Package org.apache.ignite.spi.encryption

Interface EncryptionSpi

    • Method Detail

      • masterKeyDigest

        byte[] masterKeyDigest()
        Returns master key digest. Should always return same digest for a same key. Digest used for a configuration consistency check.
        Returns:
        Master key digest.

      • masterKeyDigest

        byte[] masterKeyDigest​(String masterKeyName)
        Returns master key digest by name. Should always return same digest for a same key. Digest used for a configuration consistency check.
        Parameters:
        masterKeyName - Master key name.
        Returns:
        Master key digest.

      • create

        Serializable create()
             throws IgniteException
        Creates new key for an encryption/decryption of cache persistent data: pages, WAL records.
        Returns:
        Newly created encryption key.
        Throws:
        IgniteException - If key creation failed.

      • encrypt

        void encrypt​(ByteBuffer data,
             Serializable key,
             ByteBuffer res)
        Encrypts data.
        Parameters:
        data - Data to encrypt.
        key - Encryption key.
        res - Destination buffer.

      • encryptNoPadding

        void encryptNoPadding​(ByteBuffer data,
                      Serializable key,
                      ByteBuffer res)
        Encrypts data without padding info.
        Parameters:
        data - Data to encrypt.
        key - Encryption key.
        res - Destination buffer.

      • decrypt

        default void decrypt​(ByteBuffer data,
                     Serializable key,
                     ByteBuffer res)
        Decrypts data encrypted with encrypt(ByteBuffer, Serializable, ByteBuffer). Note: Default method implementation was introduced for compatibility. This implementation is not effective for direct byte buffers, since it requires additional array creation and copy. It's better to have own implementation of this method in SPI.
        Parameters:
        data - Data to decrypt.
        key - Encryption key.
        res - Destination of the decrypted data.

      • encryptKey

        byte[] encryptKey​(Serializable key)
        Encrypts key. Adds some info to check key integrity on decryption.
        Parameters:
        key - Key to encrypt.
        Returns:
        Encrypted key.

      • encryptKey

        byte[] encryptKey​(Serializable key,
                  String masterKeyName)
        Encrypts a key with the master key specified by name. Adds some info to check key integrity on decryption.
        Parameters:
        key - Key to encrypt.
        masterKeyName - Master key name.
        Returns:
        Encrypted key.

      • decryptKey

        Serializable decryptKey​(byte[] key)
        Decrypts key and checks it integrity.
        Parameters:
        key - Key to decrypt.
        Returns:
        Encrypted key.

      • decryptKey

        Serializable decryptKey​(byte[] key,
                        String masterKeyName)
        Decrypts key and checks its integrity using the master key specified by name.
        Parameters:
        key - Key to decrypt.
        masterKeyName - Master key name.
        Returns:
        Encrypted key.

      • encryptedSize

        int encryptedSize​(int dataSize)
        Parameters:
        dataSize - Size of plain data in bytes.
        Returns:
        Size of encrypted data in bytes for padding encryption mode.

      • encryptedSizeNoPadding

        int encryptedSizeNoPadding​(int dataSize)
        Parameters:
        dataSize - Size of plain data in bytes.
        Returns:
        Size of encrypted data in bytes for nopadding encryption mode.

      • blockSize

        int blockSize()
        Returns:
        Encrypted data block size.