Package com.nimbusds.jose.crypto

Class X25519Decrypter

java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWEProvider
com.nimbusds.jose.crypto.impl.ECDHCryptoProvider
com.nimbusds.jose.crypto.X25519Decrypter
All Implemented Interfaces:
CriticalHeaderParamsAware, JCAAware<JWEJCAContext>, JOSEProvider, JWEDecrypter, JWEProvider
public class X25519Decrypter extends ECDHCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware
Curve25519 Elliptic Curve Diffie-Hellman decrypter of JWE objects. Expects a private OctetKeyPair key with "crv" X25519.

See RFC 8037 for more information.

See also ECDHDecrypter for ECDH on other curves.

This class is thread-safe.

Supports the following key management algorithms:

Supports the following elliptic curve:

Supports the following content encryption algorithms:

Version:
2023-03-26
Author:
Tim McLean, Egor Puzanov

  • Constructor Details

    • X25519Decrypter

      public X25519Decrypter(OctetKeyPair privateKey) throws JOSEException
      Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
      Parameters:
      privateKey - The private key. Must not be null.
      Throws:
      JOSEException - If the key subtype is not supported.

    • X25519Decrypter

      public X25519Decrypter(OctetKeyPair privateKey, Set<String> defCritHeaders) throws JOSEException
      Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
      Parameters:
      privateKey - The private key. Must not be null.
      defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.
      Throws:
      JOSEException - If the key subtype is not supported.

  • Method Details

    • supportedEllipticCurves

      public Set<Curve> supportedEllipticCurves()
      Description copied from class: ECDHCryptoProvider
      Returns the names of the supported elliptic curves. These correspond to the crv EC JWK parameter.
      Specified by:
      supportedEllipticCurves in class ECDHCryptoProvider
      Returns:
      The supported elliptic curves.

    • getPrivateKey

      public OctetKeyPair getPrivateKey()
      Returns the private key.
      Returns:
      The private key.

    • getProcessedCriticalHeaderParams

      public Set<String> getProcessedCriticalHeaderParams()
      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.
      Specified by:
      getProcessedCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are understood and processed, empty set if none.

    • getDeferredCriticalHeaderParams

      public Set<String> getDeferredCriticalHeaderParams()
      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.
      Specified by:
      getDeferredCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are deferred to the application for processing, empty set if none.

    • decrypt

      @Deprecated public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
      Deprecated.
      Decrypts the specified cipher text of a JWE Object.
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      encryptedKey - The encrypted key, null if not required by the JWE algorithm.
      iv - The initialisation vector, null if not required by the JWE algorithm.
      cipherText - The cipher text to decrypt. Must not be null.
      authTag - The authentication tag, null if not required.
      Returns:
      The clear text.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.

    • decrypt

      public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, byte[] aad) throws JOSEException
      Description copied from interface: JWEDecrypter
      Decrypts the specified cipher text of a JWE Object.
      Specified by:
      decrypt in interface JWEDecrypter
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      encryptedKey - The encrypted key, null if not required by the JWE algorithm.
      iv - The initialisation vector, null if not required by the JWE algorithm.
      cipherText - The cipher text to decrypt. Must not be null.
      authTag - The authentication tag, null if not required.
      aad - The additional authenticated data. Must not be null.
      Returns:
      The clear text.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.