13.8. Sealed Objects
The
final class in the JCE that we'll investigate is the
SealedObject class
(javax.crypto.SealedObject). This class is very
similar to the SignedObject class we examined in
Chapter 12, "Digital Signatures", except that the stored, serialized
object is encrypted rather than signed:
-
public class SealedObject
-
A class that can embed within it a serializable object in an
encrypted form.
Constructing a sealed object is achieved as follows:
-
public SealedObject(Serializable obj, Cipher c)
-
Construct a sealed object. The sealed object serializes the given
object to an embedded byte array, effectively making a copy of the
object. It then uses the given cipher to encrypt the embedded byte
array. If the object is unable to be serialized, an
IOException is thrown; an error in encrypting
the byte array results in an
IllegalBlockSizeException. If the cipher object
has not been initialized, an
IllegalStateException is generated.
To retrieve the object, we use this method:
-
public Object getObject(Cipher c)
-
Decrypt the embedded byte array and deserialize it, returning the
reconstituted object. The cipher must have been initialized with the
same mode and key as the cipher that was passed to the constructor
when the object was first created, otherwise a
BadPaddingMethodException or an
IllegalBlockSizeException is thrown. If the
cipher was not initialized, an
IllegalStateException is generated; failure to
find the serialized class results in a
ClassNotFoundException, and generic
deserialization errors results in an
IOException.
These are the only two operations that may be performed upon a sealed
object. Just keep in mind that the embedded object in this class is a
serialized instance of the original object: the technique the object
uses to perform serialization may affect the resulting object that is
retrieved from the sealed object. This class can help us prevent
someone from tampering with our serialized object, but the
reconstituted object may be lacking transient fields or other
information (depending, of course, on the implementation of the
object itself).
| | |
13.7. Symmetric Key Agreement | | 13.9. Summary |
Copyright © 2001 O'Reilly & Associates. All rights reserved.
|
|