Package org.docx4j.org.apache.poi.poifs.crypt.agile

Class AgileDecryptor

java.lang.Object

org.docx4j.org.apache.poi.poifs.crypt.Decryptor

org.docx4j.org.apache.poi.poifs.crypt.agile.AgileDecryptor

public class AgileDecryptor
extends Decryptor

Decryptor implementation for Agile Encryption

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	AgileDecryptor.AgileCipherInputStream	2.3.4.15 Data Encryption (Agile Encryption) The EncryptedPackage stream (1) MUST be encrypted in 4096-byte segments to facilitate nearly random access while allowing CBC modes to be used in the encryption process.

Field Summary

Fields

Modifier and Type	Field	Description
private long	_length
protected static final byte[]	kCryptoKeyBlock
protected static final byte[]	kHashedVerifierBlock
protected static final byte[]	kIntegrityKeyBlock
protected static final byte[]	kIntegrityValueBlock
protected static final byte[]	kVerifierInputBlock

Fields inherited from class org.docx4j.org.apache.poi.poifs.crypt.Decryptor

builder, DEFAULT_PASSWORD, DEFAULT_POIFS_ENTRY

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AgileDecryptor(AgileEncryptionInfoBuilder builder)

Method Summary

Modifier and Type	Method	Description
InputStream	getDataStream(DirectoryNode dir)	Return a stream with decrypted data.
long	getLength()	Returns the length of the encrypted data that can be safely read with Decryptor.getDataStream(org.docx4j.org.apache.poi.poifs.filesystem.DirectoryNode).
protected static int	getNextBlockSize(int inputLen, int blockSize)
protected static byte[]	hashInput(EncryptionInfoBuilder builder, byte[] pwHash, byte[] blockKey, byte[] inputKey, int cipherMode)
protected static Cipher	initCipherForBlock(Cipher existing, int block, boolean lastChunk, EncryptionInfoBuilder builder, SecretKey skey, int encryptionMode)
boolean	verifyPassword(String password)	set decryption password
boolean	verifyPassword(KeyPair keyPair, X509Certificate x509)	instead of a password, it's also possible to decrypt via certificate.

Methods inherited from class org.docx4j.org.apache.poi.poifs.crypt.Decryptor

getBlockSizeInBytes, getDataStream, getDataStream, getDataStream, getInstance, getIntegrityHmacKey, getIntegrityHmacValue, getKeySizeInBytes, getSecretKey, getVerifier, setIntegrityHmacKey, setIntegrityHmacValue, setSecretKey, setVerifier

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

_length

private long _length

kVerifierInputBlock

protected static final byte[] kVerifierInputBlock

kHashedVerifierBlock

protected static final byte[] kHashedVerifierBlock

kCryptoKeyBlock

protected static final byte[] kCryptoKeyBlock

kIntegrityKeyBlock

protected static final byte[] kIntegrityKeyBlock

kIntegrityValueBlock

protected static final byte[] kIntegrityValueBlock

Constructor Details

AgileDecryptor

protected AgileDecryptor(AgileEncryptionInfoBuilder builder)

Method Details

verifyPassword

public boolean verifyPassword(String password)
                       throws GeneralSecurityException

set decryption password

Specified by:

verifyPassword in class Decryptor

Throws:

GeneralSecurityException

verifyPassword

public boolean verifyPassword(KeyPair keyPair,
 X509Certificate x509)
                       throws GeneralSecurityException

instead of a password, it's also possible to decrypt via certificate. Warning: this code is experimental and hasn't been validated

Parameters:

keyPair -

x509 -

Returns:

true, when the data can be successfully decrypted with the given private key

Throws:

GeneralSecurityException

See Also:

• Agile encryption with certificates

getNextBlockSize

protected static int getNextBlockSize(int inputLen,
 int blockSize)

hashInput

protected static byte[] hashInput(EncryptionInfoBuilder builder,
 byte[] pwHash,
 byte[] blockKey,
 byte[] inputKey,
 int cipherMode)

getDataStream

public InputStream getDataStream(DirectoryNode dir)
                          throws IOException,
GeneralSecurityException

Description copied from class: Decryptor

Return a stream with decrypted data.

Use Decryptor.getLength() to get the size of that data that can be safely read from the stream. Just reading to the end of the input stream is not sufficient because there are normally padding bytes that must be discarded

Specified by:

getDataStream in class Decryptor

Parameters:

dir - the node to read from

Returns:

decrypted stream

Throws:

IOException

GeneralSecurityException

getLength

public long getLength()

Description copied from class: Decryptor

Returns the length of the encrypted data that can be safely read with Decryptor.getDataStream(org.docx4j.org.apache.poi.poifs.filesystem.DirectoryNode). Just reading to the end of the input stream is not sufficient because there are normally padding bytes that must be discarded

The length variable is initialized in Decryptor.getDataStream(org.docx4j.org.apache.poi.poifs.filesystem.DirectoryNode), an attempt to call getLength() prior to getDataStream() will result in IllegalStateException.

Specified by:

getLength in class Decryptor

Returns:

length of the encrypted data

initCipherForBlock

protected static Cipher initCipherForBlock(Cipher existing,
 int block,
 boolean lastChunk,
 EncryptionInfoBuilder builder,
 SecretKey skey,
 int encryptionMode)
                                    throws GeneralSecurityException

Throws:

GeneralSecurityException