You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@click.apache.org by "Andrey Rybin (JIRA)" <ji...@apache.org> on 2010/01/15 15:25:54 UTC
[jira] Created: (CLK-608) Add ClickUtils.encode(Object, byte[]
key16) and ClickUtils.decode(String, byte[] key16)
Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)
---------------------------------------------------------------------------------------
Key: CLK-608
URL: https://issues.apache.org/jira/browse/CLK-608
Project: Click
Issue Type: Improvement
Components: core
Reporter: Andrey Rybin
Priority: Minor
ClickUtils has handy methods encode(Object) and decode(String), but it is possible for client to corrupt our internal state in saved objects.
If you will add also encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16), which will encipher serialized, gzipped object before base64 encoding and decipher after base64 decoding, then objects will be safe and we can store all sensitive information on client side.
Encipher/decipher are easy in Java:
private static final String DEFAULT_CRYPT_ALGORITHM = "AES";
public static byte[] encrypt (@NotNull final byte[] src, @NotNull final byte[] key16) throws IllegalArgumentException {
final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE
try {
final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
cf.init(Cipher.ENCRYPT_MODE, sks);
//byte[] out = cf.update(buf, 0, n);
return cf.doFinal(src);
} catch (Throwable e) {
throw new IllegalArgumentException("encrypt failed for "+ toHexString(key16) +'='+ sks, e);
}//t
}//encrypt
public static byte[] decrypt (@NotNull final byte[] src, @NotNull final byte[] key16) throws IllegalArgumentException {
final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE
try {
final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
cf.init(Cipher.DECRYPT_MODE, sks);
//byte[] out = cf.update(buf, 0, n);
return cf.doFinal(src);
} catch (Throwable e) {
throw new IllegalArgumentException("decrypt failed for "+ toHexString(key16) +'='+ sks, e);
}//t
}//decrypt
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.