
CipherActor |
ptolemy.actor.lib.security.CipherActor |
A base class for actors that encrypt and decrypt data.
<p>Cipher actors are any actors which perform encryption or
decryption based on the Java Cryptography Extension (JCE).
See the
<a href="../../../../ptolemy/actor/lib/security/CryptographyActor.xml">ptolemy.actor.lib.security.CryptographyActor</a> documentation for
resources about JCA and JCE.
<p> Actors extending this class take in an unsigned byte array at the
<i>input</i>, process the data based on the <i>algorithm</i> parameter
and send a unsigned byte array to the <i>output</i>. The algorithms
that may be implemented are limited to those that are implemented
by "providers" following the JCE specifications and installed in the
machine being run. The mode and padding of the algorithm can also be
specified in the <i>mode</i> and <i>padding</i> parameters.
In case a provider specific instance of an algorithm is needed,
the provider may also be specified in the <i>provider</i> parameter.
The <i>keySize</i> parameter allows implementations of algorithms
using various key sizes.
<p>Concrete actors derived from this base class must implement the
<a href="../../../../ptolemy/actor/lib/security/CryptographyActor.html#_process">_process(byte[])</a> method.
The initialize() method of this actor sets _cipher to the
value of javax.crypt.Cipher.getInstance() with an argument that is
created from the values of the <i>algorithm</i>, <i>padding</i> and
<i>keySize</i> parameters. Derived classes should call _cipher.init()
with the value of the key in their fire() method. The_process() method
in a derived class usually calls _cipher.doFinal().
Author(s): Christopher Hylands Brooks, Contributor: Rakesh Reddy
Version:$Id: CipherActor.doc.html,v 1.1 2006/02/22 18:40:26 mangal Exp $
Pt.Proposed Rating:Green (cxh)
Pt.Accepted Rating:Yellow (cxh)
mode
The mode component when the Cipher is instantiated.
Algorithms can be run in several different modes.
The mode is specified as a string.
Names for modes and modes implemented vary based on the provider.
Possible values include
<dl>
<dt><code></code> (<i>The empty string</i>)
<dd>Use the default setting for the algorithm.
<dt><code>NONE</code>
<dd>No mode, meaning that the algorithm does not use a mode.
<dt><code>CBC</code>
<dd>Cipher Block Chaining Mode, as defined in FIPS PUB 81.
CBC is usually the mode that is used.
<dt><code>CFB</code>
<dd>Cipher Feedback Mode, as defined in FIPS PUB 81.
<dt><code>ECB</code>
<dd>Electronic Codebook Mode, as defined in: The National
Institute of Standards and Technology (NIST) Federal
Information Processing Standard (FIPS) PUB 81, "DES Modes of
Operation," U.S. Department of Commerce, Dec 1980.
ECM is best for encrypting small pieces of data. If possible,
use CBC instead.
<dt><code>OFB</code>
<dd>Output Feedback Mode, as defined in FIPS PUB 81.
<dt><code>PCBC</code>
<dd>Propagating Cipher Block Chaining, as defined by Kerberos V4.
</dl>
The initial default is the empty string, which indicates that
the default setting for the algorithm should be used.
<p>
See the
<a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA" target="_top">Java Cryptography Extension (JCE) Reference Guide</a>
for details.
padding
The padding scheme used by the cipher during encryption.
In cryptography, padding is used to handle situations where the input
data must be an exact multiple of the block size for the algorithm
<a href="http://www.di-mgt.com.au/cryptopad.html#whennopadding" target="_top">http://www.di-mgt.com.au/cryptopad.html#whennopadding</a> says:
<blockquote>
Block cipher algorithms like DES and Blowfish in Electronic Code Book
(ECB) and Cipher Block Chaining (CBC) mode require their input to be
an exact multiple of the block size. If the plaintext to be encrypted
is not an exact multiple, you need to pad before encrypting by adding
a padding string. When decrypting, the receiving party needs to know
how to remove the padding, if any.
</blockquote>
<p>The padding is specified as a string.
Names for parameter and parameters implemented vary based on the
provider.
Possible values include
<dl>
<dt><code></code> (<i>The empty string</i>)
<dd>Use the default setting for the algorithm.
<dt><code>NoPadding</code>
<dd>No padding (do not use padding).
<dt><code> OAEPWith<i>digest</i>And<i>mgf</i>Padding</code>
<dd>Optimal Asymmetric Encryption Padding scheme defined in
PKCS #1, where <i>digest</i> should be replaced by the message
digest and <i>mgf</i> by the mask generation function. Example:
OAEPWithMD5AndMGF1Padding.
<dt><code>PKCS5Padding</code>
<dd>The padding scheme described in: RSA Laboratories, "PKCS
#5: Password-Based Encryption Standard," version 1.5, November
1993.
<dt><code>SSL3Padding</code>
<dd>The padding scheme defined in the SSL Protocol Version 3.0,
November 18, 1996, section 5.2.3.2 (CBC block cipher):
</dl>
The initial default is the empty string, which indicates that
the default setting for the algorithm should be used.
<p>
See the
<a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA" target="_top">Java Cryptography Extension (JCE) Reference Guide</a>
for details.