Package com.nimbusds.jose.crypto.impl
Class AESGCM
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.AESGCM
-
@ThreadSafe public class AESGCM extends Object
AES/GSM/NoPadding encryption and decryption methods. Falls back to the BouncyCastle.org provider on Java 6. This class is thread-safe.See RFC 7518 (JWA), section 5.1 and appendix 3.
- Version:
- 2018-01-11
- Author:
- Vladimir Dzhuvinov, Axel Nennker, Dimitar A. Stoikov
-
-
Field Summary
Fields Modifier and Type Field Description static int
AUTH_TAG_BIT_LENGTH
The standard authentication tag length (128 bits).static int
IV_BIT_LENGTH
The standard Initialisation Vector (IV) length (96 bits).
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static byte[]
decrypt(SecretKey secretKey, byte[] iv, byte[] cipherText, byte[] authData, byte[] authTag, Provider provider)
Decrypts the specified cipher text using AES/GCM/NoPadding.static AuthenticatedCipherText
encrypt(SecretKey secretKey, Container<byte[]> ivContainer, byte[] plainText, byte[] authData, Provider provider)
Encrypts the specified plain text using AES/GCM/NoPadding.static byte[]
generateIV(SecureRandom randomGen)
Generates a random 96 bit (12 byte) Initialisation Vector(IV) for use in AES-GCM encryption.
-
-
-
Field Detail
-
IV_BIT_LENGTH
public static final int IV_BIT_LENGTH
The standard Initialisation Vector (IV) length (96 bits).- See Also:
- Constant Field Values
-
AUTH_TAG_BIT_LENGTH
public static final int AUTH_TAG_BIT_LENGTH
The standard authentication tag length (128 bits).- See Also:
- Constant Field Values
-
-
Method Detail
-
generateIV
public static byte[] generateIV(SecureRandom randomGen)
Generates a random 96 bit (12 byte) Initialisation Vector(IV) for use in AES-GCM encryption.See RFC 7518 (JWA), section 5.3.
- Parameters:
randomGen
- The secure random generator to use. Must be correctly initialised and notnull
.- Returns:
- The random 96 bit IV, as 12 byte array.
-
encrypt
public static AuthenticatedCipherText encrypt(SecretKey secretKey, Container<byte[]> ivContainer, byte[] plainText, byte[] authData, Provider provider) throws JOSEException
Encrypts the specified plain text using AES/GCM/NoPadding.- Parameters:
secretKey
- The AES key. Must not benull
.plainText
- The plain text. Must not benull
.ivContainer
- The initialisation vector (IV). Must not benull
. This is both input and output parameter. On input, it carries externally generated IV; on output, it carries the IV the cipher actually used. JCA/JCE providers may prefer to use an internally generated IV, e.g. as described in NIST Special Publication 800-38D .authData
- The authenticated data. Must not benull
.- Returns:
- The authenticated cipher text.
- Throws:
JOSEException
- If encryption failed.
-
decrypt
public static byte[] decrypt(SecretKey secretKey, byte[] iv, byte[] cipherText, byte[] authData, byte[] authTag, Provider provider) throws JOSEException
Decrypts the specified cipher text using AES/GCM/NoPadding.- Parameters:
secretKey
- The AES key. Must not benull
.iv
- The initialisation vector (IV). Must not benull
.cipherText
- The cipher text. Must not benull
.authData
- The authenticated data. Must not benull
.authTag
- The authentication tag. Must not benull
.- Returns:
- The decrypted plain text.
- Throws:
JOSEException
- If decryption failed.
-
-