestamp data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_OP_ENC, tweak);
return sessionKey.encryptOrderPreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt a Timestamp value encrypted with order preserving encryption
*
* @param tweak The tweak used for the decryption
* @param encDataStr The encrypted value
* @return Timestamp value in plain
* @throws SecurityException In case of decryption error
*/
public java.sql.Timestamp decryptOrderPreservingTS(String tweak, String encDataStr) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_OP_ENC, tweak);
return sessionKey.decryptOrderPreservingTS(encDataStr);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a boolean value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public boolean encryptTypePreserving(String tweak, boolean data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed boolean value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Boolean value in plain
* @throws SecurityException In case of decryption error
*/
public boolean decryptTypePreserving(String tweak, boolean encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a Blob value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public java.sql.Blob encryptTypePreserving(String tweak, java.sql.Blob data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed Blob value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Blob value in plain
* @throws SecurityException In case of decryption error
*/
public java.sql.Blob decryptTypePreserving(String tweak, java.sql.Blob encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a Clob value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public java.sql.Clob encryptTypePreserving(String tweak, java.sql.Clob data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed Clob value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return Clob value in plain
* @throws SecurityException In case of decryption error
*/
public java.sql.Clob decryptTypePreserving(String tweak, java.sql.Clob encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a BigDecimal value
*
* @param tweak The tweak used for the encryption
* @param data The data to encrypt
* @return Encrypted value
* @throws SecurityException In case of encryption error
*/
public java.math.BigDecimal encryptTypePreserving(String tweak, java.math.BigDecimal data) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.encryptTypePreserving(data);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encryptyed BigDecimal value
*
* @param tweak The tweak used for the process
* @param encData The encrypted value
* @return BigDecimal value in plain
* @throws SecurityException In case of decryption error
*/
public java.math.BigDecimal decryptTypePreserving(String tweak, java.math.BigDecimal encData) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SP_ENC, tweak);
return sessionKey.decryptTypePreserving(encData);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt an email address in format preserving form, where the encrypted value is also a legitimate email address.
* It can contain these characters: A-Z, a-z, 0-9, .!#$%&*+-/={|}~(),:;<>[]
* It must contain an @ as a separator and cannot contain spaces.
*
* @param tweak The tweak used for the encryption
* @param in Email address to encrypt
* @param maxSize Maximum size of all email addresses encrypted
* @return The encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptEMailAddress(String tweak, String in, int maxSize) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_EMAIL_ENC, tweak);
return sessionKey.encryptEMailAddress(in, maxSize);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encrypted email address, where the encrypted value is also an email address.
*
* @param tweak The tweak used for the decryption
* @param in The encrypted value
* @return Original plain email address
* @throws SecurityException In case of decryption error
*/
public String decryptEMailAddress(String tweak, String in) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_EMAIL_ENC, tweak);
return sessionKey.decryptEMailAddress(in);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a credit card number in format preserving form, where the encrypted value is also a legitimate
* credit card number. Encryption uses a Luhn algorithm to verify valid credit card numbers. The number is
* between 12 and 19 digits. Any non-digits, such as hyphens, are passed as-is.
*
* @param tweak The tweak used for the encryption
* @param in Credit card number to encrypt
* @return The encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptCreditCard(String tweak, String in) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_CREDIT_CARD_ENC, tweak);
return sessionKey.encryptCreditCard(in);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a credit card number in format preserving form, where the encrypted value is also a legitimate
* credit card number. Encryption uses a Luhn algorithm to verify valid credit card numbers. The number is
* between 12 and 19 digits. Any non-digits, such as hyphens, are passed as-is.
*
* @param tweak The tweak used for the encryption
* @param in Credit card number to encrypt
* @param format The credit card number, where the # characters get encrypted, the ? characters are passed as plain text, and other characters are passed as-is to the output. For example, for "????-####-####-####", the first 4 numbers are plain and the rest of the credit card number is encrypted.
