Package com.nimbusds.jose.crypto
Class ECDH1PUEncrypter
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
-
- com.nimbusds.jose.crypto.ECDH1PUEncrypter
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>
,JOSEProvider
,JWEEncrypter
,JWEProvider
@ThreadSafe public class ECDH1PUEncrypter extends ECDH1PUCryptoProvider implements JWEEncrypter
Elliptic Curve Diffie-Hellman encrypter ofJWE objects
for curves using an EC JWK. Expects a public EC key (with a P-256, P-384, or P-521 curve).Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.
For Curve25519/X25519, see
ECDH1PUX25519Encrypter
instead.This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.ECDH_1PU
JWEAlgorithm.ECDH_1PU_A128KW
JWEAlgorithm.ECDH_1PU_A192KW
JWEAlgorithm.ECDH_1PU_A256KW
Supports the following elliptic curves:
Supports the following content encryption algorithms for Direct key agreement mode:
EncryptionMethod.A128CBC_HS256
EncryptionMethod.A192CBC_HS384
EncryptionMethod.A256CBC_HS512
EncryptionMethod.A128GCM
EncryptionMethod.A192GCM
EncryptionMethod.A256GCM
EncryptionMethod.A128CBC_HS256_DEPRECATED
EncryptionMethod.A256CBC_HS512_DEPRECATED
EncryptionMethod.XC20P
Supports the following content encryption algorithms for Key wrapping mode:
- Version:
- 2023-05-17
- Author:
- Alexander Martynov, Egor Puzanov
-
-
Field Summary
Fields Modifier and Type Field Description static Set<Curve>
SUPPORTED_ELLIPTIC_CURVES
The supported EC JWK curves by the ECDH crypto provider class.-
Fields inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
-
-
Constructor Summary
Constructors Constructor Description ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey)
Creates a new Elliptic Curve Diffie-Hellman encrypter.ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey, SecretKey contentEncryptionKey)
Creates a new Elliptic Curve Diffie-Hellman encrypter with an optionally specified content encryption key (CEK).
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JWECryptoParts
encrypt(JWEHeader header, byte[] clearText)
Deprecated.JWECryptoParts
encrypt(JWEHeader header, byte[] clearText, byte[] aad)
Encrypts the specified clear text of aJWE object
.protected SecretKey
getCEK(EncryptionMethod enc)
Returns the content encryption key (CEK) to use.JWEJCAContext
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.ECPrivateKey
getPrivateKey()
Returns the private EC key.ECPublicKey
getPublicKey()
Returns the public EC key.protected boolean
isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.Set<Curve>
supportedEllipticCurves()
Returns the names of the supported elliptic curves.Set<EncryptionMethod>
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE provier.Set<JWEAlgorithm>
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider instance.-
Methods inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
decryptWithZ, encryptWithZ, getConcatKDF, getCurve
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWEProvider
supportedEncryptionMethods, supportedJWEAlgorithms
-
-
-
-
Field Detail
-
SUPPORTED_ELLIPTIC_CURVES
public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES
The supported EC JWK curves by the ECDH crypto provider class.
-
-
Constructor Detail
-
ECDH1PUEncrypter
public ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey) throws JOSEException
Creates a new Elliptic Curve Diffie-Hellman encrypter.- Parameters:
privateKey
- The private EC key. Must not benull
.publicKey
- The public EC key. Must not benull
.- Throws:
JOSEException
- If the elliptic curve is not supported.
-
ECDH1PUEncrypter
public ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey, SecretKey contentEncryptionKey) throws JOSEException
Creates a new Elliptic Curve Diffie-Hellman encrypter with an optionally specified content encryption key (CEK).- Parameters:
privateKey
- The private EC key. Must not benull
.publicKey
- The public EC key. Must not benull
.contentEncryptionKey
- The content encryption key (CEK) to use. If specified its algorithm must be "AES" and its length must match the expected for the JWE encryption method ("enc"). Ifnull
a CEK will be generated for each JWE.- Throws:
JOSEException
- If the elliptic curve is not supported.
-
-
Method Detail
-
getPublicKey
public ECPublicKey getPublicKey()
Returns the public EC key.- Returns:
- The public EC key.
-
getPrivateKey
public ECPrivateKey getPrivateKey()
Returns the private EC key.- Returns:
- The private EC key.
-
supportedEllipticCurves
public Set<Curve> supportedEllipticCurves()
Description copied from class:ECDH1PUCryptoProvider
Returns the names of the supported elliptic curves. These correspond to thecrv
JWK parameter.- Specified by:
supportedEllipticCurves
in classECDH1PUCryptoProvider
- Returns:
- The supported elliptic curves.
-
encrypt
@Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
Deprecated.Encrypts the specified clear text of aJWE object
.- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
encrypt
public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
Description copied from interface:JWEEncrypter
Encrypts the specified clear text of aJWE object
.- Specified by:
encrypt
in interfaceJWEEncrypter
- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.aad
- The additional authenticated data. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
supportedJWEAlgorithms
public Set<JWEAlgorithm> supportedJWEAlgorithms()
Description copied from interface:JWEProvider
Returns the names of the supported algorithms by the JWE provider instance. These correspond to thealg
JWE header parameter.- Specified by:
supportedJWEAlgorithms
in interfaceJWEProvider
- Returns:
- The supported JWE algorithms, empty set if none.
-
supportedEncryptionMethods
public Set<EncryptionMethod> supportedEncryptionMethods()
Description copied from interface:JWEProvider
Returns the names of the supported encryption methods by the JWE provier. These correspond to theenc
JWE header parameter.- Specified by:
supportedEncryptionMethods
in interfaceJWEProvider
- Returns:
- The supported encryption methods, empty set if none.
-
getJCAContext
public JWEJCAContext getJCAContext()
Description copied from interface:JCAAware
Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.- Specified by:
getJCAContext
in interfaceJCAAware<JWEJCAContext>
- Returns:
- The JCA context. Not
null
.
-
isCEKProvided
protected boolean isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.- Returns:
true
if a CEK was provided at construction time,false
if CEKs will be internally generated.
-
getCEK
protected SecretKey getCEK(EncryptionMethod enc) throws JOSEException
Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.- Parameters:
enc
- The encryption method. Must not benull
.- Returns:
- The content encryption key (CEK).
- Throws:
JOSEException
- If an internal exception is encountered.
-
-