Package com.nimbusds.jose.crypto.impl

Class ECDH

  • public class ECDH
extends Object
    Elliptic Curve Diffie-Hellman key agreement functions and utilities.
    Version:
    2018-12-12
    Author:
    Vladimir Dzhuvinov

    • Method Detail

      • sharedKeyLength

        public static int sharedKeyLength​(JWEAlgorithm alg,
                                  EncryptionMethod enc)
                           throws JOSEException
        Returns the bit length of the shared key (derived via concat KDF) for the specified JWE ECDH algorithm.
        Parameters:
        alg - The JWE ECDH algorithm. Must be supported and not null.
        enc - The encryption method. Must be supported} and not null.
        Returns:
        The bit length of the shared key.
        Throws:
        JOSEException - If the JWE algorithm or encryption method is not supported.

      • deriveSharedSecret

        public static SecretKey deriveSharedSecret​(ECPublicKey publicKey,
                                           PrivateKey privateKey,
                                           Provider provider)
                                    throws JOSEException
        Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
        Parameters:
        publicKey - The public EC key, i.e. the consumer's public EC key on encryption, or the ephemeral public EC key on decryption. Must not be null.
        privateKey - The private EC Key, i.e. the ephemeral private EC key on encryption, or the consumer's private EC key on decryption. Must not be null.
        provider - The specific JCA provider for the ECDH key agreement, null to use the default one.
        Returns:
        The derived shared secret ('Z'), with algorithm "AES".
        Throws:
        JOSEException - If derivation of the shared secret failed.

      • deriveSharedSecret

        public static SecretKey deriveSharedSecret​(OctetKeyPair publicKey,
                                           OctetKeyPair privateKey)
                                    throws JOSEException
        Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
        Parameters:
        publicKey - The public OKP key, i.e. the consumer's public EC key on encryption, or the ephemeral public EC key on decryption. Must not be null.
        privateKey - The private OKP key, i.e. the ephemeral private EC key on encryption, or the consumer's private EC key on decryption. Must not be null.
        Returns:
        The derived shared secret ('Z'), with algorithm "AES".
        Throws:
        JOSEException - If derivation of the shared secret failed.

      • deriveSharedKey

        public static SecretKey deriveSharedKey​(JWEHeader header,
                                        SecretKey Z,
                                        ConcatKDF concatKDF)
                                 throws JOSEException
        Derives a shared key (via concat KDF).
        Parameters:
        header - The JWE header. Its algorithm and encryption method must be supported. Must not be null.
        Z - The derived shared secret ('Z'). Must not be null.
        concatKDF - The concat KDF. Must be initialised and not null.
        Returns:
        The derived shared key.
        Throws:
        JOSEException - If derivation of the shared key failed.