Package com.amazonaws.encryptionsdk.model

Class CiphertextHeaders

  • Direct Known Subclasses:
    ParsedCiphertext
    public class CiphertextHeaders
extends Object
    This class implements the headers for the message (ciphertext) produced by this library. These headers are parsed and used when the ciphertext is decrypted.

    See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html for a detailed description of the fields that make up the encrypted message header.

    It is important to note that all but the last two header fields are checked for their integrity during decryption using AES-GCM with the nonce and MAC tag values supplied in the last two fields of the header.

    • Field Detail

      • NO_MAX_ENCRYPTED_DATA_KEYS

        public static final int NO_MAX_ENCRYPTED_DATA_KEYS
        When passed as maxEncryptedDataKeys, indicates that no maximum should be enforced (i.e., any number of EDKs are allowed).
        See Also:
        Constant Field Values

    • Constructor Detail

      • CiphertextHeaders

        public CiphertextHeaders()
        Default constructor.

      • CiphertextHeaders

        @Deprecated
public CiphertextHeaders​(byte version,
                         CiphertextType type,
                         CryptoAlgorithm cryptoAlgo,
                         byte[] encryptionContext,
                         List<KeyBlob> keyBlobs,
                         ContentType contentType,
                         int frameSize)
        Deprecated.
        CiphertextHeaders(CiphertextType, CryptoAlgorithm, byte[], List, ContentType, int)
        Construct the ciphertext headers using the provided values.
        Parameters:
        version - the version to set in the header.
        type - the type to set in the header.
        cryptoAlgo - the CryptoAlgorithm enum to encode in the header.
        encryptionContext - the bytes containing the encryption context to set in the header.
        keyBlobs - list of keyBlobs containing the key provider id, key provider info, and encrypted data key to encode in the header.
        contentType - the content type to set in the header.
        frameSize - the frame payload size to set in the header.

      • CiphertextHeaders

        public CiphertextHeaders​(CiphertextType type,
                         CryptoAlgorithm cryptoAlgo,
                         byte[] encryptionContext,
                         List<KeyBlob> keyBlobs,
                         ContentType contentType,
                         int frameSize)
        Construct the ciphertext headers using the provided values.
        Parameters:
        type - the type to set in the header.
        cryptoAlgo - the CryptoAlgorithm enum to encode in the header.
        encryptionContext - the bytes containing the encryption context to set in the header.
        keyBlobs - list of keyBlobs containing the key provider id, key provider info, and encrypted data key to encode in the header.
        contentType - the content type to set in the header.
        frameSize - the frame payload size to set in the header.

    • Method Detail

      • isComplete

        public Boolean isComplete()
        Check if this object has all the header fields populated and available for reading.
        Returns:
        true if this object containing the single block header fields is complete; false otherwise.

      • deserialize

        public int deserialize​(byte[] b,
                       int off,
                       int maxEncryptedDataKeys)
                throws ParseException
        Deserialize the provided bytes starting at the specified offset to construct an instance of this class.

        This method parses the provided bytes for the individual fields in this class. This methods also supports partial parsing where not all the bytes required for parsing the fields successfully are available.

        Parameters:
        b - the byte array to deserialize.
        off - the offset in the byte array to use for deserialization.
        maxEncryptedDataKeys - the maximum number of EDKs to deserialize; zero indicates no maximum
        Returns:
        the number of bytes consumed in deserialization.
        Throws:
        ParseException

      • serializeAuthenticatedFields

        public byte[] serializeAuthenticatedFields()
        Serialize the header fields into a byte array. Note this method does not serialize the header nonce and tag.
        Returns:
        the serialized bytes of the header fields not including the header nonce and tag.

      • toByteArray

        public byte[] toByteArray()
        Serialize the header fields into a byte array. This method serializes all the header fields including the header nonce and tag.
        Returns:
        the serialized bytes of the entire header.

      • getVersion

        public byte getVersion()
        Return the version set in the header.
        Returns:
        the byte value representing the version.

      • getType

        public CiphertextType getType()
        Return the type set in the header.
        Returns:
        the CiphertextType enum value representing the type set in the header.

      • getCryptoAlgoId

        public CryptoAlgorithm getCryptoAlgoId()
        Return the crypto algorithm identifier set in the header.
        Returns:
        the CryptoAlgorithm enum value representing the identifier set in the header.

      • getEncryptionContextLen

        public int getEncryptionContextLen()
        Return the length of the encryption context set in the header.
        Returns:
        the length of the encryption context set in the header.

      • getEncryptionContext

        public byte[] getEncryptionContext()
        Return the encryption context set in the header.
        Returns:
        the bytes containing encryption context set in the header.

      • getEncryptionContextMap

        public Map<String,​String> getEncryptionContextMap()

      • getEncryptedKeyBlobCount

        public int getEncryptedKeyBlobCount()
        Return the count of the encrypted key blobs set in the header.
        Returns:
        the count of the encrypted key blobs set in the header.

      • getEncryptedKeyBlobs

        public List<KeyBlob> getEncryptedKeyBlobs()
        Return the encrypted key blobs set in the header.
        Returns:
        the KeyBlob objects representing the key blobs set in the header.

      • getContentType

        public ContentType getContentType()
        Return the content type set in the header.
        Returns:
        the ContentType enum value representing the content type set in the header.

      • getMessageId

        public byte[] getMessageId()
        Return the message identifier set in the header.
        Returns:
        the bytes containing the message identifier set in the header.

      • getNonceLength

        public short getNonceLength()
        Return the length of the nonce set in the header.
        Returns:
        the length of the nonce set in the header.

      • getFrameLength

        public int getFrameLength()
        Return the length of the frame set in the header.
        Returns:
        the length of the frame set in the header.

      • getHeaderNonce

        public byte[] getHeaderNonce()
        Return the header nonce set in the header.
        Returns:
        the bytes containing the header nonce set in the header.

      • getHeaderTag

        public byte[] getHeaderTag()
        Return the header tag set in the header.
        Returns:
        the header tag set in the header.

      • setHeaderNonce

        public void setHeaderNonce​(byte[] headerNonce)
        Set the header nonce to use for authenticating the header data.
        Parameters:
        headerNonce - the header nonce to use.

      • setHeaderTag

        public void setHeaderTag​(byte[] headerTag)
        Set the header tag to use for authenticating the header data.
        Parameters:
        headerTag - the header tag to use.

      • getSuiteData

        public byte[] getSuiteData()
        Return suite specific data.
        Returns:
        suiteData

      • setSuiteData

        public void setSuiteData​(byte[] suiteData)
        Sets suite specific data
        Parameters:
        suiteData -