Sealed Objects

The final class in the JCE that we’ll investigate is the SealedObject class (javax.crypto.SealedObject). This class is very similar to the SignedObject class we examined in Chapter 12, except that the stored, serialized object is encrypted rather than signed:

public class SealedObject

A class that can embed within it a serializable object in an encrypted form.

Constructing a sealed object is achieved as follows:

public SealedObject(Serializable obj, Cipher c)

Construct a sealed object. The sealed object serializes the given object to an embedded byte array, effectively making a copy of the object. It then uses the given cipher to encrypt the embedded byte array. If the object is unable to be serialized, an IOException is thrown; an error in encrypting the byte array results in an IllegalBlockSizeException. If the cipher object has not been initialized, an IllegalStateException is generated.

To retrieve the object, we use this method:

public Object getObject(Cipher c)

Decrypt the embedded byte array and deserialize it, returning the reconstituted object. The cipher must have been initialized with the same mode and key as the cipher that was passed to the constructor when the object was first created, otherwise a BadPaddingMethodException or an IllegalBlockSizeException is thrown. If the cipher was not initialized, an IllegalStateException is generated; failure to find the serialized class results in a ClassNotFoundException, and generic deserialization errors results ...

Get Java Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial