Thanks! Silly me, I was thinking that AesCipherService.decrypt() took a Key,
but it takes a byte[]. That makes it much easier to use.
As I was playing around with this, I was thinking that Shiro could have some
helper methods to load keys from string or file. I do like the idea of
providing the key to the cipher service initially and not having to pass it
with each encrypt or decrypt call.
In case it helps, I found the following after doing some googling:
DESedeKeySpec spec = new DESedeKeySpec("key string here".getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = keyFactory.generateSecret(spec);
Obviously, the code above isn't right since it uses DES, but I wasn't sure
what type of "spec" to use.
Tauren
On Mon, Apr 4, 2011 at 7:57 PM, Les Hazlewood <lhazlew...@apache.org> wrote:
> Hi Tauren,
>
> Try this:
>
> Key key = cipherService.generateNewKey();
> String base64 = new SimpleByteSource(key.getEncoded()).toBase64();
>
> Then put the base64 string somewhere (in a props file, etc).
>
> When you need to reverse the process, you can do this:
>
> byte[] bytes = Base64.decode(encoded);
>
> You'll use the 'bytes' variable as your argument to the CipherService
> methods.
>
> Does that help?
>
> Cheers,
>
> Les
>
> P.S. That reminds me. I think it'd be a good idea to have a Cryptor
> interface - a component that stores the key as an internal attribute
> so encryption and decryption operations don't require a key argument.
> It would probably itself use an internal CipherService to do its
> work...
>
