@ThreadSafe public class AESEncrypter extends Object implements JWEEncrypter
JWE
objects
. Expects an AES key.
Encrypts the plain text with a generated AES key (the Content Encryption Key) according to the specified JOSE encryption method, then wraps the CEK with the specified AES key and returns it alongside the IV, cipher text and authentication tag. See RFC 7518, sections 4.4 and 4.7 for more information.
This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.A128KW
JWEAlgorithm.A192KW
JWEAlgorithm.A256KW
JWEAlgorithm.A128GCMKW
JWEAlgorithm.A192GCMKW
JWEAlgorithm.A256GCMKW
Supports the following content encryption algorithms:
Modifier and Type | Field and Description |
---|---|
static Map<Integer,Set<JWEAlgorithm>> |
COMPATIBLE_ALGORITHMS
The JWE algorithms compatible with each key size in bits.
|
static Set<JWEAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the AES crypto provider class.
|
static Set<EncryptionMethod> |
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the AES crypto provider class.
|
Constructor and Description |
---|
AESEncrypter(byte[] keyBytes)
Creates a new AES encrypter.
|
AESEncrypter(OctetSequenceKey octJWK)
Creates a new AES encrypter.
|
AESEncrypter(SecretKey kek)
Creates a new AES encrypter.
|
Modifier and Type | Method and Description |
---|---|
JWECryptoParts |
encrypt(JWEHeader header,
byte[] clearText)
Encrypts the specified clear text of a
JWE object . |
JWEJCAContext |
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
|
SecretKey |
getKey()
Gets the Key Encryption Key (KEK).
|
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE
provier.
|
Set<JWEAlgorithm> |
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider
instance.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedEncryptionMethods, supportedJWEAlgorithms
getJCAContext
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
public static final Map<Integer,Set<JWEAlgorithm>> COMPATIBLE_ALGORITHMS
public AESEncrypter(SecretKey kek) throws KeyLengthException
kek
- The Key Encryption Key. Must be 128 bits (16 bytes), 192
bits (24 bytes) or 256 bits (32 bytes). Must not be
null
.KeyLengthException
- If the KEK length is invalid.public AESEncrypter(byte[] keyBytes) throws KeyLengthException
keyBytes
- The Key Encryption Key, as a byte array. Must be 128
bits (16 bytes), 192 bits (24 bytes) or 256 bits (32
bytes). Must not be null
.KeyLengthException
- If the KEK length is invalid.public AESEncrypter(OctetSequenceKey octJWK) throws KeyLengthException
octJWK
- The Key Encryption Key, as a JWK. Must be 128 bits (16
bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384
bits (48 bytes) or 512 bits (64 bytes) long. Must not
be null
.KeyLengthException
- If the KEK length is invalid.public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
JWEEncrypter
JWE object
.encrypt
in interface JWEEncrypter
header
- The JSON Web Encryption (JWE) header. Must specify
a supported JWE algorithm and method. Must not be
null
.clearText
- The clear text to encrypt. Must not be null
.JOSEException
- If the JWE algorithm or method is not
supported or if encryption failed for some
other internal reason.public SecretKey getKey()
public Set<JWEAlgorithm> supportedJWEAlgorithms()
JWEProvider
alg
JWE header parameter.supportedJWEAlgorithms
in interface JWEProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEProvider
public JWEJCAContext getJCAContext()
JCAAware
getJCAContext
in interface JCAAware<JWEJCAContext>
null
.Copyright © 2017 Connect2id Ltd.. All rights reserved.