Interface DelegatedKey
-
- All Superinterfaces:
Destroyable,Key,SecretKey,Serializable
public interface DelegatedKey extends SecretKey
Identifies keys which should not be used directly withCipherbut instead contain their own cryptographic logic. This can be used to wrap more complex logic, HSM integration, or service-calls.Most delegated keys will only support a subset of these operations. (For example, AES keys will generally not support
sign(byte[], String)orverify(byte[], byte[], String)and HMAC keys will generally not support anything exceptsignandverify.)UnsupportedOperationExceptionshould be thrown in these cases.- Author:
- Greg Rubin
-
-
Field Summary
-
Fields inherited from interface javax.crypto.SecretKey
serialVersionUID
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description byte[]decrypt(byte[] cipherText, byte[] additionalAssociatedData, String algorithm)Decrypts the provided ciphertext and returns a byte-array containing the plaintext.byte[]encrypt(byte[] plainText, byte[] additionalAssociatedData, String algorithm)Encrypts the provided plaintext and returns a byte-array containing the ciphertext.byte[]sign(byte[] dataToSign, String algorithm)Calculates and returns a signature fordataToSign.Keyunwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType, byte[] additionalAssociatedData, String algorithm)Unwraps (decrypts) the providedwrappedKeyto recover the original key.booleanverify(byte[] dataToSign, byte[] signature, String algorithm)Checks the provided signature for correctness.byte[]wrap(Key key, byte[] additionalAssociatedData, String algorithm)Wraps (encrypts) the providedkeyto make it safe for storage or transmission.-
Methods inherited from interface javax.security.auth.Destroyable
destroy, isDestroyed
-
Methods inherited from interface java.security.Key
getAlgorithm, getEncoded, getFormat
-
-
-
-
Method Detail
-
encrypt
byte[] encrypt(byte[] plainText, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingExceptionEncrypts the provided plaintext and returns a byte-array containing the ciphertext.- Parameters:
plainText-additionalAssociatedData- Optional additional data which must then also be provided for successful decryption. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when encrypting the data- Returns:
- ciphertext the ciphertext produced by this encryption operation
- Throws:
UnsupportedOperationException- if encryption is not supported or ifadditionalAssociatedDatais provided, but not supported.InvalidKeyExceptionIllegalBlockSizeExceptionBadPaddingExceptionNoSuchAlgorithmExceptionNoSuchPaddingException
-
decrypt
byte[] decrypt(byte[] cipherText, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterExceptionDecrypts the provided ciphertext and returns a byte-array containing the plaintext.- Parameters:
cipherText-additionalAssociatedData- Optional additional data which was provided during encryption. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when decrypting the data- Returns:
- plaintext the result of decrypting the input ciphertext
- Throws:
UnsupportedOperationException- if decryption is not supported or ifadditionalAssociatedDatais provided, but not supported.InvalidKeyExceptionIllegalBlockSizeExceptionBadPaddingExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidAlgorithmParameterException
-
wrap
byte[] wrap(Key key, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException
Wraps (encrypts) the providedkeyto make it safe for storage or transmission.- Parameters:
key-additionalAssociatedData- Optional additional data which must then also be provided for successful unwrapping. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when wrapping the key- Returns:
- the wrapped key
- Throws:
UnsupportedOperationException- if wrapping is not supported or ifadditionalAssociatedDatais provided, but not supported.InvalidKeyExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionIllegalBlockSizeException
-
unwrap
Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType, byte[] additionalAssociatedData, String algorithm) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException
Unwraps (decrypts) the providedwrappedKeyto recover the original key.- Parameters:
wrappedKey-additionalAssociatedData- Optional additional data which was provided during wrapping. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when unwrapping the key- Returns:
- the unwrapped key
- Throws:
UnsupportedOperationException- if wrapping is not supported or ifadditionalAssociatedDatais provided, but not supported.NoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyException
-
sign
byte[] sign(byte[] dataToSign, String algorithm) throws GeneralSecurityExceptionCalculates and returns a signature fordataToSign.- Parameters:
dataToSign-algorithm-- Returns:
- the signature
- Throws:
UnsupportedOperationException- if signing is not supportedGeneralSecurityException
-
verify
boolean verify(byte[] dataToSign, byte[] signature, String algorithm)Checks the provided signature for correctness.- Parameters:
dataToSign-signature-algorithm-- Returns:
- true if and only if the
signaturematches thedataToSign. - Throws:
UnsupportedOperationException- if signature validation is not supported
-
-