Encryption API for Java SDK

PubNub Java SDK provides built-in message and file encryption to secure your real-time communications. This documentation covers crypto module configuration and utility methods for encrypting and decrypting messages and files using both legacy 128-bit and enhanced 256-bit AES-CBC encryption.

For general SDK configuration and initialization, refer to the Configuration page.

Configuration

cryptoModule configuration

To configure the cryptoModule to encrypt all messages/files, you can use the following methods in the Java SDK:

// encrypts using 256-bit AES-CBC cipher (recommended)
// decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers
pnConfiguration.cryptoModule = CryptoModule.createAesCbcCryptoModule("enigma", true):

// encrypts with 128-bit cipher key entropy (legacy)
// decrypts data encrypted with the legacy and the 256-bit AES-CBC ciphers
pnConfiguration.cryptoModule = CryptoModule.createLegacyCryptoModule("enigma", true);

Your client can decrypt content encrypted using either of the modules. This way, you can interact with historical messages or messages sent from older clients while encoding new messages using the more secure 256-bit AES-CBC cipher.

Older SDK versions

Apps built using the SDK versions lower than 6.3.6 will not be able to decrypt data encrypted using the 256-bit AES-CBC cipher. Make sure to update your clients or encrypt data using the legacy algorithm.

SDK Initialization required

Before using encryption methods, ensure your PubNub client is properly configured with publish/subscribe keys and user ID. See the Configuration guide for setup instructions.

Encryption methods

Encrypt

This function allows to encrypt the data.

Deprecated

The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.

If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.

Method(s)

To encrypt the data you can use the following method(s) in Java SDK.

pubnub.encrypt(data, customCipherKey)
* required
ParameterDescription
data *
Type: String
The data to encrypt.
customCipherKey
Type: String
Cipher key to use for encryption. If provided, the legacy encryption with 128-bit cipher key entropy is used. If not provided, the cryptoModule from PubNub config will be used.

For more information, refer to Crypto module configuration.

Sample code

Encrypt part of message

Encrypt file input stream

Encrypts input stream with a cipher key.

Deprecated

The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.

If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.

Method(s)

pubnub.encryptInputStream(inputStream, cipherKey)
* required
ParameterDescription
inputStream *
Type: InputStream
Default:
n/a
Stream with content to encrypt.
cipherKey
Type: String
Default:
PNConfiguration.getCipherKey()
If provided, the legacy encryption with 128-bit cipher key entropy is used. If not provided, the cryptoModule from PubNub config will be used.

For more information, refer to Crypto module configuration

Sample code


Returns

InputStream with encrypted data.

Decryption methods

Decrypt

This function allows to decrypt the data.

Deprecated

The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.

If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.

Method(s)

To decrypt the data you can use the following method(s) in Java SDK.

pubnub.decrypt(data, customCipherKey)
* required
ParameterDescription
data *
Type: String
The data to decrypt.
customCipherKey
Type: String
Cipher key to use for decryption.

Sample code


Decrypt file input stream

Decrypts input stream with a cipher key.

Deprecated

The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the crypto module and use it for partial encryption.

If you pass cipherKey as an argument, it overrides the crypto module configuration and the legacy encryption with 128-bit cipher key entropy is used.

Method(s)

pubnub.decryptInputStream(inputStream, cipherKey)
* required
ParameterDescription
inputStream *
Type: InputStream
Default:
n/a
Stream with content encrypted data.
cipherKey
Type: String
Default:
PNConfiguration.getCipherKey()
Cipher key to use for encryption. If provided, the legacy encryption with 128-bit cipher key entropy is used. If not provided, the cryptoModule from PubNub config will be used.

For more information, refer to Crypto module configuration.

Sample code


Returns

InputStream with decrypted data.

Last updated on
On this page