Package com.nimbusds.jose.crypto
Class ECDH1PUEncrypter
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
-
- com.nimbusds.jose.crypto.ECDH1PUEncrypter
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>,JOSEProvider,JWEEncrypter,JWEProvider
@ThreadSafe public class ECDH1PUEncrypter extends ECDH1PUCryptoProvider implements JWEEncrypter
Elliptic Curve Diffie-Hellman encrypter ofJWE objectsfor curves using an EC JWK. Expects a public EC key (with a P-256, P-384, or P-521 curve).Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.
For Curve25519/X25519, see
ECDH1PUX25519Encrypterinstead.This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.ECDH_1PUJWEAlgorithm.ECDH_1PU_A128KWJWEAlgorithm.ECDH_1PU_A192KWJWEAlgorithm.ECDH_1PU_A256KW
Supports the following elliptic curves:
Supports the following content encryption algorithms for Direct key agreement mode:
EncryptionMethod.A128CBC_HS256EncryptionMethod.A192CBC_HS384EncryptionMethod.A256CBC_HS512EncryptionMethod.A128GCMEncryptionMethod.A192GCMEncryptionMethod.A256GCMEncryptionMethod.A128CBC_HS256_DEPRECATEDEncryptionMethod.A256CBC_HS512_DEPRECATEDEncryptionMethod.XC20P
Supports the following content encryption algorithms for Key wrapping mode:
- Version:
- 2023-05-17
- Author:
- Alexander Martynov, Egor Puzanov
-
-
Field Summary
Fields Modifier and Type Field Description static Set<Curve>SUPPORTED_ELLIPTIC_CURVESThe supported EC JWK curves by the ECDH crypto provider class.-
Fields inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
-
-
Constructor Summary
Constructors Constructor Description ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey)Creates a new Elliptic Curve Diffie-Hellman encrypter.ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey, SecretKey contentEncryptionKey)Creates a new Elliptic Curve Diffie-Hellman encrypter with an optionally specified content encryption key (CEK).
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JWECryptoPartsencrypt(JWEHeader header, byte[] clearText)Deprecated.JWECryptoPartsencrypt(JWEHeader header, byte[] clearText, byte[] aad)Encrypts the specified clear text of aJWE object.protected SecretKeygetCEK(EncryptionMethod enc)Returns the content encryption key (CEK) to use.JWEJCAContextgetJCAContext()Returns the Java Cryptography Architecture (JCA) context.ECPrivateKeygetPrivateKey()Returns the private EC key.ECPublicKeygetPublicKey()Returns the public EC key.protected booleanisCEKProvided()Returnstrueif a content encryption key (CEK) was provided at construction time.Set<Curve>supportedEllipticCurves()Returns the names of the supported elliptic curves.Set<EncryptionMethod>supportedEncryptionMethods()Returns the names of the supported encryption methods by the JWE provier.Set<JWEAlgorithm>supportedJWEAlgorithms()Returns the names of the supported algorithms by the JWE provider instance.-
Methods inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
decryptWithZ, encryptWithZ, getConcatKDF, getCurve
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWEProvider
supportedEncryptionMethods, supportedJWEAlgorithms
-
-
-
-
Field Detail
-
SUPPORTED_ELLIPTIC_CURVES
public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES
The supported EC JWK curves by the ECDH crypto provider class.
-
-
Constructor Detail
-
ECDH1PUEncrypter
public ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey) throws JOSEException
Creates a new Elliptic Curve Diffie-Hellman encrypter.- Parameters:
privateKey- The private EC key. Must not benull.publicKey- The public EC key. Must not benull.- Throws:
JOSEException- If the elliptic curve is not supported.
-
ECDH1PUEncrypter
public ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey, SecretKey contentEncryptionKey) throws JOSEException
Creates a new Elliptic Curve Diffie-Hellman encrypter with an optionally specified content encryption key (CEK).- Parameters:
privateKey- The private EC key. Must not benull.publicKey- The public EC key. Must not benull.contentEncryptionKey- The content encryption key (CEK) to use. If specified its algorithm must be "AES" and its length must match the expected for the JWE encryption method ("enc"). Ifnulla CEK will be generated for each JWE.- Throws:
JOSEException- If the elliptic curve is not supported.
-
-
Method Detail
-
getPublicKey
public ECPublicKey getPublicKey()
Returns the public EC key.- Returns:
- The public EC key.
-
getPrivateKey
public ECPrivateKey getPrivateKey()
Returns the private EC key.- Returns:
- The private EC key.
-
supportedEllipticCurves
public Set<Curve> supportedEllipticCurves()
Description copied from class:ECDH1PUCryptoProviderReturns the names of the supported elliptic curves. These correspond to thecrvJWK parameter.- Specified by:
supportedEllipticCurvesin classECDH1PUCryptoProvider- Returns:
- The supported elliptic curves.
-
encrypt
@Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
Deprecated.Encrypts the specified clear text of aJWE object.- Parameters:
header- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull.clearText- The clear text to encrypt. Must not benull.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
encrypt
public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
Description copied from interface:JWEEncrypterEncrypts the specified clear text of aJWE object.- Specified by:
encryptin interfaceJWEEncrypter- Parameters:
header- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull.clearText- The clear text to encrypt. Must not benull.aad- The additional authenticated data. Must not benull.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
supportedJWEAlgorithms
public Set<JWEAlgorithm> supportedJWEAlgorithms()
Description copied from interface:JWEProviderReturns the names of the supported algorithms by the JWE provider instance. These correspond to thealgJWE header parameter.- Specified by:
supportedJWEAlgorithmsin interfaceJWEProvider- Returns:
- The supported JWE algorithms, empty set if none.
-
supportedEncryptionMethods
public Set<EncryptionMethod> supportedEncryptionMethods()
Description copied from interface:JWEProviderReturns the names of the supported encryption methods by the JWE provier. These correspond to theencJWE header parameter.- Specified by:
supportedEncryptionMethodsin interfaceJWEProvider- Returns:
- The supported encryption methods, empty set if none.
-
getJCAContext
public JWEJCAContext getJCAContext()
Description copied from interface:JCAAwareReturns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.- Specified by:
getJCAContextin interfaceJCAAware<JWEJCAContext>- Returns:
- The JCA context. Not
null.
-
isCEKProvided
protected boolean isCEKProvided()
Returnstrueif a content encryption key (CEK) was provided at construction time.- Returns:
trueif a CEK was provided at construction time,falseif CEKs will be internally generated.
-
getCEK
protected SecretKey getCEK(EncryptionMethod enc) throws JOSEException
Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.- Parameters:
enc- The encryption method. Must not benull.- Returns:
- The content encryption key (CEK).
- Throws:
JOSEException- If an internal exception is encountered.
-
-