Dougniel commented on code in PR #332:
URL: https://github.com/apache/commons-compress/pull/332#discussion_r1037850366
##########
src/main/java/org/apache/commons/compress/archivers/sevenz/AES256SHA256Decoder.java:
##########
@@ -126,4 +115,121 @@ public void close() throws IOException {
}
};
}
+
+ @Override
+ OutputStream encode(OutputStream out, Object options) throws IOException {
+ AES256Options opts = (AES256Options) options;
+ final byte[] aesKeyBytes = sha256Password(opts.password,
opts.numCyclesPower, opts.salt);
+ final SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES");
+
+ final Cipher cipher;
+ try {
+ cipher = Cipher.getInstance("AES/CBC/NoPadding");
+ cipher.init(Cipher.ENCRYPT_MODE, aesKey, new
IvParameterSpec(opts.iv));
+ } catch (final GeneralSecurityException generalSecurityException) {
+ throw new IOException(
+ "Encryption error " + "(do you have the JCE Unlimited Strength
Jurisdiction Policy Files installed?)",
Review Comment:
I rework the implementation and now I only use SecureRandom one time
As in Java 8 it's not clear that [SecureRandom is thread safe or
not](https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html),
I didn't put In a static member _(even if the JavaDocs 9 seems to tell that
[it could be
ThreadSafe](https://docs.oracle.com/javase/9/docs/api/java/security/SecureRandom.html))_
What do you think ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
