org.jasypt.digest
Class StandardStringDigester

Object
  org.jasypt.digest.StandardStringDigester

All Implemented Interfaces:

StringDigester

public final class StandardStringDigester
extends Object
implements StringDigester

Standard implementation of the StringDigester interface. This class lets the user specify the algorithm (and provider) to be used for creating digests, the size of the salt to be applied, the number of times the hash function will be applied (iterations) and the salt generator to be used.

This class avoids byte-conversion problems related to the fact of different platforms having different default charsets, and returns digests in the form of BASE64-encoded or HEXADECIMAL ASCII Strings.

This class is thread-safe.

Configuration

The algorithm, provider, salt size, iterations and salt generator can take values in any of these ways:

• Using its default values.
• Setting a DigesterConfig object which provides new configuration values.
• Calling the corresponding setX(...) methods.

And the actual values to be used for initialization will be established by applying the following priorities:

1. First, the default values are considered.
2. Then, if a DigesterConfig object has been set with setConfig, the non-null values returned by its getX methods override the default values.
3. Finally, if the corresponding setX method has been called on the digester itself for any of the configuration parameters, the values set by these calls override all of the above.

Initialization

Before it is ready to create digests, an object of this class has to be initialized. Initialization happens:

• When initialize is called.
• When digest or matches are called for the first time, if initialize has not been called before.

Once a digester has been initialized, trying to change its configuration will result in an AlreadyInitializedException being thrown.

Usage

A digester may be used in two different ways:

• For creating digests, by calling the digest method.
• For matching digests, this is, checking whether a digest corresponds adequately to a digest (as in password checking) or not, by calling the matches method.

The steps taken for creating digests are:

1. The String message is converted to a byte array.
2. A salt of the specified size is generated (see SaltGenerator).
3. The salt bytes are added to the message.
4. The hash function is applied to the salt and message altogether, and then to the results of the function itself, as many times as specified (iterations).
5. If specified by the salt generator (see SaltGenerator.includePlainSaltInEncryptionResults()), the undigested salt and the final result of the hash function are concatenated and returned as a result.
6. The result of the concatenation is encoded in BASE64 or HEXADECIMAL and returned as an ASCII String.

Put schematically in bytes:

• DIGEST = |S|..(ssb)..|S|X|X|X|...|X|
  • S: salt bytes (plain, not digested). (OPTIONAL).
  • ssb: salt size in bytes.
  • X: bytes resulting from hashing (see below).
• |X|X|X|...|X| = H(H(H(..(it)..H(Z|Z|Z|...|Z|))))
  • H: Hash function (algorithm).
  • it: Number of iterations.
  • Z: Input for hashing (see below).
• |Z|Z|Z|...|Z| = |S|..(ssb)..|S|M|M|M...|M|
  • S: salt bytes (plain, not digested).
  • ssb: salt size in bytes.
  • M: message bytes.

If a random salt generator is used, two digests created for the same message will always be different (except in the case of random salt coincidence). Because of this, in this case the result of the digest method will contain both the undigested salt and the digest of the (salt + message), so that another digest operation can be performed with the same salt on a different message to check if both messages match (all of which will be managed automatically by the matches method).

To learn more about the mechanisms involved in digest creation, read PKCS #5: Password-Based Cryptography Standard.

Since:

1.0

Author:

Daniel Fernández

Field Summary

static String	DEFAULT_STRING_OUTPUT_TYPE Default type of String output.
static boolean	DEFAULT_UNICODE_NORMALIZATION_IGNORED Whether the Unicode normalization step should be ignored because of legacy-compatibility issues.
static String	DIGEST_CHARSET Charset to be used for encoding the resulting digests.
static String	MESSAGE_CHARSET Charset to be used to obtain "digestable" byte arrays from input Strings.

Constructor Summary

StandardStringDigester()
Creates a new instance of StandardStringDigester.

