ESAPI SwingSet Interactive

ESAPI Swingset Interactive - Integrity

Following methods from the ESAPI' Encryptor interface are used in the secure demo:

getRelativeTimeStamp(long offset) Gets an absolute timestamp representing an offset from the current time to be used by other functions in the library.
long getTimeStamp() Gets a timestamp representing the current date and time to be used by other functions in the library.
String hash(java.lang.String plaintext, java.lang.String salt) Returns a string representation of the hash of the provided plaintext and salt.
String seal(java.lang.String data, long timestamp) Creates a seal that binds a set of data and includes an expiration timestamp.
String sign(java.lang.String data) Create a digital signature for the provided data and return it in a string.
String unseal(java.lang.String seal) Unseals data (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or decryption error.
boolean verifySeal(java.lang.String seal) Verifies a seal (created with the seal method) and throws an exception describing any of the various problems that could exist with a seal, such as an invalid seal format, expired timestamp, or data mismatch.
boolean verifySignature(java.lang.String signature, java.lang.String data) Verifies a digital signature (created with the sign method) and returns the boolean result.

In the secure demo an integrity seal is created for the plain text entered by the user, the seal is set to be valid for 15 seconds by default.

seal = ESAPI.encryptor.seal( plaintext, instance.getTimeStamp() + 1000 * Integer.parseInt(timer) );

The call to the following method will return true if the seal is verified within 15 seconds.

boolean verified = ESAPI.encryptor.verifySeal( toVerify );

The call to the following method will unseal it back to the plain text if it is done within 15 seconds.

plaintext = ESAPI.encryptor.unseal(sealed);