The JCE standard extension to Java 2, discussed in the last chapter,
class that lets you encrypt objects
written onto an object output stream using any available cipher. Most
of the time, I suspect, you’ll either encrypt the entire object
output stream by chaining it to a cipher output stream, or you
won’t encrypt anything at all. However, if there’s some
reason to encrypt only some of the objects you’re writing to
the stream, you can make them sealed objects.
javax.crypto.SealedObject class wraps a
serializable object in an encrypted digital lockbox. The sealed
object is serializable so it can be written onto object output
streams and read from object input streams as normal. However, the
object inside the sealed object can only be deserialized by someone
who knows the key.
public class SealedObject extends Object implements Serializable
The big advantage to using sealed objects rather than encrypting the entire output stream is that the sealed objects contain all necessary parameters for decryption (algorithm used, initialization vector, salt, iteration count). All the receiver of the sealed object needs to know is the key. Thus, there doesn’t necessarily have to be any prior agreement about these other aspects of encryption.
You seal an object with the
The constructor takes as arguments the object to be sealed, which
must be serializable, and the properly initialized
Cipher object with which to encrypt the object: ...