Is Cipher thread-safe?

Spread the love

Question Description

Quite simply, can one instance of javax.crypto.Cipher (e.g. Cipher.getInstance("RSA")) be used from multiple threads, or do I need to stick multiple of them in a ThreadLocal (in my case)?

Practice As Follows

No, it isn’t. The instance is stateful. So you need to store it threadlocal, or to obtain a new instance on every encrypt/decrypt call, or to wrap it in a synchronized(cipher) block.

Threadsafety is usually explicitly mentioned in javadocs. This is not the case for Cipher, so you should not assume it to be threadsafe.

Leave a Comment