com.filenet.api.util
Class Encryption

java.lang.Object
  extended by com.filenet.api.util.Encryption

public class Encryption
extends java.lang.Object

Used to encrypt sensitive properties, such as passwords, that are sent to the Content Engine server. The encryption is done using the public key retrieved from the Domain object associated with the object containing the sensitive property. Once the property is received on the server, it is decrypted with the domain's private key, then encrypted with the Content Engine master key prior to being persisted. Thus, this mechanism is intended to encrypt values only during transmission to the server, where they are immediately decrypted.

Static methods are available for encrypting bytes, chars, and strings. Note that the use of the method that encrypts strings is discouraged, as strings are immutable, so the sensitive data can remain in memory, posing a security risk, or it can be inadvertently written to disk as a result of exception handling or logging activity. Any char or byte array passed to an encrypt method is overwritten once the encryption has been performed. If the application needs to use the sensitive data after encryption, which should be an unusual case, it must make a copy prior to encryption.

Chars and strings are UTF-8 encoded prior to being encrypted.


Method Summary
static byte[] encrypt(EngineObject eo, byte[] plainText)
          Encrypts a byte array using the public key from the domain object associated with the given EngineObject.
static byte[] encrypt(EngineObject eo, char[] plainText)
          Encrypts the given char array using the public key from the Domain object associated with the given EngineObject.
static byte[] encrypt(EngineObject eo, java.lang.String plainText)
          Encrypts the given string using the public key from the Domain object associated with the given EngineObject.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

encrypt

public static byte[] encrypt(EngineObject eo,
                             java.lang.String plainText)
Encrypts the given string using the public key from the Domain object associated with the given EngineObject. The input string is UTF-8 encoded before encryption.

Note: You are strongly discouraged from using this method. Strings are immutable, so the plain text data remains in program memory for as long as the application runs, which may be a security risk for truly sensitive data. You are encouraged to use one of the methods for which the input plain text data is an array.

Parameters:
eo - An EngineObject.
plainText - The input plain text string.
Returns:
The output cipher text byte array.
See Also:
encrypt(EngineObject eo, plainText byte[]), encrypt(EngineObject eo, plainText char[])

encrypt

public static byte[] encrypt(EngineObject eo,
                             char[] plainText)
Encrypts the given char array using the public key from the Domain object associated with the given EngineObject. The input char array is UTF-8 encoded to bytes before being encrypted.

Note: After encryption is done, the input char array is cleared.

Parameters:
eo - An EngineObject.
plainText - The input plain text char array.
Returns:
The output cipher text byte array.

encrypt

public static byte[] encrypt(EngineObject eo,
                             byte[] plainText)
Encrypts a byte array using the public key from the domain object associated with the given EngineObject.

Note: After encryption is done, the input byte array is cleared.

Parameters:
eo - An EngineObject.
plainText - The input plain text byte array.
Returns:
The output cipher text byte array.


© Copyright IBM Corporation 2006, 2009. All rights reserved.