Esempio n. 1
   * This method returns a EncryptedData structure with all the necessary information to allow
   * storage in database. Encryted data is stored in file system without defined file name. Returned
   * data must be treated in this way:
   * <ul>
   *   <li>key must be stored NOWHERE, only must exist in the shared URL
   *   <li>id, encryptedPath and encryptedName must be stored in database
   * </ul>
   * With this data this methods builds a NEW KEY based on seed and applying the provided key. KEY
   * is the provided key and must be regenerated in each method invocation (one-time use). ID is the
   * encrypted seed, using the generated NEW KEY and an initialization vector based on seed itself,
   * built by #getIv(String). PATH and NAME is encrypted with the same IV and NEW KEY as the ID.
   * With this protocol we are trying to avoid the possibility of recovering encrypted data because
   * the original key is never stored, only the owner of the shared URL has such key. So if the
   * server is compromised by an attacker, this one could not discover the path of a file associated
   * to a database record or decrypt a file content (because the lack of keys).
   * @param content conted to be encrypted
   * @param name file name
   * @param seed value used to genererate the AES Initialization Vector
   * @param key AES key used for encryption
   * @return struct with reference info of encryptation result
   * @throws IOException
   * @throws FileNotFoundException
  protected EncryptedData doEncryptContent(
      InputStream content, String name, String seed, byte[] key)
      throws IOException, FileNotFoundException {

    byte[] iv = getIv(seed);

    byte[] encryptedIv = cryptoHelper.encryptIv(iv, key);
    byte[] newKey =
                / 8); // only first key size bytes (from a 16 bytes iv, the encrypted data is
                      // 128+128, being last 128 padding data

    InputStream encryptedStream = cryptoHelper.encrypt(content, iv, newKey);

    String targetDirPath = getTargetDirPath();
    File targetFile = getTargetFile(targetDirPath);

    FileOutputStream fos = new FileOutputStream(targetFile);
    IOUtils.copyLarge(encryptedStream, fos, new byte[512]);

    byte[] id = encryptString(seed, iv, newKey);
    byte[] encryptedPath = encryptString(targetFile.getPath(), iv, newKey);
    byte[] encryptedName = encryptString(name, iv, newKey);

    EncryptedData ed = new EncryptedData();

    return ed;
Esempio n. 2
 protected String decryptString(byte[] encryptedString, byte[] iv, byte[] key)
     throws IOException, UnsupportedEncodingException {
   InputStream encryptedStream =
       cryptoHelper.decrypt(new ByteArrayInputStream(encryptedString), iv, key);
   byte[] b = IOUtils.toByteArray(encryptedStream);
   return new String(b, "utf-8");
Esempio n. 3
  * Generate the Initialization Vector from seed bytes
  * @param seed the seed
  * @return correct padded IV for AES use
 protected byte[] getIv(String seed) {
   try {
     return cryptoHelper.fixIv(seed.getBytes("utf-8"));
   } catch (UnsupportedEncodingException e) {
     // weird, hardcoded UTF-8
     throw new RuntimeException(e);
Esempio n. 4
   * Encrypt content, using AES with a random key and a Initialization Vector generated from 'seed'
   * parameter. This method returns the key used for encryption, and stores in database the
   * ID-PATH-NAME tupla that will allow to recover the orignal content only with the returned key
   * (see #doEncryptContent())
   * @param content conted to be encrypted
   * @param name name of the file
   * @param seed value used to genererate the AES Initialization Vector
   * @return struct with reference info of encryptation result
   * @see #doEncryptContent(, java.lang.String, byte[])
  public byte[] encryptContent(InputStream content, String name, String seed) {
    try {
      byte[] key = cryptoHelper.getNewKey();
      EncryptedData ed = doEncryptContent(content, name, seed, key);


      return key;
    } catch (IOException e) {
      throw new RuntimeException(e);
Esempio n. 5
   * Decrypts content from provided seed and key. This method search the path of the file with the
   * encrypted data by executing a SQL similar to "select path from datatable where id=?" where ID
   * is the seed encrypted with the provided key and an initialization vector based on seed (built
   * with #getIv(String) method). Path recovered is encrypted using the same key an IV used for ID.
   * @param seed value used to genererate the AES Initialization Vector
   * @param key AES key used for encryption
   * @return an DecryptData with decrypted content and file name, or null if the file is not present
   *     (expired?)
  public DecryptedData decryptContent(String seed, byte[] key) {
    try {
      byte[] iv = getIv(seed);

      byte[] encryptedIv = cryptoHelper.encryptIv(iv, key);
      byte[] newKey =
                  / 8); // only first key size bytes (from a 16 bytes iv, the encrypted data is
                        // 128+128, being last 128 padding data

      byte[] id = encryptString(seed, iv, newKey);

      return getContentFromFileSystem(id, iv, newKey);

    } catch (IOException e) {
      throw new RuntimeException(e);
Esempio n. 6
  protected DecryptedData getContentFromFileSystem(byte[] id, byte[] iv, byte[] key) {

    String[] s = getPathAndNameFromDatabase(id, iv, key);

    if (s != null) {
      try {
        FileInputStream fis = new FileInputStream(s[0]);

        DecryptedData dd = new DecryptedData();

        InputStream is = cryptoHelper.decrypt(fis, iv, key);
        String fileName = s[1];


        return dd;
      } catch (IOException e) {
        throw new RuntimeException(e);
    } else {
      return null;
Esempio n. 7
 protected byte[] encryptString(String s, byte[] iv, byte[] key)
     throws IOException, UnsupportedEncodingException {
   InputStream encryptedStream =
       cryptoHelper.encrypt(new ByteArrayInputStream(s.getBytes("utf-8")), iv, key);
   return IOUtils.toByteArray(encryptedStream);