001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019 package org.apache.shiro.crypto;
020
021 /**
022 * {@code CipherService} using the {@code AES} cipher algorithm for all encryption, decryption, and key operations.
023 * <p/>
024 * The AES algorithm can support key sizes of {@code 128}, {@code 192} and {@code 256} bits<b>*</b>. This implementation
025 * defaults to 128 bits.
026 * <p/>
027 * Note that this class retains the parent class's default {@link OperationMode#CFB CFB} mode of operation
028 * instead of the typical JDK default of {@link OperationMode#ECB ECB}. {@code ECB} should not be used in
029 * security-sensitive environments because {@code ECB} does not allow for initialization vectors, which are
030 * considered necessary for strong encryption. See the {@link DefaultBlockCipherService parent class}'s JavaDoc and the
031 * {@link JcaCipherService JcaCipherService} JavaDoc for more on why the JDK default should not be used and is not
032 * used in this implementation.
033 * <p/>
034 * <b>*</b> Generating and using AES key sizes greater than 128 require installation of the
035 * <a href="http://java.sun.com/javase/downloads/index.jsp">Java Cryptography Extension (JCE) Unlimited Strength
036 * Jurisdiction Policy files</a>.
037 *
038 * @author Les Hazlewood
039 * @since 1.0
040 */
041 public class AesCipherService extends DefaultBlockCipherService {
042
043 private static final String ALGORITHM_NAME = "AES";
044
045 /**
046 * Creates a new {@link CipherService} instance using the {@code AES} cipher algorithm with the following
047 * important cipher default attributes:
048 * <table>
049 * <tr>
050 * <th>Attribute</th>
051 * <th>Value</th>
052 * </tr>
053 * <tr>
054 * <td>{@link #setKeySize keySize}</td>
055 * <td>{@code 128} bits</td>
056 * </tr>
057 * <tr>
058 * <td>{@link #setBlockSize blockSize}</td>
059 * <td>{@code 128} bits (required for {@code AES}</td>
060 * </tr>
061 * <tr>
062 * <td>{@link #setMode mode}</td>
063 * <td>{@link OperationMode#CFB CFB}<b>*</b></td>
064 * </tr>
065 * <tr>
066 * <td>{@link #setPaddingScheme paddingScheme}</td>
067 * <td>{@link PaddingScheme#PKCS5 PKCS5}</td>
068 * </tr>
069 * <tr>
070 * <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td>
071 * <td>{@code 128} bits</td>
072 * </tr>
073 * <tr>
074 * <td>{@link #setGenerateInitializationVectors(boolean) generateInitializationVectors}</td>
075 * <td>{@code true}<b>**</b></td>
076 * </tr>
077 * </table>
078 * <p/>
079 * <b>*</b> The {@link OperationMode#CFB CFB} operation mode is used instead of the JDK default {@code ECB} to
080 * ensure strong encryption. {@code ECB} should not be used in security-sensitive environments - see the
081 * {@link DefaultBlockCipherService DefaultBlockCipherService} class JavaDoc's "Operation Mode" section
082 * for more.
083 * <p/>
084 * <b>**</b>In conjunction with the default {@code CFB} operation mode, initialization vectors are generated by
085 * default to ensure strong encryption. See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
086 */
087 public AesCipherService() {
088 super(ALGORITHM_NAME);
089 }
090
091 }