Rijndael Class

Properties Methods Events Config Settings Errors

The Rijndael class can be used to encrypt and decrypt data through the Rijndael symmetric algorithm.

Syntax

ipworksencrypt.Rijndael

Remarks

The Rijndael component can be used to encrypt and decrypt data through the Rijndael symmetric algorithm. Includes support for key sizes of 128, 192, and 256 bits, as well as block sizes of 128, 192, and 256 bits.

To begin simply specify the data you wish to encrypt or decrypt.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

Before encrypting you must have a valid Key and IV. There are a few options available to you in regards to key management. The easiest option is to simply set KeyPassword. When KeyPassword is set the component will automatically create a Key and IV using the PKCS5 password digest algorithm. This means there is only one value you need to keep track of.

If you wish to have more control over the Key and IV values you may specify the properties yourself. If IV is left empty, one will be created for you when you call Encrypt or Decrypt.

A simple example: Component.InputFile = "C:\MyFile.txt"; Component.OutputFile = "C:\Encrypted.txt"; Component.KeyPassword = "password"; Component.Encrypt();

Note that by default the component uses a key size of 256 bits and a block size of 128 bits. You may specify the key size by setting KeySize and the block size by setting BlockSize.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


CipherMode	The cipher mode of operation.
InputFile	The file to process.
InputMessage	The message to process.
IV	The initialization vector (IV).
Key	The secret key for the symmetric algorithm.
KeyPassword	A password to generate the Key and IV .
OutputFile	The output file when encrypting or decrypting.
OutputMessage	The output message after processing.
Overwrite	Indicates whether or not the class should overwrite files.
PaddingMode	The padding mode.
UseHex	Whether input or output is hex encoded.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


Config	Sets or retrieves a configuration setting.
Decrypt	Decrypts the data.
DecryptBlock	Decrypts a block and returns the decrypted data.
Encrypt	Encrypts the data.
EncryptBlock	Encrypts data and returns the encrypted block.
Reset	Resets the class.
SetInputStream	Sets the stream from which the class will read data to encrypt or decrypt.
SetOutputStream	Sets the stream to which the class will write encrypted or decrypted data.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


Error	Fired when information is available about errors during data delivery.
Progress	Fired as progress is made.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.


BlockSize	The block size, in bits, of the cryptographic operation.
CloseInputStreamAfterProcessing	Determines whether or not the input stream is closed after processing.
CloseOutputStreamAfterProcessing	Determines whether or not the output stream is closed after processing.
EncryptedDataEncoding	The encoding of the encrypted input or output data.
IncludeIV	Whether to prepend the IV to the output data and read the IV from the input data.
KeyPasswordAlgorithm	The hash algorithm used to derive the Key and IV from the KeyPassword property.
KeyPasswordIterations	The number of iterations performed when using KeyPassword to derive the Key and IV.
KeyPasswordSalt	The salt value used in conjunction with the KeyPassword to derive the Key and IV.
KeySize	The size, in bits, of secret key for the symmetric algorithm.
BuildInfo	Information about the product's build.
GUIAvailable	Whether or not a message loop is available for processing events.
LicenseInfo	Information about the current license.
MaskSensitiveData	Whether sensitive data is masked in log messages.
UseDaemonThreads	Whether threads created by the class are daemon threads.
UseFIPSCompliantAPI	Tells the class whether or not to use FIPS certified APIs.
UseInternalSecurityAPI	Whether or not to use the system security libraries or an internal implementation.

CipherMode Property (Rijndael Class)

The cipher mode of operation.

Syntax

public int getCipherMode();
public void setCipherMode(int cipherMode);

Enumerated values:
  public final static int cmCBC = 0;
  public final static int cmECB = 1;
  public final static int cmOFB = 2;
  public final static int cmCFB = 3;
  public final static int cmCTS = 4;
  public final static int cm8OFB = 5;
  public final static int cm8CFB = 7;

Default Value

Remarks

The cipher mode of operation.

