Package com.amazonaws.encryptionsdk.internal

Class JceKeyCipher

java.lang.Object

com.amazonaws.encryptionsdk.internal.JceKeyCipher

public abstract class JceKeyCipher
extends Object

Abstract class for encrypting and decrypting JCE data keys.

Method Summary

Modifier and Type	Method	Description
static JceKeyCipher	aesGcm(SecretKey secretKey)	Returns a new instance of a JceKeyCipher based on the Advanced Encryption Standard in Galois/Counter Mode.
byte[]	decryptKey(EncryptedDataKey edk, String keyName, Map<String,String> encryptionContext)	Decrypts the given encrypted data key.
EncryptedDataKey	encryptKey(byte[] key, String keyName, String keyNamespace, Map<String,String> encryptionContext)	Encrypts the given key, incorporating the given keyName and encryptionContext.
static JceKeyCipher	rsa(PublicKey wrappingKey, PrivateKey unwrappingKey, String transformation)	Returns a new instance of a JceKeyCipher based on RSA.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

aesGcm

public static JceKeyCipher aesGcm(SecretKey secretKey)

Returns a new instance of a JceKeyCipher based on the Advanced Encryption Standard in Galois/Counter Mode.

Parameters:

secretKey - The secret key to use for encrypt/decrypt operations.

Returns:

The JceKeyCipher.

rsa

public static JceKeyCipher rsa(PublicKey wrappingKey,
                               PrivateKey unwrappingKey,
                               String transformation)

Returns a new instance of a JceKeyCipher based on RSA.

Parameters:

wrappingKey - The public key to use for encrypting the key.

unwrappingKey - The private key to use for decrypting the key.

transformation - The transformation.

Returns:

The JceKeyCipher.

encryptKey

public EncryptedDataKey encryptKey(byte[] key,
                                   String keyName,
                                   String keyNamespace,
                                   Map<String,String> encryptionContext)

Encrypts the given key, incorporating the given keyName and encryptionContext.

Parameters:

key - The key to encrypt.

keyName - A UTF-8 encoded representing a name for the key.

keyNamespace - A UTF-8 encoded value that namespaces the key.

encryptionContext - A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used during encryption and decryption to provide additional authenticated data (AAD).

Returns:

The encrypted data key.

decryptKey

public byte[] decryptKey(EncryptedDataKey edk,
                         String keyName,
                         Map<String,String> encryptionContext)
                  throws GeneralSecurityException

Decrypts the given encrypted data key.

Parameters:

edk - The encrypted data key.

keyName - A UTF-8 encoded String representing a name for the key.

encryptionContext - A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings used during encryption and decryption to provide additional authenticated data (AAD).

Returns:

The decrypted key.

Throws:

GeneralSecurityException - If a problem occurred decrypting the key.