Encrypting and Decrypting Data
Data can be encrypted or decrypted in one step (single-part operation) or in multiple steps (multiple-part operation). A multiple-part operation is useful if you do not know in advance how long the data is going to be, or if the data is too long to be stored in memory all at once.
To encrypt or decrypt data in a single step, call one of the doFinal
methods:
public byte[] doFinal(byte[] input);
public byte[] doFinal(byte[] input, int inputOffset,
int inputLen);
public int doFinal(byte[] input, int inputOffset,
int inputLen, byte[] output);
public int doFinal(byte[] input, int inputOffset,
int inputLen, byte[] output, int outputOffset)
To encrypt or decrypt data in multiple steps, call one of the update
methods:
public byte[] update(byte[] input);
public byte[] update(byte[] input, int inputOffset, int inputLen);
public int update(byte[] input, int inputOffset, int inputLen,
byte[] output);
public int update(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
engineUpdate not supported for AES/GCM; only engineDoFinal is
supported
.A multiple-part operation must be terminated by one of the previous doFinal
methods (if there is still some input data remaining for the last step), or by one of the following
doFinal
methods (if there is no input data remaining for the last step) :
public byte[] doFinal();
public int doFinal(byte[] output, int outputOffset);
All the doFinal
methods take care of any necessary padding (or unpadding), if
padding (or unpadding) was requested as part of the specified transformation.
A call to doFinal
resets the Cipher object to the state it was in when
initialized via a call to init
. That is, the Cipher object is reset and available
to encrypt or decrypt (depending on the operation mode that was specified in the call to
init
) more data.