Cipher (Java Platform SE 7 ) - Oracle Help Center

Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding"); Using modes such as CFB and OFB , block ciphers can encrypt data in units ... Overview Package Class Use Tree Deprecated Index Help Java™ PlatformStandard Ed. 7 PrevClass NextClass Frames NoFrames AllClasses Summary:  Nested |  Field |  Constr |  Method Detail:  Field |  Constr |  Method java.lang.Object javax.crypto.Cipher DirectKnownSubclasses: NullCipher publicclassCipher extendsObject Thisclassprovidesthefunctionalityofacryptographiccipherfor encryptionanddecryption.ItformsthecoreoftheJavaCryptographic Extension(JCE)framework. InordertocreateaCipherobject,theapplicationcallsthe Cipher'sgetInstancemethod,andpassesthenameofthe requestedtransformationtoit.Optionally,thenameofaprovider maybespecified. Atransformationisastringthatdescribestheoperation(or setofoperations)tobeperformedonthegiveninput,toproducesome output.Atransformationalwaysincludesthenameofacryptographic algorithm(e.g.,AES),andmaybefollowedbyafeedbackmodeand paddingscheme. Atransformationisoftheform: "algorithm/mode/padding"or "algorithm" (inthelattercase, provider-specificdefaultvaluesforthemodeandpaddingschemeareused). Forexample,thefollowingisavalidtransformation: Cipherc=Cipher.getInstance("AES/CBC/PKCS5Padding"); UsingmodessuchasCFBandOFB,block cipherscanencryptdatainunitssmallerthanthecipher'sactual blocksize.Whenrequestingsuchamode,youmayoptionallyspecify thenumberofbitstobeprocessedatatimebyappendingthisnumber tothemodenameasshowninthe"AES/CFB8/NoPadding"and "AES/OFB32/PKCS5Padding"transformations.Ifnosuch numberisspecified,aprovider-specificdefaultisused. Thus,blockcipherscanbeturnedintobyte-orientedstreamciphersby usingan8bitmodesuchasCFB8orOFB8. ModessuchasAuthenticatedEncryptionwithAssociatedData(AEAD) provideauthenticityassurancesforbothconfidentialdataand AdditionalAssociatedData(AAD)thatisnotencrypted.(Pleasesee RFC5116formore informationonAEADandAEADalgorithmssuchasGCM/CCM.)Both confidentialandAADdatacanbeusedwhencalculatingthe authenticationtag(similartoaMac).Thistagisappended totheciphertextduringencryption,andisverifiedondecryption. AEADmodessuchasGCM/CCMperformallAADauthenticitycalculations beforestartingtheciphertextauthenticitycalculations.Toavoid implementationshavingtointernallybufferciphertext,allAADdata mustbesuppliedtoGCM/CCMimplementations(viatheupdateAADmethods)beforetheciphertextisprocessed(via theupdateanddoFinalmethods). NotethatGCMmodehasauniquenessrequirementonIVsusedin encryptionwithagivenkey.WhenIVsarerepeatedforGCM encryption,suchusagesaresubjecttoforgeryattacks.Thus,after eachencryptionoperationusingGCMmode,callersshouldre-initialize thecipherobjectswithGCMparameterswhichhasadifferentIVvalue. GCMParameterSpecs=...; cipher.init(...,s); //IftheGCMparametersweregeneratedbytheprovider,itcan //beretrievedby: //cipher.getParameters().getParameterSpec(GCMParameterSpec.class); cipher.updateAAD(...);//AAD cipher.update(...);//Multi-partupdate cipher.doFinal(...);//conclusionofoperation //UseadifferentIVvalueforeveryencryption byte[]newIv=...; s=newGCMParameterSpec(s.getTLen(),newIv); cipher.init(...,s); ... EveryimplementationoftheJavaplatformisrequiredtosupport thefollowingstandardCiphertransformationswiththekeysizes inparentheses: AES/CBC/NoPadding(128) AES/CBC/PKCS5Padding(128) AES/ECB/NoPadding(128) AES/ECB/PKCS5Padding(128) DES/CBC/NoPadding(56) DES/CBC/PKCS5Padding(56) DES/ECB/NoPadding(56) DES/ECB/PKCS5Padding(56) DESede/CBC/NoPadding(168) DESede/CBC/PKCS5Padding(168) DESede/ECB/NoPadding(168) DESede/ECB/PKCS5Padding(168) RSA/ECB/PKCS1Padding(1024,2048) RSA/ECB/OAEPWithSHA-1AndMGF1Padding(1024,2048) RSA/ECB/OAEPWithSHA-256AndMGF1Padding(1024,2048) Thesetransformationsaredescribedinthe Ciphersectionofthe JavaCryptographyArchitectureStandardAlgorithmNameDocumentation. Consultthereleasedocumentationforyourimplementationtoseeifany othertransformationsaresupported. Since: 1.4 SeeAlso:KeyGenerator, SecretKey FieldSummary Fields  ModifierandType FieldandDescription staticint DECRYPT_MODE Constantusedtoinitializeciphertodecryptionmode. staticint ENCRYPT_MODE Constantusedtoinitializeciphertoencryptionmode. staticint PRIVATE_KEY Constantusedtoindicatetheto-be-unwrappedkeyisa"privatekey". staticint PUBLIC_KEY Constantusedtoindicatetheto-be-unwrappedkeyisa"publickey". staticint SECRET_KEY Constantusedtoindicatetheto-be-unwrappedkeyisa"secretkey". staticint UNWRAP_MODE Constantusedtoinitializeciphertokey-unwrappingmode. staticint WRAP_MODE Constantusedtoinitializeciphertokey-wrappingmode. ConstructorSummary Constructors  Modifier ConstructorandDescription protected Cipher(CipherSpi cipherSpi, Provider provider, String transformation) CreatesaCipherobject. MethodSummary Methods  ModifierandType MethodandDescription byte[] doFinal() Finishesamultiple-partencryptionordecryptionoperation,depending onhowthiscipherwasinitialized. byte[] doFinal(byte[] input) Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation. int doFinal(byte[] output, int outputOffset) Finishesamultiple-partencryptionordecryptionoperation,depending onhowthiscipherwasinitialized. byte[] doFinal(byte[] input, int inputOffset, int inputLen) Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation. int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output) Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation. int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation. int doFinal(ByteBuffer input, ByteBuffer output) Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation. String getAlgorithm() ReturnsthealgorithmnameofthisCipherobject. int getBlockSize() Returnstheblocksize(inbytes). ExemptionMechanism getExemptionMechanism() Returnstheexemptionmechanismobjectusedwiththiscipher. staticCipher getInstance(String transformation) ReturnsaCipherobjectthatimplementsthespecified transformation. staticCipher getInstance(String transformation, Provider provider) ReturnsaCipherobjectthatimplementsthespecified transformation. staticCipher getInstance(String transformation, String provider) ReturnsaCipherobjectthatimplementsthespecified transformation. byte[] getIV() Returnstheinitializationvector(IV)inanewbuffer. staticint getMaxAllowedKeyLength(String