This plugin provides utilities related to cryptography, encryption, hashing.
The utilities are accessible via the SpincastCryptoUtils interface (for which the default implementation is SpincastCryptoUtilsDefault).
Simply inject the interface in classes where you need to use it:
public class MyClass { private final SpincastCryptoUtils cryptoUtils; @Inject public MyClass(SpincastCryptoUtils cryptoUtils) { this.cryptoUtils = cryptoUtils; } protected SpincastCryptoUtils getCryptoUtils() { return this.cryptoUtils; } //... }
Note that this plugin doesn't try to implement custom security algorithms by itself. It simply makes it easier to use existing and proven security libraries, written by experts of the field.
removeCryptographyRestrictions()
Prior to Java 9, some security restrictions are enabled by default on the JVM. You are not allowed to perform some encryptions without performing some manipulations first.
This method will remove those restrictions, if they are enabled. You will then be able to use the other methods provided by the plugin.
By default this plugin will automatically remove the security restrictions when it is installed. But if you disable this feature, and want to do it by yourself, we suggest that you call this method in an init method, as soon as your application starts.
@Inject public void init() { getCryptoUtils().removeCryptographyRestrictions(); }
boolean isRestrictedCryptographyJavaVersion()
Let you check if your current Java version has cryptography restrictions enabled by default.
String encrypt(String toEncrypt, String secretKey)
Encrypts the "toEncrypt
" string using the specified secret key. The resulting
encrypted payload is
also Base64 encoded, so it can directly be used almost everywhere (in URLs, etc.).
The encryption algorithm is AES
.
Example:
String encrypted = getCryptoUtils().encrypt("my String to encrypt", "my$ecretKey!42"); // results in: "PZWI78fsypZZOuQu3-pSxJ-xReQ7wTGRmqXQtnt0FA8="
For this method to work, your Java version must not have cryptography
restrictions enabled by default, or you must have removed those restrictions
using removeCryptographyRestrictions()
.
String decrypt(String payload, String secretKey)
Decrypts the encrypted "payload
" using the specified secret key. The payload is first
Base 64 decoded, then decrypted. The decryption algorithm is AES
.
Example:
String encrypted = getCryptoUtils().decrypt("PZWI78fsypZZOuQu3-pSxJ-xReQ7wTGRmqXQtnt0FA8=", "my$ecretKey!42"); // results in: "my String to encrypt"
For this method to work, your Java version must not have cryptography
restrictions enabled by default, or you must have removed those restrictions
using removeCryptographyRestrictions()
.
String hashSecure(String toHash, String salt)
Hashes the specified string using Bcrypt and the provided salt.
Bcrypt is known for generating hashes that are good to use for storing passwords.
String generateNewHashSecureSalt()
Generates a salt that can be used to hash a string using hashSecure()
.
The configuration interface for this plugin is SpincastCryptoConfig. To change the default configurations, you can bind an implementation of that interface, extending the default SpincastCryptoConfigDefault implementation if you don't want to start from scratch.
boolean removeJavaCryptoRestrictionsOnInit()
If true
is returned, the plugin will automatically remove the
cryptography restrictions if required by your Java version. It will do so by calling
"removeCryptographyRestrictions()
"
as soon as it is installed.
Defaults to true
.
1. Add this Maven artifact to your project:
<dependency> <groupId>org.spincast</groupId> <artifactId>spincast-plugins-crypto</artifactId> <version>2.2.0</version> </dependency>
2. Add an instance of the SpincastCryptoPlugin plugin to your Spincast Bootstrapper:
Spincast.configure() .plugin(new SpincastCryptoPlugin()) // ...