Possible values are:


0 (cmCBC - default)	The Cipher Block Chaining (CBC) is a mode of operation for a block cipher, one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block.
1 (cmECB)	The Electronic Codebook (ECB) mode encrypts each block separately. Important: It is not recommend to use this model when encrypting more than one block because it may introduce security risks.
2 (cmOFB)	The Output Feedback (n-bit, NOFB) mode makes a block cipher into a synchronous stream cipher. It has some similarities to CFB mode in that it permits encryption of differing block sizes, but has the key difference that the output of the encryption block function is the feedback (instead of the ciphertext).
3 (cmCFB)	The Cipher Feedback (CFB) mode processes a small amount of incremental text into ciphertext, rather than processing a whole block at one time.
4 (cmCTS)	The Cipher Text Stealing (CTS) mode handles any length of plain text and produces cipher text whose length matches the plain text length. This mode behaves like the CBC mode for all but the last two blocks of the plain text.
5 (cm8OFB)	8-bit Output Feedback (OFB) cipher mode.
7 (cm8CFB)	8-bit Cipher Feedback (CFB) cipher mode.

InputFile Property (Rijndael Class)

The file to process.

Syntax

public String getInputFile();
public void setInputFile(String inputFile);

Default Value

Remarks

This property specifies the file to be processed. Set this property to the full or relative path to the file which will be processed.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

InputMessage Property (Rijndael Class)

The message to process.

Syntax

public byte[] getInputMessage();
public void setInputMessage(byte[] inputMessage);

Default Value

Remarks

This property specifies the message to be processed.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

IV Property (Rijndael Class)

The initialization vector (IV).

Syntax

public byte[] getIV();
public void setIV(byte[] IV);

Default Value

Remarks

This property specifies the initialization vector (IV). By default this property is empty and the class will automatically generate a new IV value if KeyPassword or Key is set before Encrypt or EncryptBlock is called. The size of the IV property must be equal to the BlockSize divided by 8.

Key Property (Rijndael Class)

The secret key for the symmetric algorithm.

Syntax

public byte[] getKey();
public void setKey(byte[] key);

Default Value

Remarks

This secret key is used both for encryption and decryption. The secret key should be known only to the sender and the receiver. The legal key size varies depending on the algorithm.

If this property is left empty and KeyPassword is specified, a Key value will be generated by the class as necessary.

Legal Key and Block Sizes (in bits)


	AES	Rijndael	CAST	DES	IDEA	RC2	RC4	TripleDES	Blowfish	Twofish	TEA
Minimum Key Size	128	128	112	64	128	112	112	128	112	128	128
Maximum Key Size	256	256	128	64	128	128	2048	192	448	256	128
Key Size Step	64	64	8	0	0	8	8	64	1	8	0
Block Size	128	128/192/256	64	64	64	64	N/A	64	64	128	64*

Note: When using TEA if Algorithm is set to XXTEA valid block sizes are 64 + n * 32. Where n is any positive integer.

The default KeySize is the Maximum Key Size.

KeyPassword Property (Rijndael Class)

A password to generate the Key and IV .

Syntax

public String getKeyPassword();
public void setKeyPassword(String keyPassword);

Default Value

Remarks

When this property is set the class will calculate values for Key and IV using the PKCS5 password digest algorithm. This provides a simpler alternative to creating and managing Key and IV values directly.

The size of the Key generated is dependent on the value of KeySize.

OutputFile Property (Rijndael Class)

The output file when encrypting or decrypting.

Syntax

public String getOutputFile();
public void setOutputFile(String outputFile);

Default Value

Remarks

This property specifies the file to which the output will be written when Encrypt or Decrypt is called. This may be set to an absolute or relative path.

This property is only applicable to Encrypt and Decrypt.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

OutputMessage Property (Rijndael Class)

The output message after processing.

Syntax

public byte[] getOutputMessage();

Default Value

Remarks

This property will be populated with the output from the operation if OutputFile and SetOutputStream are not set.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

This property is read-only and not available at design time.

Overwrite Property (Rijndael Class)

Indicates whether or not the class should overwrite files.

Syntax

public boolean isOverwrite();
public void setOverwrite(boolean overwrite);

Default Value

False

Remarks

This property indicates whether or not the class will overwrite OutputFile. If Overwrite is False, an error will be thrown whenever OutputFile exists before an operation. The default value is False.