transformation) Returnsthemaximumkeylengthforthespecifiedtransformation accordingtotheinstalledJCEjurisdictionpolicyfiles. staticAlgorithmParameterSpec getMaxAllowedParameterSpec(String transformation) ReturnsanAlgorithmParameterSpecobjectwhichcontains themaximumcipherparametervalueaccordingtothe jurisdictionpolicyfile. int getOutputSize(int inputLen) Returnsthelengthinbytesthatanoutputbufferwouldneedtobein ordertoholdtheresultofthenextupdateor doFinaloperation,giventheinputlength inputLen(inbytes). AlgorithmParameters getParameters() Returnstheparametersusedwiththiscipher. Provider getProvider() ReturnstheproviderofthisCipherobject. void init(int opmode, Certificate certificate) Initializesthiscipherwiththepublickeyfromthegivencertificate. void init(int opmode, Certificate certificate, SecureRandom random) Initializesthiscipherwiththepublickeyfromthegivencertificate and asourceofrandomness. void init(int opmode, Key key) Initializesthiscipherwithakey. void init(int opmode, Key key, AlgorithmParameters params) Initializesthiscipherwithakeyandasetofalgorithm parameters. void init(int opmode, Key key, AlgorithmParameterSpec params) Initializesthiscipherwithakeyandasetofalgorithm parameters. void init(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) Initializesthiscipherwithakey,asetofalgorithm parameters,andasourceofrandomness. void init(int opmode, Key key, AlgorithmParameters params, SecureRandom random) Initializesthiscipherwithakey,asetofalgorithm parameters,andasourceofrandomness. void init(int opmode, Key key, SecureRandom random) Initializesthiscipherwithakeyandasourceofrandomness. Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) Unwrapapreviouslywrappedkey. byte[] update(byte[] input) Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. byte[] update(byte[] input, int inputOffset, int inputLen) Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. int update(byte[] input, int inputOffset, int inputLen, byte[] output) Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. int update(ByteBuffer input, ByteBuffer output) Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. void updateAAD(byte[] src) Continuesamulti-partupdateoftheAdditionalAuthentication Data(AAD). void updateAAD(byte[] src, int offset, int len) Continuesamulti-partupdateoftheAdditionalAuthentication Data(AAD),usingasubsetoftheprovidedbuffer. void updateAAD(ByteBuffer src) Continuesamulti-partupdateoftheAdditionalAuthentication Data(AAD). byte[] wrap(Key key) Wrapakey. Methodsinheritedfromclass java.lang.Object clone,equals,finalize,getClass,hashCode,notify,notifyAll,toString,wait,wait,wait FieldDetail ENCRYPT_MODE publicstaticfinal intENCRYPT_MODE Constantusedtoinitializeciphertoencryptionmode. SeeAlso:ConstantFieldValues DECRYPT_MODE publicstaticfinal intDECRYPT_MODE Constantusedtoinitializeciphertodecryptionmode. SeeAlso:ConstantFieldValues WRAP_MODE publicstaticfinal intWRAP_MODE Constantusedtoinitializeciphertokey-wrappingmode. SeeAlso:ConstantFieldValues UNWRAP_MODE publicstaticfinal intUNWRAP_MODE Constantusedtoinitializeciphertokey-unwrappingmode. SeeAlso:ConstantFieldValues PUBLIC_KEY publicstaticfinal intPUBLIC_KEY Constantusedtoindicatetheto-be-unwrappedkeyisa"publickey". SeeAlso:ConstantFieldValues PRIVATE_KEY publicstaticfinal intPRIVATE_KEY Constantusedtoindicatetheto-be-unwrappedkeyisa"privatekey". SeeAlso:ConstantFieldValues SECRET_KEY publicstaticfinal intSECRET_KEY Constantusedtoindicatetheto-be-unwrappedkeyisa"secretkey". SeeAlso:ConstantFieldValues ConstructorDetail Cipher protected Cipher(CipherSpi cipherSpi, Provider provider, String transformation) CreatesaCipherobject. Parameters:cipherSpi-thedelegateprovider-theprovidertransformation-thetransformation MethodDetail getInstance publicstaticfinal Cipher getInstance(String transformation) throwsNoSuchAlgorithmException, NoSuchPaddingException ReturnsaCipherobjectthatimplementsthespecified transformation. ThismethodtraversesthelistofregisteredsecurityProviders, startingwiththemostpreferredProvider. AnewCipherobjectencapsulatingthe CipherSpiimplementationfromthefirst Providerthatsupportsthespecifiedalgorithmisreturned. Notethatthelistofregisteredprovidersmayberetrievedvia theSecurity.getProviders()method. Parameters:transformation-thenameofthetransformation,e.g., AES/CBC/PKCS5Padding. SeetheCiphersectioninthe JavaCryptographyArchitectureStandardAlgorithmNameDocumentation forinformationaboutstandardtransformationnames. Returns:acipherthatimplementstherequestedtransformation. Throws: NoSuchAlgorithmException-iftransformation isnull,empty,inaninvalidformat, orifnoProvidersupportsaCipherSpiimplementationforthe specifiedalgorithm. NoSuchPaddingException-iftransformation containsapaddingschemethatisnotavailable.SeeAlso:Provider getInstance publicstaticfinal Cipher getInstance(String transformation, String provider) throwsNoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException ReturnsaCipherobjectthatimplementsthespecified transformation. AnewCipherobjectencapsulatingthe CipherSpiimplementationfromthespecifiedprovider isreturned.Thespecifiedprovidermustberegistered inthesecurityproviderlist. Notethatthelistofregisteredprovidersmayberetrievedvia theSecurity.getProviders()method. Parameters:transformation-thenameofthetransformation, e.g.,AES/CBC/PKCS5Padding. SeetheCiphersectioninthe JavaCryptographyArchitectureStandardAlgorithmNameDocumentation forinformationaboutstandardtransformationnames.provider-thenameoftheprovider. Returns:acipherthatimplementstherequestedtransformation. Throws: NoSuchAlgorithmException-iftransformation isnull,empty,inaninvalidformat, orifaCipherSpiimplementationforthespecifiedalgorithm isnotavailablefromthespecifiedprovider. NoSuchProviderException-ifthespecifiedproviderisnot registeredinthesecurityproviderlist. NoSuchPaddingException-iftransformation containsapaddingschemethatisnotavailable. IllegalArgumentException-iftheprovider isnullorempty.SeeAlso:Provider getInstance publicstaticfinal Cipher getInstance(String transformation, Provider provider) throwsNoSuchAlgorithmException, NoSuchPaddingException ReturnsaCipherobjectthatimplementsthespecified transformation. AnewCipherobjectencapsulatingthe CipherSpiimplementationfromthespecifiedProvider objectisreturned.NotethatthespecifiedProviderobject