Package com.nimbusds.jose.crypto.impl
Class RSA_OAEP_SHA2
java.lang.Object
com.nimbusds.jose.crypto.impl.RSA_OAEP_SHA2
RSAES OAEP with SHA-256, SHA-384 and SHA-512 methods for Content Encryption
Key (CEK) encryption and decryption. This class is thread-safe.
- Version:
- 2024-09-10
- Author:
- Vladimir Dzhuvinov, Justin Richer, Peter Laurina, Pankaj Yadav
-
Method Summary
Modifier and TypeMethodDescriptionstatic SecretKeydecryptCEK(PrivateKey priv, byte[] encryptedCEK, int shaBitSize, Provider provider) Decrypts the specified encrypted Content Encryption Key (CEK).static byte[]encryptCEK(RSAPublicKey pub, SecretKey cek, int shaBitSize, Provider provider) Encrypts the specified Content Encryption Key (CEK).
-
Method Details
-
encryptCEK
public static byte[] encryptCEK(RSAPublicKey pub, SecretKey cek, int shaBitSize, Provider provider) throws JOSEException Encrypts the specified Content Encryption Key (CEK).- Parameters:
pub- The public RSA key. Must not benull.cek- The Content Encryption Key (CEK) to encrypt. Must not benull.shaBitSize- The SHA-2 bit size. Must be 256, 384 or 512.provider- The JCA provider,nullto use the default.- Returns:
- The encrypted Content Encryption Key (CEK).
- Throws:
JOSEException- If encryption failed.
-
decryptCEK
public static SecretKey decryptCEK(PrivateKey priv, byte[] encryptedCEK, int shaBitSize, Provider provider) throws JOSEException Decrypts the specified encrypted Content Encryption Key (CEK).- Parameters:
priv- The private RSA key. Must not benull.encryptedCEK- The encrypted Content Encryption Key (CEK) to decrypt. Must not benull.shaBitSize- The SHA-2 bit size. Must be 256 or 512.provider- The JCA provider,nullto use the default.- Returns:
- The decrypted Content Encryption Key (CEK).
- Throws:
JOSEException- If decryption failed.
-