Package com.amazonaws.encryptionsdk.model

Class CiphertextHeaders

  • Direct Known Subclasses:
    ParsedCiphertext
    public class CiphertextHeaders
extends Object
    This class implements the headers for the message (ciphertext) produced by this library. These headers are parsed and used when the ciphertext is decrypted. It contains the following fields in order:
    1. version number of the message format
    2. type of the object - e.g., Customer Authenticated Encrypted Data
    3. algorithm Id - identifier for the algorithm used
    4. Message ID - bytes that uniquely identify the message (encrypted content) wrapped by this header
    5. Encryption context length- length of the encryption context for encrypting data key
    6. Encryption context - encryption context for encrypting data key
    7. Encrypted Data key count - count of the encrypted data keys embedded in this object
    8. KeyBlob - the KeyBlob containing the key provider, key provider info, encrypted key, and their lengths for each data key
    9. ContentType - single-block or framing
    10. Reserved field - 4 bytes reserved for future use
    11. Nonce length - the length of the nonce used in authenticating this header and encrypting the content it wraps
    12. Frame length - length of the frames (when framing)
    13. Header nonce - the nonce used in creating the header tag
    14. Header tag - the MAC tag created to protect the contents of the header

    It is important to note that the header fields 1 through 12 are checked for their integrity during decryption using AES-GCM with the nonce and MAC tag values supplied in fields 13 and 14 respectively.

    • Constructor Detail

      • CiphertextHeaders

        public CiphertextHeaders()
        Default constructor.

      • CiphertextHeaders

        public CiphertextHeaders​(byte version,
                         CiphertextType type,
                         CryptoAlgorithm cryptoAlgo,
                         byte[] encryptionContext,
                         List<KeyBlob> keyBlobs,
                         ContentType contentType,
                         int frameSize)
        Construct the ciphertext headers using the provided values.
        Parameters:
        version - the version to set in the header.
        type - the type to set in the header.
        cryptoAlgo - the CryptoAlgorithm enum to encode in the header.
        encryptionContext - the bytes containing the encryption context to set in the header.
        keyBlobs - list of keyBlobs containing the key provider id, key provider info, and encrypted data key to encode in the header.
        contentType - the content type to set in the header.
        frameSize - the frame payload size to set in the header.

    • Method Detail

      • isComplete

        public Boolean isComplete()
        Check if this object has all the header fields populated and available for reading.
        Returns:
        true if this object containing the single block header fields is complete; false otherwise.

      • deserialize

        public int deserialize​(byte[] b,
                       int off)
                throws ParseException
        Deserialize the provided bytes starting at the specified offset to construct an instance of this class.

        This method parses the provided bytes for the individual fields in this class. This methods also supports partial parsing where not all the bytes required for parsing the fields successfully are available.

        Parameters:
        b - the byte array to deserialize.
        off - the offset in the byte array to use for deserialization.
        Returns:
        the number of bytes consumed in deserialization.
        Throws:
        ParseException

      • serializeAuthenticatedFields

        public byte[] serializeAuthenticatedFields()
        Serialize the header fields into a byte array. Note this method does not serialize the header nonce and tag.
        Returns:
        the serialized bytes of the header fields not including the header nonce and tag.

      • toByteArray

        public byte[] toByteArray()
        Serialize the header fields into a byte array. This method serializes all the header fields including the header nonce and tag.
        Returns:
        the serialized bytes of the entire header.

      • getVersion

        public byte getVersion()
        Return the version set in the header.
        Returns:
        the byte value representing the version.

      • getType

        public CiphertextType getType()
        Return the type set in the header.
        Returns:
        the CiphertextType enum value representing the type set in the header.

      • getCryptoAlgoId

        public CryptoAlgorithm getCryptoAlgoId()
        Return the crypto algorithm identifier set in the header.
        Returns:
        the CryptoAlgorithm enum value representing the identifier set in the header.

      • getEncryptionContextLen

        public int getEncryptionContextLen()
        Return the length of the encryption context set in the header.
        Returns:
        the length of the encryption context set in the header.

      • getEncryptionContext

        public byte[] getEncryptionContext()
        Return the encryption context set in the header.
        Returns:
        the bytes containing encryption context set in the header.

      • getEncryptionContextMap

        public Map<String,​String> getEncryptionContextMap()

      • getEncryptedKeyBlobCount

        public int getEncryptedKeyBlobCount()
        Return the count of the encrypted key blobs set in the header.
        Returns:
        the count of the encrypted key blobs set in the header.

      • getEncryptedKeyBlobs

        public List<KeyBlob> getEncryptedKeyBlobs()
        Return the encrypted key blobs set in the header.
        Returns:
        the KeyBlob objects representing the key blobs set in the header.

      • getContentType

        public ContentType getContentType()
        Return the content type set in the header.
        Returns:
        the ContentType enum value representing the content type set in the header.

      • getMessageId

        public byte[] getMessageId()
        Return the message identifier set in the header.
        Returns:
        the bytes containing the message identifier set in the header.

      • getNonceLength

        public short getNonceLength()
        Return the length of the nonce set in the header.
        Returns:
        the length of the nonce set in the header.

      • getFrameLength

        public int getFrameLength()
        Return the length of the frame set in the header.
        Returns:
        the length of the frame set in the header.

      • getHeaderNonce

        public byte[] getHeaderNonce()
        Return the header nonce set in the header.
        Returns:
        the bytes containing the header nonce set in the header.

      • getHeaderTag

        public byte[] getHeaderTag()
        Return the header tag set in the header.
        Returns:
        the header tag set in the header.

      • setHeaderNonce

        public void setHeaderNonce​(byte[] headerNonce)
        Set the header nonce to use for authenticating the header data.
        Parameters:
        headerNonce - the header nonce to use.

      • setHeaderTag

        public void setHeaderTag​(byte[] headerTag)
        Set the header tag to use for authenticating the header data.
        Parameters:
        headerTag - the header tag to use.