Package com.oracle.bmc.encryption

Class OciCrypto

  • public final class OciCrypto
extends Object
    This is the starting point in the OCI Encryption SDK.

    All encryption and decryption operations should be used from this class.

    It allows the user to encrypt/decrypt streams using: createEncryptingStream(MasterKeyProvider masterKeyProvider, final InputStream inputStream) createDecryptingStream(MasterKeyProvider masterKeyProvider, final InputStream inputStream)

    Or encrypt/decrypt text strings using: encryptData(MasterKeyProvider masterKeyProvider, final byte[] data) decryptData(MasterKeyProvider masterKeyProvider, final byte[] data)

    OciCrypto uses the MasterKeyProvider to determine which MasterKeys should be used to encrypt the DataKey. The master key is used to generate a data encryption key which is used to encrypt the data.

    The returned encrypted data includes a header containing various metadata that allows it to be decrypted by the OCI Java SDK and other OCI SDKs that support client side encryption.

    The default encryption algorithm used is AES/GCM. GCM is a secure authenticated encryption algorithm. The max data size that can be encrypted using the Javax.crypto library is 2GB (2147483647 bytes). GCM verifies the authentication tag upon decryption. This requires buffering the entire payload into memory before returning it. To avoid out of memory errors during decryption, ensure that you allocate Java virtual memory four times the data size that needs to be decrypted. For example, use 8GB VM (-Xmx8G) to decrypt a 2GB file.

    • Constructor Detail

      • OciCrypto

        public OciCrypto()

    • Method Detail

      • createEncryptingStream

        public OciCryptoInputStream createEncryptingStream​(MasterKeyProvider masterKeyProvider,
                                                   InputStream inputStream)
        Creates a new CryptoInputStream that allows reading data from the encrypted stream under the provided master key.

        Note: The max data size that can be encrypted is 2GB.

        Parameters:
        masterKeyProvider - A MasterKeyProvider to use for decrypting the data.
        inputStream - The stream to be encrypt.
        Returns:
        OciCryptoInputStream

      • createEncryptingStream

        public OciCryptoInputStream createEncryptingStream​(MasterKeyProvider masterKeyProvider,
                                                   InputStream inputStream,
                                                   Map<String,​String> context)
        Creates a new CryptoInputStream that allows reading data from the encrypted stream under the provided master key.

        Note: The max data size that can be encrypted is 2GB.

        Parameters:
        masterKeyProvider - A MasterKeyProvider to use for encrypting the data.
        inputStream - The stream to be encrypt.
        context - Optional additional data to be provided as input to authenticated encryption algorithms. Map Keys may NO match the prefix oci-* as that namespace is reserved for OCI internal keys that may be added to the AAD.
        Returns:
        OciCryptoInputStream

      • createDecryptingStream

        public OciCryptoInputStream createDecryptingStream​(MasterKeyProvider masterKeyProvider,
                                                   InputStream inputStream)
                                            throws IOException
        Creates a new CryptoInputStream that allows reading decrypted data from the underlying encrypted stream.
        Parameters:
        masterKeyProvider - A MasterKeyProvider to use for decrypting the data.
        inputStream - The stream to decrypt.
        Returns:
        OciCryptoInputStream
        Throws:
        IOException - when an input stream read error occurs.

      • encryptData

        public OciCryptoResult encryptData​(MasterKeyProvider masterKeyProvider,
                                   byte[] data)
                            throws IOException
        Encrypts data.
        Parameters:
        masterKeyProvider - A MasterKeyProvider to use for encrypting the data.
        data - The data to encrypt.
        Returns:
        OciCryptoResult
        Throws:
        IOException - when a stream write error occurs.

      • encryptData

        public OciCryptoResult encryptData​(MasterKeyProvider masterKeyProvider,
                                   byte[] data,
                                   Map<String,​String> context)
                            throws IOException
        Encrypts data.
        Parameters:
        masterKeyProvider - A MasterKeyProvider to use for encrypting the data.
        data - The data to encrypt.
        context - Optional additional data to be provided as input to authenticated encryption algorithms. Map Keys may NO match the prefix oci-* as that namespace is reserved for OCI internal keys that may be added to the AAD.
        Returns:
        OciCryptoResult
        Throws:
        IOException - when a stream write error occurs.

      • decryptData

        public OciCryptoResult decryptData​(MasterKeyProvider masterKeyProvider,
                                   byte[] data)
                            throws IOException
        Decrypts data.
        Parameters:
        masterKeyProvider - A MasterKeyProvider to use for decrypting the data.
        data - The data to decrypt.
        Returns:
        OciCryptoResult
        Throws:
        IOException - when a stream write error occurs.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object