PaddingMode Property (Rijndael Class)

The padding mode.

Syntax

public int getPaddingMode();
public void setPaddingMode(int paddingMode);

Enumerated values:
  public final static int pmPKCS7 = 0;
  public final static int pmZeros = 1;
  public final static int pmNone = 2;
  public final static int pmANSIX923 = 3;
  public final static int pmISO10126 = 4;

Default Value

Remarks

PaddingMode is used to pad the final input block to guarantee that it is the correct size required for the selected CipherMode. If the input size is a multiple of the cipher's BlockSize, an extra block of padding will be appended to the input. This enables the decrypting agent to know with certainty how many bytes of padding are included. Each mode pads the data differently. Possible values are:


0 (pmPKCS7 - default)	The data is padded with a series of bytes that are each equal to the number of bytes used. For instance, in the example below the data must be padded with 3 additional bytes, so each byte value will be 3. Raw Data: `AA AA AA AA AA` PKCS7 Padded Data: `AA AA AA AA AA 03 03 03`
1 (pmZeros)	The data is padded with null bytes.
2 (pmNone)	No padding will be performed.
3 (pmANSIX923)	The ANSIX923 padding string consists of a sequence of bytes filled with zeros before the length. For instance, in the example below the data must be padded with 3 additional bytes, so last byte value will be 3. Raw Data: `AA AA AA AA AA` ANSIX923 padding Data: `AA AA AA AA AA 00 00 03`
4 (pmISO10126)	The ISO10126 padding string consists of random data before the length. For instance, in the example below the data must be padded with 3 additional bytes, so last byte value will be 3. Raw Data: `AA AA AA AA AA` ISO10126 padding Data: `AA AA AA AA AA F8 EF 03`

When calling Decrypt the PaddingMode must match the value used when the data was encrypted.

Note: When using a value of 2 (pmNone), unless the length of input is an exact multiple of the cipher's input BlockSize, the final block of plaintext may be lost.

UseHex Property (Rijndael Class)

Whether input or output is hex encoded.

Syntax

public boolean isUseHex();
public void setUseHex(boolean useHex);

Default Value

False

Remarks

This property specifies whether the encrypted data is hex encoded.

If set to True, when Encrypt is called the class will perform the encryption as normal and then hex encode the output. OutputMessage or OutputFile will hold hex encoded data.

If set to True, when Decrypt is called the class will expect InputMessage or InputFile to hold hex encoded data. The class will then hex decode the data and perform decryption as normal.

Config Method (Rijndael Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Decrypt Method (Rijndael Class)

Decrypts the data.

Syntax

public void decrypt();

Remarks

This method will decrypt the specified data. The following properties are applicable:

IV (required)
Key (required)
CipherMode
PaddingMode

Note that CipherMode must be set to the same value used during encryption or the results may be unexpected. If the CipherMode value does not match the value used during encryption the operation may succeed but the decrypted data may not be correct.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

DecryptBlock Method (Rijndael Class)

Decrypts a block and returns the decrypted data.

Syntax

public byte[] decryptBlock(byte[] inputBuffer, boolean lastBlock);

Remarks

This method will decrypt the specified block and return the decrypted data.

InputBuffer specifies the encrypted block to decrypt.

LastBlock indicates whether the block is the last block.

Encrypt Method (Rijndael Class)

Encrypts the data.

Syntax

public void encrypt();

Remarks

This method will encrypt the specified data. The following properties are applicable:

IV (required)
Key (required)
PaddingMode
CipherMode

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

EncryptBlock Method (Rijndael Class)

Encrypts data and returns the encrypted block.

Syntax

public byte[] encryptBlock(byte[] inputBuffer, boolean lastBlock);

Remarks

This method will encrypt the input data and return the encrypted block.

InputBuffer specifies the input data to encrypt.

LastBlock specifies whether the block is the last block.

Reset Method (Rijndael Class)

Resets the class.

Syntax

public void reset();

Remarks

When called, the class will reset all of its properties to their default values.

SetInputStream Method (Rijndael Class)

Sets the stream from which the class will read data to encrypt or decrypt.