doesnothavetoberegisteredintheproviderlist. Parameters:transformation-thenameofthetransformation, e.g.,AES/CBC/PKCS5Padding. SeetheCiphersectioninthe JavaCryptographyArchitectureStandardAlgorithmNameDocumentation forinformationaboutstandardtransformationnames.provider-theprovider. Returns:acipherthatimplementstherequestedtransformation. Throws: NoSuchAlgorithmException-iftransformation isnull,empty,inaninvalidformat, orifaCipherSpiimplementationforthespecifiedalgorithm isnotavailablefromthespecifiedProviderobject. NoSuchPaddingException-iftransformation containsapaddingschemethatisnotavailable. IllegalArgumentException-iftheprovider isnull.SeeAlso:Provider getProvider publicfinal Provider getProvider() ReturnstheproviderofthisCipherobject. Returns:theproviderofthisCipherobject getAlgorithm publicfinal String getAlgorithm() ReturnsthealgorithmnameofthisCipherobject. Thisisthesamenamethatwasspecifiedinoneofthe getInstancecallsthatcreatedthisCipher object.. Returns:thealgorithmnameofthisCipherobject. getBlockSize publicfinal int getBlockSize() Returnstheblocksize(inbytes). Returns:theblocksize(inbytes),or0iftheunderlyingalgorithmis notablockcipher getOutputSize publicfinal int getOutputSize(int inputLen) Returnsthelengthinbytesthatanoutputbufferwouldneedtobein ordertoholdtheresultofthenextupdateor doFinaloperation,giventheinputlength inputLen(inbytes). Thiscalltakesintoaccountanyunprocessed(buffered)datafroma previousupdatecall,padding,andAEADtagging. Theactualoutputlengthofthenextupdateor doFinalcallmaybesmallerthanthelengthreturnedby thismethod. Parameters:inputLen-theinputlength(inbytes) Returns:therequiredoutputbuffersize(inbytes) Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotyetbeeninitialized) getIV publicfinal byte[] getIV() Returnstheinitializationvector(IV)inanewbuffer. ThisisusefulinthecasewherearandomIVwascreated, orinthecontextofpassword-basedencryptionor decryption,wheretheIVisderivedfromauser-suppliedpassword. Returns:theinitializationvectorinanewbuffer,ornullifthe underlyingalgorithmdoesnotuseanIV,oriftheIVhasnotyet beenset. getParameters publicfinal AlgorithmParameters getParameters() Returnstheparametersusedwiththiscipher. Thereturnedparametersmaybethesamethatwereusedtoinitialize thiscipher,ormaycontainacombinationofdefaultandrandom parametervaluesusedbytheunderlyingcipherimplementationifthis cipherrequiresalgorithmparametersbutwasnotinitializedwithany. Returns:theparametersusedwiththiscipher,ornullifthiscipher doesnotuseanyparameters. getExemptionMechanism publicfinal ExemptionMechanism getExemptionMechanism() Returnstheexemptionmechanismobjectusedwiththiscipher. Returns:theexemptionmechanismobjectusedwiththiscipher,or nullifthiscipherdoesnotuseanyexemptionmechanism. init publicfinal void init(int opmode, Key key) throwsInvalidKeyException Initializesthiscipherwithakey. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrappingorkeyunwrapping,depending onthevalueofopmode. Ifthiscipherrequiresanyalgorithmparametersthatcannotbe derivedfromthegivenkey,theunderlyingcipher implementationissupposedtogeneratetherequiredparametersitself (usingprovider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidKeyExceptionifitisbeing initializedfordecryptionorkeyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themusingtheSecureRandom implementationofthehighest-priority installedproviderasthesourceofrandomness. (Ifnoneoftheinstalledproviderssupplyanimplementationof SecureRandom,asystem-providedsourceofrandomnesswillbeused.) NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneof thefollowing: ENCRYPT_MODE,DECRYPT_MODE, WRAP_MODEorUNWRAP_MODE)key-thekey Throws: InvalidKeyException-ifthegivenkeyisinappropriatefor initializingthiscipher,orrequires algorithmparametersthatcannotbe determinedfromthegivenkey,orifthegivenkeyhasakeysizethat exceedsthemaximumallowablekeysize(asdeterminedfromthe configuredjurisdictionpolicyfiles). init publicfinal void init(int opmode, Key key, SecureRandom random) throwsInvalidKeyException Initializesthiscipherwithakeyandasourceofrandomness. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrappingorkeyunwrapping,depending onthevalueofopmode. Ifthiscipherrequiresanyalgorithmparametersthatcannotbe derivedfromthegivenkey,theunderlyingcipher implementationissupposedtogeneratetherequiredparametersitself (usingprovider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidKeyExceptionifitisbeing initializedfordecryptionorkeyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themfromrandom. NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneofthe following: ENCRYPT_MODE,DECRYPT_MODE, WRAP_MODEorUNWRAP_MODE)key-theencryptionkeyrandom-thesourceofrandomness Throws: InvalidKeyException-ifthegivenkeyisinappropriatefor initializingthiscipher,orrequires algorithmparametersthatcannotbe determinedfromthegivenkey,orifthegivenkeyhasakeysizethat exceedsthemaximumallowablekeysize(asdeterminedfromthe configuredjurisdictionpolicyfiles). init publicfinal void init(int opmode, Key key, AlgorithmParameterSpec params) throwsInvalidKeyException, InvalidAlgorithmParameterException Initializesthiscipherwithakeyandasetofalgorithm parameters. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrappingorkeyunwrapping,depending onthevalueofopmode. Ifthiscipherrequiresanyalgorithmparametersand paramsisnull,theunderlyingcipherimplementationis supposedtogeneratetherequiredparametersitself(using provider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidAlgorithmParameterExceptionifitisbeing initializedfordecryptionorkeyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themusingtheSecureRandom implementationofthehighest-priority installedproviderasthesourceofrandomness. (Ifnoneoftheinstalledproviderssupplyanimplementationof SecureRandom,asystem-providedsourceofrandomnesswillbeused.) NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneofthe following: ENCRYPT_MODE,DECRYPT_MODE, WRAP_MODEorUNWRAP_MODE)key-theencryptionkeyparams-thealgorithmparameters Throws: InvalidKeyException-ifthegivenkeyisinappropriatefor initializingthiscipher,oritskeysizeexceedsthemaximumallowable keysize(asdeterminedfromtheconfiguredjurisdictionpolicyfiles). InvalidAlgorithmParameterException-ifthegivenalgorithm parametersareinappropriateforthiscipher, orthiscipherrequires algorithmparametersandparamsisnull,orthegiven algorithmparametersimplyacryptographicstrengththatwouldexceed thelegallimits(asdeterminedfromtheconfiguredjurisdiction policyfiles). init publicfinal void init(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throwsInvalidKeyException, InvalidAlgorithmParameterException Initializesthiscipherwithakey,asetofalgorithm parameters,andasourceofrandomness. