Package com.nimbusds.jose.crypto.impl

Class ECDH

java.lang.Object
com.nimbusds.jose.crypto.impl.ECDH
public class ECDH extends Object
Elliptic Curve Diffie-Hellman key agreement functions and utilities.
Version:
2018-12-12
Author:
Vladimir Dzhuvinov

  • Method Details

    • resolveAlgorithmMode

      public static ECDH.AlgorithmMode resolveAlgorithmMode(JWEAlgorithm alg) throws JOSEException
      Resolves the ECDH algorithm mode.
      Parameters:
      alg - The JWE algorithm. Must be supported and not null.
      Returns:
      The algorithm mode.
      Throws:
      JOSEException - If the JWE algorithm is not supported.

    • sharedKeyLength

      public static int sharedKeyLength(JWEAlgorithm alg, EncryptionMethod enc) throws JOSEException
      Returns the bit length of the shared key (derived via concat KDF) for the specified JWE ECDH algorithm.
      Parameters:
      alg - The JWE ECDH algorithm. Must be supported and not null.
      enc - The encryption method. Must be supported} and not null.
      Returns:
      The bit length of the shared key.
      Throws:
      JOSEException - If the JWE algorithm or encryption method is not supported.

    • deriveSharedSecret

      public static SecretKey deriveSharedSecret(ECPublicKey publicKey, PrivateKey privateKey, Provider provider) throws JOSEException
      Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
      Parameters:
      publicKey - The public EC key, i.e. the consumer's public EC key on encryption, or the ephemeral public EC key on decryption. Must not be null.
      privateKey - The private EC Key, i.e. the ephemeral private EC key on encryption, or the consumer's private EC key on decryption. Must not be null.
      provider - The JCA provider for the ECDH key agreement, null to use the default.
      Returns:
      The derived shared secret ('Z'), with algorithm "AES".
      Throws:
      JOSEException - If derivation of the shared secret failed.

    • deriveSharedSecret

      public static SecretKey deriveSharedSecret(OctetKeyPair publicKey, OctetKeyPair privateKey) throws JOSEException
      Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
      Parameters:
      publicKey - The public OKP key, i.e. the consumer's public EC key on encryption, or the ephemeral public EC key on decryption. Must not be null.
      privateKey - The private OKP key, i.e. the ephemeral private EC key on encryption, or the consumer's private EC key on decryption. Must not be null.
      Returns:
      The derived shared secret ('Z'), with algorithm "AES".
      Throws:
      JOSEException - If derivation of the shared secret failed.

    • deriveSharedKey

      public static SecretKey deriveSharedKey(JWEHeader header, SecretKey Z, ConcatKDF concatKDF) throws JOSEException
      Derives a shared key (via concat KDF).
      Parameters:
      header - The JWE header. Its algorithm and encryption method must be supported. Must not be null.
      Z - The derived shared secret ('Z'). Must not be null.
      concatKDF - The concat KDF. Must be initialised and not null.
      Returns:
      The derived shared key.
      Throws:
      JOSEException - If derivation of the shared key failed.