# Encryption

Nitrite provides encryption support via nitrite-support module. You can encrypt your data using a password. Nitrite provides an Encryptor interface to encrypt and decrypt data. Nitrite also provides an AES based implementation of Encryptor interface, which uses AES/GCM/NoPadding algorithm to encrypt and decrypt data.

To use encryption, you can either use the AES implementation of Encryptor interface or you can create your own implementation of Encryptor interface.

To use AES based encryption you need to use the AESEncryptor class. The class takes a password as a parameter in its constructor.

// create an AES encryptor with a password
Encryptor encryptor = new AESEncryptor("my-password");

There is another constructor also which takes a password along with the algorithm, tag length, IV length, and salt length.

// create an AES encryptor with a password and algorithm parameters

// algo: AES/CBC/PKCS5Padding
// tag length: 128
// IV length: 12
// salt length: 16

Encryptor encryptor = new AESEncryptor("my-password", "AES/CBC/PKCS5Padding", 128, 12, 16);

You can use the encryptor to encrypt and decrypt data.

// encrypt a string
String encrypted = encryptor.encrypt("my-data".getBytes(StandardCharsets.UTF_8));

// decrypt the string
String decrypted = encryptor.decrypt(encrypted);

If you want to use your own encryption algorithm, you can do so by implementing the Encryptor interface. The interface has two methods encrypt and decrypt. You can implement these methods to encrypt and decrypt data.

public class MyEncryptor implements Encryptor {
    @Override
    public String encrypt(byte[] plainText) {
        // implement your encryption logic
    }

    @Override
    public String decrypt(String encryptedText) {
        // implement your decryption logic
    }
}

Nitrite provides field level encryption support. You can encrypt a field of a document using a password. Nitrite provides a StringFieldEncryptionProcessor utility class to encrypt and decrypt a field of a document. It is a Processor implementation. It uses the Encryptor interface to encrypt and decrypt data.

To use field encryption, you need to create an instance of StringFieldEncryptionProcessor class. The class takes either an Encryptor instance or a password as a parameter in its constructor.

If you provide the password, the class will create an instance of AESEncryptor class using the password. If you provide an Encryptor instance, the class will use the provided Encryptor instance.

// create an instance of StringFieldEncryptionProcessor using a password
StringFieldEncryptionProcessor processor = new StringFieldEncryptionProcessor("my-password");

// add fields to encrypt
processor.addFields("field1", "field2");

// use the processor
collection.addProcessor(processor);

// use the collection
collection.insert(doc);

You can also use the AESEncryptor class to create an instance of StringFieldEncryptionProcessor class.

// create an instance of AESEncryptor
Encryptor encryptor = new AESEncryptor("my-password");

// create an instance of StringFieldEncryptionProcessor using the encryptor
StringFieldEncryptionProcessor processor = new StringFieldEncryptionProcessor(encryptor);

// add fields to encrypt
processor.addFields("field1", "field2");

// use the processor
collection.addProcessor(processor);

// use the collection
collection.insert(doc);