The SealedObject
Class
This class enables you to create an object and protect its confidentiality with a cryptographic algorithm.
Given any object that implements the java.io.Serializable
interface, you can create a SealedObject
that encapsulates
the original object, in serialized format (that is, a "deep copy"),
and seals (encrypts) its serialized contents, using a cryptographic
algorithm such as DES, to protect its confidentiality. The encrypted
content can later be decrypted (with the corresponding algorithm using
the correct decryption key) and de-serialized, yielding the original
object.
A typical usage is illustrated in the following code segment: In
order to seal an object, you create a SealedObject
from the object to be sealed and a fully initialized Cipher
object that will encrypt the serialized object contents. In this
example, the String This is a secret
is sealed using
the DES algorithm. Note that any algorithm parameters that can be
used in the sealing operation are stored inside of SealedObject
:
// create Cipher object
// Note: sKey is assumed to refer to an already-generated
// secret DES key.
Cipher c = Cipher.getInstance("DES");
c.init(Cipher.ENCRYPT_MODE, sKey);
// do the sealing
SealedObject so = new SealedObject("This is a secret", c);
- using a
Cipher
object that has been initialized with the exact same algorithm, key, padding scheme, and so on, that were used to seal the object:c.init(Cipher.DECRYPT_MODE, sKey); try { String s = (String)so.getObject(c); } catch (Exception e) { // do something };
This approach has the advantage that the party who unseals the sealed object does not require knowledge of the decryption key. For example, after one party has initialized the cipher object with the required decryption key, it could hand over the cipher object to another party who then unseals the sealed object.
- using the appropriate decryption key (because DES is a symmetric
encryption algorithm, we use the same key for sealing and unsealing):
try { String s = (String)so.getObject(sKey); } catch (Exception e) { // do something };
In this approach, the
getObject
method creates a cipher object for the appropriate decryption algorithm and initializes it with the given decryption key and the algorithm parameters (if any) that were stored in the sealed object. This approach has the advantage that the party who unseals the object does not need to keep track of the parameters (for example, the IV) that were used to seal the object.