org.apache.commons.ssl
Class OpenSSL

java.lang.Object
  extended by org.apache.commons.ssl.OpenSSL

public class OpenSSL
extends java.lang.Object

Class for encrypting or decrypting data with a password (PBE - password based encryption). Compatible with "openssl enc" unix utility. An OpenSSL compatible cipher name must be specified along with the password (try "man enc" on a unix box to see what's possible). Some examples:

 // Encrypt!
 byte[] encryptedData = OpenSSL.encrypt( "des3", password, data );
 

If you want to specify a raw key and iv directly (without using PBE), use the methods that take byte[] key, byte[] iv. Those byte[] arrays can be the raw binary, or they can be ascii (hex representation: '0' - 'F'). If you want to use PBE to derive the key and iv, then use the methods that take char[] password.

This class is able to decrypt files encrypted with "openssl" unix utility.

The "openssl" unix utility is able to decrypt files encrypted by this class.

This class is also able to encrypt and decrypt its own files.

Since:
18-Oct-2007
Author:
juliusdavies@gmail.com

Nested Class Summary
static class OpenSSL.CipherInfo
           
 
Constructor Summary
OpenSSL()
           
 
Method Summary
static byte[] decrypt(java.lang.String cipher, byte[] key, byte[] iv, byte[] encrypted)
           
static java.io.InputStream decrypt(java.lang.String cipher, byte[] key, byte[] iv, java.io.InputStream encrypted)
           
static byte[] decrypt(java.lang.String cipher, char[] pwd, byte[] encrypted)
          Decrypts data using a password and an OpenSSL compatible cipher name.
static java.io.InputStream decrypt(java.lang.String cipher, char[] pwd, java.io.InputStream encrypted)
          Decrypts data using a password and an OpenSSL compatible cipher name.
static DerivedKey deriveKey(char[] password, byte[] salt, int keySize, boolean des2)
           
static DerivedKey deriveKey(char[] password, byte[] salt, int keySize, int ivSize, boolean des2)
           
static byte[] encrypt(java.lang.String cipher, byte[] key, byte[] iv, byte[] data)
           
static byte[] encrypt(java.lang.String cipher, byte[] key, byte[] iv, byte[] data, boolean toBase64)
           
static java.io.InputStream encrypt(java.lang.String cipher, byte[] key, byte[] iv, java.io.InputStream data)
           
static java.io.InputStream encrypt(java.lang.String cipher, byte[] key, byte[] iv, java.io.InputStream data, boolean toBase64)
           
static byte[] encrypt(java.lang.String cipher, char[] pwd, byte[] data)
          Encrypts data using a password and an OpenSSL compatible cipher name.
static byte[] encrypt(java.lang.String cipher, char[] pwd, byte[] data, boolean toBase64)
          Encrypts data using a password and an OpenSSL compatible cipher name.
static byte[] encrypt(java.lang.String cipher, char[] pwd, byte[] data, boolean toBase64, boolean useSalt)
          Encrypts data using a password and an OpenSSL compatible cipher name.
static java.io.InputStream encrypt(java.lang.String cipher, char[] pwd, java.io.InputStream data)
          Encrypts data using a password and an OpenSSL compatible cipher name.
static java.io.InputStream encrypt(java.lang.String cipher, char[] pwd, java.io.InputStream data, boolean toBase64)
          Encrypts data using a password and an OpenSSL compatible cipher name.
static java.io.InputStream encrypt(java.lang.String cipher, char[] pwd, java.io.InputStream data, boolean toBase64, boolean useSalt)
          Encrypts data using a password and an OpenSSL compatible cipher name.
static OpenSSL.CipherInfo lookup(java.lang.String openSSLCipher)
          Converts the way OpenSSL names its ciphers into a Java-friendly naming.
static void main(java.lang.String[] args)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OpenSSL

public OpenSSL()
Method Detail

decrypt

public static byte[] decrypt(java.lang.String cipher,
                             char[] pwd,
                             byte[] encrypted)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException
Decrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE decryption
encrypted - byte array to decrypt. Can be raw, or base64.
Returns:
decrypted bytes
Throws:
java.io.IOException - problems with encrypted bytes (unlikely!)
java.security.GeneralSecurityException - problems decrypting

decrypt

public static java.io.InputStream decrypt(java.lang.String cipher,
                                          char[] pwd,
                                          java.io.InputStream encrypted)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Decrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE decryption
encrypted - InputStream to decrypt. Can be raw, or base64.
Returns:
decrypted bytes as an InputStream
Throws:
java.io.IOException - problems with InputStream
java.security.GeneralSecurityException - problems decrypting

encrypt

public static byte[] encrypt(java.lang.String cipher,
                             char[] pwd,
                             byte[] data)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException
Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE encryption
data - byte array to encrypt
Returns:
encrypted bytes as an array in base64. First 16 bytes include the special OpenSSL "Salted__" info encoded into base64.
Throws:
java.io.IOException - problems with the data byte array
java.security.GeneralSecurityException - problems encrypting

encrypt

public static java.io.InputStream encrypt(java.lang.String cipher,
                                          char[] pwd,
                                          java.io.InputStream data)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE encryption
data - InputStream to encrypt
Returns:
encrypted bytes as an InputStream. First 16 bytes include the special OpenSSL "Salted__" info encoded into base64.
Throws:
java.io.IOException - problems with the data InputStream
java.security.GeneralSecurityException - problems encrypting

