play.api.libs

Crypto

object Crypto

Cryptographic utilities.

These utilities are intended as a convenience, however it is important to read each methods documentation and understand the concepts behind encryption to use this class properly. Safe encryption is hard, and there is no substitute for an adequate understanding of cryptography. These methods will not be suitable for all encryption needs.

For more information about cryptography, we recommend reading the OWASP Cryptographic Storage Cheatsheet:

https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet

Source
Crypto.scala
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. Crypto
  2. AnyRef
  3. Any
  1. Hide All
  2. Show all
Learn more about member selection
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  2. final def !=(arg0: Any): Boolean

    Definition Classes
    Any
  3. final def ##(): Int

    Definition Classes
    AnyRef → Any
  4. final def ==(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  5. final def ==(arg0: Any): Boolean

    Definition Classes
    Any
  6. final def asInstanceOf[T0]: T0

    Definition Classes
    Any
  7. def clone(): AnyRef

    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  8. def compareSignedTokens(tokenA: String, tokenB: String): Boolean

    Compare two signed tokens

  9. def constantTimeEquals(a: String, b: String): Boolean

    Constant time equals method.

    Constant time equals method.

    Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.

  10. def decryptAES(value: String, privateKey: String): String

    Decrypt a String with the AES encryption standard.

    Decrypt a String with the AES encryption standard.

    The private key must have a length of 16 bytes.

    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.

    The transformation used is by default AES/ECB/PKCS5Padding. It can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.

    value

    An hexadecimal encrypted string.

    privateKey

    The key used to encrypt.

    returns

    The decrypted String.

  11. def decryptAES(value: String): String

    Decrypt a String with the AES encryption standard using the application's secret key.

    Decrypt a String with the AES encryption standard using the application's secret key.

    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.

    The transformation used is by default AES/ECB/PKCS5Padding. It can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.

    value

    An hexadecimal encrypted string.

    returns

    The decrypted String.

  12. def encryptAES(value: String, privateKey: String): String

    Encrypt a String with the AES encryption standard and the supplied private key.

    Encrypt a String with the AES encryption standard and the supplied private key.

    The private key must have a length of 16 bytes.

    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.

    The transformation algorithm used is the provider specific implementation of the AES name. On Oracles JDK, this is AES/ECB/PKCS5Padding. This algorithm is suitable for small amounts of data, typically less than 32 bytes, hence is useful for encrypting credit card numbers, passwords etc. For larger blocks of data, this algorithm may expose patterns and be vulnerable to repeat attacks.

    The transformation algorithm can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.

    value

    The String to encrypt.

    privateKey

    The key used to encrypt.

    returns

    An hexadecimal encrypted string.

  13. def encryptAES(value: String): String

    Encrypt a String with the AES encryption standard using the application's secret key.

    Encrypt a String with the AES encryption standard using the application's secret key.

    The provider used is by default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.

    The transformation algorithm used is the provider specific implementation of the AES name. On Oracles JDK, this is AES/ECB/PKCS5Padding. This algorithm is suitable for small amounts of data, typically less than 32 bytes, hence is useful for encrypting credit card numbers, passwords etc. For larger blocks of data, this algorithm may expose patterns and be vulnerable to repeat attacks.

    The transformation algorithm can be configured by defining application.crypto.aes.transformation in application.conf. Although any cipher transformation algorithm can be selected here, the secret key spec used is always AES, so only AES transformation algorithms will work.

    value

    The String to encrypt.

    returns

    An hexadecimal encrypted string.

  14. final def eq(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  15. def equals(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any
  16. def extractSignedToken(token: String): Option[String]

    Extract a signed token that was signed by play.api.libs.Crypto.signToken.

    Extract a signed token that was signed by play.api.libs.Crypto.signToken.

    token

    The signed token to extract.

    returns

    The verified raw token, or None if the token isn't valid.

  17. def finalize(): Unit

    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  18. def generateSignedToken: String

    Generate a signed token

  19. def generateToken: String

    Generate a cryptographically secure token

  20. final def getClass(): Class[_]

    Definition Classes
    AnyRef → Any
  21. def hashCode(): Int

    Definition Classes
    AnyRef → Any
  22. final def isInstanceOf[T0]: Boolean

    Definition Classes
    Any
  23. final def ne(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  24. final def notify(): Unit

    Definition Classes
    AnyRef
  25. final def notifyAll(): Unit

    Definition Classes
    AnyRef
  26. def sign(message: String): String

    Signs the given String with HMAC-SHA1 using the application’s secret key.

    Signs the given String with HMAC-SHA1 using the application’s secret key.

    By default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.

    message

    The message to sign.

    returns

    A hexadecimal encoded signature.

  27. def sign(message: String, key: Array[Byte]): String

    Signs the given String with HMAC-SHA1 using the given key.

    Signs the given String with HMAC-SHA1 using the given key.

    By default this uses the platform default JSSE provider. This can be overridden by defining application.crypto.provider in application.conf.

    message

    The message to sign.

    key

    The private key to sign with.

    returns

    A hexadecimal encoded signature.

  28. def signToken(token: String): String

    Sign a token.

    Sign a token. This produces a new token, that has this token signed with a nonce.

    This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

    token

    The token to sign

    returns

    The signed token

  29. final def synchronized[T0](arg0: ⇒ T0): T0

    Definition Classes
    AnyRef
  30. def toString(): String

    Definition Classes
    AnyRef → Any
  31. final def wait(): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  32. final def wait(arg0: Long, arg1: Int): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  33. final def wait(arg0: Long): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Inherited from AnyRef

Inherited from Any

Ungrouped