Package com.nimbusds.jose.crypto.impl
Class ECDHCryptoProvider
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.BaseJWEProvider
-
- com.nimbusds.jose.crypto.impl.ECDHCryptoProvider
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>
,JOSEProvider
,JWEProvider
- Direct Known Subclasses:
ECDHDecrypter
,ECDHEncrypter
,X25519Decrypter
,X25519Encrypter
public abstract class ECDHCryptoProvider extends BaseJWEProvider
The base abstract class for Elliptic Curve Diffie-Hellman encrypters and decrypters ofJWE objects
.Supports the following key management algorithms:
JWEAlgorithm.ECDH_ES
JWEAlgorithm.ECDH_ES_A128KW
JWEAlgorithm.ECDH_ES_A192KW
JWEAlgorithm.ECDH_ES_A256KW
Supports the following elliptic curves:
Supports the following content encryption algorithms:
- Version:
- 2023-09-10
- Author:
- Tim McLean, Vladimir Dzhuvinov, Fernando González Callejas, Egor Puzanov
-
-
Field Summary
Fields Modifier and Type Field Description static Set<JWEAlgorithm>
SUPPORTED_ALGORITHMS
The supported JWE algorithms by the ECDH crypto provider class.static Set<EncryptionMethod>
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the ECDH crypto provider class.
-
Constructor Summary
Constructors Modifier Constructor Description protected
ECDHCryptoProvider(Curve curve, SecretKey cek)
Creates a new Elliptic Curve Diffie-Hellman encryption /decryption provider.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected byte[]
decryptWithZ(JWEHeader header, byte[] aad, SecretKey Z, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag)
Decrypts the encrypted JWE parts using the specified shared secret ("Z").protected JWECryptoParts
encryptWithZ(JWEHeader header, SecretKey Z, byte[] clearText, byte[] aad)
Encrypts the specified plaintext using the specified shared secret ("Z").protected ConcatKDF
getConcatKDF()
Returns the Concatenation Key Derivation Function (KDF).Curve
getCurve()
Returns the elliptic curve of the key (JWK designation).abstract Set<Curve>
supportedEllipticCurves()
Returns the names of the supported elliptic curves.-
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider
getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms
-
-
-
-
Field Detail
-
SUPPORTED_ALGORITHMS
public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS
The supported JWE algorithms by the ECDH crypto provider class.
-
SUPPORTED_ENCRYPTION_METHODS
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods by the ECDH crypto provider class.
-
-
Constructor Detail
-
ECDHCryptoProvider
protected ECDHCryptoProvider(Curve curve, SecretKey cek) throws JOSEException
Creates a new Elliptic Curve Diffie-Hellman encryption /decryption provider.- Parameters:
curve
- The elliptic curve. Must be supported and notnull
.cek
- The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). Ifnull
a CEK will be generated for each JWE.- Throws:
JOSEException
- If the elliptic curve is not supported.
-
-
Method Detail
-
getConcatKDF
protected ConcatKDF getConcatKDF()
Returns the Concatenation Key Derivation Function (KDF).- Returns:
- The concat KDF.
-
supportedEllipticCurves
public abstract Set<Curve> supportedEllipticCurves()
Returns the names of the supported elliptic curves. These correspond to thecrv
EC JWK parameter.- Returns:
- The supported elliptic curves.
-
getCurve
public Curve getCurve()
Returns the elliptic curve of the key (JWK designation).- Returns:
- The elliptic curve.
-
encryptWithZ
protected JWECryptoParts encryptWithZ(JWEHeader header, SecretKey Z, byte[] clearText, byte[] aad) throws JOSEException
Encrypts the specified plaintext using the specified shared secret ("Z").- Throws:
JOSEException
-
decryptWithZ
protected byte[] decryptWithZ(JWEHeader header, byte[] aad, SecretKey Z, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
Decrypts the encrypted JWE parts using the specified shared secret ("Z").- Throws:
JOSEException
-
-