The SealedObject Class

This class enables you to create an object and protect its confidentiality with a cryptographic algorithm.

Given any object that implements the interface, you can create a SealedObject that encapsulates the original object, in serialized format (that is, a "deep copy"), and seals (encrypts) its serialized contents, using a cryptographic algorithm such as DES, to protect its confidentiality. The encrypted content can later be decrypted (with the corresponding algorithm using the correct decryption key) and de-serialized, yielding the original object.

A typical usage is illustrated in the following code segment: In order to seal an object, you create a SealedObject from the object to be sealed and a fully initialized Cipher object that will encrypt the serialized object contents. In this example, the String This is a secret is sealed using the DES algorithm. Note that any algorithm parameters that can be used in the sealing operation are stored inside of SealedObject:

 // create Cipher object
 // Note: sKey is assumed to refer to an already-generated
 // secret DES key.
 Cipher c = Cipher.getInstance("DES");
 c.init(Cipher.ENCRYPT_MODE, sKey);

 // do the sealing
 SealedObject so = new SealedObject("This is a secret", c);
The original object that was sealed can be recovered in two different ways:
  • using a Cipher object that has been initialized with the exact same algorithm, key, padding scheme, and so on, that were used to seal the object:
     c.init(Cipher.DECRYPT_MODE, sKey);
     try {
     String s = (String)so.getObject(c);
     } catch (Exception e) {
     // do something

    This approach has the advantage that the party who unseals the sealed object does not require knowledge of the decryption key. For example, after one party has initialized the cipher object with the required decryption key, it could hand over the cipher object to another party who then unseals the sealed object.

  • using the appropriate decryption key (because DES is a symmetric encryption algorithm, we use the same key for sealing and unsealing):
     try {
     String s = (String)so.getObject(sKey);
     } catch (Exception e) {
     // do something

    In this approach, the getObject method creates a cipher object for the appropriate decryption algorithm and initializes it with the given decryption key and the algorithm parameters (if any) that were stored in the sealed object. This approach has the advantage that the party who unseals the object does not need to keep track of the parameters (for example, the IV) that were used to seal the object.