How to encrypt and decrypt an object in and from a file in Java

There are times when we need to write something on a file, but doesn't want it to be readable as a plain text. In this case we can use any type of encryption mechanism, but what if we want to decrypt the encrypted file back and read its contents. For example a configuration file, etc.

Let's show some codes as usual:

public class CipherUtils {

public static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";

private CipherUtils() {

}

public static void encode(Serializable object, String password, String path)
throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
IllegalBlockSizeException, InvalidAlgorithmParameterException {
Cipher cipher = Cipher.getInstance(CIPHER_MODE);
cipher.init(Cipher.ENCRYPT_MODE, fromStringToAESkey(password), new IvParameterSpec(new byte[16]));

// read object from file
SealedObject sealedObject = new SealedObject(object, cipher);
FileOutputStream fos = new FileOutputStream(path);
CipherOutputStream cipherOutputStream = new CipherOutputStream(new BufferedOutputStream(fos), cipher);

ObjectOutputStream outputStream = new ObjectOutputStream(cipherOutputStream);
outputStream.writeObject(sealedObject);
outputStream.close();
fos.close();
}

public static Serializable decode(String password, String path)
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException,
ClassNotFoundException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
Cipher cipher = Cipher.getInstance(CIPHER_MODE);

// write object to file
cipher.init(Cipher.DECRYPT_MODE, fromStringToAESkey(password), new IvParameterSpec(new byte[16]));
CipherInputStream cipherInputStream = new CipherInputStream(new BufferedInputStream(new FileInputStream(path)),
cipher);

ObjectInputStream inputStream = new ObjectInputStream(cipherInputStream);
SealedObject sealedObject = (SealedObject) inputStream.readObject();
Serializable serializeableObject = (Serializable) sealedObject.getObject(cipher);
inputStream.close();

return serializeableObject;
}

public static SecretKey fromStringToAESkey(String s) throws UnsupportedEncodingException {
// 128bit key need 16 byte
byte[] rawKey = new byte[16];
// if you don't specify the encoding you might get weird results
byte[] keyBytes = s.getBytes("UTF-8");
System.arraycopy(keyBytes, 0, rawKey, 0, keyBytes.length);

return new SecretKeySpec(rawKey, "AES");
}
}

This utility class can encrypt and decrypt any serialize-able object we have.

And here's how we use it:


public class CipherUtilsTest {

private Person person;

@Before
public void init() {
person = new Person();
person.setFirstname("Shirayuki");
person.setLastname("Hime");
person.setAge(18);
}

@Test
public void testEncodeDecode() {
try {
CipherUtils.encode(person, "shirayuki", "c://temp//cipher");
Person decodedPerson = (Person) CipherUtils.decode("shirayuki", "c://temp//cipher");
assertEquals(person.getAge(), decodedPerson.getAge());
assertEquals(person.getFirstname(), decodedPerson.getFirstname());
assertEquals(person.getLastname(), decodedPerson.getLastname());
} catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException
| IOException | ClassNotFoundException | BadPaddingException | InvalidAlgorithmParameterException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

}

0 nhận xét:

Đăng nhận xét