Sealed Objects
The
final class in JCE that we’ll
investigate is the SealedObject
class
(javax.crypto.SealedObject
). This class is very
similar to the SignedObject
class we examined in
Chapter 12, except that the stored, serialized
object is encrypted rather than signed:
- public class SealedObject
A class that can embed within it a serializable object in an encrypted form.
You can construct a sealed object as follows:
- public SealedObject(Serializable obj, Cipher c)
Construct a sealed object. The sealed object serializes the given object to an embedded byte array, effectively making a copy of the object. It then uses the given cipher to encrypt the embedded byte array. If the object is unable to be serialized, an
IOException
is thrown; an error in encrypting the byte array results in anIllegalBlockSizeException
. If the cipher object has not been initialized, anIllegalStateException
is generated.
To retrieve the object, we use this method:
- public Object getObject(Cipher c)
Decrypt the embedded byte array and deserialize it, returning the reconstituted object. The cipher must have been initialized with the same mode and key as the cipher that was passed to the constructor when the object was first created, otherwise a
BadPaddingMethodException
or anIllegalBlockSizeException
is thrown. If the cipher was not initialized, anIllegalStateException
is generated; failure to find the serialized class results in aClassNotFoundException
, and generic deserialization errors result in an
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.