Package com.nimbusds.jose.crypto.impl

Class ContentCryptoProvider

java.lang.Object
com.nimbusds.jose.crypto.impl.ContentCryptoProvider
public class ContentCryptoProvider extends Object
JWE content encryption / decryption provider.
Version:
2023-03-21
Author:
Vladimir Dzhuvinov

  • Field Details

  • Constructor Details

  • Method Details

    • generateCEK

      public static SecretKey generateCEK(EncryptionMethod enc, SecureRandom randomGen) throws JOSEException
      Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.
      Parameters:
      enc - The encryption method. Must not be null.
      randomGen - The secure random generator to use. Must not be null.
      Returns:
      The generated CEK (with algorithm "AES").
      Throws:
      JOSEException - If the encryption method is not supported.

    • encrypt

      public static JWECryptoParts encrypt(JWEHeader header, byte[] clearText, SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider) throws JOSEException
      Encrypts the specified clear text (content).
      Parameters:
      header - The final JWE header. Must not be null.
      clearText - The clear text to encrypt and optionally compress. Must not be null.
      cek - The Content Encryption Key (CEK). Must not be null.
      encryptedKey - The encrypted CEK, null if not required.
      jcaProvider - The JWE JCA provider specification. Must not be null.
      Returns:
      The JWE crypto parts.
      Throws:
      JOSEException - If encryption failed.

    • encrypt

      public static JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad, SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider) throws JOSEException
      Encrypts the specified clear text (content).
      Parameters:
      header - The final JWE header. Must not be null.
      clearText - The clear text to encrypt and optionally compress. Must not be null.
      aad - The Additional Authenticated Data (AAD), if null the JWE header becomes the AAD.
      cek - The Content Encryption Key (CEK). Must not be null.
      encryptedKey - The encrypted CEK, null if not required.
      jcaProvider - The JWE JCA provider specification. Must not be null.
      Returns:
      The JWE crypto parts.
      Throws:
      JOSEException - If encryption failed.

    • decrypt

      public static byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, SecretKey cek, JWEJCAContext jcaProvider) throws JOSEException
      Decrypts the specified cipher text.
      Parameters:
      header - The JWE header. Must not be null.
      encryptedKey - The encrypted key, null if not specified.
      iv - The initialisation vector (IV). Must not be null.
      cipherText - The cipher text. Must not be null.
      authTag - The authentication tag. Must not be null.
      cek - The Content Encryption Key (CEK). Must not be null.
      jcaProvider - The JWE JCA provider specification. Must not be null.
      Returns:
      The clear text.
      Throws:
      JOSEException - If decryption failed.

    • decrypt

      public static byte[] decrypt(JWEHeader header, byte[] aad, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, SecretKey cek, JWEJCAContext jcaProvider) throws JOSEException
      Decrypts the specified cipher text.
      Parameters:
      header - The JWE header. Must not be null.
      aad - The Additional Authenticated Data (AAD), if null the JWE header becomes the AAD.
      encryptedKey - The encrypted key, null if not specified.
      iv - The initialisation vector (IV). Must not be null.
      cipherText - The cipher text. Must not be null.
      authTag - The authentication tag. Must not be null.
      cek - The Content Encryption Key (CEK). Must not be null.
      jcaProvider - The JWE JCA provider specification. Must not be null.
      Returns:
      The clear text.
      Throws:
      JOSEException - If decryption failed.