org.mozilla.jss.crypto

Class SecretDecoderRing


public class SecretDecoderRing
extends java.lang.Object

This is a proprietary NSS interface. It is used for encrypting data with a secret key stored in the NSS key database (which is in turn protected with a password). It thus provides a quick, convenient way to encrypt stuff your application wants to keep around for its own use: for example, the list of web passwords stored in the web browser.

A dedicated key is used to encrypt all SecretDecoderRing data. The same key is used for all SDR data, and not for any other data. This key will be generated the first time it is needed.

The cipher used is DES3-EDE (Triple-DES) in CBC mode. The ciphertext is DER-encoded in the following ASN.1 data structure:

    SEQUENCE {
      keyid       OCTET STRING,
      alg         AlgorithmIdentifier,
      ciphertext  OCTET STRING }
 

You must set the password on the Internal Key Storage Token (aka software token, key3.db) before you use the SecretDecoderRing.

Field Summary

static String
encodingFormat

Method Summary

byte[]
decrypt(byte[] ciphertext)
Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database.
String
decryptToString(byte[] ciphertext)
Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database, returning the original plaintext string.
byte[]
encrypt(String plaintext)
Encrypts the given plaintext string with the Secret Decoder Ring key stored in the NSS key database.
byte[]
encrypt(byte[] plaintext)
Encrypts the given plaintext with the Secret Decoder Ring key stored in the NSS key database.

Field Details

encodingFormat

public static final String encodingFormat

Method Details

decrypt

public byte[] decrypt(byte[] ciphertext)
            throws TokenException
Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database.

decryptToString

public String decryptToString(byte[] ciphertext)
            throws TokenException
Decrypts the given ciphertext with the Secret Decoder Ring key stored in the NSS key database, returning the original plaintext string.

encrypt

public byte[] encrypt(String plaintext)
            throws TokenException
Encrypts the given plaintext string with the Secret Decoder Ring key stored in the NSS key database.

encrypt

public byte[] encrypt(byte[] plaintext)
            throws TokenException
Encrypts the given plaintext with the Secret Decoder Ring key stored in the NSS key database.