Package com.nimbusds.jose.crypto.impl

Class LegacyConcatKDF

java.lang.Object
com.nimbusds.jose.crypto.impl.LegacyConcatKDF
public class LegacyConcatKDF extends Object
Legacy implementation of a Concatenation Key Derivation Function (KDF) for use by the deprecated A128CBC+HS256 and A256CBC+HS512 encryption methods. Provides static methods for deriving the Content Encryption Key (CEK) and the Content Integrity Key (CIK) from a Content Master Key (CMKs).

See draft-ietf-jose-json-web-encryption-08, appendices A.4 and A.5.

See NIST.800-56A.

Version:
2018-01-04
Author:
Vladimir Dzhuvinov

  • Method Details

    • generateCEK

      public static SecretKey generateCEK(SecretKey key, EncryptionMethod enc, byte[] epu, byte[] epv) throws JOSEException
      Generates a Content Encryption Key (CEK) from the specified Content Master Key (CMK) and JOSE encryption method.
      Parameters:
      key - The Content Master Key (CMK). Must not be null.
      enc - The JOSE encryption method. Must not be null.
      epu - The value of the encryption PartyUInfo header parameter, null if not specified.
      epv - The value of the encryption PartyVInfo header parameter, null if not specified.
      Returns:
      The generated AES CEK.
      Throws:
      JOSEException - If CEK generation failed.

    • generateCIK

      public static SecretKey generateCIK(SecretKey key, EncryptionMethod enc, byte[] epu, byte[] epv) throws JOSEException
      Generates a Content Integrity Key (CIK) from the specified Content Master Key (CMK) and JOSE encryption method.
      Parameters:
      key - The Content Master Key (CMK). Must not be null.
      enc - The JOSE encryption method. Must not be null.
      epu - The value of the encryption PartyUInfo header parameter, null if not specified.
      epv - The value of the encryption PartyVInfo header parameter, null if not specified.
      Returns:
      The generated HMAC SHA CIK.
      Throws:
      JOSEException - If CIK generation failed.