Class SealedBox

java.lang.Object
cloud.opencode.base.crypto.sealedbox.SealedBox
public final class SealedBox extends Object
Sealed Box - Anonymous public-key encryption (NaCl/Libsodium style) 密封盒 - 匿名公钥加密(NaCl/Libsodium 风格)

Provides anonymous public-key encryption where the sender's identity is not revealed to the recipient. This is achieved by generating an ephemeral key pair for each encryption operation.

提供匿名公钥加密,发送者的身份不会向接收者透露。 这是通过为每次加密操作生成临时密钥对来实现的。

Features | 主要功能:

  • Anonymous encryption - sender identity not revealed - 匿名加密 - 不透露发送者身份
  • Ephemeral key generation - 临时密钥生成
  • X25519 key exchange + AES-GCM encryption - X25519 密钥交换 + AES-GCM 加密
  • Authenticated encryption - 认证加密
  • Simple API - 简单 API

Usage Examples | 使用示例:

// Generate recipient's key pair
KeyPair recipientKeyPair = SealedBox.generateKeyPair();

// Sender encrypts (only needs recipient's public key)
byte[] message = "Secret message".getBytes();
byte[] sealed = SealedBox.seal(message, recipientKeyPair.getPublic());

// Recipient decrypts (needs their private key)
byte[] opened = SealedBox.open(sealed, recipientKeyPair);

// With builder for custom configuration
SealedBox box = SealedBox.builder()
    .algorithm(SealedBox.Algorithm.X25519_AES_GCM)
    .build();
byte[] sealed = box.encrypt(message, recipientPublicKey);
byte[] opened = box.decrypt(sealed, recipientKeyPair);

Security | 安全性:

  • Thread-safe: Yes - 线程安全: 是
  • Null-safe: Yes - 空值安全: 是
Since:
JDK 25, opencode-base-crypto V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Details

    • seal

      public static byte[] seal(byte[] plaintext, PublicKey recipientPublicKey)
      Seals (encrypts) a message for a recipient. 为接收者密封(加密)消息。
      Parameters:
      plaintext - the message to encrypt - 要加密的消息
      recipientPublicKey - the recipient's public key - 接收者的公钥
      Returns:
      the sealed message - 密封的消息

    • seal

      public static byte[] seal(String plaintext, PublicKey recipientPublicKey)
      Seals (encrypts) a string message for a recipient. 为接收者密封(加密)字符串消息。
      Parameters:
      plaintext - the message to encrypt - 要加密的消息
      recipientPublicKey - the recipient's public key - 接收者的公钥
      Returns:
      the sealed message - 密封的消息

    • open

      public static byte[] open(byte[] sealed, KeyPair recipientKeyPair)
      Opens (decrypts) a sealed message. 打开(解密)密封的消息。
      Parameters:
      sealed - the sealed message - 密封的消息
      recipientKeyPair - the recipient's key pair - 接收者的密钥对
      Returns:
      the decrypted message - 解密的消息

    • openAsString

      public static String openAsString(byte[] sealed, KeyPair recipientKeyPair)
      Opens (decrypts) a sealed message and returns as string. 打开(解密)密封的消息并返回字符串。
      Parameters:
      sealed - the sealed message - 密封的消息
      recipientKeyPair - the recipient's key pair - 接收者的密钥对
      Returns:
      the decrypted message as string - 解密的消息字符串

    • generateKeyPair

      public static KeyPair generateKeyPair()
      Generates a key pair suitable for SealedBox. 生成适用于 SealedBox 的密钥对。
      Returns:
      the key pair - 密钥对

    • builder

      public static SealedBox.Builder builder()
      Creates a new builder. 创建新的构建器。
      Returns:
      the builder - 构建器

    • encrypt

      public byte[] encrypt(byte[] plaintext, PublicKey recipientPublicKey)
      Encrypts a message for a recipient. 为接收者加密消息。
      Parameters:
      plaintext - the message to encrypt - 要加密的消息
      recipientPublicKey - the recipient's public key - 接收者的公钥
      Returns:
      the encrypted message with ephemeral public key - 带有临时公钥的加密消息

    • decrypt

      public byte[] decrypt(byte[] sealed, KeyPair recipientKeyPair)
      Decrypts a sealed message. 解密密封的消息。
      Parameters:
      sealed - the sealed message - 密封的消息
      recipientKeyPair - the recipient's key pair - 接收者的密钥对
      Returns:
      the decrypted message - 解密的消息