Package com.nimbusds.jose.crypto

Class RSAEncrypter

java.lang.Object

com.nimbusds.jose.crypto.impl.RSACryptoProvider

com.nimbusds.jose.crypto.RSAEncrypter

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider

@ThreadSafe
public class RSAEncrypter
extends RSACryptoProvider
implements JWEEncrypter

RSA encrypter of JWE objects. Expects a public RSA key.

Encrypts the plain text with a generated AES key (the Content Encryption Key) according to the specified JOSE encryption method, then encrypts the CEK with the public RSA key and returns it alongside the IV, cipher text and authentication tag. See RFC 7518, sections 4.2 and 4.3 for more information.

This class is thread-safe.

Supports the following key management algorithms:

• JWEAlgorithm.RSA_OAEP_256
• JWEAlgorithm.RSA_OAEP_384
• JWEAlgorithm.RSA_OAEP_512
• JWEAlgorithm.RSA_OAEP (deprecated)
• JWEAlgorithm.RSA1_5 (deprecated)

Supports the following content encryption algorithms:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED
• EncryptionMethod.XC20P

Version:

2021-09-26

Author:

David Ortiz, Vladimir Dzhuvinov, Jun Yu

Field Summary

Fields inherited from class com.nimbusds.jose.crypto.impl.RSACryptoProvider

SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS

Constructor Summary

Constructors

Constructor	Description
RSAEncrypter(RSAKey rsaJWK)	Creates a new RSA encrypter.
RSAEncrypter(RSAPublicKey publicKey)	Creates a new RSA encrypter.
RSAEncrypter(RSAPublicKey publicKey, SecretKey contentEncryptionKey)	Creates a new RSA encrypter with an optionally specified content encryption key (CEK).

Method Summary

Modifier and Type	Method	Description
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText)	Encrypts the specified clear text of a JWE object.
JWEJCAContext	getJCAContext()	Returns the Java Cryptography Architecture (JCA) context.
RSAPublicKey	getPublicKey()	Gets the public RSA key.
Set<EncryptionMethod>	supportedEncryptionMethods()	Returns the names of the supported encryption methods by the JWE provier.
Set<JWEAlgorithm>	supportedJWEAlgorithms()	Returns the names of the supported algorithms by the JWE provider instance.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Methods inherited from interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods, supportedJWEAlgorithms

Constructor Detail

RSAEncrypter

public RSAEncrypter(RSAPublicKey publicKey)

Creates a new RSA encrypter.

Parameters:

publicKey - The public RSA key. Must not be null.

RSAEncrypter

public RSAEncrypter(RSAKey rsaJWK)
             throws JOSEException

Creates a new RSA encrypter.

Parameters:

rsaJWK - The RSA JSON Web Key (JWK). Must not be null.

Throws:

JOSEException - If the RSA JWK extraction failed.

RSAEncrypter

public RSAEncrypter(RSAPublicKey publicKey,
                    SecretKey contentEncryptionKey)

Creates a new RSA encrypter with an optionally specified content encryption key (CEK).

Parameters:

publicKey - The public RSA key. Must not be null.

contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.

Method Detail

getPublicKey

public RSAPublicKey getPublicKey()

Gets the public RSA key.

Returns:

The public RSA key.

encrypt

public JWECryptoParts encrypt(JWEHeader header,
                              byte[] clearText)
                       throws JOSEException

Description copied from interface: JWEEncrypter

Encrypts the specified clear text of a JWE object.

Specified by:

encrypt in interface JWEEncrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

supportedJWEAlgorithms

public Set<JWEAlgorithm> supportedJWEAlgorithms()

Description copied from interface: JWEProvider

Returns the names of the supported algorithms by the JWE provider instance. These correspond to the alg JWE header parameter.

Specified by:

supportedJWEAlgorithms in interface JWEProvider

Returns:

The supported JWE algorithms, empty set if none.

supportedEncryptionMethods

public Set<EncryptionMethod> supportedEncryptionMethods()

Description copied from interface: JWEProvider

Returns the names of the supported encryption methods by the JWE provier. These correspond to the enc JWE header parameter.

Specified by:

supportedEncryptionMethods in interface JWEProvider

Returns:

The supported encryption methods, empty set if none.

getJCAContext

public JWEJCAContext getJCAContext()

Description copied from interface: JCAAware

Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.

Specified by:

getJCAContext in interface JCAAware<JWEJCAContext>

Returns:

The JCA context. Not null.