Syntax

public void setInputStream(java.io.InputStream inputStream);

Remarks

This method sets the stream from which the class will read data to encrypt or decrypt.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

SetOutputStream Method (Rijndael Class)

Sets the stream to which the class will write encrypted or decrypted data.

Syntax

public void setOutputStream(java.io.OutputStream outputStream);

Remarks

This method sets the stream to which the class will write encrypted or decrypted data.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

Error Event (Rijndael Class)

Fired when information is available about errors during data delivery.

Syntax

public class DefaultRijndaelEventListener implements RijndaelEventListener {
  ...
  public void error(RijndaelErrorEvent e) {}
  ...
}

public class RijndaelErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class throws an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Progress Event (Rijndael Class)

Fired as progress is made.

Syntax

public class DefaultRijndaelEventListener implements RijndaelEventListener {
  ...
  public void progress(RijndaelProgressEvent e) {}
  ...
}

public class RijndaelProgressEvent {
  public long bytesProcessed;
  public int percentProcessed;
}

Remarks

This event is fired automatically as data is processed by the class.

The PercentProcessed parameter indicates the current status of the operation.

The BytesProcessed parameter holds the total number of bytes processed so far.

Config Settings (Rijndael Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

Rijndael Config Settings

BlockSize: The block size, in bits, of the cryptographic operation.

The block size is a basic data unit in the operation of encrypt or decrypt. Messages longer than the block size are seen as successive blocks. If the message is shorter than the block size, the message will be padded with extra bits to reach the block size according to PaddingMode. Different symmetric algorithm has different valid block sizes.

The following algorithms have a fixed block size: AES, CAST, DES, IDEA, RC2, TripleDES, Blowfish, and Twofish.

CloseInputStreamAfterProcessing: Determines whether or not the input stream is closed after processing.

Determines whether or not the input stream set by SetInputStream is closed after processing is complete. The default value is True.

CloseOutputStreamAfterProcessing: Determines whether or not the output stream is closed after processing.

Determines whether or not the output stream set by SetOutputStream is closed after processing is complete. The default value is True.

EncryptedDataEncoding: The encoding of the encrypted input or output data.

This configuration setting specifies how the encrypted data is encoded (if at all).

When Encrypt is called the class will perform the encryption as normal and then encode the output as specified here. OutputMessage or OutputFile will hold the encoded data.

When Decrypt is called the class will expect InputMessage or InputFile to hold the encoded data as specified here. The class will then decode the data and perform decryption as normal.

Possible values are:

0 (none - default)
1 (Base64)
2 (Hex)
3 (Base64URL)

IncludeIV: Whether to prepend the IV to the output data and read the IV from the input data.

If this config is true, the IV will be automatically prepended to the output data when calling Encrypt. When calling Decrypt and this setting is True, the IV is automatically extracted form the ciphertext. The default value is False.

KeyPasswordAlgorithm: The hash algorithm used to derive the Key and IV from the KeyPassword property.

This configuration setting specifies which hash algorithm will be used when deriving the Key and IV from KeyPassword. The default value is "MD5". Possible values are:

"SHA1"
"MD2"
"MD5" (default)
"HMAC-SHA1"
"HMAC-SHA224"
"HMAC-SHA256"
"HMAC-SHA384"
"HMAC-SHA512"
"HMAC-MD5"
"HMAC-RIPEMD160"

When using any HMAC algorithm the PBKDF#2 method from RFC 2898 is used. Any other algorithm uses PBKDF#1 from the same RFC.

KeyPasswordIterations: The number of iterations performed when using KeyPassword to derive the Key and IV.

This configuration setting specifies the number of iterations performed when using KeyPassword to calculate values for Key and IV. When using PBKDF#2 the default number of iterations is 10,000. When using PBKDF#1 the default number is 10.

KeyPasswordSalt: The salt value used in conjunction with the KeyPassword to derive the Key and IV.

This configuration setting specifies the hex encoded salt value to be used along with the KeyPassword when calculating values for Key and IV.

KeySize: The size, in bits, of secret key for the symmetric algorithm.

The legal key sizes vary depending on the algorithm. The KeySize and BlockSize configuration settings may be set to specify the key and block size (in bits).

