@NotThreadSafe public abstract class RaesReadOnlyChannel extends net.java.truecommons.io.ReadOnlyChannel
SeekableByteChannel for random read-only
access to the plain text data of a RAES encrypted file, where RAES means
Random Access Encryption Specification.
RAES specifies a multistep authentication process:
The first step is mandatory and implemented in the constructor of the concrete implementation of this abstract class. For this step only the cipher key and the file length is authenticated, which is fast to process (O(1)).
The second step is optional and must be initiated by the client by calling
authenticate().
For this step the entire cipher text is authenticated, which is comparably
slow (O(n)).
Please note that this step does not require the cipher text to be
decrypted first, which features comparably fast processing.
So it is up to the application which level of security it needs to
provide:
Most applications should always call authenticate() in
order to guard against integrity attacks.
However, some applications may provide additional (faster) methods for
authentication of the pay load, in which case the authentication
provided by this class may be safely skipped.
Note that this channel implements its own virtual file pointer.
RaesOutputStream| Constructor and Description |
|---|
RaesReadOnlyChannel() |
| Modifier and Type | Method and Description |
|---|---|
abstract void |
authenticate()
Authenticates all encrypted data in this read only file.
|
static RaesReadOnlyChannel |
create(RaesParameters param,
net.java.truecommons.io.Source source)
Creates a new RAES read-only channel.
|
abstract net.java.truecommons.key.spec.common.AesKeyStrength |
getKeyStrength()
Returns the key strength which is actually used to decrypt the data
of the RAES file.
|
public abstract void authenticate()
throws RaesAuthenticationException,
IOException
This is the second, optional step of authentication. The first, mandatory step is to compute the cipher key and cipher text length only and must already have been successfully completed in the constructor.
RaesAuthenticationException - If the computed MAC does not match
the MAC declared in the RAES file.IOException - On any I/O related issue.@CreatesObligation public static RaesReadOnlyChannel create(RaesParameters param, net.java.truecommons.io.Source source) throws RaesParametersException, RaesException, EOFException, IOException
param - the RaesParameters required to access the RAES
type actually found in the file.
If the class of this parameter does not match the required
parameter interface according to the RAES type found in the
file, but is an instance of the RaesParametersProvider
interface, then it gets queried to find the required RAES
parameters.
This algorithm gets recursively applied.source - the source for reading the RAES file from.RaesParametersException - If no RAES parameter can be found which
match the type of RAES file in the given channel.RaesException - If the file is not RAES compatible.EOFException - on unexpected end-of-file.IOException - on any I/O error.public abstract net.java.truecommons.key.spec.common.AesKeyStrength getKeyStrength()
Copyright © 2005–2018 Schlichtherle IT Services. All rights reserved.