Compare two signed tokens
Constant time equals method.
Constant time equals method.
Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
Decrypt a String with the AES encryption standard.
Decrypt a String with the AES encryption standard.
The private key must have a length of 16 bytes.
The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining
play.crypto.provider
in application.conf
.
The transformation used is by default AES/CTR/NoPadding
. It can be configured by defining
play.crypto.aes.transformation
in application.conf
. Although any cipher transformation algorithm can
be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.
An hexadecimal encrypted string.
The key used to encrypt.
The decrypted String.
Decrypt a String with the AES encryption standard using the application's secret key.
Decrypt a String with the AES encryption standard using the application's secret key.
The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining
play.crypto.provider
in application.conf
.
The transformation used is by default AES/CTR/NoPadding
. It can be configured by defining
play.crypto.aes.transformation
in application.conf
. Although any cipher transformation algorithm can
be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.
An hexadecimal encrypted string.
The decrypted String.
Encrypt a String with the AES encryption standard and the supplied private key.
Encrypt a String with the AES encryption standard and the supplied private key.
The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining
play.crypto.provider
in application.conf
.
The transformation algorithm used is the provider specific implementation of the AES
name. On Oracles JDK,
this is AES/CTR/NoPadding
. This algorithm is suitable for small amounts of data, typically less than 32
bytes, hence is useful for encrypting credit card numbers, passwords etc. For larger blocks of data, this
algorithm may expose patterns and be vulnerable to repeat attacks.
The transformation algorithm can be configured by defining play.crypto.aes.transformation
in
application.conf
. Although any cipher transformation algorithm can be selected here, the secret key spec used
is always AES, so only AES transformation algorithms will work.
The String to encrypt.
The key used to encrypt.
A Base64 encrypted string.
Encrypt a String with the AES encryption standard using the application's secret key.
Encrypt a String with the AES encryption standard using the application's secret key.
The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining
play.crypto.provider
in application.conf
.
The transformation algorithm used is the provider specific implementation of the AES
name. On Oracles JDK,
this is AES/CTR/NoPadding
. This algorithm is suitable for small amounts of data, typically less than 32
bytes, hence is useful for encrypting credit card numbers, passwords etc. For larger blocks of data, this
algorithm may expose patterns and be vulnerable to repeat attacks.
The transformation algorithm can be configured by defining play.crypto.aes.transformation
in
application.conf
. Although any cipher transformation algorithm can be selected here, the secret key spec used
is always AES, so only AES transformation algorithms will work.
The String to encrypt.
An hexadecimal encrypted string.
Extract a signed token that was signed by play.api.libs.Crypto.signToken.
Extract a signed token that was signed by play.api.libs.Crypto.signToken.
The signed token to extract.
The verified raw token, or None if the token isn't valid.
Generate a signed token
Generate a cryptographically secure token
Signs the given String with HMAC-SHA1 using the application’s secret key.
Signs the given String with HMAC-SHA1 using the application’s secret key.
By default this uses the platform default JSSE provider. This can be overridden by defining
play.crypto.provider
in application.conf
.
The message to sign.
A hexadecimal encoded signature.
Signs the given String with HMAC-SHA1 using the given key.
Signs the given String with HMAC-SHA1 using the given key.
By default this uses the platform default JSSE provider. This can be overridden by defining
play.crypto.provider
in application.conf
.
The message to sign.
The private key to sign with.
A hexadecimal encoded signature.
Sign a token.
Sign a token. This produces a new token, that has this token signed with a nonce.
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
The token to sign
The signed token
Cryptographic utilities.
These utilities are intended as a convenience, however it is important to read each methods documentation and understand the concepts behind encryption to use this class properly. Safe encryption is hard, and there is no substitute for an adequate understanding of cryptography. These methods will not be suitable for all encryption needs.
For more information about cryptography, we recommend reading the OWASP Cryptographic Storage Cheatsheet:
https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet