Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-7947

Add methods to EncryptionService interface to support encryption and decryption of streams

    Details

    • Type: Improvement Improvement
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Backlog
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
    • Similar issues:
      KULRICE-7688Decrypting/Encrypting hide fields value that are not set as encrypted when click on custom button on Maintenance Document
      KULRICE-7667Decrypting/Encrypting hide fields value that are not set as encrypted when click on custom button on Maintenance Document
      KULRICE-8299Create UI for encrypting/decrypting document content
      KULRICE-8412Fields encrypted on URL are not always decrypted when returned to document
      KULRICE-10857Create Automated Functional (Smoke) Tests for KRAD Labs - Encryption Utility
      KULRICE-4848add input stream constructor to ZipXmlDocCollection
      KULRICE-4181Add clear cache method to KeyValuesFinder interface and base class
      KULRICE-5141Add methods to Proposition interface to allow for navigating nested Propositions
      KULRICE-1813Consolidate Rice and KEW EncryptionService interfaces to be one used everywhere
      KULRICE-4782forceUppercase and encrypted PK fields are not compatible - unable to perform inquiry
    • Rice Module:
      Rice Core
    • Application Requirement:
      Rice
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required

      Description

      Currently (as of 2.0b1) the Rice EncryptionService only supports methods to encrypt/decrypt an Object or a byte array. This means that the data must be read entirely into memory before being transformed and restricts the service when working with arbitrary length data (such as files) since it means that the JVM needs to always maintain enough available memory to hold every byte that is being manipulated at any given moment.

      The standard solution for this problem is to use InputStream and OutputStream objects to encrypt or decrypt a fixed number of bytes at a time, effectively buffering the transformation. Java provides standard classes for accomplishing this (javax.crypto.CipherInputStream and javax.crypto.CipherOutputStream).

      At the University of Washington we have extended the EncryptionService with the following methods to address this:

      OutputStream encrypt(OutputStream output, boolean doEncodeAsBase64) throws GeneralSecurityException, UnsupportedEncodingException, IOException;

      InputStream decrypt(InputStream input, boolean isEncodedAsBase64) throws GeneralSecurityException, IOException;

      and we've also added the following additional methods to support the use of a single cipher for consecutively encrypting multiple streams:

      OutputStream encrypt(OutputStream output, boolean doEncodeAsBase64, Cipher encryptCipher) throws GeneralSecurityException, UnsupportedEncodingException, IOException;

      InputStream decrypt(InputStream input, boolean isEncodedAsBase64, Cipher decryptCipher) throws GeneralSecurityException, IOException;

      Cipher getMultiuseDecryptCipher(byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException;

      Cipher getMultiuseEncryptCipher() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException;

        Activity

        Hide
        Peter Giles (Inactive) added a comment -

        Hi James, do you have a patch you would be willing to share? Also, do you have unit tests for your new methods? Thanks

        Show
        Peter Giles (Inactive) added a comment - Hi James, do you have a patch you would be willing to share? Also, do you have unit tests for your new methods? Thanks

          People

          • Assignee:
            Unassigned
            Reporter:
            James Renfro (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Structure Helper Panel