Encryption API for Java SDK
PubNub Java SDK includes message and file encryption. This page explains how to configure the cryptoModule and how to encrypt and decrypt data. The SDK supports 128-bit Advanced Encryption Standard (AES) and 256-bit AES in Cipher Block Chaining (CBC) mode (AES-CBC).
For general SDK configuration and initialization, refer to the Configuration page.
Configuration
cryptoModule configuration
To configure the cryptoModule to encrypt all messages/files, you can use the following methods in the Java SDK:
// encrypts using 256-bit AES-CBC cipher (recommended)
// decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers
pnConfiguration.cryptoModule = CryptoModule.createAesCbcCryptoModule("enigma", true):
// encrypts with 128-bit cipher key entropy (legacy)
// decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers
pnConfiguration.cryptoModule = CryptoModule.createLegacyCryptoModule("enigma", true);
Your client can decrypt content produced by either cryptoModule or legacy cipherKey-based encryption. This allows the client to read historical messages and messages from older clients while you encrypt new messages with the stronger AES-256-CBC cipher.
Older SDK versions
Apps built using the SDK versions lower than 6.3.6 will not be able to decrypt data encrypted using the 256-bit AES-CBC cipher. Update your clients or encrypt data using the legacy algorithm.
SDK initialization required
Before you use encryption methods, ensure your PubNub client is configured with publish/subscribe keys and a user ID. See the Configuration guide for setup instructions.
Relationship between cryptoModule and cipherKey
The cryptoModule supersedes the cipherKey parameter. If you pass customCipherKey to encrypt/decrypt or cipherKey to stream methods, that argument overrides the configured cryptoModule for that operation and uses legacy AES-128 encryption. For partial encryption, create a separate cryptoModule instance and use it only where needed.
Encryption methods
Encrypt
Use this function to encrypt data.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the cryptoModule and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the cryptoModule configuration and the legacy encryption with 128-bit cipher-key entropy is used.
Method(s)
To encrypt the data you can use the following method(s) in Java SDK.
pubnub.encrypt(data, customCipherKey)
| Parameter | Description |
|---|---|
data *Type: String | The data to encrypt. |
customCipherKeyType: String | Cipher key to use for encryption. If provided, the legacy encryption with 128-bit cipher-key entropy is used. If not provided, the cryptoModule from PubNub config will be used. For more information, refer to Crypto module configuration. |
Sample code
Encrypt part of message
Encrypt file input stream
Encrypts input stream with a cipher key.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the cryptoModule and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the cryptoModule configuration and the legacy encryption with 128-bit cipher-key entropy is used.
Method(s)
pubnub.encryptInputStream(inputStream, cipherKey)
| Parameter | Description |
|---|---|
inputStream *Type: InputStream Default: n/a | Stream with content to encrypt. |
cipherKeyType: String Default: PNConfiguration.getCipherKey() | If provided, the legacy encryption with 128-bit cipher-key entropy is used. If not provided, the cryptoModule from PubNub config will be used. For more information, refer to Crypto module configuration |
Sample code
Returns
InputStream with encrypted data.
Decryption methods
Decrypt
Use this function to decrypt data.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the cryptoModule and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the cryptoModule configuration and the legacy encryption with 128-bit cipher-key entropy is used.
Method(s)
To decrypt the data you can use the following method(s) in Java SDK.
pubnub.decrypt(data, customCipherKey)
| Parameter | Description |
|---|---|
data *Type: String | The data to decrypt. |
customCipherKeyType: String | Cipher key to use for decryption. |
Sample code
Decrypt file input stream
Decrypts input stream with a cipher key.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the cryptoModule and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the cryptoModule configuration and the legacy encryption with 128-bit cipher-key entropy is used.
Method(s)
pubnub.decryptInputStream(inputStream, cipherKey)
| Parameter | Description |
|---|---|
inputStream *Type: InputStream Default: n/a | Stream with content encrypted data. |
cipherKeyType: String Default: PNConfiguration.getCipherKey() | Cipher key to use for encryption. If provided, the legacy encryption with 128-bit cipher-key entropy is used. If not provided, the cryptoModule from PubNub config will be used. For more information, refer to Crypto module configuration. |
Sample code
Returns
InputStream with decrypted data.