Package com.nimbusds.jose.crypto.impl
Class ECDH1PUCryptoProvider
java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWEProvider
com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
- All Implemented Interfaces:
JCAAware<JWEJCAContext>,JOSEProvider,JWEProvider
- Direct Known Subclasses:
ECDH1PUDecrypter,ECDH1PUEncrypter,ECDH1PUX25519Decrypter,ECDH1PUX25519Encrypter
The base abstract class for Elliptic Curve Diffie-Hellman One-Pass Unified
Model encrypters and decrypters of
JWE
objects.
Supports the following key management algorithms:
JWEAlgorithm.ECDH_1PUJWEAlgorithm.ECDH_1PU_A128KWJWEAlgorithm.ECDH_1PU_A192KWJWEAlgorithm.ECDH_1PU_A256KW
Supports the following elliptic curves:
Supports the following content encryption algorithms for Direct key agreement mode:
EncryptionMethod.A128CBC_HS256EncryptionMethod.A192CBC_HS384EncryptionMethod.A256CBC_HS512EncryptionMethod.A128GCMEncryptionMethod.A192GCMEncryptionMethod.A256GCMEncryptionMethod.A128CBC_HS256_DEPRECATEDEncryptionMethod.A256CBC_HS512_DEPRECATEDEncryptionMethod.XC20P
Supports the following content encryption algorithms for Key wrapping mode:
- Version:
- 2023-09-10
- Author:
- Alexander Martynov, Egor Puzanov
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Set<JWEAlgorithm>The supported JWE algorithms by the ECDH crypto provider class.static final Set<EncryptionMethod>The supported encryption methods by the ECDH crypto provider class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedECDH1PUCryptoProvider(Curve curve, SecretKey cek) Creates a new Elliptic Curve Diffie-Hellman One-Pass Unified Model encryption / decryption provider. -
Method Summary
Modifier and TypeMethodDescriptionprotected byte[]decryptWithZ(JWEHeader header, byte[] aad, SecretKey Z, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) Decrypts the encrypted JWE parts using the specified shared secret ("Z").protected JWECryptoPartsencryptWithZ(JWEHeader header, SecretKey Z, byte[] clearText, byte[] aad) Encrypts the specified plaintext using the specified shared secret ("Z").protected ConcatKDFReturns the Concatenation Key Derivation Function (KDF).getCurve()Returns the elliptic curve of the key (JWK designation).Returns the names of the supported elliptic curves.Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider
getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms
-
Field Details
-
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the ECDH crypto provider class. -
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the ECDH crypto provider class.
-
-
Constructor Details
-
ECDH1PUCryptoProvider
Creates a new Elliptic Curve Diffie-Hellman One-Pass Unified Model encryption / decryption provider.- Parameters:
curve- The elliptic curve. Must be supported and notnull.cek- The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). Ifnulla CEK will be generated for each JWE.- Throws:
JOSEException- If the elliptic curve is not supported.
-
-
Method Details
-
getConcatKDF
Returns the Concatenation Key Derivation Function (KDF).- Returns:
- The concat KDF.
-
supportedEllipticCurves
Returns the names of the supported elliptic curves. These correspond to thecrvJWK parameter.- Returns:
- The supported elliptic curves.
-
getCurve
Returns the elliptic curve of the key (JWK designation).- Returns:
- The elliptic curve.
-
encryptWithZ
protected JWECryptoParts encryptWithZ(JWEHeader header, SecretKey Z, byte[] clearText, byte[] aad) throws JOSEException Encrypts the specified plaintext using the specified shared secret ("Z").- Throws:
JOSEException
-
decryptWithZ
protected byte[] decryptWithZ(JWEHeader header, byte[] aad, SecretKey Z, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException Decrypts the encrypted JWE parts using the specified shared secret ("Z").- Throws:
JOSEException
-