Package org.saidone.service.crypto

Class BcCryptoServiceImpl

java.lang.Object

org.saidone.component.BaseComponent

org.saidone.service.crypto.AbstractCryptoService

org.saidone.service.crypto.BcCryptoServiceImpl

All Implemented Interfaces:

CryptoService, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware

@Service
@ConfigurationProperties(prefix="application.service.vault.encryption.bc")
@ConditionalOnExpression("${application.service.vault.encryption.enabled}.equals(true) and \'${application.service.vault.encryption.impl}\'.equals(\'bc\')")
public class BcCryptoServiceImpl
extends AbstractCryptoService
implements CryptoService

Cryptographic service based on the Bouncy Castle provider that performs ChaCha20-Poly1305 encryption. The bean is activated when both application.service.vault.encryption.enabled is set to true and application.service.vault.encryption.impl is set to bc. Random salt and nonce values are generated for every operation and the encryption key is derived using the configured KDF implementation.

Nested Class Summary

Nested classes/interfaces inherited from class org.saidone.service.crypto.AbstractCryptoService

AbstractCryptoService.Kdf

Field Summary

Fields inherited from class org.saidone.service.crypto.AbstractCryptoService

kdf

Constructor Summary

Constructors

Constructor	Description
BcCryptoServiceImpl()

Method Summary

Modifier and Type	Method	Description
void	configure(EncryptionConfig properties)
InputStream	decrypt(InputStream inputStream)	Decrypts a ChaCha20-Poly1305 encrypted stream.
InputStream	encrypt(InputStream inputStream)	Encrypts a data stream using ChaCha20-Poly1305 authenticated encryption.

Methods inherited from class org.saidone.service.crypto.AbstractCryptoService

decryptText, deriveSecretKey, deriveSecretKey, encryptText

Methods inherited from class org.saidone.component.BaseComponent

init, setApplicationContext, shutDown, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.saidone.service.crypto.CryptoService

decryptText, encryptText

Constructor Details

BcCryptoServiceImpl

public BcCryptoServiceImpl()

Method Details

configure

@Autowired
public void configure(EncryptionConfig properties)

encrypt

public InputStream encrypt(InputStream inputStream)

Encrypts a data stream using ChaCha20-Poly1305 authenticated encryption.

The encryption process follows these steps: 1. Generates random salt and nonce 2. Derives encryption key from salt using configured KDF 3. Initializes ChaCha20-Poly1305 cipher 4. Prepends key version+salt+nonce to encrypted stream

The output stream format is: [key version][salt][nonce][encrypted data]

Specified by:

encrypt in interface CryptoService

Parameters:

inputStream - The plaintext input data to be encrypted

Returns:

An InputStream containing concatenated salt, nonce and encrypted data

Throws:

RuntimeException - if any error occurs during the encryption process

decrypt

public InputStream decrypt(InputStream inputStream)

Decrypts a ChaCha20-Poly1305 encrypted stream.

The decryption process follows these steps: 1. Reads key version, salt and nonce from stream header 2. Derives decryption key from salt 3. Initializes cipher for decryption 4. Returns decrypting stream for remaining data

Expected input format: [key version][salt][nonce][encrypted data] where: - key version length = 4 bytes - salt length = saltLength bytes - nonce length = nonceLength bytes

Specified by:

decrypt in interface CryptoService

Parameters:

inputStream - InputStream containing encrypted data with prepended salt and nonce

Returns:

An InputStream yielding the decrypted data

Throws:

RuntimeException - if any error occurs during the decryption process