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrappingorkeyunwrapping,depending onthevalueofopmode. Ifthiscipherrequiresanyalgorithmparametersand paramsisnull,theunderlyingcipherimplementationis supposedtogeneratetherequiredparametersitself(using provider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidAlgorithmParameterExceptionifitisbeing initializedfordecryptionorkeyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themfromrandom. NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneofthe following: ENCRYPT_MODE,DECRYPT_MODE, WRAP_MODEorUNWRAP_MODE)key-theencryptionkeyparams-thealgorithmparametersrandom-thesourceofrandomness Throws: InvalidKeyException-ifthegivenkeyisinappropriatefor initializingthiscipher,oritskeysizeexceedsthemaximumallowable keysize(asdeterminedfromtheconfiguredjurisdictionpolicyfiles). InvalidAlgorithmParameterException-ifthegivenalgorithm parametersareinappropriateforthiscipher, orthiscipherrequires algorithmparametersandparamsisnull,orthegiven algorithmparametersimplyacryptographicstrengththatwouldexceed thelegallimits(asdeterminedfromtheconfiguredjurisdiction policyfiles). init publicfinal void init(int opmode, Key key, AlgorithmParameters params) throwsInvalidKeyException, InvalidAlgorithmParameterException Initializesthiscipherwithakeyandasetofalgorithm parameters. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrappingorkeyunwrapping,depending onthevalueofopmode. Ifthiscipherrequiresanyalgorithmparametersand paramsisnull,theunderlyingcipherimplementationis supposedtogeneratetherequiredparametersitself(using provider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidAlgorithmParameterExceptionifitisbeing initializedfordecryptionorkeyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themusingtheSecureRandom implementationofthehighest-priority installedproviderasthesourceofrandomness. (Ifnoneoftheinstalledproviderssupplyanimplementationof SecureRandom,asystem-providedsourceofrandomnesswillbeused.) NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneofthe following:ENCRYPT_MODE, DECRYPT_MODE,WRAP_MODE orUNWRAP_MODE)key-theencryptionkeyparams-thealgorithmparameters Throws: InvalidKeyException-ifthegivenkeyisinappropriatefor initializingthiscipher,oritskeysizeexceedsthemaximumallowable keysize(asdeterminedfromtheconfiguredjurisdictionpolicyfiles). InvalidAlgorithmParameterException-ifthegivenalgorithm parametersareinappropriateforthiscipher, orthiscipherrequires algorithmparametersandparamsisnull,orthegiven algorithmparametersimplyacryptographicstrengththatwouldexceed thelegallimits(asdeterminedfromtheconfiguredjurisdiction policyfiles). init publicfinal void init(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throwsInvalidKeyException, InvalidAlgorithmParameterException Initializesthiscipherwithakey,asetofalgorithm parameters,andasourceofrandomness. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrappingorkeyunwrapping,depending onthevalueofopmode. Ifthiscipherrequiresanyalgorithmparametersand paramsisnull,theunderlyingcipherimplementationis supposedtogeneratetherequiredparametersitself(using provider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidAlgorithmParameterExceptionifitisbeing initializedfordecryptionorkeyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themfromrandom. NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneofthe following:ENCRYPT_MODE, DECRYPT_MODE,WRAP_MODE orUNWRAP_MODE)key-theencryptionkeyparams-thealgorithmparametersrandom-thesourceofrandomness Throws: InvalidKeyException-ifthegivenkeyisinappropriatefor initializingthiscipher,oritskeysizeexceedsthemaximumallowable keysize(asdeterminedfromtheconfiguredjurisdictionpolicyfiles). InvalidAlgorithmParameterException-ifthegivenalgorithm parametersareinappropriateforthiscipher, orthiscipherrequires algorithmparametersandparamsisnull,orthegiven algorithmparametersimplyacryptographicstrengththatwouldexceed thelegallimits(asdeterminedfromtheconfiguredjurisdiction policyfiles). init publicfinal void init(int opmode, Certificate certificate) throwsInvalidKeyException Initializesthiscipherwiththepublickeyfromthegivencertificate. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrappingorkeyunwrapping,depending onthevalueofopmode. IfthecertificateisoftypeX.509andhasakeyusage extensionfieldmarkedascritical,andthevalueofthekeyusage extensionfieldimpliesthatthepublickeyin thecertificateanditscorrespondingprivatekeyarenot supposedtobeusedfortheoperationrepresentedbythevalue ofopmode, anInvalidKeyException isthrown. Ifthiscipherrequiresanyalgorithmparametersthatcannotbe derivedfromthepublickeyinthegivencertificate,theunderlying cipher implementationissupposedtogeneratetherequiredparametersitself (usingprovider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidKeyExceptionifitisbeinginitializedfordecryptionor keyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themusingthe SecureRandom implementationofthehighest-priority installedproviderasthesourceofrandomness. (Ifnoneoftheinstalledproviderssupplyanimplementationof SecureRandom,asystem-providedsourceofrandomnesswillbeused.) NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneofthe following: ENCRYPT_MODE,DECRYPT_MODE, WRAP_MODEorUNWRAP_MODE)certificate-thecertificate Throws: InvalidKeyException-ifthepublickeyinthegiven certificateisinappropriateforinitializingthiscipher,orthis cipherrequiresalgorithmparametersthatcannotbedeterminedfromthe publickeyinthegivencertificate,orthekeysizeofthepublickey inthegivencertificatehasakeysizethatexceedsthemaximum allowablekeysize(asdeterminedbytheconfiguredjurisdictionpolicy files). init publicfinal void init(int opmode, Certificate certificate, SecureRandom random) throwsInvalidKeyException Initializesthiscipherwiththepublickeyfromthegivencertificate and asourceofrandomness. Thecipherisinitializedforoneofthefollowingfouroperations: