Class ContentCryptoProvider


  • public class ContentCryptoProvider
    extends Object
    JWE content encryption / decryption provider.
    Version:
    2023-03-21
    Author:
    Vladimir Dzhuvinov
    • Method Detail

      • generateCEK

        public static SecretKey generateCEK​(EncryptionMethod enc,
                                            SecureRandom randomGen)
                                     throws JOSEException
        Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.
        Parameters:
        enc - The encryption method. Must not be null.
        randomGen - The secure random generator to use. Must not be null.
        Returns:
        The generated CEK (with algorithm "AES").
        Throws:
        JOSEException - If the encryption method is not supported.
      • encrypt

        public static JWECryptoParts encrypt​(JWEHeader header,
                                             byte[] clearText,
                                             SecretKey cek,
                                             Base64URL encryptedKey,
                                             JWEJCAContext jcaProvider)
                                      throws JOSEException
        Encrypts the specified clear text (content).
        Parameters:
        header - The final JWE header. Must not be null.
        clearText - The clear text to encrypt and optionally compress. Must not be null.
        cek - The Content Encryption Key (CEK). Must not be null.
        encryptedKey - The encrypted CEK, null if not required.
        jcaProvider - The JWE JCA provider specification. Must not be null.
        Returns:
        The JWE crypto parts.
        Throws:
        JOSEException - If encryption failed.
      • encrypt

        public static JWECryptoParts encrypt​(JWEHeader header,
                                             byte[] clearText,
                                             byte[] aad,
                                             SecretKey cek,
                                             Base64URL encryptedKey,
                                             JWEJCAContext jcaProvider)
                                      throws JOSEException
        Encrypts the specified clear text (content).
        Parameters:
        header - The final JWE header. Must not be null.
        clearText - The clear text to encrypt and optionally compress. Must not be null.
        aad - The Additional Authenticated Data (AAD), if null the JWE header becomes the AAD.
        cek - The Content Encryption Key (CEK). Must not be null.
        encryptedKey - The encrypted CEK, null if not required.
        jcaProvider - The JWE JCA provider specification. Must not be null.
        Returns:
        The JWE crypto parts.
        Throws:
        JOSEException - If encryption failed.
      • decrypt

        public static byte[] decrypt​(JWEHeader header,
                                     Base64URL encryptedKey,
                                     Base64URL iv,
                                     Base64URL cipherText,
                                     Base64URL authTag,
                                     SecretKey cek,
                                     JWEJCAContext jcaProvider)
                              throws JOSEException
        Decrypts the specified cipher text.
        Parameters:
        header - The JWE header. Must not be null.
        encryptedKey - The encrypted key, null if not specified.
        iv - The initialisation vector (IV). Must not be null.
        cipherText - The cipher text. Must not be null.
        authTag - The authentication tag. Must not be null.
        cek - The Content Encryption Key (CEK). Must not be null.
        jcaProvider - The JWE JCA provider specification. Must not be null.
        Returns:
        The clear text.
        Throws:
        JOSEException - If decryption failed.
      • decrypt

        public static byte[] decrypt​(JWEHeader header,
                                     byte[] aad,
                                     Base64URL encryptedKey,
                                     Base64URL iv,
                                     Base64URL cipherText,
                                     Base64URL authTag,
                                     SecretKey cek,
                                     JWEJCAContext jcaProvider)
                              throws JOSEException
        Decrypts the specified cipher text.
        Parameters:
        header - The JWE header. Must not be null.
        aad - The Additional Authenticated Data (AAD), if null the JWE header becomes the AAD.
        encryptedKey - The encrypted key, null if not specified.
        iv - The initialisation vector (IV). Must not be null.
        cipherText - The cipher text. Must not be null.
        authTag - The authentication tag. Must not be null.
        cek - The Content Encryption Key (CEK). Must not be null.
        jcaProvider - The JWE JCA provider specification. Must not be null.
        Returns:
        The clear text.
        Throws:
        JOSEException - If decryption failed.