Crypto (Play 2.5.17)

java.lang.Object
- play.libs.Crypto

All Implemented Interfaces:

CookieSigner, CSRFTokenSigner

Deprecated.
This class is deprecated and will be removed in future versions.
```
@Deprecated
 @Singleton
public class Crypto
extends java.lang.Object
implements CSRFTokenSigner, CookieSigner
```
This class is not suitable for use as a general cryptographic library, and is not used internally by Play. It will be removed in future versions. Please see Crypto Migration Guide for details, including how to migrate to another crypto system.

Constructor Summary

Constructors
Constructor and Description

Crypto(play.api.libs.Crypto crypto)
Deprecated.

Constructors
Constructor and Description
`Crypto(play.api.libs.Crypto crypto)` Deprecated.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`play.api.libs.Crypto`	`asScala()` Deprecated.
`boolean`	`compareSignedTokens(java.lang.String tokenA, java.lang.String tokenB)` Deprecated. Compare two signed tokens
`boolean`	`constantTimeEquals(java.lang.String a, java.lang.String b)` Deprecated. Constant time equals method.
`java.lang.String`	`decryptAES(java.lang.String value)` Deprecated. This method is deprecated and will be removed in future versions.
`java.lang.String`	`decryptAES(java.lang.String value, java.lang.String privateKey)` Deprecated. This method is deprecated and will be removed in future versions.
`java.lang.String`	`encryptAES(java.lang.String value)` Deprecated. This method is deprecated and will be removed in future versions.
`java.lang.String`	`encryptAES(java.lang.String value, java.lang.String privateKey)` Deprecated. This method is deprecated and will be removed in future versions.
`java.lang.String`	`extractSignedToken(java.lang.String token)` Deprecated. Extract a signed token that was signed by `signToken(String)`.
`java.lang.String`	`generateSignedToken()` Deprecated. Generate a signed token
`java.lang.String`	`generateToken()` Deprecated. Generate a cryptographically secure token
`java.lang.String`	`sign(java.lang.String message)` Deprecated. Signs the given String with HMAC-SHA1 using the application's secret key.
`java.lang.String`	`signToken(java.lang.String token)` Deprecated. Sign a token.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - Crypto
```
@Inject
public Crypto(play.api.libs.Crypto crypto)
```
    Deprecated.
- Method Detail
  - asScala
```
public play.api.libs.Crypto asScala()
```
    Deprecated.
    
    Specified by:
    
    asScala in interface CSRFTokenSigner
  - sign
```
public java.lang.String sign(java.lang.String message)
```
    Deprecated.
    
    Signs the given String with HMAC-SHA1 using the application's secret key.
    By default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.
    
    Specified by:
    
    sign in interface CookieSigner
    
    Parameters:
    
    message - The message to sign.
    
    Returns:
    
    A hexadecimal encoded signature.
  - signToken
```
public java.lang.String signToken(java.lang.String token)
```
    Deprecated.
    
    Sign a token. This produces a new token, that has this token signed with a nonce. This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
    
    Specified by:
    
    signToken in interface CookieSigner
    
    Parameters:
    
    token - The token to sign
    
    Returns:
    
    The signed token
  - extractSignedToken
```
public java.lang.String extractSignedToken(java.lang.String token)
```
    Deprecated.
    
    Extract a signed token that was signed by signToken(String).
    
    Specified by:
    
    extractSignedToken in interface CSRFTokenSigner
    
    Parameters:
    
    token - The signed token to extract.
    
    Returns:
    
    The verified raw token, or null if the token isn't valid.
  - generateToken
```
public java.lang.String generateToken()
```
    Deprecated.
    
    Generate a cryptographically secure token
    
    Specified by:
    
    generateToken in interface CSRFTokenSigner
  - generateSignedToken
```
public java.lang.String generateSignedToken()
```
    Deprecated.
    
    Generate a signed token
    
    Specified by:
    
    generateSignedToken in interface CSRFTokenSigner
  - compareSignedTokens
```
public boolean compareSignedTokens(java.lang.String tokenA,
                                   java.lang.String tokenB)
```
    Deprecated.
    
    Compare two signed tokens
    
    Specified by:
    
    compareSignedTokens in interface CSRFTokenSigner
  - constantTimeEquals
```
public boolean constantTimeEquals(java.lang.String a,
                                  java.lang.String b)
```
    Deprecated.
    
    Constant time equals method. Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
    
    Specified by:
    
    constantTimeEquals in interface CSRFTokenSigner
  - encryptAES
```
@Deprecated
public java.lang.String encryptAES(java.lang.String value)
```
    Deprecated. This method is deprecated and will be removed in future versions.
    
    Encrypt a String with the AES encryption standard using the application's secret key.
    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.
    The transformation algorithm used is the provider specific implementation of the AES name. On Oracles JDK, this is AES/CTR/NoPadding. This algorithm is suitable for small amounts of data, typically less than 32 bytes, hence is useful for encrypting credit card numbers, passwords etc. For larger blocks of data, this algorithm may expose patterns and be vulnerable to repeat attacks.
    The transformation algorithm can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.
    
    Parameters:
    
    value - The String to encrypt.
    
    Returns:
    
    An hexadecimal encrypted string.
  - encryptAES
```
@Deprecated
public java.lang.String encryptAES(java.lang.String value,
                                               java.lang.String privateKey)
```
    Deprecated. This method is deprecated and will be removed in future versions.
    
    Encrypt a String with the AES encryption standard and the supplied private key.
    The private key must have a length of 16 bytes.
    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.
    The transformation algorithm used is the provider specific implementation of the AES name. On Oracles JDK, this is AES/CTR/NoPadding. This algorithm is suitable for small amounts of data, typically less than 32bytes, hence is useful for encrypting credit card numbers, passwords etc. For larger blocks of data, this algorithm may expose patterns and be vulnerable to repeat attacks.
    The transformation algorithm can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.
    
    Parameters:
    
    value - The String to encrypt.
    
    privateKey - The key used to encrypt.
    
    Returns:
    
    An hexadecimal encrypted string.
  - decryptAES
```
@Deprecated
public java.lang.String decryptAES(java.lang.String value)
```
    Deprecated. This method is deprecated and will be removed in future versions.
    
    Decrypt a String with the AES encryption standard using the application's secret key.
    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.
    The transformation used is by default AES/CTR/NoPadding. It can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.
    
    Parameters:
    
    value - An hexadecimal encrypted string.
    
    Returns:
    
    The decrypted String.
  - decryptAES
```
@Deprecated
public java.lang.String decryptAES(java.lang.String value,
                                               java.lang.String privateKey)
```
    Deprecated. This method is deprecated and will be removed in future versions.
    
    Decrypt a String with the AES encryption standard.
    The private key must have a length of 16 bytes.
    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.
    The transformation used is by default AES/CTR/NoPadding. It can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.
    
    Parameters:
    
    value - An hexadecimal encrypted string.
    
    privateKey - The key used to encrypt.
    
    Returns:
    
    The decrypted String.

Class Crypto

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

Crypto

Method Detail

asScala

sign

signToken

extractSignedToken

generateToken

generateSignedToken

compareSignedTokens

constantTimeEquals

encryptAES

encryptAES

decryptAES

decryptAES