* @return The encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptCreditCard(String tweak, String in, String format) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_CREDIT_CARD_ENC, tweak);
return sessionKey.encryptCreditCard(in, format);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt a credit card number, where the encrypted value is also a credit card number
*
* @param tweak The tweak used for the decryption
* @param in The encrypted value
* @return Original plain credit card
* @throws SecurityException In case of decryption error
*/
public String decryptCreditCard(String tweak, String in) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_CREDIT_CARD_ENC, tweak);
return sessionKey.decryptCreditCard(in);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt a credit card number, where the encrypted value is also a credit card number
*
* @param tweak The tweak used for the decryption
* @param in The encrypted value
* @param format The credit card number, where the # characters get decrypted, the ? characters are passed as plain text, and other characters are passed as-is to the output. For example, for "????-####-####-####", the first 4 numbers are plain and the rest of the credit card number is decrypted.
* @return Original plain credit card
* @throws SecurityException In case of decryption error
*/
public String decryptCreditCard(String tweak, String in, String format) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_CREDIT_CARD_ENC, tweak);
return sessionKey.decryptCreditCard(in, format);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt a US phone in format preserving form, where the encrypted value is also a legitimate US phone number.
* The number is 10 digits. Any non-digits, such as hyphens, are passed as-is. It is validated by checking the
* format aaa-bcc-dddd, where aaa > 200, b >= 2, and cc is not 11.
*
* @param tweak The tweak used for the encryption
* @param in Phone number to encrypt
* @param format The output format, where the # characters get encrypted and other characters are passed as-is to the output. For example, the format could be "###-###-####".
* @return The encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptUSPhone(final String tweak, final String in, final String format) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_US_PHONE_ENC, tweak);
return sessionKey.encryptUSPhone(in, format);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encrypted US phone number, where the encrypted value is also a US phone number
*
* @param tweak The tweak used for the decryption
* @param in The encrypted value
* @param format The output format, where the # characters get decrypted and other characters are passed as-is to the output. For example, the format could be "###-###-####".
* @return Original plain US phone number
* @throws SecurityException In case of decryption error
*/
public String decryptUSPhone(String tweak, String in, String format) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_US_PHONE_ENC, tweak);
return sessionKey.decryptUSPhone(in, format);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Encrypt an SSN in format preserving form, where the encrypted value is also a legitimate SSN.
* The SSN is a 9 digit number. Any non-digits, such as hyphens, are passed as-is. The SSN can be all
* numbers except:
* - Numbers with all zeros in any digit group (000-##-####, ###-00-####, ###-##-0000).
* - Numbers with 666 or 900-999 (Individual Taxpayer Identification Number) in the first digit group.
*
* @param tweak The tweak used for the encryption
* @param in SSN to encrypt
* @param format The output format, where the # characters get encrypted, the ? characters are passed as plain text, and other characters are passed as-is to the output. Note that only the last 4 numbers can be plain text, so only "###-##-####" and "###-##-????" are acceptable formats (with or without the hyphen delimiters).
* @return The encrypted value
* @throws SecurityException In case of encryption error
*/
public String encryptSSN(String tweak, String in, String format) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SSN_ENC, tweak);
return sessionKey.encryptSSN(in, format);
}
finally { destroySessionKey(sessionKey); }
}
/**
* Decrypt an encrypted SSN, where the encrypted value is also SSN
*
* @param tweak The tweak used for the decryption
* @param in The encrypted value
* @param format The output format, where the # characters get decrypted, the ? characters are passed as plain text, and other characters are passed as-is to the output. Note that only the last 4 numbers can be plain text, so only "###-##-####" and "###-##-????" are acceptable formats (with or without the hyphen delimiters).
* @return Original plain SSN
* @throws SecurityException In case of decryption error
*/
public String decryptSSN(String tweak, String in, String format) throws SecurityException
{
SDESessionKey sessionKey = null;
try
{
sessionKey = generateSessionKey(PURPOSE_SSN_ENC, tweak);
return sessionKey.decryptSSN(in, format);
}
finally { destroySessionKey(sessionKey); }
}
}