com.nimbusds.jose.crypto.impl

Class AESGCM

java.lang.Object

com.nimbusds.jose.crypto.impl.AESGCM

@ThreadSafe
public class AESGCM
extends Object

AES/GSM/NoPadding encryption and decryption methods. Falls back to the BouncyCastle.org provider on Java 6. This class is thread-safe.

See RFC 7518 (JWA), section 5.1 and appendix 3.

Version:

2018-01-11

Author:

Vladimir Dzhuvinov, Axel Nennker, Dimitar A. Stoikov

Field Summary

Fields

Modifier and Type	Field and Description
static int	AUTH_TAG_BIT_LENGTH The standard authentication tag length (128 bits).
static int	IV_BIT_LENGTH The standard Initialisation Vector (IV) length (96 bits).

Method Summary

Modifier and Type	Method and Description
static byte[]	decrypt(SecretKey secretKey, byte[] iv, byte[] cipherText, byte[] authData, byte[] authTag, Provider provider) Decrypts the specified cipher text using AES/GCM/NoPadding.
static AuthenticatedCipherText	encrypt(SecretKey secretKey, Container<byte[]> ivContainer, byte[] plainText, byte[] authData, Provider provider) Encrypts the specified plain text using AES/GCM/NoPadding.
static byte[]	generateIV(SecureRandom randomGen) Generates a random 96 bit (12 byte) Initialisation Vector(IV) for use in AES-GCM encryption.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

IV_BIT_LENGTH

public static final int IV_BIT_LENGTH

The standard Initialisation Vector (IV) length (96 bits).

See Also:

Constant Field Values

AUTH_TAG_BIT_LENGTH

public static final int AUTH_TAG_BIT_LENGTH

The standard authentication tag length (128 bits).

See Also:

Constant Field Values

Method Detail

generateIV

public static byte[] generateIV(SecureRandom randomGen)

Generates a random 96 bit (12 byte) Initialisation Vector(IV) for use in AES-GCM encryption.

See RFC 7518 (JWA), section 5.3.

Parameters:

randomGen - The secure random generator to use. Must be correctly initialised and not null.

Returns:

The random 96 bit IV, as 12 byte array.

encrypt

public static AuthenticatedCipherText encrypt(SecretKey secretKey,
                                              Container<byte[]> ivContainer,
                                              byte[] plainText,
                                              byte[] authData,
                                              Provider provider)
                                       throws JOSEException

Encrypts the specified plain text using AES/GCM/NoPadding.

Parameters:

secretKey - The AES key. Must not be null.

plainText - The plain text. Must not be null.

ivContainer - The initialisation vector (IV). Must not be null. This is both input and output parameter. On input, it carries externally generated IV; on output, it carries the IV the cipher actually used. JCA/JCE providers may prefer to use an internally generated IV, e.g. as described in NIST Special Publication 800-38D .

authData - The authenticated data. Must not be null.

Returns:

The authenticated cipher text.

Throws:

JOSEException - If encryption failed.

decrypt

public static byte[] decrypt(SecretKey secretKey,
                             byte[] iv,
                             byte[] cipherText,
                             byte[] authData,
                             byte[] authTag,
                             Provider provider)
                      throws JOSEException

Decrypts the specified cipher text using AES/GCM/NoPadding.

Parameters:

secretKey - The AES key. Must not be null.

iv - The initialisation vector (IV). Must not be null.

cipherText - The cipher text. Must not be null.

authData - The authenticated data. Must not be null.

authTag - The authentication tag. Must not be null.

Returns:

The decrypted plain text.

Throws:

JOSEException - If decryption failed.