Method Summary

String	digest(String message) Performs a digest operation on a String message.
void	initialize() Initialize the digester.
boolean	isInitialized() Returns true if the digester has already been initialized, false if not. Initialization happens:
boolean	matches(String message, String digest) Checks a message against a given digest.
void	setAlgorithm(String algorithm) Sets the algorithm to be used for digesting, like MD5 or SHA-1.
void	setConfig(DigesterConfig config) Sets a DigesterConfig or StringDigesterConfig object for the digester.
void	setInvertPositionOfPlainSaltInEncryptionResults(boolean invertPositionOfPlainSaltInEncryptionResults) Whether the plain (not hashed) salt bytes are to be appended after the digest operation result bytes.
void	setInvertPositionOfSaltInMessageBeforeDigesting(boolean invertPositionOfSaltInMessageBeforeDigesting) Whether the salt bytes are to be appended after the message ones before performing the digest operation on the whole.
void	setIterations(int iterations) Set the number of times the hash function will be applied recursively.
void	setPrefix(String prefix) Sets the prefix to be added at the beginning of encryption results, and also to be expected at the beginning of plain messages provided for matching operations (raising an EncryptionOperationNotPossibleException if not).
void	setProvider(Provider provider) Sets the security provider to be asked for the digest algorithm.
void	setProviderName(String providerName) Sets the name of the security provider to be asked for the digest algorithm.
void	setSaltGenerator(SaltGenerator saltGenerator) Sets the salt generator to be used.
void	setSaltSizeBytes(int saltSizeBytes) Sets the size of the salt to be used to compute the digest.
void	setStringOutputType(String stringOutputType) Sets the the form in which String output will be encoded.
void	setSuffix(String suffix) Sets the suffix to be added at the end of encryption results, and also to be expected at the end of plain messages provided for matching operations (raising an EncryptionOperationNotPossibleException if not).
void	setUnicodeNormalizationIgnored(boolean unicodeNormalizationIgnored) Sets whether the unicode text normalization step should be ignored.
void	setUseLenientSaltSizeCheck(boolean useLenientSaltSizeCheck) Whether digest matching operations will allow matching digests with a salt size different to the one configured in the "saltSizeBytes" property.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MESSAGE_CHARSET

public static final String MESSAGE_CHARSET

Charset to be used to obtain "digestable" byte arrays from input Strings. Set to UTF-8.

This charset has to be fixed to some value so that we avoid problems with different platforms having different "default" charsets.

It is set to UTF-8 because it covers the whole spectrum of characters representable in Java (which internally uses UTF-16), and avoids the size penalty of UTF-16 (which will always use two bytes for representing each character, even if it is an ASCII one).

Setting this value to UTF-8 does not mean that Strings that originally come for, for example, an ISO-8859-1 input, will not be correcly digested. It simply provides a way of "fixing" the way a String will be converted into bytes for digesting.

See Also:

Constant Field Values

DIGEST_CHARSET

public static final String DIGEST_CHARSET

Charset to be used for encoding the resulting digests. Set to US-ASCII.

The result of digesting some bytes can be any other bytes, and so the result of digesting, for example, some LATIN-1 valid String bytes, can be bytes that may not conform a "valid" LATIN-1 String.

Because of this, digests are always encoded in BASE64 or HEXADECIMAL after being created, and this ensures that the digests will make perfectly representable, safe ASCII Strings. Because of this, the charset used to convert the digest bytes to the returned String is set to US-ASCII.

See Also:

Constant Field Values

DEFAULT_UNICODE_NORMALIZATION_IGNORED

public static final boolean DEFAULT_UNICODE_NORMALIZATION_IGNORED

Whether the Unicode normalization step should be ignored because of legacy-compatibility issues. Defaults to FALSE (the normalization step WILL be performed).

See Also:

Constant Field Values

DEFAULT_STRING_OUTPUT_TYPE

public static final String DEFAULT_STRING_OUTPUT_TYPE

Default type of String output. Set to BASE64.

See Also:

Constant Field Values

Constructor Detail

StandardStringDigester

public StandardStringDigester()

Creates a new instance of StandardStringDigester.

Method Detail

setConfig

public void setConfig(DigesterConfig config)

Sets a DigesterConfig or StringDigesterConfig object for the digester. If this config object is set, it will be asked values for:

• Algorithm
• Security Provider (or provider name)
• Salt size
• Hashing iterations
• Salt generator
• Use of Unicode normalization mechanisms (only StringDigesterConfig)
• Output type (base64, hexadecimal) (only StringDigesterConfig)

The non-null values it returns will override the default ones, and will be overriden by any values specified with a setX method.

Parameters:

config - the DigesterConfig object to be used as the source for configuration parameters.

setAlgorithm

public void setAlgorithm(String algorithm)

Sets the algorithm to be used for digesting, like MD5 or SHA-1.

This algorithm has to be supported by your security infrastructure, and it should be allowed as an algorithm for creating java.security.MessageDigest instances.

If you are specifying a security provider with setProvider(Provider) or setProviderName(String), this algorithm should be supported by your specified provider.

If you are not specifying a provider, you will be able to use those algorithms provided by the default security provider of your JVM vendor. For valid names in the Sun JVM, see Java Cryptography Architecture API Specification & Reference.

Parameters:

algorithm - the name of the algorithm to be used.

setSaltSizeBytes

public void setSaltSizeBytes(int saltSizeBytes)

Sets the size of the salt to be used to compute the digest. This mechanism is explained in PKCS #5: Password-Based Cryptography Standard.

If salt size is set to zero, then no salt will be used.