encryption,decryption,keywrapping orkeyunwrapping,dependingon thevalueofopmode. IfthecertificateisoftypeX.509andhasakeyusage extensionfieldmarkedascritical,andthevalueofthekeyusage extensionfieldimpliesthatthepublickeyin thecertificateanditscorrespondingprivatekeyarenot supposedtobeusedfortheoperationrepresentedbythevalueof opmode, anInvalidKeyException isthrown. Ifthiscipherrequiresanyalgorithmparametersthatcannotbe derivedfromthepublickeyinthegivencertificate, theunderlyingcipher implementationissupposedtogeneratetherequiredparametersitself (usingprovider-specificdefaultorrandomvalues)ifitisbeing initializedforencryptionorkeywrapping,andraisean InvalidKeyExceptionifitisbeing initializedfordecryptionorkeyunwrapping. Thegeneratedparameterscanberetrievedusing getParametersor getIV(iftheparameterisanIV). Ifthiscipherrequiresalgorithmparametersthatcannotbe derivedfromtheinputparameters,andtherearenoreasonable provider-specificdefaultvalues,initializationwill necessarilyfail. Ifthiscipher(includingitsunderlyingfeedbackorpaddingscheme) requiresanyrandombytes(e.g.,forparametergeneration),itwillget themfromrandom. NotethatwhenaCipherobjectisinitialized,itlosesall previously-acquiredstate.Inotherwords,initializingaCipheris equivalenttocreatinganewinstanceofthatCipherandinitializing it. Parameters:opmode-theoperationmodeofthiscipher(thisisoneofthe following: ENCRYPT_MODE,DECRYPT_MODE, WRAP_MODEorUNWRAP_MODE)certificate-thecertificaterandom-thesourceofrandomness Throws: InvalidKeyException-ifthepublickeyinthegiven certificateisinappropriateforinitializingthiscipher,orthis cipher requiresalgorithmparametersthatcannotbedeterminedfromthe publickeyinthegivencertificate,orthekeysizeofthepublickey inthegivencertificatehasakeysizethatexceedsthemaximum allowablekeysize(asdeterminedbytheconfiguredjurisdictionpolicy files). update publicfinal byte[] update(byte[] input) Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. Thebytesintheinputbufferareprocessed,andthe resultisstoredinanewbuffer. Ifinputhasalengthofzero,thismethodreturns null. Parameters:input-theinputbuffer Returns:thenewbufferwiththeresult,ornulliftheunderlying cipherisablockcipherandtheinputdataistooshorttoresultina newblock. Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) update publicfinal byte[] update(byte[] input, int inputOffset, int inputLen) Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. ThefirstinputLenbytesintheinput buffer,startingatinputOffsetinclusive,areprocessed, andtheresultisstoredinanewbuffer. IfinputLeniszero,thismethodreturns null. Parameters:input-theinputbufferinputOffset-theoffsetininputwheretheinput startsinputLen-theinputlength Returns:thenewbufferwiththeresult,ornulliftheunderlying cipherisablockcipherandtheinputdataistooshorttoresultina newblock. Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) update publicfinal int update(byte[] input, int inputOffset, int inputLen, byte[] output) throwsShortBufferException Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. ThefirstinputLenbytesintheinput buffer,startingatinputOffsetinclusive,areprocessed, andtheresultisstoredintheoutputbuffer. Iftheoutputbufferistoosmalltoholdtheresult, aShortBufferExceptionisthrown.Inthiscase,repeatthis callwithalargeroutputbuffer.Use getOutputSizetodeterminehowbig theoutputbuffershouldbe. IfinputLeniszero,thismethodreturns alengthofzero. Note:thismethodshouldbecopy-safe,whichmeansthe inputandoutputbufferscanreference thesamebytearrayandnounprocessedinputdataisoverwritten whentheresultiscopiedintotheoutputbuffer. Parameters:input-theinputbufferinputOffset-theoffsetininputwheretheinput startsinputLen-theinputlengthoutput-thebufferfortheresult Returns:thenumberofbytesstoredinoutput Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) ShortBufferException-ifthegivenoutputbufferistoosmall toholdtheresult update publicfinal int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throwsShortBufferException Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. ThefirstinputLenbytesintheinput buffer,startingatinputOffsetinclusive,areprocessed, andtheresultisstoredintheoutputbuffer,startingat outputOffsetinclusive. Iftheoutputbufferistoosmalltoholdtheresult, aShortBufferExceptionisthrown.Inthiscase,repeatthis callwithalargeroutputbuffer.Use getOutputSizetodeterminehowbig theoutputbuffershouldbe. IfinputLeniszero,thismethodreturns alengthofzero. Note:thismethodshouldbecopy-safe,whichmeansthe inputandoutputbufferscanreference thesamebytearrayandnounprocessedinputdataisoverwritten whentheresultiscopiedintotheoutputbuffer. Parameters:input-theinputbufferinputOffset-theoffsetininputwheretheinput startsinputLen-theinputlengthoutput-thebufferfortheresultoutputOffset-theoffsetinoutputwheretheresult isstored Returns:thenumberofbytesstoredinoutput Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) ShortBufferException-ifthegivenoutputbufferistoosmall toholdtheresult update publicfinal int update(ByteBuffer input, ByteBuffer output) throwsShortBufferException Continuesamultiple-partencryptionordecryptionoperation (dependingonhowthiscipherwasinitialized),processinganotherdata part. Allinput.remaining()bytesstartingat input.position()areprocessed.Theresultisstored intheoutputbuffer. Uponreturn,theinputbuffer'spositionwillbeequal toitslimit;itslimitwillnothavechanged.Theoutputbuffer's positionwillhaveadvancedbyn,wherenisthevaluereturned bythismethod;theoutputbuffer'slimitwillnothavechanged. Ifoutput.remaining()bytesareinsufficientto holdtheresult,aShortBufferExceptionisthrown. Inthiscase,repeatthiscallwithalargeroutputbuffer.Use getOutputSizetodeterminehowbig theoutputbuffershouldbe. Note:thismethodshouldbecopy-safe,whichmeansthe inputandoutputbufferscanreference thesameblockofmemoryandnounprocessedinputdataisoverwritten whentheresultiscopiedintotheoutputbuffer. Parameters:input-theinputByteBufferoutput-theoutputByteByffer Returns:thenumberofbytesstoredinoutput Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalArgumentException-ifinputandoutputarethe sameobject ReadOnlyBufferException-iftheoutputbufferisread-only ShortBufferException-ifthereisinsufficientspaceinthe outputbufferSince: 1.5 doFinal publicfinal byte[] doFinal() throwsIllegalBlockSizeException, BadPaddingException