Package com.nimbusds.jose.crypto

Class DirectEncrypter

java.lang.Object

com.nimbusds.jose.crypto.impl.DirectCryptoProvider

com.nimbusds.jose.crypto.DirectEncrypter

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider

@ThreadSafe
public class DirectEncrypter
extends DirectCryptoProvider
implements JWEEncrypter

Direct encrypter of JWE objects with a shared symmetric key.

See RFC 7518 section 4.5 for more information.

This class is thread-safe.

Supports the following key management algorithms:

• JWEAlgorithm.DIR

Supports the following content encryption algorithms:

• EncryptionMethod.A128CBC_HS256 (requires 256 bit key)
• EncryptionMethod.A192CBC_HS384 (requires 384 bit key)
• EncryptionMethod.A256CBC_HS512 (requires 512 bit key)
• EncryptionMethod.A128GCM (requires 128 bit key)
• EncryptionMethod.A192GCM (requires 192 bit key)
• EncryptionMethod.A256GCM (requires 256 bit key)
• EncryptionMethod.A128CBC_HS256_DEPRECATED (requires 256 bit key)
• EncryptionMethod.A256CBC_HS512_DEPRECATED (requires 512 bit key)
• EncryptionMethod.XC20P (requires 256 bit key)

Version:

2023-09-10

Author:

Vladimir Dzhuvinov, Egor Puzanov

Field Summary

Fields inherited from class com.nimbusds.jose.crypto.impl.DirectCryptoProvider

SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS

Constructor Summary

Constructors

Constructor	Description
DirectEncrypter(byte[] keyBytes)	Creates a new direct encrypter.
DirectEncrypter(OctetSequenceKey octJWK)	Creates a new direct encrypter.
DirectEncrypter(SecretKey key)	Creates a new direct encrypter.

Method Summary

Modifier and Type	Method	Description
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText)	Deprecated.
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText, byte[] aad)	Encrypts the specified clear text of a JWE object.
protected SecretKey	getCEK(EncryptionMethod enc)	Returns the content encryption key (CEK) to use.
JWEJCAContext	getJCAContext()	Returns the Java Cryptography Architecture (JCA) context.
protected boolean	isCEKProvided()	Returns true if a content encryption key (CEK) was provided at construction time.
Set<EncryptionMethod>	supportedEncryptionMethods()	Returns the names of the supported encryption methods by the JWE provier.
Set<JWEAlgorithm>	supportedJWEAlgorithms()	Returns the names of the supported algorithms by the JWE provider instance.

Methods inherited from class com.nimbusds.jose.crypto.impl.DirectCryptoProvider

getKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Methods inherited from interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods, supportedJWEAlgorithms

Constructor Detail

DirectEncrypter

public DirectEncrypter(SecretKey key)
                throws KeyLengthException

Creates a new direct encrypter.

Parameters:

key - The symmetric key. Its algorithm should be "AES". Must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes) long. Must not be null.

Throws:

KeyLengthException - If the symmetric key length is not compatible.

DirectEncrypter

public DirectEncrypter(byte[] keyBytes)
                throws KeyLengthException

Creates a new direct encrypter.

Parameters:

keyBytes - The symmetric key, as a byte array. Must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes) long. Must not be null.

Throws:

KeyLengthException - If the symmetric key length is not compatible.

DirectEncrypter

public DirectEncrypter(OctetSequenceKey octJWK)
                throws KeyLengthException

Creates a new direct encrypter.

Parameters:

octJWK - The symmetric key, as a JWK. Must be 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes) long. Must not be null.

Throws:

KeyLengthException - If the symmetric key length is not compatible.

Method Detail

encrypt

@Deprecated
public JWECryptoParts encrypt(JWEHeader header,
                              byte[] clearText)
                       throws JOSEException

Deprecated.

Encrypts the specified clear text of a JWE object.

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

encrypt

public JWECryptoParts encrypt(JWEHeader header,
                              byte[] clearText,
                              byte[] aad)
                       throws JOSEException

Description copied from interface: JWEEncrypter

Encrypts the specified clear text of a JWE object.

Specified by:

encrypt in interface JWEEncrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

aad - The additional authenticated data. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

supportedJWEAlgorithms

public Set<JWEAlgorithm> supportedJWEAlgorithms()

Description copied from interface: JWEProvider

Returns the names of the supported algorithms by the JWE provider instance. These correspond to the alg JWE header parameter.

Specified by:

supportedJWEAlgorithms in interface JWEProvider

Returns:

The supported JWE algorithms, empty set if none.

supportedEncryptionMethods

public Set<EncryptionMethod> supportedEncryptionMethods()

Description copied from interface: JWEProvider

Returns the names of the supported encryption methods by the JWE provier. These correspond to the enc JWE header parameter.

Specified by:

supportedEncryptionMethods in interface JWEProvider

Returns:

The supported encryption methods, empty set if none.

getJCAContext

public JWEJCAContext getJCAContext()

Description copied from interface: JCAAware

Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.

Specified by:

getJCAContext in interface JCAAware<JWEJCAContext>

Returns:

The JCA context. Not null.

isCEKProvided

protected boolean isCEKProvided()

Returns true if a content encryption key (CEK) was provided at construction time.

Returns:

true if a CEK was provided at construction time, false if CEKs will be internally generated.

getCEK

protected SecretKey getCEK(EncryptionMethod enc)
                    throws JOSEException

Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.

Parameters:

enc - The encryption method. Must not be null.

Returns:

The content encryption key (CEK).

Throws:

JOSEException - If an internal exception is encountered.