Parameters:

saltSizeBytes - the size of the salt to be used, in bytes.

setIterations

public void setIterations(int iterations)

Set the number of times the hash function will be applied recursively.
The hash function will be applied to its own results as many times as specified: h(h(...h(x)...))

This mechanism is explained in PKCS #5: Password-Based Cryptography Standard.

Parameters:

iterations - the number of iterations.

setSaltGenerator

public void setSaltGenerator(SaltGenerator saltGenerator)

Sets the salt generator to be used. If no salt generator is specified, an instance of RandomSaltGenerator will be used.

Parameters:

saltGenerator - the salt generator to be used.

setProviderName

public void setProviderName(String providerName)

Sets the name of the security provider to be asked for the digest algorithm. This security provider has to be registered beforehand at the JVM security framework.

The provider can also be set with the setProvider(Provider) method, in which case it will not be necessary neither registering the provider beforehand, nor calling this setProviderName(String) method to specify a provider name.

Note that a call to setProvider(Provider) overrides any value set by this method.

If no provider name / provider is explicitly set, the default JVM provider will be used.

Parameters:

providerName - the name of the security provider to be asked for the digest algorithm.

Since:

1.3

setProvider

public void setProvider(Provider provider)

Sets the security provider to be asked for the digest algorithm. The provider does not have to be registered at the security infrastructure beforehand, and its being used here will not result in its being registered.

If this method is called, calling setProviderName(String) becomes unnecessary.

If no provider name / provider is explicitly set, the default JVM provider will be used.

Parameters:

provider - the provider to be asked for the chosen algorithm

Since:

1.3

setInvertPositionOfSaltInMessageBeforeDigesting

public void setInvertPositionOfSaltInMessageBeforeDigesting(boolean invertPositionOfSaltInMessageBeforeDigesting)

Whether the salt bytes are to be appended after the message ones before performing the digest operation on the whole. The default behaviour is to insert those bytes before the message bytes, but setting this configuration item to true allows compatibility with some external systems and specifications (e.g. LDAP {SSHA}).

If this parameter is not explicitly set, the default behaviour (insertion of salt before message) will be applied.

Parameters:

invertPositionOfSaltInMessageBeforeDigesting - whether salt will be appended after the message before applying the digest operation on the whole, instead of inserted before it (which is the default).

Since:

1.7

setInvertPositionOfPlainSaltInEncryptionResults

public void setInvertPositionOfPlainSaltInEncryptionResults(boolean invertPositionOfPlainSaltInEncryptionResults)

Whether the plain (not hashed) salt bytes are to be appended after the digest operation result bytes. The default behaviour is to insert them before the digest result, but setting this configuration item to true allows compatibility with some external systems and specifications (e.g. LDAP {SSHA}).

If this parameter is not explicitly set, the default behaviour (insertion of plain salt before digest result) will be applied.

Parameters:

invertPositionOfPlainSaltInEncryptionResults - whether plain salt will be appended after the digest operation result instead of inserted before it (which is the default).

Since:

1.7

setUseLenientSaltSizeCheck

public void setUseLenientSaltSizeCheck(boolean useLenientSaltSizeCheck)

Whether digest matching operations will allow matching digests with a salt size different to the one configured in the "saltSizeBytes" property. This is possible because digest algorithms will produce a fixed-size result, so the remaining bytes from the hashed input will be considered salt.

This will allow the digester to match digests produced in environments which do not establish a fixed salt size as standard (for example, SSHA password encryption in LDAP systems).

The value of this property will not affect the creation of digests, which will always have a salt of the size established by the "saltSizeBytes" property. It will only affect digest matching.

Setting this property to true is not compatible with SaltGenerator implementations which return false for their SaltGenerator.includePlainSaltInEncryptionResults() property.

Also, be aware that some algorithms or algorithm providers might not support knowing the size of the digests beforehand, which is also incompatible with a lenient behaviour.

If this parameter is not explicitly set, the default behaviour (NOT lenient) will be applied.

Parameters:

useLenientSaltSizeCheck - whether the digester will allow matching of digests with different salt sizes than established or not (default is false).

Since:

1.7

setUnicodeNormalizationIgnored

public void setUnicodeNormalizationIgnored(boolean unicodeNormalizationIgnored)

Sets whether the unicode text normalization step should be ignored.

The Java Virtual Machine internally handles all Strings as UNICODE. When digesting or matching digests in jasypt, these Strings are first normalized to its NFC form so that digest matching is not affected by the specific form in which the messages where input.

It is normally safe (and recommended) to leave this parameter set to its default FALSE value (and thus DO perform normalization operations). But in some specific cases in which issues with legacy software could arise, it might be useful to set this to TRUE.

For more information on unicode text normalization, see this issue of Core Java Technologies Tech Tips.

