001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.crypto;
020    
021    /**
022     * {@code CipherService} using the {@code AES} cipher algorithm for all encryption, decryption, and key operations.
023     * <p/>
024     * The AES algorithm can support key sizes of {@code 128}, {@code 192} and {@code 256} bits<b>*</b>.  This implementation
025     * defaults to 128 bits.
026     * <p/>
027     * Note that this class retains the parent class's default {@link OperationMode#CBC CBC} mode of operation
028     * instead of the typical JDK default of {@link OperationMode#ECB ECB}.  {@code ECB} should not be used in
029     * security-sensitive environments because {@code ECB} does not allow for initialization vectors, which are
030     * considered necessary for strong encryption.  See the {@link DefaultBlockCipherService parent class}'s JavaDoc and the
031     * {@link JcaCipherService JcaCipherService} JavaDoc for more on why the JDK default should not be used and is not
032     * used in this implementation.
033     * <p/>
034     * <b>*</b> Generating and using AES key sizes greater than 128 require installation of the
035     * <a href="http://java.sun.com/javase/downloads/index.jsp">Java Cryptography Extension (JCE) Unlimited Strength
036     * Jurisdiction Policy files</a>.
037     *
038     * @since 1.0
039     */
040    public class AesCipherService extends DefaultBlockCipherService {
041    
042        private static final String ALGORITHM_NAME = "AES";
043    
044        /**
045         * Creates a new {@link CipherService} instance using the {@code AES} cipher algorithm with the following
046         * important cipher default attributes:
047         * <table>
048         * <tr>
049         * <th>Attribute</th>
050         * <th>Value</th>
051         * </tr>
052         * <tr>
053         * <td>{@link #setKeySize keySize}</td>
054         * <td>{@code 128} bits</td>
055         * </tr>
056         * <tr>
057         * <td>{@link #setBlockSize blockSize}</td>
058         * <td>{@code 128} bits (required for {@code AES}</td>
059         * </tr>
060         * <tr>
061         * <td>{@link #setMode mode}</td>
062         * <td>{@link OperationMode#CBC CBC}<b>*</b></td>
063         * </tr>
064         * <tr>
065         * <td>{@link #setPaddingScheme paddingScheme}</td>
066         * <td>{@link PaddingScheme#PKCS5 PKCS5}</td>
067         * </tr>
068         * <tr>
069         * <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td>
070         * <td>{@code 128} bits</td>
071         * </tr>
072         * <tr>
073         * <td>{@link #setGenerateInitializationVectors(boolean) generateInitializationVectors}</td>
074         * <td>{@code true}<b>**</b></td>
075         * </tr>
076         * </table>
077         * <p/>
078         * <b>*</b> The {@link OperationMode#CBC CBC} operation mode is used instead of the JDK default {@code ECB} to
079         * ensure strong encryption.  {@code ECB} should not be used in security-sensitive environments - see the
080         * {@link DefaultBlockCipherService DefaultBlockCipherService} class JavaDoc's &quot;Operation Mode&quot; section
081         * for more.
082         * <p/>
083         * <b>**</b>In conjunction with the default {@code CBC} operation mode, initialization vectors are generated by
084         * default to ensure strong encryption.  See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
085         */
086        public AesCipherService() {
087            super(ALGORITHM_NAME);
088        }
089    
090    }