Package com.couchbase.client.core.encryption

Interface CryptoManager

@Volatile
public interface CryptoManager
Provides low-level encryption routines for implementing Field-Level Encryption as specified by Couchbase RFC-0032.

An implementation knows how to encrypt and decrypt field values, and provides methods for inspecting and transforming JSON field names to indicate whether a field holds an encrypted value.

CryptoManager is intended to be usable with any JSON library. The plaintext value of a field is represented by a byte array containing valid JSON. The encrypted form is represented by a Map which may be serialized as a JSON Object by your library of choice.

If you wish to encrypt or decrypt the fields of a Couchbase JsonObject, it may be more convenient to work with a higher level abstraction like the one provided by the Java SDK's JsonObjectCrypto class.

Implementations must be thread-safe.

  • Field Summary

    Fields
    Modifier and Type Field Description
    static String DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX
    The prefix to use when mangling the names of encrypted fields according to the default name mangling strategy.
    static String DEFAULT_ENCRYPTER_ALIAS
    The name that refers to the default encrypter if one is present.

  • Method Summary

    Modifier and Type Method Description
    byte[] decrypt​(Map<String,​Object> encryptedNode)
    Selects an appropriate decrypter based on the contents of the encrypted node and uses it to decrypt the data.
    default String demangle​(String fieldName)
    Reverses the transformation applied by mangle(java.lang.String) and returns the original field name.
    Map<String,​Object> encrypt​(byte[] plaintext, String encrypterAlias)
    Encrypts the given data using the named encrypter.
    default boolean isMangled​(String fieldName)
    Returns true if the given field name has been mangled by mangle(String).
    default String mangle​(String fieldName)
    Transforms the given field name to indicate its value is encrypted.

  • Field Details

    • DEFAULT_ENCRYPTER_ALIAS

      static final String DEFAULT_ENCRYPTER_ALIAS
      The name that refers to the default encrypter if one is present.
      See Also:
      Constant Field Values

    • DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX

      static final String DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX
      The prefix to use when mangling the names of encrypted fields according to the default name mangling strategy.
      See Also:
      Constant Field Values

  • Method Details

    • encrypt

      Map<String,​Object> encrypt​(byte[] plaintext, String encrypterAlias)
      Encrypts the given data using the named encrypter.
      Parameters:
      plaintext - the message to encrypt
      encrypterAlias - (nullable) alias of the encrypter to use, or null for default encrypter.
      Returns:
      A map representing the encrypted form of the plaintext.

    • decrypt

      byte[] decrypt​(Map<String,​Object> encryptedNode)
      Selects an appropriate decrypter based on the contents of the encrypted node and uses it to decrypt the data.
      Parameters:
      encryptedNode - the encrypted form of a message
      Returns:
      the plaintext message

    • mangle

      default String mangle​(String fieldName)
      Transforms the given field name to indicate its value is encrypted.

    • demangle

      default String demangle​(String fieldName)
      Reverses the transformation applied by mangle(java.lang.String) and returns the original field name.

    • isMangled

      default boolean isMangled​(String fieldName)
      Returns true if the given field name has been mangled by mangle(String).