On Jun 8, 2015, at 1:46 PM, Jacopo Cappellato <[email protected]> wrote:
> Hi all, > > from what I understand, the default initialization vector used by > CipherServices like AesCipherService, is used to ensure distinct ciphertexts > are produced even when the same plaintext is encrypted multiple times > independently with the same key. > Is there a way to configure AesCipherService to generate the same ciphertext > from the same plaintext? Ok, I think I can answer my own question: using setMode(OperationMode.ECB) seems to do what I am looking for. If you have any feedback for the remaining questions I would love to hear it. Thanks, Jacopo > Would it be a too weak strategy? > > Just to give you some background on what I am trying to do: I am a committer > of the Apache OFBiz project and I am trying to integrate Apache Shiro in > OFBiz to replace the two-way encryption services that are used by OFBiz to > encrypt/decrypt database fields containing sensitive information like credit > cards and SSN. > The current OFBiz implementation relies on a custom (weak) mechanism that > embeds a salt in the 3DES encrypted data; in this way it is possible to do > some lookups on encrypted data, for example to select a person by matching > SSN, even if the SSN is encrypted. Any suggestion on how I could achieve the > same using Shiro cryptographic support? > > Thanks, > > Jacopo
