Package org.cryptomator.cryptolib.api

Interface FileNameCryptor

  • public interface FileNameCryptor
    Provides deterministic encryption capabilities as filenames must not change on subsequent encryption attempts, otherwise each change results in major directory structure changes which would be a terrible idea for cloud storage encryption.
    See Also:
    Wikipedia on deterministic encryption

    • Method Detail

      • hashDirectoryId

        String hashDirectoryId​(String cleartextDirectoryId)
        Parameters:
        cleartextDirectoryId - an arbitrary directory id to be passed to one-way hash function
        Returns:
        constant length string, that is unlikely to collide with any other name.

      • encryptFilename

        String encryptFilename​(com.google.common.io.BaseEncoding encoding,
                       String cleartextName,
                       byte[]... associatedData)
        Parameters:
        encoding - Encoding to use to encode the returned ciphertext
        cleartextName - original filename including cleartext file extension
        associatedData - optional associated data, that will not get encrypted but needs to be provided during decryption
        Returns:
        encrypted filename without any file extension

      • decryptFilename

        String decryptFilename​(com.google.common.io.BaseEncoding encoding,
                       String ciphertextName,
                       byte[]... associatedData)
                throws AuthenticationFailedException
        Parameters:
        encoding - Encoding to use to decode ciphertextName
        ciphertextName - Ciphertext only, with any additional strings like file extensions stripped first.
        associatedData - the same associated data used during encryption, otherwise and AuthenticationFailedException will be thrown
        Returns:
        cleartext filename, probably including its cleartext file extension.
        Throws:
        AuthenticationFailedException - if the ciphertext is malformed