public final class OciCrypto extends Object
This is the starting point in the OCI Encryption SDK. All encryption and decryption operations should be used from this class.
It allows the user to encrypt/decrypt streams using: createEncryptingStream(MasterKeyProvider masterKeyProvider, final InputStream inputStream) createDecryptingStream(MasterKeyProvider masterKeyProvider, final InputStream inputStream)
Or encrypt/decrypt text strings using: encryptData(MasterKeyProvider masterKeyProvider, final byte[] data) decryptData(MasterKeyProvider masterKeyProvider, final byte[] data)
OciCrypto uses the MasterKeyProvider to determine which MasterKeys should be
used to encrypt the DataKey. The master key is used to generate a data encryption key
which is used to encrypt the data.
The returned encrypted data includes a header containing various metadata that allows it to be decrypted by the OCI Java SDK and other OCI SDKs that support client side encryption.
The default encryption algorithm used is AES/GCM. GCM is a secure authenticated encryption algorithm. The max data size that can be encrypted using the Javax.crypto library is 2GB (2147483647 bytes). GCM verifies the authentication tag upon decryption. This requires buffering the entire payload into memory before returning it. To avoid out of memory errors during decryption, ensure that you allocate Java virtual memory four times the data size that needs to be decrypted. For example, use 8GB VM (-Xmx8G) to decrypt a 2GB file.
| Constructor and Description |
|---|
OciCrypto() |
| Modifier and Type | Method and Description |
|---|---|
OciCryptoInputStream |
createDecryptingStream(MasterKeyProvider masterKeyProvider,
InputStream inputStream)
Creates a new CryptoInputStream that allows reading decrypted data from the underlying
encrypted stream.
|
OciCryptoInputStream |
createEncryptingStream(MasterKeyProvider masterKeyProvider,
InputStream inputStream)
Creates a new CryptoInputStream that allows reading data from the encrypted stream under the
provided master key.
|
OciCryptoInputStream |
createEncryptingStream(MasterKeyProvider masterKeyProvider,
InputStream inputStream,
Map<String,String> context)
Creates a new CryptoInputStream that allows reading data from the encrypted stream under the
provided master key.
|
OciCryptoResult |
decryptData(MasterKeyProvider masterKeyProvider,
byte[] data)
Decrypts data.
|
OciCryptoResult |
encryptData(MasterKeyProvider masterKeyProvider,
byte[] data)
Encrypts data.
|
OciCryptoResult |
encryptData(MasterKeyProvider masterKeyProvider,
byte[] data,
Map<String,String> context)
Encrypts data.
|
boolean |
equals(Object o) |
int |
hashCode() |
String |
toString() |
public OciCryptoInputStream createEncryptingStream(MasterKeyProvider masterKeyProvider, InputStream inputStream)
Creates a new CryptoInputStream that allows reading data from the encrypted stream under the provided master key. Note: The max data size that can be encrypted is 2GB.
masterKeyProvider - A MasterKeyProvider to use for decrypting the data.inputStream - The stream to be encrypt.public OciCryptoInputStream createEncryptingStream(MasterKeyProvider masterKeyProvider, InputStream inputStream, Map<String,String> context)
Creates a new CryptoInputStream that allows reading data from the encrypted stream under the provided master key. Note: The max data size that can be encrypted is 2GB.
masterKeyProvider - A MasterKeyProvider to use for encrypting the data.inputStream - The stream to be encrypt.context - Optional additional data to be provided as input to authenticated encryption
algorithms. Map Keys may NO match the prefix oci-* as that namespace is reserved for OCI
internal keys that may be added to the AAD.public OciCryptoInputStream createDecryptingStream(MasterKeyProvider masterKeyProvider, InputStream inputStream) throws IOException
Creates a new CryptoInputStream that allows reading decrypted data from the underlying encrypted stream.
masterKeyProvider - A MasterKeyProvider to use for decrypting the data.inputStream - The stream to decrypt.IOException - when an input stream read error occurs.public OciCryptoResult encryptData(MasterKeyProvider masterKeyProvider, byte[] data) throws IOException
Encrypts data.
masterKeyProvider - A MasterKeyProvider to use for encrypting the data.data - The data to encrypt.IOException - when a stream write error occurs.public OciCryptoResult encryptData(MasterKeyProvider masterKeyProvider, byte[] data, Map<String,String> context) throws IOException
Encrypts data.
masterKeyProvider - A MasterKeyProvider to use for encrypting the data.data - The data to encrypt.context - Optional additional data to be provided as input to authenticated encryption
algorithms. Map Keys may NO match the prefix oci-* as that namespace is reserved for OCI
internal keys that may be added to the AAD.IOException - when a stream write error occurs.public OciCryptoResult decryptData(MasterKeyProvider masterKeyProvider, byte[] data) throws IOException
Decrypts data.
masterKeyProvider - A MasterKeyProvider to use for decrypting the data.data - The data to decrypt.IOException - when a stream write error occurs.Copyright © 2016–2024. All rights reserved.