The JCE standard extension to Java 2, discussed in the last chapter, provides a SealedObject class that lets you encrypt objects written onto an object output stream using any available cipher. Most of the time, I suspect, you’ll either encrypt the entire object output stream by chaining it to a cipher output stream, or you won’t encrypt anything at all. However, if there’s some reason to encrypt only some of the objects you’re writing to the stream, you can make them sealed objects.

The javax.crypto.SealedObject class wraps a serializable object in an encrypted digital lockbox. The sealed object is serializable so it can be written onto object output streams and read from object input streams as normal. However, the object inside the sealed object can only be deserialized by someone who knows the key.

public class SealedObject extends Object implements Serializable

The big advantage to using sealed objects rather than encrypting the entire output stream is that the sealed objects contain all necessary parameters for decryption (algorithm used, initialization vector, salt, iteration count). All the receiver of the sealed object needs to know is the key. Thus, there doesn’t necessarily have to be any prior agreement about these other aspects of encryption.

You seal an object with the SealedObject() constructor. The constructor takes as arguments the object to be sealed, which must be serializable, and the properly initialized Cipher object with which to encrypt the object: ...