Package com.nimbusds.jose.crypto
Class X25519Encrypter
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.ECDHCryptoProvider
-
- com.nimbusds.jose.crypto.X25519Encrypter
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>
,JOSEProvider
,JWEEncrypter
,JWEProvider
@ThreadSafe public class X25519Encrypter extends ECDHCryptoProvider implements JWEEncrypter
Curve25519 Elliptic Curve Diffie-Hellman encrypter ofJWE objects
. Expects a publicOctetKeyPair
key with"crv"
X25519.See RFC 8037 for more information.
See also
ECDHEncrypter
for ECDH on other curves.This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.ECDH_ES
JWEAlgorithm.ECDH_ES_A128KW
JWEAlgorithm.ECDH_ES_A192KW
JWEAlgorithm.ECDH_ES_A256KW
Supports the following elliptic curve:
Curve.X25519
(Curve25519)
Supports the following content encryption algorithms:
- Version:
- 2023-03-26
- Author:
- Tim McLean, Egor Puzanov
-
-
Field Summary
-
Fields inherited from class com.nimbusds.jose.crypto.impl.ECDHCryptoProvider
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
-
-
Constructor Summary
Constructors Constructor Description X25519Encrypter(OctetKeyPair publicKey)
Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.X25519Encrypter(OctetKeyPair publicKey, SecretKey contentEncryptionKey)
Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JWECryptoParts
encrypt(JWEHeader header, byte[] clearText)
Deprecated.JWECryptoParts
encrypt(JWEHeader header, byte[] clearText, byte[] aad)
Encrypts the specified clear text of aJWE object
.protected SecretKey
getCEK(EncryptionMethod enc)
Returns the content encryption key (CEK) to use.JWEJCAContext
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.OctetKeyPair
getPublicKey()
Returns the public key.protected boolean
isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.Set<Curve>
supportedEllipticCurves()
Returns the names of the supported elliptic curves.Set<EncryptionMethod>
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE provier.Set<JWEAlgorithm>
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider instance.-
Methods inherited from class com.nimbusds.jose.crypto.impl.ECDHCryptoProvider
decryptWithZ, encryptWithZ, getConcatKDF, getCurve
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWEProvider
supportedEncryptionMethods, supportedJWEAlgorithms
-
-
-
-
Constructor Detail
-
X25519Encrypter
public X25519Encrypter(OctetKeyPair publicKey) throws JOSEException
Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.- Parameters:
publicKey
- The public key. Must not benull
.- Throws:
JOSEException
- If the key subtype is not supported.
-
X25519Encrypter
public X25519Encrypter(OctetKeyPair publicKey, SecretKey contentEncryptionKey) throws JOSEException
Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.- Parameters:
publicKey
- The public key. Must not benull
.contentEncryptionKey
- The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). Ifnull
a CEK will be generated for each JWE.- Throws:
JOSEException
- If the key subtype is not supported.
-
-
Method Detail
-
supportedEllipticCurves
public Set<Curve> supportedEllipticCurves()
Description copied from class:ECDHCryptoProvider
Returns the names of the supported elliptic curves. These correspond to thecrv
EC JWK parameter.- Specified by:
supportedEllipticCurves
in classECDHCryptoProvider
- Returns:
- The supported elliptic curves.
-
getPublicKey
public OctetKeyPair getPublicKey()
Returns the public key.- Returns:
- The public key.
-
encrypt
@Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
Deprecated.Encrypts the specified clear text of aJWE object
.- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
encrypt
public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
Description copied from interface:JWEEncrypter
Encrypts the specified clear text of aJWE object
.- Specified by:
encrypt
in interfaceJWEEncrypter
- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.aad
- The additional authenticated data. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
supportedJWEAlgorithms
public Set<JWEAlgorithm> supportedJWEAlgorithms()
Description copied from interface:JWEProvider
Returns the names of the supported algorithms by the JWE provider instance. These correspond to thealg
JWE header parameter.- Specified by:
supportedJWEAlgorithms
in interfaceJWEProvider
- Returns:
- The supported JWE algorithms, empty set if none.
-
supportedEncryptionMethods
public Set<EncryptionMethod> supportedEncryptionMethods()
Description copied from interface:JWEProvider
Returns the names of the supported encryption methods by the JWE provier. These correspond to theenc
JWE header parameter.- Specified by:
supportedEncryptionMethods
in interfaceJWEProvider
- Returns:
- The supported encryption methods, empty set if none.
-
getJCAContext
public JWEJCAContext getJCAContext()
Description copied from interface:JCAAware
Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.- Specified by:
getJCAContext
in interfaceJCAAware<JWEJCAContext>
- Returns:
- The JCA context. Not
null
.
-
isCEKProvided
protected boolean isCEKProvided()
Returnstrue
if a content encryption key (CEK) was provided at construction time.- Returns:
true
if a CEK was provided at construction time,false
if CEKs will be internally generated.
-
getCEK
protected SecretKey getCEK(EncryptionMethod enc) throws JOSEException
Returns the content encryption key (CEK) to use. Unless a CEK was provided at construction time this will be a new internally generated CEK.- Parameters:
enc
- The encryption method. Must not benull
.- Returns:
- The content encryption key (CEK).
- Throws:
JOSEException
- If an internal exception is encountered.
-
-