Package com.nimbusds.jose.crypto

Class RSADecrypter

    • Constructor Detail

      • RSADecrypter

        public RSADecrypter​(PrivateKey privateKey)
        Creates a new RSA decrypter. This constructor can also accept a private RSA key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private RSA key. Its algorithm must be "RSA" and its length at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.

      • RSADecrypter

        public RSADecrypter​(RSAKey rsaJWK)
             throws JOSEException
        Creates a new RSA decrypter.
        Parameters:
        rsaJWK - The RSA JSON Web Key (JWK). Must contain or reference a private part. Its length must be at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.
        Throws:
        JOSEException - If the RSA JWK doesn't contain a private part or its extraction failed.

      • RSADecrypter

        public RSADecrypter​(PrivateKey privateKey,
                    Set<String> defCritHeaders)
        Creates a new RSA decrypter. This constructor can also accept a private RSA key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private RSA key. Its algorithm must be "RSA" and its length at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.
        defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.

      • RSADecrypter

        public RSADecrypter​(PrivateKey privateKey,
                    Set<String> defCritHeaders,
                    boolean allowWeakKey)
        Creates a new RSA decrypter. This constructor can also accept a private RSA key located in a PKCS#11 store that doesn't expose the private key parameters (such as a smart card or HSM).
        Parameters:
        privateKey - The private RSA key. Its algorithm must be "RSA" and its length at least 2048 bits. Note that the length of an RSA key in a PKCS#11 store cannot be checked. Must not be null.
        defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.
        allowWeakKey - true to allow an RSA key shorter than 2048 bits.

    • Method Detail

      • getPrivateKey

        public PrivateKey getPrivateKey()
        Gets the private RSA key.
        Returns:
        The private RSA key. Casting to RSAPrivateKey may not be possible if the key is located in a PKCS#11 store that doesn't expose the private key parameters.

      • decrypt

        @Deprecated
public byte[] decrypt​(JWEHeader header,
                      Base64URL encryptedKey,
                      Base64URL iv,
                      Base64URL cipherText,
                      Base64URL authTag)
               throws JOSEException
        Deprecated.
        Decrypts the specified cipher text of a JWE Object.
        Parameters:
        header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
        encryptedKey - The encrypted key, null if not required by the JWE algorithm.
        iv - The initialisation vector, null if not required by the JWE algorithm.
        cipherText - The cipher text to decrypt. Must not be null.
        authTag - The authentication tag, null if not required.
        Returns:
        The clear text.
        Throws:
        JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.

      • decrypt

        public byte[] decrypt​(JWEHeader header,
                      Base64URL encryptedKey,
                      Base64URL iv,
                      Base64URL cipherText,
                      Base64URL authTag,
                      byte[] aad)
               throws JOSEException
        Description copied from interface: JWEDecrypter
        Decrypts the specified cipher text of a JWE Object.
        Specified by:
        decrypt in interface JWEDecrypter
        Parameters:
        header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
        encryptedKey - The encrypted key, null if not required by the JWE algorithm.
        iv - The initialisation vector, null if not required by the JWE algorithm.
        cipherText - The cipher text to decrypt. Must not be null.
        authTag - The authentication tag, null if not required.
        aad - The additional authenticated data. Must not be null.
        Returns:
        The clear text.
        Throws:
        JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.