@ThreadSafe public class ECDH1PUX25519Decrypter extends ECDH1PUCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware
JWE objects
for curves using an OKP JWK.
Expects a private OctetKeyPair
key with "crv"
X25519.
See RFC 8037 for more information.
See also ECDH1PUDecrypter
for ECDH on other curves.
Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.
This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.ECDH_1PU
JWEAlgorithm.ECDH_1PU_A128KW
JWEAlgorithm.ECDH_1PU_A192KW
JWEAlgorithm.ECDH_1PU_A256KW
Supports the following elliptic curves:
Supports the following content encryption algorithms for Direct key agreement mode:
EncryptionMethod.A128CBC_HS256
EncryptionMethod.A192CBC_HS384
EncryptionMethod.A256CBC_HS512
EncryptionMethod.A128GCM
EncryptionMethod.A192GCM
EncryptionMethod.A256GCM
EncryptionMethod.A128CBC_HS256_DEPRECATED
EncryptionMethod.A256CBC_HS512_DEPRECATED
EncryptionMethod.XC20P
Supports the following content encryption algorithms for Key wrapping mode:
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
Constructor and Description |
---|
ECDH1PUX25519Decrypter(OctetKeyPair privateKey,
OctetKeyPair publicKey)
Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
|
ECDH1PUX25519Decrypter(OctetKeyPair privateKey,
OctetKeyPair publicKey,
Set<String> defCritHeaders)
Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(JWEHeader header,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the specified cipher text of a
JWE Object . |
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
JWEJCAContext |
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
|
OctetKeyPair |
getPrivateKey()
Returns the private key.
|
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
OctetKeyPair |
getPublicKey()
Returns the public key.
|
Set<Curve> |
supportedEllipticCurves()
Returns the names of the supported elliptic curves.
|
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE
provier.
|
Set<JWEAlgorithm> |
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider
instance.
|
decryptWithZ, encryptWithZ, getConcatKDF, getCurve
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedEncryptionMethods, supportedJWEAlgorithms
getJCAContext
public ECDH1PUX25519Decrypter(OctetKeyPair privateKey, OctetKeyPair publicKey) throws JOSEException
privateKey
- The private key. Must not be null
.publicKey
- The private key. Must not be null
.JOSEException
- If the key subtype is not supported.public ECDH1PUX25519Decrypter(OctetKeyPair privateKey, OctetKeyPair publicKey, Set<String> defCritHeaders) throws JOSEException
privateKey
- The private key. Must not be null
.publicKey
- The private key. Must not be null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.JOSEException
- If the key subtype is not supported.public Set<Curve> supportedEllipticCurves()
ECDH1PUCryptoProvider
crv
JWK parameter.supportedEllipticCurves
in class ECDH1PUCryptoProvider
public OctetKeyPair getPrivateKey()
public OctetKeyPair getPublicKey()
public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JWEDecrypter
JWE Object
.decrypt
in interface JWEDecrypter
header
- The JSON Web Encryption (JWE) header. Must
specify a supported JWE algorithm and method.
Must not be null
.encryptedKey
- The encrypted key, null
if not required
by the JWE algorithm.iv
- The initialisation vector, null
if not
required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not be
null
.authTag
- The authentication tag, null
if not
required.JOSEException
- If the JWE algorithm or method is not
supported, if a critical header parameter is
not supported or marked for deferral to the
application, or if decryption failed for some
other reason.public Set<JWEAlgorithm> supportedJWEAlgorithms()
JWEProvider
alg
JWE header parameter.supportedJWEAlgorithms
in interface JWEProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEProvider
public JWEJCAContext getJCAContext()
JCAAware
getJCAContext
in interface JCAAware<JWEJCAContext>
null
.Copyright © 2021 Connect2id Ltd.. All rights reserved.