Finishesamultiple-partencryptionordecryptionoperation,depending onhowthiscipherwasinitialized. Inputdatathatmayhavebeenbufferedduringaprevious updateoperationisprocessed,withpadding(ifrequested) beingapplied. IfanAEADmodesuchasGCM/CCMisbeingused,theauthentication tagisappendedinthecaseofencryption,orverifiedinthe caseofdecryption. Theresultisstoredinanewbuffer. Uponfinishing,thismethodresetsthiscipherobjecttothestate itwasinwhenpreviouslyinitializedviaacalltoinit. Thatis,theobjectisresetandavailabletoencryptordecrypt (dependingontheoperationmodethatwasspecifiedinthecallto init)moredata. Note:ifanyexceptionisthrown,thiscipherobjectmayneedto beresetbeforeitcanbeusedagain. Returns:thenewbufferwiththeresult Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalBlockSizeException-ifthiscipherisablockcipher, nopaddinghasbeenrequested(onlyinencryptionmode),andthetotal inputlengthofthedataprocessedbythiscipherisnotamultipleof blocksize;orifthisencryptionalgorithmisunableto processtheinputdataprovided. BadPaddingException-ifthiscipherisindecryptionmode, and(un)paddinghasbeenrequested,butthedecrypteddataisnot boundedbytheappropriatepaddingbytes AEADBadTagException-ifthiscipherisdecryptinginan AEADmode(suchasGCM/CCM),andthereceivedauthenticationtag doesnotmatchthecalculatedvalue doFinal publicfinal int doFinal(byte[] output, int outputOffset) throwsIllegalBlockSizeException, ShortBufferException, BadPaddingException Finishesamultiple-partencryptionordecryptionoperation,depending onhowthiscipherwasinitialized. Inputdatathatmayhavebeenbufferedduringaprevious updateoperationisprocessed,withpadding(ifrequested) beingapplied. IfanAEADmodesuchasGCM/CCMisbeingused,theauthentication tagisappendedinthecaseofencryption,orverifiedinthe caseofdecryption. Theresultisstoredintheoutputbuffer,startingat outputOffsetinclusive. Iftheoutputbufferistoosmalltoholdtheresult, aShortBufferExceptionisthrown.Inthiscase,repeatthis callwithalargeroutputbuffer.Use getOutputSizetodeterminehowbig theoutputbuffershouldbe. Uponfinishing,thismethodresetsthiscipherobjecttothestate itwasinwhenpreviouslyinitializedviaacalltoinit. Thatis,theobjectisresetandavailabletoencryptordecrypt (dependingontheoperationmodethatwasspecifiedinthecallto init)moredata. Note:ifanyexceptionisthrown,thiscipherobjectmayneedto beresetbeforeitcanbeusedagain. Parameters:output-thebufferfortheresultoutputOffset-theoffsetinoutputwheretheresult isstored Returns:thenumberofbytesstoredinoutput Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalBlockSizeException-ifthiscipherisablockcipher, nopaddinghasbeenrequested(onlyinencryptionmode),andthetotal inputlengthofthedataprocessedbythiscipherisnotamultipleof blocksize;orifthisencryptionalgorithmisunableto processtheinputdataprovided. ShortBufferException-ifthegivenoutputbufferistoosmall toholdtheresult BadPaddingException-ifthiscipherisindecryptionmode, and(un)paddinghasbeenrequested,butthedecrypteddataisnot boundedbytheappropriatepaddingbytes AEADBadTagException-ifthiscipherisdecryptinginan AEADmode(suchasGCM/CCM),andthereceivedauthenticationtag doesnotmatchthecalculatedvalue doFinal publicfinal byte[] doFinal(byte[] input) throwsIllegalBlockSizeException, BadPaddingException Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation.Thedataisencryptedordecrypted, dependingonhowthiscipherwasinitialized. Thebytesintheinputbuffer,andanyinputbytesthat mayhavebeenbufferedduringapreviousupdateoperation, areprocessed,withpadding(ifrequested)beingapplied. IfanAEADmodesuchasGCM/CCMisbeingused,theauthentication tagisappendedinthecaseofencryption,orverifiedinthe caseofdecryption. Theresultisstoredinanewbuffer. Uponfinishing,thismethodresetsthiscipherobjecttothestate itwasinwhenpreviouslyinitializedviaacalltoinit. Thatis,theobjectisresetandavailabletoencryptordecrypt (dependingontheoperationmodethatwasspecifiedinthecallto init)moredata. Note:ifanyexceptionisthrown,thiscipherobjectmayneedto beresetbeforeitcanbeusedagain. Parameters:input-theinputbuffer Returns:thenewbufferwiththeresult Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalBlockSizeException-ifthiscipherisablockcipher, nopaddinghasbeenrequested(onlyinencryptionmode),andthetotal inputlengthofthedataprocessedbythiscipherisnotamultipleof blocksize;orifthisencryptionalgorithmisunableto processtheinputdataprovided. BadPaddingException-ifthiscipherisindecryptionmode, and(un)paddinghasbeenrequested,butthedecrypteddataisnot boundedbytheappropriatepaddingbytes AEADBadTagException-ifthiscipherisdecryptinginan AEADmode(suchasGCM/CCM),andthereceivedauthenticationtag doesnotmatchthecalculatedvalue doFinal publicfinal byte[] doFinal(byte[] input, int inputOffset, int inputLen) throwsIllegalBlockSizeException, BadPaddingException Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation.Thedataisencryptedordecrypted, dependingonhowthiscipherwasinitialized. ThefirstinputLenbytesintheinput buffer,startingatinputOffsetinclusive,andanyinput bytesthatmayhavebeenbufferedduringapreviousupdate operation,areprocessed,withpadding(ifrequested)beingapplied. IfanAEADmodesuchasGCM/CCMisbeingused,theauthentication tagisappendedinthecaseofencryption,orverifiedinthe caseofdecryption. Theresultisstoredinanewbuffer. Uponfinishing,thismethodresetsthiscipherobjecttothestate itwasinwhenpreviouslyinitializedviaacalltoinit. Thatis,theobjectisresetandavailabletoencryptordecrypt (dependingontheoperationmodethatwasspecifiedinthecallto init)moredata. Note:ifanyexceptionisthrown,thiscipherobjectmayneedto beresetbeforeitcanbeusedagain. Parameters:input-theinputbufferinputOffset-theoffsetininputwheretheinput startsinputLen-theinputlength Returns:thenewbufferwiththeresult Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalBlockSizeException-ifthiscipherisablockcipher, nopaddinghasbeenrequested(onlyinencryptionmode),andthetotal inputlengthofthedataprocessedbythiscipherisnotamultipleof blocksize;orifthisencryptionalgorithmisunableto processtheinputdataprovided. BadPaddingException-ifthiscipherisindecryptionmode, and(un)paddinghasbeenrequested,butthedecrypteddataisnot boundedbytheappropriatepaddingbytes AEADBadTagException-ifthiscipherisdecryptinginan AEADmode(suchasGCM/CCM),andthereceivedauthenticationtag doesnotmatchthecalculatedvalue doFinal publicfinal