Package com.nimbusds.jose.crypto

Class ECDHEncrypter

java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWEProvider
com.nimbusds.jose.crypto.impl.ECDHCryptoProvider
com.nimbusds.jose.crypto.ECDHEncrypter
All Implemented Interfaces:
JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider
@ThreadSafe public class ECDHEncrypter extends ECDHCryptoProvider implements JWEEncrypter
Elliptic Curve Diffie-Hellman encrypter of JWE objects for curves using EC JWK keys. Expects a public EC key (with a P-256, P-384 or P-521 curve).

See RFC 7518 section 4.6 for more information.

For Curve25519/X25519, see X25519Encrypter instead.

This class is thread-safe.

Supports the following key management algorithms:

Supports the following elliptic curves:

Supports the following content encryption algorithms:

Version:
2023-05-17
Author:
Tim McLean, Vladimir Dzhuvinov, Fernando González Callejas, Egor Puzanov

  • Field Details

  • Constructor Details

    • ECDHEncrypter

      public ECDHEncrypter(ECPublicKey publicKey) throws JOSEException
      Creates a new Elliptic Curve Diffie-Hellman encrypter.
      Parameters:
      publicKey - The public EC key. Must not be null.
      Throws:
      JOSEException - If the elliptic curve is not supported.

    • ECDHEncrypter

      public ECDHEncrypter(ECKey ecJWK) throws JOSEException
      Creates a new Elliptic Curve Diffie-Hellman encrypter.
      Parameters:
      ecJWK - The EC JSON Web Key (JWK). Must not be null.
      Throws:
      JOSEException - If the elliptic curve is not supported.

    • ECDHEncrypter

      public ECDHEncrypter(ECPublicKey publicKey, SecretKey contentEncryptionKey) throws JOSEException
      Creates a new Elliptic Curve Diffie-Hellman encrypter with an optionally specified content encryption key (CEK).
      Parameters:
      publicKey - The public EC key. Must not be null.
      contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.
      Throws:
      JOSEException - If the elliptic curve is not supported.

  • Method Details

    • getPublicKey

      public ECPublicKey getPublicKey()
      Returns the public EC key.
      Returns:
      The public EC key.

    • supportedEllipticCurves

      public Set<Curve> supportedEllipticCurves()
      Description copied from class: ECDHCryptoProvider
      Returns the names of the supported elliptic curves. These correspond to the crv EC JWK parameter.
      Specified by:
      supportedEllipticCurves in class ECDHCryptoProvider
      Returns:
      The supported elliptic curves.

    • encrypt

      @Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
      Deprecated.
      Encrypts the specified clear text of a JWE object.
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      clearText - The clear text to encrypt. Must not be null.
      Returns:
      The resulting JWE crypto parts.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

    • encrypt

      public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
      Description copied from interface: JWEEncrypter
      Encrypts the specified clear text of a JWE object.
      Specified by:
      encrypt in interface JWEEncrypter
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      clearText - The clear text to encrypt. Must not be null.
      aad - The additional authenticated data. Must not be null.
      Returns:
      The resulting JWE crypto parts.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.