public class ECDHDecrypter extends Object implements JWEDecrypter, CriticalHeaderParamsAware
JWE objects
for curves using EC JWK keys.
Expects a private EC key (with a P-256, P-384 or P-521 curve).
See RFC 7518 section 4.6 for more information.
For Curve25519/X25519, see X25519Decrypter
instead.
This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.ECDH_ES
JWEAlgorithm.ECDH_ES_A128KW
JWEAlgorithm.ECDH_ES_A192KW
JWEAlgorithm.ECDH_ES_A256KW
Supports the following elliptic curves:
Supports the following content encryption algorithms:
Modifier and Type | Field and Description |
---|---|
static Set<JWEAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the ECDH crypto provider class.
|
static Set<Curve> |
SUPPORTED_ELLIPTIC_CURVES
The supported EC JWK curves by the ECDH crypto provider class.
|
static Set<EncryptionMethod> |
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the ECDH crypto provider class.
|
Constructor and Description |
---|
ECDHDecrypter(ECKey ecJWK)
Creates a new Elliptic Curve Diffie-Hellman decrypter.
|
ECDHDecrypter(ECPrivateKey privateKey)
Creates a new Elliptic Curve Diffie-Hellman decrypter.
|
ECDHDecrypter(ECPrivateKey privateKey,
Set<String> defCritHeaders)
Creates a new Elliptic Curve Diffie-Hellman decrypter.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(JWEHeader header,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the specified cipher text of a
JWE Object . |
protected byte[] |
decryptWithZ(JWEHeader header,
SecretKey Z,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the encrypted JWE parts using the specified shared secret ("Z").
|
protected JWECryptoParts |
encryptWithZ(JWEHeader header,
SecretKey Z,
byte[] clearText)
Encrypts the specified plaintext using the specified shared secret ("Z").
|
protected com.nimbusds.jose.crypto.ConcatKDF |
getConcatKDF()
Returns the Concatenation Key Derivation Function (KDF).
|
Curve |
getCurve()
Returns the elliptic curve of the key (JWK designation).
|
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
JWEJCAContext |
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
|
ECPrivateKey |
getPrivateKey()
Returns the private EC key.
|
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
Set<Curve> |
supportedEllipticCurves()
Returns the names of the supported elliptic curves.
|
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE
provier.
|
Set<JWEAlgorithm> |
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider
instance.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedEncryptionMethods, supportedJWEAlgorithms
getJCAContext
public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
public ECDHDecrypter(ECPrivateKey privateKey) throws JOSEException
privateKey
- The private EC key. Must not be null
.JOSEException
- If the elliptic curve is not supported.public ECDHDecrypter(ECKey ecJWK) throws JOSEException
ecJWK
- The EC JSON Web Key (JWK). Must contain a private
part. Must not be null
.JOSEException
- If the elliptic curve is not supported.public ECDHDecrypter(ECPrivateKey privateKey, Set<String> defCritHeaders) throws JOSEException
privateKey
- The private EC key. Must not be null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.JOSEException
- If the elliptic curve is not supported.public ECPrivateKey getPrivateKey()
public Set<Curve> supportedEllipticCurves()
crv
EC JWK parameter.public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JWEDecrypter
JWE Object
.decrypt
in interface JWEDecrypter
header
- The JSON Web Encryption (JWE) header. Must
specify a supported JWE algorithm and method.
Must not be null
.encryptedKey
- The encrypted key, null
if not required
by the JWE algorithm.iv
- The initialisation vector, null
if not
required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not be
null
.authTag
- The authentication tag, null
if not
required.JOSEException
- If the JWE algorithm or method is not
supported, if a critical header parameter is
not supported or marked for deferral to the
application, or if decryption failed for some
other reason.protected com.nimbusds.jose.crypto.ConcatKDF getConcatKDF()
public Curve getCurve()
protected JWECryptoParts encryptWithZ(JWEHeader header, SecretKey Z, byte[] clearText) throws JOSEException
JOSEException
protected byte[] decryptWithZ(JWEHeader header, SecretKey Z, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JOSEException
public Set<JWEAlgorithm> supportedJWEAlgorithms()
JWEProvider
alg
JWE header parameter.supportedJWEAlgorithms
in interface JWEProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEProvider
public JWEJCAContext getJCAContext()
JCAAware
getJCAContext
in interface JCAAware<JWEJCAContext>
null
.Copyright © 2018 Connect2id Ltd.. All rights reserved.