int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output) throwsShortBufferException, IllegalBlockSizeException, BadPaddingException Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation.Thedataisencryptedordecrypted, dependingonhowthiscipherwasinitialized. ThefirstinputLenbytesintheinput buffer,startingatinputOffsetinclusive,andanyinput bytesthatmayhavebeenbufferedduringapreviousupdate operation,areprocessed,withpadding(ifrequested)beingapplied. IfanAEADmodesuchasGCM/CCMisbeingused,theauthentication tagisappendedinthecaseofencryption,orverifiedinthe caseofdecryption. Theresultisstoredintheoutputbuffer. Iftheoutputbufferistoosmalltoholdtheresult, aShortBufferExceptionisthrown.Inthiscase,repeatthis callwithalargeroutputbuffer.Use getOutputSizetodeterminehowbig theoutputbuffershouldbe. Uponfinishing,thismethodresetsthiscipherobjecttothestate itwasinwhenpreviouslyinitializedviaacalltoinit. Thatis,theobjectisresetandavailabletoencryptordecrypt (dependingontheoperationmodethatwasspecifiedinthecallto init)moredata. Note:ifanyexceptionisthrown,thiscipherobjectmayneedto beresetbeforeitcanbeusedagain. Note:thismethodshouldbecopy-safe,whichmeansthe inputandoutputbufferscanreference thesamebytearrayandnounprocessedinputdataisoverwritten whentheresultiscopiedintotheoutputbuffer. Parameters:input-theinputbufferinputOffset-theoffsetininputwheretheinput startsinputLen-theinputlengthoutput-thebufferfortheresult Returns:thenumberofbytesstoredinoutput Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalBlockSizeException-ifthiscipherisablockcipher, nopaddinghasbeenrequested(onlyinencryptionmode),andthetotal inputlengthofthedataprocessedbythiscipherisnotamultipleof blocksize;orifthisencryptionalgorithmisunableto processtheinputdataprovided. ShortBufferException-ifthegivenoutputbufferistoosmall toholdtheresult BadPaddingException-ifthiscipherisindecryptionmode, and(un)paddinghasbeenrequested,butthedecrypteddataisnot boundedbytheappropriatepaddingbytes AEADBadTagException-ifthiscipherisdecryptinginan AEADmode(suchasGCM/CCM),andthereceivedauthenticationtag doesnotmatchthecalculatedvalue doFinal publicfinal int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throwsShortBufferException, IllegalBlockSizeException, BadPaddingException Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation.Thedataisencryptedordecrypted, dependingonhowthiscipherwasinitialized. ThefirstinputLenbytesintheinput buffer,startingatinputOffsetinclusive,andanyinput bytesthatmayhavebeenbufferedduringaprevious updateoperation,areprocessed,withpadding (ifrequested)beingapplied. IfanAEADmodesuchasGCM/CCMisbeingused,theauthentication tagisappendedinthecaseofencryption,orverifiedinthe caseofdecryption. Theresultisstoredintheoutputbuffer,startingat outputOffsetinclusive. Iftheoutputbufferistoosmalltoholdtheresult, aShortBufferExceptionisthrown.Inthiscase,repeatthis callwithalargeroutputbuffer.Use getOutputSizetodeterminehowbig theoutputbuffershouldbe. Uponfinishing,thismethodresetsthiscipherobjecttothestate itwasinwhenpreviouslyinitializedviaacalltoinit. Thatis,theobjectisresetandavailabletoencryptordecrypt (dependingontheoperationmodethatwasspecifiedinthecallto init)moredata. Note:ifanyexceptionisthrown,thiscipherobjectmayneedto beresetbeforeitcanbeusedagain. Note:thismethodshouldbecopy-safe,whichmeansthe inputandoutputbufferscanreference thesamebytearrayandnounprocessedinputdataisoverwritten whentheresultiscopiedintotheoutputbuffer. Parameters:input-theinputbufferinputOffset-theoffsetininputwheretheinput startsinputLen-theinputlengthoutput-thebufferfortheresultoutputOffset-theoffsetinoutputwheretheresult isstored Returns:thenumberofbytesstoredinoutput Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalBlockSizeException-ifthiscipherisablockcipher, nopaddinghasbeenrequested(onlyinencryptionmode),andthetotal inputlengthofthedataprocessedbythiscipherisnotamultipleof blocksize;orifthisencryptionalgorithmisunableto processtheinputdataprovided. ShortBufferException-ifthegivenoutputbufferistoosmall toholdtheresult BadPaddingException-ifthiscipherisindecryptionmode, and(un)paddinghasbeenrequested,butthedecrypteddataisnot boundedbytheappropriatepaddingbytes AEADBadTagException-ifthiscipherisdecryptinginan AEADmode(suchasGCM/CCM),andthereceivedauthenticationtag doesnotmatchthecalculatedvalue doFinal publicfinal int doFinal(ByteBuffer input, ByteBuffer output) throwsShortBufferException, IllegalBlockSizeException, BadPaddingException Encryptsordecryptsdatainasingle-partoperation,orfinishesa multiple-partoperation.Thedataisencryptedordecrypted, dependingonhowthiscipherwasinitialized. Allinput.remaining()bytesstartingat input.position()areprocessed. IfanAEADmodesuchasGCM/CCMisbeingused,theauthentication tagisappendedinthecaseofencryption,orverifiedinthe caseofdecryption. Theresultisstoredintheoutputbuffer. Uponreturn,theinputbuffer'spositionwillbeequal toitslimit;itslimitwillnothavechanged.Theoutputbuffer's positionwillhaveadvancedbyn,wherenisthevaluereturned bythismethod;theoutputbuffer'slimitwillnothavechanged. Ifoutput.remaining()bytesareinsufficientto holdtheresult,aShortBufferExceptionisthrown. Inthiscase,repeatthiscallwithalargeroutputbuffer.Use getOutputSizetodeterminehowbig theoutputbuffershouldbe. Uponfinishing,thismethodresetsthiscipherobjecttothestate itwasinwhenpreviouslyinitializedviaacalltoinit. Thatis,theobjectisresetandavailabletoencryptordecrypt (dependingontheoperationmodethatwasspecifiedinthecallto init)moredata. Note:ifanyexceptionisthrown,thiscipherobjectmayneedto beresetbeforeitcanbeusedagain. Note:thismethodshouldbecopy-safe,whichmeansthe inputandoutputbufferscanreference thesamebytearrayandnounprocessedinputdataisoverwritten whentheresultiscopiedintotheoutputbuffer. Parameters:input-theinputByteBufferoutput-theoutputByteBuffer Returns:thenumberofbytesstoredinoutput Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized) IllegalArgumentException-ifinputandoutputarethe sameobject ReadOnlyBufferException-iftheoutputbufferisread-only IllegalBlockSizeException-ifthiscipherisablockcipher, nopaddinghasbeenrequested(onlyinencryptionmode),andthetotal inputlengthofthedataprocessedbythiscipherisnotamultipleof blocksize;orifthisencryptionalgorithmisunableto processtheinputdataprovided. ShortBufferException-ifthereisinsufficientspaceinthe