encrypt

public static byte[] encrypt(java.lang.String cipher,
                             char[] pwd,
                             byte[] data,
                             boolean toBase64)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException
Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE encryption
data - byte array to encrypt
toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.
Returns:
encrypted bytes as an array. First 16 bytes include the special OpenSSL "Salted__" info.
Throws:
java.io.IOException - problems with the data byte array
java.security.GeneralSecurityException - problems encrypting

encrypt

public static java.io.InputStream encrypt(java.lang.String cipher,
                                          char[] pwd,
                                          java.io.InputStream data,
                                          boolean toBase64)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE encryption
data - InputStream to encrypt
toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.
Returns:
encrypted bytes as an InputStream. First 16 bytes include the special OpenSSL "Salted__" info.
Throws:
java.io.IOException - problems with the data InputStream
java.security.GeneralSecurityException - problems encrypting

encrypt

public static byte[] encrypt(java.lang.String cipher,
                             char[] pwd,
                             byte[] data,
                             boolean toBase64,
                             boolean useSalt)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException
Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE encryption
data - byte array to encrypt
toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.
useSalt - true if a salt should be used to derive the key.
false otherwise. (Best security practises always recommend using a salt!).
Returns:
encrypted bytes as an array. First 16 bytes include the special OpenSSL "Salted__" info if useSalt is true.
Throws:
java.io.IOException - problems with the data InputStream
java.security.GeneralSecurityException - problems encrypting

encrypt

public static java.io.InputStream encrypt(java.lang.String cipher,
                                          char[] pwd,
                                          java.io.InputStream data,
                                          boolean toBase64,
                                          boolean useSalt)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Encrypts data using a password and an OpenSSL compatible cipher name.

Parameters:
cipher - The OpenSSL compatible cipher to use (try "man enc" on a unix box to see what's possible). Some examples:
  • des, des3, des-ede3-cbc
  • aes128, aes192, aes256, aes-256-cbc
  • rc2, rc4, bf
pwd - password to use for this PBE encryption
data - InputStream to encrypt
toBase64 - true if resulting InputStream should contain base64,
false if InputStream should contain raw binary.
useSalt - true if a salt should be used to derive the key.
false otherwise. (Best security practises always recommend using a salt!).
Returns:
encrypted bytes as an InputStream. First 16 bytes include the special OpenSSL "Salted__" info if useSalt is true.
Throws:
java.io.IOException - problems with the data InputStream
java.security.GeneralSecurityException - problems encrypting

decrypt

public static byte[] decrypt(java.lang.String cipher,
                             byte[] key,
                             byte[] iv,
                             byte[] encrypted)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException
Throws:
java.io.IOException
java.security.GeneralSecurityException

decrypt

public static java.io.InputStream decrypt(java.lang.String cipher,
                                          byte[] key,
                                          byte[] iv,
                                          java.io.InputStream encrypted)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Throws:
java.io.IOException
java.security.GeneralSecurityException

encrypt

public static byte[] encrypt(java.lang.String cipher,
                             byte[] key,
                             byte[] iv,
                             byte[] data)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException
Throws:
java.io.IOException
java.security.GeneralSecurityException

encrypt

public static byte[] encrypt(java.lang.String cipher,
                             byte[] key,
                             byte[] iv,
                             byte[] data,
                             boolean toBase64)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException
Throws:
java.io.IOException
java.security.GeneralSecurityException

encrypt

public static java.io.InputStream encrypt(java.lang.String cipher,
                                          byte[] key,
                                          byte[] iv,
                                          java.io.InputStream data)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Throws:
java.io.IOException
java.security.GeneralSecurityException

encrypt

public static java.io.InputStream encrypt(java.lang.String cipher,
                                          byte[] key,
                                          byte[] iv,
                                          java.io.InputStream data,
                                          boolean toBase64)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Throws:
java.io.IOException
java.security.GeneralSecurityException

deriveKey

public static DerivedKey deriveKey(char[] password,
                                   byte[] salt,
                                   int keySize,
                                   boolean des2)
                            throws java.security.NoSuchAlgorithmException
Throws:
java.security.NoSuchAlgorithmException

deriveKey

public static DerivedKey deriveKey(char[] password,
                                   byte[] salt,
                                   int keySize,
                                   int ivSize,
                                   boolean des2)
                            throws java.security.NoSuchAlgorithmException
Throws:
java.security.NoSuchAlgorithmException

lookup

public static OpenSSL.CipherInfo lookup(java.lang.String openSSLCipher)
Converts the way OpenSSL names its ciphers into a Java-friendly naming.

Parameters:
openSSLCipher - OpenSSL cipher name, e.g. "des3" or "des-ede3-cbc". Try "man enc" on a unix box to see what's possible.
Returns:
CipherInfo object with the Java-friendly cipher information.

main

public static void main(java.lang.String[] args)
                 throws java.io.IOException,
                        java.security.GeneralSecurityException
Parameters:
args - command line arguments: [password] [cipher] [file-to-decrypt]
[cipher] == OpenSSL cipher name, e.g. "des3" or "des-ede3-cbc". Try "man enc" on a unix box to see what's possible.
Throws:
java.io.IOException - problems with the [file-to-decrypt]
java.security.GeneralSecurityException - decryption problems