Encryption Service
be.securit.trustbuilder.service.EncryptionService
Properties
| property name | description |
|---|---|
| key | base64 encoded binary key |
| iv | base64 encoded binary iv |
| encryptedKey | password tool encoded key |
| encryptedIv | password tool encoded iv |
PKCS8EncodedKeySpec |
base64 encoded binary public key |
RsaPublicKey |
base64 encoded binary public key |
RsaPkcs8PublicKey |
base64 encoded binary public key |
| encoding | sets the encoding format (default "UTF-8" |
Ciphers
The following ciphers are supported (key length between parentheses)
-
AES/CBC/NoPadding(128) -
AES/CBC/PKCS5Padding(128) -
AES/ECB/NoPadding(128) -
AES/ECB/PKCS5Padding(128) -
DES/CBC/NoPadding(56) -
DES/CBC/PKCS5Padding(56) -
DES/ECB/NoPadding(56) -
DES/ECB/PKCS5Padding(56) -
DESede/CBC/NoPadding(168) -
DESede/CBC/PKCS5Padding(168) -
DESede/ECB/NoPadding(168) -
DESede/ECB/PKCS5Padding(168) -
RSA/ECB/PKCS1Padding(1024, 2048) -
RSA/ECB/OAEPWithSHA-1AndMGF1Padding(1024, 2048) -
RSA/ECB/OAEPWithSHA-256AndMGF1Padding(1024, 2048)
Functions
| function | Description |
|---|---|
| encrypt(cipher,string,format) | Encrypt the string and return the encrypted data in the format (base64,hex,y64) |
| decrypt(cipher,encryptedString,format) | Decrypt the encryptedString by decoding in format (base64,hex,y64) and return the original string |
| generateHMac(cipher,string,inputformat, outputformat) |
Encrypt the string with hmac and return the result in the outputformat (base64,hex, y64). Inputformat : null, base64, hex, y64 |
| hash(hashAlg, message, encodingFormat) | Hash (according to the hashAlg=algorithm) the message and return it in the encoding format (base64, hex, y64) |
| saltedHash(password, salt) | Hashes (sha-1) the concatenated password+salt and retuns it base64 encoded |
| generateSalt(int len) | Generates a salt with the specified length |
| sign([algorithm](http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature), data, decodingFormat, encodingFormat) | Sign decoded data (using decodingFormat) and encode the signed data |
| verify([algorithm](http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature), data, signature, decodingFormat) | Verify the signed data by first decoding it using the decodingFormat. Returns boolean indicating whether the signature matched or not. |
Available ciphers can be found for the sun at jdk6 jdk7
Example
var encryptionService = tb.getService("encryption"); // encryption is the name of the service
var pwd_hash_user = encryptionService.hash("SHA-512",workItem.input.credentials.password+salt,"base64");
// Encrypts the signaturebase with HMAC-SHA1 and returns a BASE64 encoded string
var signature = encryptionService.generateHMac( "HmacSHA1", signaturebase, null, "base64");.setKey
When using the setKey functionality it's recommended to use the Encryption Service with the singleton flag set to false. If the singleton is set to true, the key is persistent until the next .setKey call or restart of the TrustBuilder Server.
Some cases another key must be used instead of the default one. This key can be set dynamic as an BASE64 encoded string.
encryptionService.setKey(tb.base64Encode("5VRtmBeg9jRJ5mRAsncaGwCGJ2YazTxReQIqbcHqZc",true)); // Encode as string true
var signature = encryptionService.generateHMac( "HmacSHA1", signaturebase, "base64"); // base64 is defaultencodingFormat/decodingFormat
- base64 ; Base64 encode / decode
- y64 : (urldecode) + base64 + (urlencode)
- hex : hex encode / decode
- none : take the bytes from the string as UTF-8
Comments
Please sign in to leave a comment.