Package com.nimbusds.jose.crypto.impl

Class AESKW

  • @ThreadSafe
public class AESKW
extends Object
    AES key Wrapping methods for Content Encryption Key (CEK) encryption and decryption. This class is thread-safe.

    See RFC 7518 (JWA), section 4.4.

    Version:
    2018-03-09
    Author:
    Melisa Halsband, Vladimir Dzhuvinov

    • Method Detail

      • wrapCEK

        public static byte[] wrapCEK​(SecretKey cek,
                             SecretKey kek,
                             Provider provider)
                      throws JOSEException
        Wraps the specified Content Encryption Key (CEK).
        Parameters:
        cek - The Content Encryption Key (CEK) to wrap. Must not be null.
        kek - The AES Key Encryption Key (KEK) (wrapping key). Must not be null.
        provider - The specific JCA provider to use, null implies the default system one.
        Returns:
        The wrapped Content Encryption Key (CEK).
        Throws:
        JOSEException - If wrapping failed.

      • unwrapCEK

        public static SecretKey unwrapCEK​(SecretKey kek,
                                  byte[] encryptedCEK,
                                  Provider provider)
                           throws JOSEException
        Unwraps the specified encrypted Content Encryption Key (CEK).
        Parameters:
        kek - The AES Key Encryption Key (KEK) (wrapping key). Must not be null.
        encryptedCEK - The wrapped Content Encryption Key (CEK) with authentication tag. Must not be null.
        provider - The specific JCA provider to use, null implies the default system one.
        Returns:
        The unwrapped Content Encryption Key (CEK).
        Throws:
        JOSEException - If unwrapping failed.