Nav

JCE Cryptography

The JCE strategy allows you to use cryptography capabilities in two ways:

  • PBE (Password-based encryption): Encrypt/sign content by providing only an encryption password.

  • Key-based Encryption: Similar to how PGP and XML encryption works, this lets you configure a symmetric or asymmetric key to perform encryption/signing operations.

PBE

This method applies a hash function over the provided password to generate a symmetric key that is compatible with standard encryption algorithms. Because PBE only requires a password, a global configuration element is not needed for the PBE operations.

Example: PBE Encryption

         
      
1
<crypto:jce-encrypt-pbe password="a-Sup3r_Secure-Passw0rd"/>

If no algorithm is specified, PBEWithHmacSHA256AndAES_128 is used.

Example: PBE Decryption

         
      
1
<crypto:jce-decrypt-pbe algorithm="PBEWithHmacSHA256AndAES_128" password="a-Sup3r_Secure-Passw0rd"/>
Example: PBE Signature

         
      
1
<crypto:jce-sign-pbe password="a-Sup3r_Secure-Passw0rd"/>

If no algorithm is specified, PBEWithHmacSHA256 is used.

Example: PBE Signature Validation

         
      
1
<crypto:jce-validate-pbe password="a-Sup3r_Secure-Passw0rd" algorithm="PBEWithHmacSHA256" expected="#[vars.expectedSignature]"/>

The expected parameter defines the signature to compare against when validating a message.

Key-Based Encryption

This section provides key-based encryption examples.

Configuration

In this example, a keystore with different type of keys is defined in a JCE configuration:

Example: JCE Configuration

          
       
1
2
3
4
5
6
7
8
9
<crypto:jce-config name="jceConfig" keystore="jce/keys.jceks" password="123456" type="JCEKS">
    <crypto:jce-key-infos>
        <crypto:jce-symmetric-key-info keyId="aes128" alias="aes128" password="123456"/>
        <crypto:jce-symmetric-key-info keyId="blowfish" alias="blowfish" password="123456"/>
        <crypto:jce-symmetric-key-info keyId="hmacsha256" alias="hmacsha256" password="123456"/>
        <crypto:jce-asymmetric-key-info keyId="rsa" alias="myrsakey" password="123456"/>
        <crypto:jce-asymmetric-key-info keyId="dsa" alias="mydsakey" password="123456"/>
    </crypto:jce-key-infos>
</crypto:jce-config>

Asymmetric

Example: Asymmetric Encryption

          
       
1
<crypto:jce-encrypt config-ref="jceConfig" keyId="rsa" algorithm="RSA"/>
Example: Asymmetric Decryption

          
       
1
<crypto:jce-decrypt config-ref="jceConfig" keyId="rsa" algorithm="RSA"/>

Symmetric

Example: Symmetric Encryption

          
       
1
<crypto:jce-encrypt config-ref="jceConfig" keyId="aes128" algorithm="AES"/>
Example: Symmetric Decryption

          
       
1
<crypto:jce-decrypt config-ref="jceConfig" keyId="aes128" algorithm="AES"/>

Signature

Example: Signing a Message

          
       
1
<crypto:jce-sign config-ref="jceConfig" keyId="dsa" algorithm="SHA256withDSA"/>
Example: Validating a Signature

          
       
1
<crypto:jce-validate config-ref="jceConfig" keyId="dsa" algorithm="SHA256withDSA" expected="#[vars.expectedSignature]"/>

The expected parameter defines the signature to compare against when validating a message.

In this topic:

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.

+