This setting is only applicable when KeyPassword is specified.

Note that when using the EzCrypt class, KeySize should be set after setting the Algorithm property.

Base Config Settings

BuildInfo: Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable: Whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The class will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the class does not attempt to process external events.

LicenseInfo: Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

Product: The product the license is for.
Product Key: The key the license was generated from.
License Source: Where the license was found (e.g., RuntimeLicense, License File).
License Type: The type of license installed (e.g., Royalty Free, Single Server).
Last Valid Build: The last valid build number for which the license will work.

MaskSensitiveData: Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseDaemonThreads: Whether threads created by the class are daemon threads.

If set to True (default), when the class creates a thread, the thread's Daemon property will be explicitly set to True. When set to False, the class will not set the Daemon property on the created thread. The default value is True.

UseFIPSCompliantAPI: Tells the class whether or not to use FIPS certified APIs.

When set to true, the class will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle Federal Information Processing Standards (FIPS), while all other Windows editions make use of Microsoft security libraries.

The Java edition requires installation of the FIPS-certified Bouncy Castle library regardless of the target operating system. This can be downloaded from https://www.bouncycastle.org/fips-java/. Only the "Provider" library is needed. The jar file should then be installed in a JRE search path.

The following classes must be imported in the application in which the component will be used:

import java.security.Security; import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;

The Bouncy Castle provider must be added as a valid provider and must also be configured to operate in FIPS mode:

System.setProperty("org.bouncycastle.fips.approved_only","true"); Security.addProvider(new BouncyCastleFipsProvider());

When UseFIPSCompliantAPI is true, Secure Sockets Layer (SSL)-enabled classes can optionally be configured to use the Transport Layer Security (TLS) Bouncy Castle library. When SSLProvider is set to sslpAutomatic (default) or sslpInternal, an internal TLS implementation is used, but all cryptographic operations are offloaded to the Bouncy Castle FIPS provider to achieve FIPS-compliant operation. If SSLProvider is set to sslpPlatform, the Bouncy Castle JSSE will be used in place of the internal TLS implementation.

To enable the use of the Bouncy Castle JSSE take the following steps in addition to the steps above. Both the Bouncy Castle FIPS provider and the Bouncy Castle JSSE must be configured to use the Bouncy Castle TLS library in FIPS mode. Obtain the Bouncy Castle TLS library from https://www.bouncycastle.org/fips-java/. The jar file should then be installed in a JRE search path.

The following classes must be imported in the application in which the component will be used:

import java.security.Security; import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider; //required to use BCJSSE when SSLProvider is set to sslpPlatform import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;

The Bouncy Castle provider must be added as a valid provider and also must be configured to operate in FIPS mode:

System.setProperty("org.bouncycastle.fips.approved_only","true"); Security.addProvider(new BouncyCastleFipsProvider()); //required to use BCJSSE when SSLProvider is set to sslpPlatform Security.addProvider(new BouncyCastleJsseProvider("fips:BCFIPS")); //optional - configure logging level of BCJSSE Logger.getLogger("org.bouncycastle.jsse").setLevel(java.util.logging.Level.OFF); //configure the class to use BCJSSE component.setSSLProvider(1); //platform component.config("UseFIPSCompliantAPI=true"); Note: TLS 1.3 support requires the Bouncy Castle TLS library version 1.0.14 or later.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting that applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details, please see the FIPS 140-2 Compliance article.

Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI: Whether or not to use the system security libraries or an internal implementation.

When set to false, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this configuration setting to true tells the class to use the internal implementation instead of using the system security libraries.

This setting is set to false by default on all platforms.

Trappable Errors (Rijndael Class)

Rijndael Errors

101	Unsupported algorithm.
102	No Key specified.
103	No IV specified.
104	Cannot read or write file.
107	Block size is not valid for this algorithm.
108	Key size is not valid for this algorithm.
111	OutputFile already exists and Overwrite is False.
121	The specified key is invalid.
123	IV size is not valid for this algorithm.
304	Cannot write file.
305	Cannot read file.
306	Cannot create file.
2004	Invalid padding. This may be an indication that the key is incorrect.