Parameters:

unicodeNormalizationIgnored - whether the unicode text normalization step should be ignored or not.

Since:

1.3

setStringOutputType

public void setStringOutputType(String stringOutputType)

Sets the the form in which String output will be encoded. Available encoding types are:

• base64 (default)
• hexadecimal

If not set, null will be returned.

Parameters:

stringOutputType - the string output type.

Since:

1.3

setPrefix

public void setPrefix(String prefix)

Sets the prefix to be added at the beginning of encryption results, and also to be expected at the beginning of plain messages provided for matching operations (raising an EncryptionOperationNotPossibleException if not).

By default, no prefix will be added to encryption results.

Parameters:

prefix - the prefix to be set

Since:

1.7

setSuffix

public void setSuffix(String suffix)

Sets the suffix to be added at the end of encryption results, and also to be expected at the end of plain messages provided for matching operations (raising an EncryptionOperationNotPossibleException if not).

By default, no suffix will be added to encryption results.

Parameters:

suffix - the suffix to be set

Since:

1.7

isInitialized

public boolean isInitialized()

Returns true if the digester has already been initialized, false if not.
Initialization happens:

• When initialize is called.
• When digest or matches are called for the first time, if initialize has not been called before.

Once a digester has been initialized, trying to change its configuration will result in an AlreadyInitializedException being thrown.

Returns:

true if the digester has already been initialized, false if not.

initialize

public void initialize()

Initialize the digester.

This operation will consist in determining the actual configuration values to be used, and then initializing the digester with them.
These values are decided by applying the following priorities:

1. First, the default values are considered.
2. Then, if a DigesterConfig object has been set with setConfig, the non-null values returned by its getX methods override the default values.
3. Finally, if the corresponding setX method has been called on the digester itself for any of the configuration parameters, the values set by these calls override all of the above.

Once a digester has been initialized, trying to change its configuration will result in an AlreadyInitializedException being thrown.

Throws:

EncryptionInitializationException - if initialization could not be correctly done (for example, if the digest algorithm chosen cannot be used).

digest

public String digest(String message)

Performs a digest operation on a String message.

The steps taken for creating the digest are:

1. The String message is converted to a byte array.
2. A salt of the specified size is generated (see SaltGenerator).
3. The salt bytes are added to the message.
4. The hash function is applied to the salt and message altogether, and then to the results of the function itself, as many times as specified (iterations).
5. If specified by the salt generator (see SaltGenerator.includePlainSaltInEncryptionResults()), the undigested salt and the final result of the hash function are concatenated and returned as a result.
6. The result of the concatenation is encoded in BASE64 (default) or HEXADECIMAL and returned as an ASCII String.

Put schematically in bytes:

• DIGEST = |S|..(ssb)..|S|X|X|X|...|X|
  • S: salt bytes (plain, not digested). (OPTIONAL).
  • ssb: salt size in bytes.
  • X: bytes resulting from hashing (see below).
• |X|X|X|...|X| = H(H(H(..(it)..H(Z|Z|Z|...|Z|))))
  • H: Hash function (algorithm).
  • it: Number of iterations.
  • Z: Input for hashing (see below).
• |Z|Z|Z|...|Z| = |S|..(ssb)..|S|M|M|M...|M|
  • S: salt bytes (plain, not digested).
  • ssb: salt size in bytes.
  • M: message bytes.

If a random salt generator is used, two digests created for the same message will always be different (except in the case of random salt coincidence). Because of this, in this case the result of the digest method will contain both the undigested salt and the digest of the (salt + message), so that another digest operation can be performed with the same salt on a different message to check if both messages match (all of which will be managed automatically by the matches method).

Specified by:

digest in interface StringDigester

Parameters:

message - the String to be digested

Returns:

the digest result

Throws:

EncryptionOperationNotPossibleException - if the digest operation fails, ommitting any further information about the cause for security reasons.

EncryptionInitializationException - if initialization could not be correctly done (for example, if the digest algorithm chosen cannot be used).

matches

public boolean matches(String message,
                       String digest)

Checks a message against a given digest.

This method tells whether a message corresponds to a specific digest or not by getting the salt with which the digest was created and applying it to a digest operation performed on the message. If new and existing digest match, the message is said to match the digest.

This method will be used, for instance, for password checking in authentication processes.

A null message will only match a null digest.

Specified by:

matches in interface StringDigester

Parameters:

message - the message to be compared to the digest.

digest - the digest.

Returns:

true if the specified message matches the digest, false if not.

Throws:

EncryptionOperationNotPossibleException - if the digest matching operation fails, ommitting any further information about the cause for security reasons.

EncryptionInitializationException - if initialization could not be correctly done (for example, if the digest algorithm chosen cannot be used).