org.apache.shiro.crypto
Class BlowfishCipherService

java.lang.Object
  org.apache.shiro.crypto.JcaCipherService
      org.apache.shiro.crypto.AbstractSymmetricCipherService
          org.apache.shiro.crypto.DefaultBlockCipherService
              org.apache.shiro.crypto.BlowfishCipherService

All Implemented Interfaces:

CipherService

public class BlowfishCipherService
extends DefaultBlockCipherService

CipherService using the Blowfish cipher algorithm for all encryption, decryption, and key operations.

The Blowfish algorithm can support key sizes between 32 and 448 bits*, inclusive. However, modern cryptanalysis techniques render keys of 80 bits or less mostly worthless - use 128 or more whenever possible.

Note that this class retains the parent class's default CBC mode of operation instead of the typical JDK default of ECB. ECB should not be used in security-sensitive environments because ECB does not allow for initialization vectors, which are considered necessary for strong encryption. See the parent class's JavaDoc and the JcaCipherService JavaDoc for more on why the JDK default should not be used and is not used in this implementation.

* Generating and using Blowfish key sizes greater than 128 require installation of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files.

Since:

1.0

Constructor Summary

BlowfishCipherService()
Creates a new CipherService instance using the Blowfish cipher algorithm with the following important cipher default attributes: Attribute Value keySize 128 bits blockSize 64 bits (required for Blowfish) mode CBC* paddingScheme PKCS5 initializationVectorSize 64 bits generateInitializationVectors true**

* The CBC operation mode is used instead of the JDK default ECB to ensure strong encryption.

Method Summary

Methods inherited from class org.apache.shiro.crypto.DefaultBlockCipherService

generateInitializationVector, getBlockSize, getModeName, getPaddingSchemeName, getStreamingBlockSize, getStreamingModeName, getStreamingPaddingSchemeName, getTransformationString, isGenerateInitializationVectors, setBlockSize, setMode, setModeName, setPaddingScheme, setPaddingSchemeName, setStreamingBlockSize, setStreamingMode, setStreamingModeName, setStreamingPaddingScheme, setStreamingPaddingSchemeName

Methods inherited from class org.apache.shiro.crypto.AbstractSymmetricCipherService

generateNewKey, generateNewKey

Methods inherited from class org.apache.shiro.crypto.JcaCipherService

decrypt, decrypt, encrypt, encrypt, ensureSecureRandom, getAlgorithmName, getDefaultSecureRandom, getInitializationVectorSize, getKeySize, getSecureRandom, getStreamingBufferSize, isGenerateInitializationVectors, setGenerateInitializationVectors, setInitializationVectorSize, setKeySize, setSecureRandom, setStreamingBufferSize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BlowfishCipherService

public BlowfishCipherService()

Creates a new CipherService instance using the Blowfish cipher algorithm with the following important cipher default attributes:

Attribute	Value
keySize	128 bits
blockSize	64 bits (required for Blowfish)
mode	CBC*
paddingScheme	PKCS5
initializationVectorSize	64 bits
generateInitializationVectors	true**

* The CBC operation mode is used instead of the JDK default ECB to ensure strong encryption. ECB should not be used in security-sensitive environments - see the DefaultBlockCipherService class JavaDoc's "Operation Mode" section for more.

**In conjunction with the default CBC operation mode, initialization vectors are generated by default to ensure strong encryption. See the JcaCipherService class JavaDoc for more.