001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.crypto;
020
021/**
022 * {@code CipherService} using the {@code AES} cipher algorithm for all encryption, decryption, and key operations.
023 * <p/>
024 * The AES algorithm can support key sizes of {@code 128}, {@code 192} and {@code 256} bits<b>*</b>.  This implementation
025 * defaults to 128 bits.
026 * <p/>
027 * Note that this class retains the parent class's default {@link OperationMode#CBC CBC} mode of operation
028 * instead of the typical JDK default of {@link OperationMode#ECB ECB}.  {@code ECB} should not be used in
029 * security-sensitive environments because {@code ECB} does not allow for initialization vectors, which are
030 * considered necessary for strong encryption.  See the {@link DefaultBlockCipherService parent class}'s JavaDoc and the
031 * {@link JcaCipherService JcaCipherService} JavaDoc for more on why the JDK default should not be used and is not
032 * used in this implementation.
033 * <p/>
034 * <b>*</b> Generating and using AES key sizes greater than 128 require installation of the
035 * <a href="http://java.sun.com/javase/downloads/index.jsp">Java Cryptography Extension (JCE) Unlimited Strength
036 * Jurisdiction Policy files</a>.
037 *
038 * @since 1.0
039 */
040public class AesCipherService extends DefaultBlockCipherService {
041
042    private static final String ALGORITHM_NAME = "AES";
043
044    /**
045     * Creates a new {@link CipherService} instance using the {@code AES} cipher algorithm with the following
046     * important cipher default attributes:
047     * <table>
048     * <tr>
049     * <th>Attribute</th>
050     * <th>Value</th>
051     * </tr>
052     * <tr>
053     * <td>{@link #setKeySize keySize}</td>
054     * <td>{@code 128} bits</td>
055     * </tr>
056     * <tr>
057     * <td>{@link #setBlockSize blockSize}</td>
058     * <td>{@code 128} bits (required for {@code AES}</td>
059     * </tr>
060     * <tr>
061     * <td>{@link #setMode mode}</td>
062     * <td>{@link OperationMode#CBC CBC}<b>*</b></td>
063     * </tr>
064     * <tr>
065     * <td>{@link #setPaddingScheme paddingScheme}</td>
066     * <td>{@link PaddingScheme#PKCS5 PKCS5}</td>
067     * </tr>
068     * <tr>
069     * <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td>
070     * <td>{@code 128} bits</td>
071     * </tr>
072     * <tr>
073     * <td>{@link #setGenerateInitializationVectors(boolean) generateInitializationVectors}</td>
074     * <td>{@code true}<b>**</b></td>
075     * </tr>
076     * </table>
077     * <p/>
078     * <b>*</b> The {@link OperationMode#CBC CBC} operation mode is used instead of the JDK default {@code ECB} to
079     * ensure strong encryption.  {@code ECB} should not be used in security-sensitive environments - see the
080     * {@link DefaultBlockCipherService DefaultBlockCipherService} class JavaDoc's &quot;Operation Mode&quot; section
081     * for more.
082     * <p/>
083     * <b>**</b>In conjunction with the default {@code CBC} operation mode, initialization vectors are generated by
084     * default to ensure strong encryption.  See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
085     */
086    public AesCipherService() {
087        super(ALGORITHM_NAME);
088    }
089
090}