pdk.util.Crypto
functions to encrypt/decrypt data
Functions
encode
Encode the raw string. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.
Arguments:
cleanString :: pdk.core.String
Result:
output :: pdk.core.String - encoded string
Possible exceptions
NullPointerException - throws if the cleanString argument is
NULL
match
Verify the encoded string matches the submitted clean string after it too is encoded. Returns true if the strings match, false if they do not. The encoded string itself is never decoded.
Arguments:
cleanString :: pdk.core.String
encodedString :: pdk.core.String - encoded by pdk.util.Crypto.encode function
Result:
output :: pdk.core.Boolean - true if the clean string, after encoding, matches the encoded string.
Possible exceptions
NullPointerException - throws if the cleanString or the encodedString argument is
NULL
encryptAES256GCM
Encrypts a UTF-8 string using AES-256 in GCM mode with no padding.
The key is provided as a Base64-encoded string, and a new random 12-byte IV is generated for each encryption.
The result is a Base64-encoded string containing the IV concatenated with the ciphertext and authentication tag.
Parameters
plaintextUtf8 :: pdk.core.String - UTF-8 string
base64Key :: pdk.core.String - Base64-encoded key.
Returns
output :: pdk.core.String - Base64-encoded encrypted string.
Possible Exceptions
NullPointerException - throws if the plaintextUtf8 or the base64Key argument is
NULL
decryptAES256GCM
Decrypts a Base64-encoded string that was encrypted using AES-256 in GCM mode. It expects the input to contain the IV (first 12 bytes) followed by the ciphertext and authentication tag.
The key must be the same as the one used during encryption, also provided in Base64 format.
Parameters
base64Ciphertext :: pdk.core.String - Base64-encoded string
base64Key :: pdk.core.String - Base64-encoded key.
Returns
output :: pdk.core.String - UTF-8 decrypted string.
Possible Exceptions
NullPointerException - throws if the base64Ciphertext or the base64Key argument is
NULL
encryptRSAECBPKCS1Padding
Encrypts a UTF-8 string using RSA in ECB mode with PKCS#1 padding. The key is provided as a Base64-encoded string. The result is a Base64-encoded string of the encrypted data.
Parameters
plaintextUtf8 :: pdk.core.String - UTF-8 string
base64Key :: pdk.core.String - the public key, provided as a Base64-encoded X.509 SubjectPublicKeyInfo structure.
Returns
output :: pdk.core.String - A Base64-encoded string containing the RSA-encrypted ciphertext.
Possible Exceptions
NullPointerException - throws if the plaintextUtf8 or the base64Key argument is
NULL
decryptRSAECBPKCS1Padding
Decrypts a Base64-encoded string using RSA with ECB mode and PKCS#1 v1.5 padding.
Parameters
base64Ciphertext :: pdk.core.String - the ciphertext input to decrypt, provided as a Base64-encoded string.
base64Key :: pdk.core.String - the private key, provided as a Base64-encoded PKCS#8 structure.
Returns
output :: pdk.core.String - A UTF-8 string containing the decrypted plaintext.
Possible Exceptions
NullPointerException - throws if the plaintextUtf8 or the base64Key argument is
NULL
encryptBytesRSAECBPKCS1Padding
Encrypts an array of bytes using RSA in ECB mode with PKCS#1 padding. The key is provided as a Base64-encoded string. The result is a Base64-encoded string of the encrypted data.
Parameters
bytesToEncrypt :: pdk.core.Array<pdk.core.Byte>
base64Key :: pdk.core.String - the public key, provided as a Base64-encoded X.509 SubjectPublicKeyInfo structure.
Returns
output :: pdk.core.Array<pdk.core.Byte> - A Base64-encoded array of bytes containing the RSA-encrypted content.
Possible Exceptions
NullPointerException - throws if the bytesToEncrypt or the base64Key argument is
NULL
decryptBytesRSAECBPKCS1Padding
Decrypts a Base64-encoded array of bytes using RSA with ECB mode and PKCS#1 v1.5 padding.
Parameters
bytesToDecrypt :: pdk.core.Array<pdk.core.Byte>.
base64Key :: pdk.core.String - the private key, provided as a Base64-encoded PKCS#8 structure.
Returns
output :: pdk.core.Array<pdk.core.Byte> - A decrypted array.
Possible Exceptions
NullPointerException - throws if the bytesToDecrypt or the base64Key argument is
NULL
encryptJWE_RSA_OAEP_256_A128GCM
Encrypts the given plaintext using JWE (JSON Web Encryption) with RSA-OAEP-256 for key encryption and A128GCM for content encryption.
Parameters
plainTextUtf8 :: pdk.core.String - The plaintext string (or JSON string) to encrypt
keyId :: pdk.core.String - The key identifier (kid) to include in the JWE header.
serverCert :: pdk.core.String - The content of the server's public certificate (PEM format), used to encrypt the payload.
Returns
output :: pdk.core.String - The serialized JWE as a string (compact serialization), representing the encrypted payload.
Possible Exceptions
NullPointerException - throws if the plainTextUtf8, keyId or the serverCert argument is
NULL
decryptJWE_RSA_OAEP_256_A128GCM
Decrypts the given JWE string using the client's private key.
Parameters
encryptedText :: pdk.core.String - The serialized JWE string containing the encrypted payload.
privateKey :: pdk.core.String - The content of the client's private key (PEM format), used to decrypt the payload.
Returns
output :: pdk.core.String - The decrypted plaintext as a string (JSON or text), matching the original input to the encrypt function.
Possible Exceptions
NullPointerException - throws if the encryptedText or the privateKey argument is
NULL
Last updated