Package com.couchbase.client.core.encryption

Interface CryptoManager

@Volatile public interface CryptoManager
Provides low-level encryption routines for implementing Field-Level Encryption as specified by Couchbase RFC-0032.

An implementation knows how to encrypt and decrypt field values, and provides methods for inspecting and transforming JSON field names to indicate whether a field holds an encrypted value.

CryptoManager is intended to be usable with any JSON library. The plaintext value of a field is represented by a byte array containing valid JSON. The encrypted form is represented by a Map which may be serialized as a JSON Object by your library of choice.

If you wish to encrypt or decrypt the fields of a Couchbase JsonObject, it may be more convenient to work with a higher level abstraction like the one provided by the Java SDK's JsonObjectCrypto class.

Implementations must be thread-safe.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX
    The prefix to use when mangling the names of encrypted fields according to the default name mangling strategy.
    static final String
    DEFAULT_ENCRYPTER_ALIAS
    The name that refers to the default encrypter if one is present.

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    decrypt(Map<String,Object> encryptedNode)
    Selects an appropriate decrypter based on the contents of the encrypted node and uses it to decrypt the data.
    default String
    demangle(String fieldName)
    Reverses the transformation applied by mangle(java.lang.String) and returns the original field name.
    Map<String,Object>
    encrypt(byte[] plaintext, String encrypterAlias)
    Encrypts the given data using the named encrypter.
    default boolean
    isMangled(String fieldName)
    Returns true if the given field name has been mangled by mangle(String).
    default String
    mangle(String fieldName)
    Transforms the given field name to indicate its value is encrypted.

  • Field Details

    • DEFAULT_ENCRYPTER_ALIAS

      static final String DEFAULT_ENCRYPTER_ALIAS
      The name that refers to the default encrypter if one is present.
      See Also:

    • DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX

      static final String DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX
      The prefix to use when mangling the names of encrypted fields according to the default name mangling strategy.
      See Also:

  • Method Details

    • encrypt

      Map<String,Object> encrypt(byte[] plaintext, String encrypterAlias)
      Encrypts the given data using the named encrypter.
      Parameters:
      plaintext - the message to encrypt
      encrypterAlias - (nullable) alias of the encrypter to use, or null for default encrypter.
      Returns:
      A map representing the encrypted form of the plaintext.

    • decrypt

      byte[] decrypt(Map<String,Object> encryptedNode)
      Selects an appropriate decrypter based on the contents of the encrypted node and uses it to decrypt the data.
      Parameters:
      encryptedNode - the encrypted form of a message
      Returns:
      the plaintext message

    • mangle

      default String mangle(String fieldName)
      Transforms the given field name to indicate its value is encrypted.

    • demangle

      default String demangle(String fieldName)
      Reverses the transformation applied by mangle(java.lang.String) and returns the original field name.

    • isMangled

      default boolean isMangled(String fieldName)
      Returns true if the given field name has been mangled by mangle(String).