Fork me on GitHub

Apache Shiro Logo Simple. Java. Security. Apache Software Foundation Event Banner

Table of Contents

Cryptography is the protecting of information from undesired access by hiding it or converting it into nonsense so that no one can read it.

Shiro is a major part of Shiro because we wanted to provide you with simplicity on what is typically a very complex topic. For example, the Java Cryptography Extension (JCE) already handles cryptography in a Java environment but is very difficult to learn and use. So we grabbed the concepts made available by the JCE API and make them available to us mortals. In addition, all of the calls in the JCE are procedural which doesn’t fit in Java’s Object Oriented paradigm. So in Shiro, our cryptography features are all object oriented.

Elements of Cryptography

cryptography has two core elements in Shiro– ciphers and hashes.

Ciphers Defined

Ciphers are algorightms that can either encrypt or decrypt based on public or private key pair. And there are two different types of ciphers:

  • Symmetric Cipher - encrypts and decrypts using the same key.

  • Asymmetric Cipher - uses different keys for encryption and decryption.

Both cipher type are support in Shiro.

Hashes Defined

A hash is a one-way irreversible conversion of an input source. In the JDK, a hash is referred to as a message digest. A cryptographic hash and a message digests are the same thing and both terms or correct.

Common uses for Hashes

Hashes are often used to transforms credentials like passwords or biometric data. It’s a one way transformation so you can never see what the original value was. This is a very safe way of storing passwords so that no one other than the user will ever know a password, even if your system is compromised.

In addition, Shiro’s hashes can be used with any type of data with an underlying byte array. Examples of this data include files, streams, byte arrays, strings, and character arrays.

Cipher Features

Shiro’s CipherService Interface

public interface CipherService {

   ByteSource encrypt( byte[] raw, byte[] key);

   void encrypt(InputStream in, OutputStream out, byte[] key);

   ByteSource decrypt( byte[] cipherText, byte[] key);

   void decrypt(InputStream in, OutputStream out, byte[] key);

Hash Features

Salts are important when hashing…
Repeated hashes are important when hashing …

Shiro’s Hash Interface

public interface Hash {
   byte[] getBytes();
   String toHex();
   String toBase64();

Examples of how to use Hashes in your code

//some examples:
new Md5Hash("foo").toHex();

//File MD5 Hash value for checksum:
new MD5Hash( aFile ).toHex();

//store a password, but not raw:
new Sha256(aPassword, salt, 1024).toBase64();