01: /*
02:
03: Derby - Class org.apache.derby.iapi.services.crypto.CipherFactory
04:
05: Licensed to the Apache Software Foundation (ASF) under one or more
06: contributor license agreements. See the NOTICE file distributed with
07: this work for additional information regarding copyright ownership.
08: The ASF licenses this file to you under the Apache License, Version 2.0
09: (the "License"); you may not use this file except in compliance with
10: the License. You may obtain a copy of the License at
11:
12: http://www.apache.org/licenses/LICENSE-2.0
13:
14: Unless required by applicable law or agreed to in writing, software
15: distributed under the License is distributed on an "AS IS" BASIS,
16: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17: See the License for the specific language governing permissions and
18: limitations under the License.
19:
20: */
21:
22: package org.apache.derby.iapi.services.crypto;
23:
24: import org.apache.derby.iapi.error.StandardException;
25: import java.security.SecureRandom;
26: import java.util.Properties;
27: import org.apache.derby.io.StorageFactory;
28:
29: /**
30: A CipherFactory can create new CipherProvider, which is a wrapper for a
31: javax.crypto.Cipher
32:
33: This service is only available when run on JDK1.2 or beyond.
34: To use this service, either the SunJCE or an alternative clean room
35: implementation of the JCE must be installed.
36:
37: To use a CipherProvider to encrypt or decrypt, it needs 3 things:
38: 1) A CipherProvider that is initialized to ENCRYPT or DECRYPT
39: 2) A secret Key for the encryption/decryption
40: 3) An Initialization Vector (IvParameterSpec) that is used to create some
41: randomness in the encryption
42:
43: See $WS/docs/funcspec/mulan/configurableEncryption.html
44:
45: See http://java.sun.com/products/JDK/1.1/docs/guide/security/CryptoSpec.html
46: See http://java.sun.com/products/JDK/1.2/docs/guide/security/CryptoSpec.html
47: See http://java.sun.com/products/jdk/1.2/jce/index.html
48: */
49:
50: public interface CipherFactory {
51:
52: /** Minimum bootPassword length */
53: public static final int MIN_BOOTPASS_LENGTH = 8;
54:
55: /**
56: Get a CipherProvider that either Encrypts or Decrypts.
57: */
58: public static final int ENCRYPT = 1;
59: public static final int DECRYPT = 2;
60:
61: SecureRandom getSecureRandom();
62:
63: /**
64: Returns a CipherProvider which is the encryption or decryption engine.
65: @param mode is either ENCRYPT or DECRYPT. The CipherProvider can only
66: do encryption or decryption but not both.
67:
68: @exception StandardException Standard Cloudscape Error Policy
69: */
70: CipherProvider createNewCipher(int mode) throws StandardException;
71:
72: public String changeBootPassword(String changeString,
73: Properties properties, CipherProvider verify)
74: throws StandardException;
75:
76: /**
77: Verify the external encryption key. Throws exception if unable to verify
78: that the encryption key is the same as that
79: used during database creation or if there are any problems when trying to do the
80: verification process.
81:
82: @param create true means database is being created, whereas false
83: implies that the database has already been created
84: @param storageFactory storageFactory is used to access any stored data
85: that might be needed for verification process of the encryption key
86: @param properties properties at time of database connection as well as those in service.properties
87: */
88: public void verifyKey(boolean create,
89: StorageFactory storageFactory, Properties properties)
90: throws StandardException;
91:
92: public void saveProperties(Properties properties);
93:
94: }
|