Package com.nimbusds.jose.crypto.impl

Class RSA_OAEP_SHA2

  • @ThreadSafe
public class RSA_OAEP_SHA2
extends Object
    RSAES OAEP with SHA-256, SHA-384 and SHA-512 methods for Content Encryption Key (CEK) encryption and decryption. This class is thread-safe.
    Version:
    2021-09-24
    Author:
    Vladimir Dzhuvinov, Justin Richer, Peter Laurina

    • Method Detail

      • encryptCEK

        public static byte[] encryptCEK​(RSAPublicKey pub,
                                SecretKey cek,
                                int shaBitSize,
                                Provider provider)
                         throws JOSEException
        Encrypts the specified Content Encryption Key (CEK).
        Parameters:
        pub - The public RSA key. Must not be null.
        cek - The Content Encryption Key (CEK) to encrypt. Must not be null.
        shaBitSize - The SHA-2 bit size. Must be 256, 384 or 512.
        provider - The JCA provider, or null to use the default one.
        Returns:
        The encrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If encryption failed.

      • decryptCEK

        public static SecretKey decryptCEK​(PrivateKey priv,
                                   byte[] encryptedCEK,
                                   int shaBitSize,
                                   Provider provider)
                            throws JOSEException
        Decrypts the specified encrypted Content Encryption Key (CEK).
        Parameters:
        priv - The private RSA key. Must not be null.
        encryptedCEK - The encrypted Content Encryption Key (CEK) to decrypt. Must not be null.
        shaBitSize - The SHA-2 bit size. Must be 256 or 512.
        provider - The JCA provider, or null to use the default one.
        Returns:
        The decrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If decryption failed.