Class SecretDecoderRing


  • public class SecretDecoderRing
    extends java.lang.Object
    This is a special-purpose interface for NSS. It is used for encrypting data with a secret key stored in the NSS key database (which is in turn protected with a password). It thus provides a quick, convenient way to encrypt stuff your application wants to keep around for its own use: for example, the list of web passwords stored in the web browser.

    A dedicated key is used to encrypt all SecretDecoderRing data. The same key is used for all SDR data, and not for any other data. This key will be generated the first time it is needed.

    The cipher used is DES3-EDE (Triple-DES) in CBC mode. The ciphertext is DER-encoded in the following ASN.1 data structure:

        SEQUENCE {
          keyid       OCTET STRING,
          alg         AlgorithmIdentifier,
          ciphertext  OCTET STRING }
     

    You must set the password on the Internal Key Storage Token (aka software token, key3.db) before you use the SecretDecoderRing.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String encodingFormat  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      byte[] decrypt​(byte[] ciphertext)
      Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database.
      java.lang.String decryptToString​(byte[] ciphertext)
      Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database, returning the original plaintext string.
      byte[] encrypt​(byte[] plaintext)
      Encrypts the given plaintext with the Secret Decoder Ring key stored in the NSS key database.
      byte[] encrypt​(java.lang.String plaintext)
      Encrypts the given plaintext string with the Secret Decoder Ring key stored in the NSS key database.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • SecretDecoderRing

        public SecretDecoderRing()
    • Method Detail

      • encrypt

        public byte[] encrypt​(byte[] plaintext)
                       throws TokenException
        Encrypts the given plaintext with the Secret Decoder Ring key stored in the NSS key database.
        Throws:
        TokenException
      • encrypt

        public byte[] encrypt​(java.lang.String plaintext)
                       throws TokenException
        Encrypts the given plaintext string with the Secret Decoder Ring key stored in the NSS key database.
        Throws:
        TokenException
      • decrypt

        public byte[] decrypt​(byte[] ciphertext)
                       throws TokenException
        Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database.
        Throws:
        TokenException
      • decryptToString

        public java.lang.String decryptToString​(byte[] ciphertext)
                                         throws TokenException
        Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database, returning the original plaintext string.
        Throws:
        TokenException