Package com.nimbusds.jose.crypto
Class DirectEncrypter
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.DirectCryptoProvider
-
- com.nimbusds.jose.crypto.DirectEncrypter
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>
,JOSEProvider
,JWEEncrypter
,JWEProvider
@ThreadSafe public class DirectEncrypter extends DirectCryptoProvider implements JWEEncrypter
Direct encrypter ofJWE objects
with a shared symmetric key.See RFC 7518 section 4.5 for more information.
This class is thread-safe.
Supports the following key management algorithms:
Supports the following content encryption algorithms:
EncryptionMethod.A128CBC_HS256
(requires 256 bit key)EncryptionMethod.A192CBC_HS384
(requires 384 bit key)EncryptionMethod.A256CBC_HS512
(requires 512 bit key)EncryptionMethod.A128GCM
(requires 128 bit key)EncryptionMethod.A192GCM
(requires 192 bit key)EncryptionMethod.A256GCM
(requires 256 bit key)EncryptionMethod.A128CBC_HS256_DEPRECATED
(requires 256 bit key)EncryptionMethod.A256CBC_HS512_DEPRECATED
(requires 512 bit key)EncryptionMethod.XC20P
(requires 256 bit key)
- Version:
- 2023-09-10
- Author:
- Vladimir Dzhuvinov, Egor Puzanov
-
-
Field Summary
-
Fields inherited from class com.nimbusds.jose.crypto.impl.DirectCryptoProvider
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
-
-
Constructor Summary
Constructors Constructor Description DirectEncrypter(byte[] keyBytes)
Creates a new direct encrypter.DirectEncrypter(OctetSequenceKey octJWK)
Creates a new direct encrypter.DirectEncrypter(SecretKey key)
Creates a new direct encrypter.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JWECryptoParts
encrypt(JWEHeader header, byte[] clearText)
Deprecated.JWECryptoParts
encrypt(JWEHeader header, byte[] clearText, byte[] aad)
Encrypts the specified clear text of aJWE object
.protected SecretKey
getCEK(EncryptionMethod enc)
Returns the content encryption key (CEK) to use.JWEJCAContext
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.protected boolean
isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.Set<EncryptionMethod>
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE provier.Set<JWEAlgorithm>
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider instance.-
Methods inherited from class com.nimbusds.jose.crypto.impl.DirectCryptoProvider
getKey
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWEProvider
supportedEncryptionMethods, supportedJWEAlgorithms
-
-
-
-
Constructor Detail
-
DirectEncrypter
public DirectEncrypter(SecretKey key) throws KeyLengthException
Creates a new direct encrypter.- Parameters:
key
- The symmetric key. Its algorithm should be "AES". Must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes) long. Must not benull
.- Throws:
KeyLengthException
- If the symmetric key length is not compatible.
-
DirectEncrypter
public DirectEncrypter(byte[] keyBytes) throws KeyLengthException
Creates a new direct encrypter.- Parameters:
keyBytes
- The symmetric key, as a byte array. Must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes) long. Must not benull
.- Throws:
KeyLengthException
- If the symmetric key length is not compatible.
-
DirectEncrypter
public DirectEncrypter(OctetSequenceKey octJWK) throws KeyLengthException
Creates a new direct encrypter.- Parameters:
octJWK
- The symmetric key, as a JWK. Must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes) long. Must not benull
.- Throws:
KeyLengthException
- If the symmetric key length is not compatible.
-
-
Method Detail
-
encrypt
@Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
Deprecated.Encrypts the specified clear text of aJWE object
.- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
encrypt
public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
Description copied from interface:JWEEncrypter
Encrypts the specified clear text of aJWE object
.- Specified by:
encrypt
in interfaceJWEEncrypter
- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.aad
- The additional authenticated data. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
supportedJWEAlgorithms
public Set<JWEAlgorithm> supportedJWEAlgorithms()
Description copied from interface:JWEProvider
Returns the names of the supported algorithms by the JWE provider instance. These correspond to thealg
JWE header parameter.- Specified by:
supportedJWEAlgorithms
in interfaceJWEProvider
- Returns:
- The supported JWE algorithms, empty set if none.
-
supportedEncryptionMethods
public Set<EncryptionMethod> supportedEncryptionMethods()
Description copied from interface:JWEProvider
Returns the names of the supported encryption methods by the JWE provier. These correspond to theenc
JWE header parameter.- Specified by:
supportedEncryptionMethods
in interfaceJWEProvider
- Returns:
- The supported encryption methods, empty set if none.
-
getJCAContext
public JWEJCAContext getJCAContext()
Description copied from interface:JCAAware
Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.- Specified by:
getJCAContext
in interfaceJCAAware<JWEJCAContext>
- Returns:
- The JCA context. Not
null
.
-
isCEKProvided
protected boolean isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.- Returns:
true
if a CEK was provided at construction time,false
if CEKs will be internally generated.
-
getCEK
protected SecretKey getCEK(EncryptionMethod enc) throws JOSEException
Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.- Parameters:
enc
- The encryption method. Must not benull
.- Returns:
- The content encryption key (CEK).
- Throws:
JOSEException
- If an internal exception is encountered.
-
-