outputbuffer BadPaddingException-ifthiscipherisindecryptionmode, and(un)paddinghasbeenrequested,butthedecrypteddataisnot boundedbytheappropriatepaddingbytes AEADBadTagException-ifthiscipherisdecryptinginan AEADmode(suchasGCM/CCM),andthereceivedauthenticationtag doesnotmatchthecalculatedvalueSince: 1.5 wrap publicfinal byte[] wrap(Key key) throwsIllegalBlockSizeException, InvalidKeyException Wrapakey. Parameters:key-thekeytobewrapped. Returns:thewrappedkey. Throws: IllegalStateException-ifthiscipherisinawrong state(e.g.,hasnotbeeninitialized). IllegalBlockSizeException-ifthiscipherisablock cipher,nopaddinghasbeenrequested,andthelengthofthe encodingofthekeytobewrappedisnota multipleoftheblocksize. InvalidKeyException-ifitisimpossibleorunsafeto wrapthekeywiththiscipher(e.g.,ahardwareprotectedkeyis beingpassedtoasoftware-onlycipher). unwrap publicfinal Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) throwsInvalidKeyException, NoSuchAlgorithmException Unwrapapreviouslywrappedkey. Parameters:wrappedKey-thekeytobeunwrapped.wrappedKeyAlgorithm-thealgorithmassociatedwiththewrapped key.wrappedKeyType-thetypeofthewrappedkey.Thismustbeoneof SECRET_KEY,PRIVATE_KEY,or PUBLIC_KEY. Returns:theunwrappedkey. Throws: IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized). NoSuchAlgorithmException-ifnoinstalledproviders cancreatekeysoftypewrappedKeyTypeforthe wrappedKeyAlgorithm. InvalidKeyException-ifwrappedKeydoesnot representawrappedkeyoftypewrappedKeyTypefor thewrappedKeyAlgorithm. getMaxAllowedKeyLength publicstaticfinal int getMaxAllowedKeyLength(String transformation) throwsNoSuchAlgorithmException Returnsthemaximumkeylengthforthespecifiedtransformation accordingtotheinstalledJCEjurisdictionpolicyfiles.If JCEunlimitedstrengthjurisdictionpolicyfilesareinstalled, Integer.MAX_VALUEwillbereturned. FormoreinformationondefaultkeysizeinJCEjurisdiction policyfiles,pleaseseeAppendixEinthe JavaCryptographyArchitectureReferenceGuide. Parameters:transformation-theciphertransformation. Returns:themaximumkeylengthinbitsorInteger.MAX_VALUE. Throws: NullPointerException-iftransformationisnull. NoSuchAlgorithmException-iftransformation isnotavalidtransformation,i.e.intheformof"algorithm"or "algorithm/mode/padding".Since: 1.5 getMaxAllowedParameterSpec publicstaticfinal AlgorithmParameterSpec getMaxAllowedParameterSpec(String transformation) throwsNoSuchAlgorithmException ReturnsanAlgorithmParameterSpecobjectwhichcontains themaximumcipherparametervalueaccordingtothe jurisdictionpolicyfile.IfJCEunlimitedstrengthjurisdiction policyfilesareinstalledorthereisnomaximumlimitonthe parametersforthespecifiedtransformationinthepolicyfile, nullwillbereturned. Parameters:transformation-theciphertransformation. Returns:anAlgorithmParameterSpecwhichholdsthemaximum valueornull. Throws: NullPointerException-iftransformation isnull. NoSuchAlgorithmException-iftransformation isnotavalidtransformation,i.e.intheformof"algorithm"or "algorithm/mode/padding".Since: 1.5 updateAAD publicfinal void updateAAD(byte[] src) Continuesamulti-partupdateoftheAdditionalAuthentication Data(AAD). CallstothismethodprovideAADtothecipherwhenoperatingin modessuchasAEAD(GCM/CCM).Ifthiscipherisoperatingin eitherGCMorCCMmode,allAADmustbesuppliedbeforebeginning operationsontheciphertext(viatheupdateanddoFinalmethods). Parameters:src-thebuffercontainingtheAdditionalAuthenticationData Throws: IllegalArgumentException-ifthesrc bytearrayisnull IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized),doesnotacceptAAD,orif operatingineitherGCMorCCMmodeandoneoftheupdate methodshasalreadybeencalledfortheactive encryption/decryptionoperation UnsupportedOperationException-ifthecorrespondingmethod intheCipherSpihasnotbeenoverriddenbyan implementationSince: 1.7 updateAAD publicfinal void updateAAD(byte[] src, int offset, int len) Continuesamulti-partupdateoftheAdditionalAuthentication Data(AAD),usingasubsetoftheprovidedbuffer. CallstothismethodprovideAADtothecipherwhenoperatingin modessuchasAEAD(GCM/CCM).Ifthiscipherisoperatingin eitherGCMorCCMmode,allAADmustbesuppliedbeforebeginning operationsontheciphertext(viatheupdateanddoFinalmethods). Parameters:src-thebuffercontainingtheAADoffset-theoffsetinsrcwheretheAADinputstartslen-thenumberofAADbytes Throws: IllegalArgumentException-ifthesrc bytearrayisnull,ortheoffsetorlength islessthan0,orthesumoftheoffsetand lenisgreaterthanthelengthofthe srcbytearray IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized),doesnotacceptAAD,orif operatingineitherGCMorCCMmodeandoneoftheupdate methodshasalreadybeencalledfortheactive encryption/decryptionoperation UnsupportedOperationException-ifthecorrespondingmethod intheCipherSpihasnotbeenoverriddenbyan implementationSince: 1.7 updateAAD publicfinal void updateAAD(ByteBuffer src) Continuesamulti-partupdateoftheAdditionalAuthentication Data(AAD). CallstothismethodprovideAADtothecipherwhenoperatingin modessuchasAEAD(GCM/CCM).Ifthiscipherisoperatingin eitherGCMorCCMmode,allAADmustbesuppliedbeforebeginning operationsontheciphertext(viatheupdateanddoFinalmethods). Allsrc.remaining()bytesstartingat src.position()areprocessed. Uponreturn,theinputbuffer'spositionwillbeequal toitslimit;itslimitwillnothavechanged. Parameters:src-thebuffercontainingtheAAD Throws: IllegalArgumentException-ifthesrcByteBuffer isnull IllegalStateException-ifthiscipherisinawrongstate (e.g.,hasnotbeeninitialized),doesnotacceptAAD,orif operatingineitherGCMorCCMmodeandoneoftheupdate methodshasalreadybeencalledfortheactive encryption/decryptionoperation UnsupportedOperationException-ifthecorrespondingmethod intheCipherSpihasnotbeenoverriddenbyan implementationSince: 1.7 Overview Package Class Use Tree Deprecated Index Help Java™ PlatformStandard Ed. 7 PrevClass NextClass Frames NoFrames AllClasses Summary:  Nested |  Field |  Constr |  Method Detail:  Field |  Constr |  Method SubmitabugorfeatureForfurtherAPIreferenceanddeveloperdocumentation,seeJavaSEDocumentation.Thatdocumentationcontainsmoredetailed,developer-targeteddescriptions,withconceptualoverviews,definitionsofterms,workarounds,andworkingcodeexamples.Copyright©1993,2020,Oracleand/oritsaffiliates.Allrightsreserved.Useissubjecttolicenseterms.Alsoseethedocumentationredistributionpolicy.