org.apache.shiro.crypto

Class AesCipherService

  • All Implemented Interfaces:
    CipherService 

    public class AesCipherService
extends DefaultBlockCipherService
    CipherService using the AES cipher algorithm for all encryption, decryption, and key operations.

    The AES algorithm can support key sizes of 128, 192 and 256 bits *. This implementation defaults to 128 bits.

    Note that this class retains the parent class's default CBC mode of operation instead of the typical JDK default of ECB. ECB should not be used in security-sensitive environments because ECB does not allow for initialization vectors, which are considered necessary for strong encryption. See the parent class's JavaDoc and the JcaCipherService JavaDoc for more on why the JDK default should not be used and is not used in this implementation.

    * Generating and using AES key sizes greater than 128 require installation of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files.
    Since:
    1.0

    • Constructor Detail

      • AesCipherService

        public AesCipherService()
        Creates a new CipherService instance using the AES cipher algorithm with the following important cipher default attributes:
        Attribute Value
        keySize 128 bits
        blockSize 128 bits (required for AES
        mode CBC*
        paddingScheme PKCS5
        initializationVectorSize 128 bits
        generateInitializationVectors true**

        * The CBC operation mode is used instead of the JDK default ECB to ensure strong encryption. ECB should not be used in security-sensitive environments - see the DefaultBlockCipherService class JavaDoc's "Operation Mode" section for more.

        **In conjunction with the default CBC operation mode, initialization vectors are generated by default to ensure strong encryption. See the JcaCipherService class JavaDoc for more.