Class Cipher

java.lang.Object
com.codename1.security.Cipher
public final class Cipher extends Object

Convenience entry points for symmetric (AES) and asymmetric (RSA) encryption. The actual algorithms run on the platform's native crypto provider -- this class is just a thin, friendly facade over the CodenameOneImplementation crypto bridge.

  • AES: AES/GCM/NoPadding for authenticated encryption (uses a 12-byte nonce and produces ciphertext with a 16-byte tag appended). Falls back to AES/CBC/PKCS5Padding if GCM is unavailable on a target platform.
  • RSA: RSA/ECB/OAEPWithSHA-256AndMGF1Padding for new code, RSA/ECB/PKCS1Padding only for interop with old systems.
Example: AES-GCM round-trip
SecretKey key = KeyGenerator.aes(256);
byte[] nonce  = SecureRandom.bytes(12);
byte[] cipher = Cipher.aesEncrypt(Cipher.AES_GCM, key, nonce, null, "secret".getBytes("UTF-8"));
byte[] plain  = Cipher.aesDecrypt(Cipher.AES_GCM, key, nonce, null, cipher);
Example: RSA-OAEP round-trip
KeyPair kp = KeyGenerator.rsa(2048);
byte[] cipher = Cipher.rsaEncrypt(Cipher.RSA_OAEP_SHA256, kp.getPublicKey(), data);
byte[] plain  = Cipher.rsaDecrypt(Cipher.RSA_OAEP_SHA256, kp.getPrivateKey(), cipher);

  • Field Details

    • AES_GCM

      public static final String AES_GCM
      AES/GCM/NoPadding -- recommended authenticated mode for AES.
      See Also:

    • AES_CBC_PKCS5

      public static final String AES_CBC_PKCS5
      AES/CBC/PKCS5Padding -- block-chained AES with PKCS#5 padding.
      See Also:

    • AES_CBC

      public static final String AES_CBC
      AES/CBC/NoPadding -- raw CBC, caller must pre-pad to a 16-byte boundary.
      See Also:

    • AES_ECB_PKCS5

      public static final String AES_ECB_PKCS5
      AES/ECB/PKCS5Padding -- legacy interop only. ECB leaks structure; avoid for new designs.
      See Also:

    • RSA_OAEP_SHA256

      public static final String RSA_OAEP_SHA256
      RSA/ECB/OAEPWithSHA-256AndMGF1Padding -- recommended RSA encryption transformation.
      See Also:

    • RSA_PKCS1

      public static final String RSA_PKCS1
      RSA/ECB/PKCS1Padding -- legacy RSA padding, kept for interop.
      See Also:

  • Method Details

    • aesEncrypt

      public static byte[] aesEncrypt(String transformation, SecretKey key, byte[] iv, byte[] aad, byte[] plaintext)

      Encrypts with AES.

      Parameters

      • transformation: one of AES_GCM, AES_CBC_PKCS5, AES_CBC, AES_ECB_PKCS5

      • key: AES key (16, 24 or 32 bytes for AES-128/192/256)

      • iv: initialisation vector for CBC (16 bytes) / nonce for GCM (12 bytes recommended). Pass null for ECB.

      • aad: associated authenticated data -- GCM only, may be null

      • plaintext: data to encrypt

    • aesDecrypt

      public static byte[] aesDecrypt(String transformation, SecretKey key, byte[] iv, byte[] aad, byte[] ciphertext)
      Decrypts AES ciphertext produced by aesEncrypt(String, SecretKey, byte[], byte[], byte[]). For GCM mode, the auth tag is part of the ciphertext (last 16 bytes) -- a tag mismatch raises CryptoException.

    • rsaEncrypt

      public static byte[] rsaEncrypt(String transformation, PublicKey key, byte[] plaintext)
      Encrypts a small amount of data with RSA. The plaintext size is bounded by the modulus minus padding overhead (e.g. ~190 bytes max for RSA-2048 + OAEP-SHA-256); use AES with an RSA-wrapped AES key for larger payloads.

    • rsaDecrypt

      public static byte[] rsaDecrypt(String transformation, PrivateKey key, byte[] ciphertext)
      Decrypts an RSA ciphertext.