| = Java Cryptography Guide |
| :jbake-date: 2010-03-18 00:00:00 |
| :jbake-type: page |
| :jbake-status: published |
| :jbake-tags: documentation, cryptography |
| :idprefix: |
| :icons: font |
| :toc: |
| |
| Cryptography is the protecting of information from undesired access by hiding it or converting it into nonsense so that no one can read it. |
| |
| Shiro is a major part of Shiro because we wanted to provide you with simplicity on what is typically a very complex topic. |
| For example, the Java Cryptography Extension (JCE) already handles cryptography in a Java environment but is very difficult to learn and use. |
| So we grabbed the concepts made available by the JCE API and make them available to us mortals. |
| In addition, all of the calls in the JCE are procedural which doesn't fit in Java's Object Oriented paradigm. |
| So in Shiro, our cryptography features are all object oriented. |
| |
| == Elements of Cryptography |
| |
| cryptography has two core elements in Shiro– ciphers and hashes. |
| |
| === Ciphers Defined |
| |
| Ciphers are algorightms that can either encrypt or decrypt based on public or private key pair. And there are two different types of ciphers: |
| |
| * Symmetric Cipher - encrypts and decrypts using the same key. |
| |
| * Asymmetric Cipher - uses different keys for encryption and decryption. |
| |
| Both cipher type are support in Shiro. |
| |
| === Hashes Defined |
| |
| A hash is a one-way irreversible conversion of an input source. In the JDK, a hash is referred to as a message digest. A cryptographic hash and a message digests are the same thing and both terms or correct. |
| |
| ==== Common uses for Hashes |
| |
| Hashes are often used to transforms credentials like passwords or biometric data. It's a one way transformation so you can never see what the original value was. This is a very safe way of storing passwords so that no one other than the user will ever know a password, even if your system is compromised. |
| |
| In addition, Shiro's hashes can be used with any type of data with an underlying byte array. Examples of this data include files, streams, byte arrays, strings, and character arrays. |
| |
| == Cipher Features |
| |
| === Shiro's CipherService Interface |
| |
| [source,java] |
| ---- |
| public interface CipherService { |
| |
| ByteSource encrypt( byte[] raw, byte[] key); |
| |
| void encrypt(InputStream in, OutputStream out, byte[] key); |
| |
| ByteSource decrypt( byte[] cipherText, byte[] key); |
| |
| void decrypt(InputStream in, OutputStream out, byte[] key); |
| } |
| |
| ---- |
| |
| == Hash Features |
| |
| TIP: Salts are important when hashing… |
| |
| TIP: Repeated hashes are important when hashing … |
| |
| === Shiro's Hash Interface |
| |
| [source,java] |
| ---- |
| public interface Hash { |
| byte[] getBytes(); |
| String toHex(); |
| String toBase64(); |
| } |
| ---- |
| |
| === Examples of how to use Hashes in your code |
| |
| [source,java] |
| ---- |
| //some examples: |
| new Md5Hash("foo").toHex(); |
| |
| //File MD5 Hash value for checksum: |
| new MD5Hash( aFile ).toHex(); |
| |
| //store a password, but not raw: |
| new Sha256(aPassword, salt, 1024).toBase64(); |
| ---- |