Class SecretKeyDerivation

java.lang.Object
com.nimbusds.oauth2.sdk.jose.SecretKeyDerivation

public class SecretKeyDerivation extends Object
Derives an AES secret key from a client secret. Intended for performing symmetric encryption and decryption with a client secret, as specified in OpenID Connect Core 1.0, section 10.2.
  • Method Details

    • deriveSecretKey

      public static SecretKey deriveSecretKey(Secret clientSecret, com.nimbusds.jose.JWEAlgorithm alg, com.nimbusds.jose.EncryptionMethod enc) throws com.nimbusds.jose.JOSEException
      Derives a secret encryption key from the specified client secret.
      Parameters:
      clientSecret - The client secret. Must not be null.
      alg - The JWE algorithm. Must not be null.
      enc - The JWE method. Must not be null.
      Returns:
      The matching secret key (with algorithm set to "AES").
      Throws:
      com.nimbusds.jose.JOSEException - If the JWE algorithm or method is not supported.
    • deriveSecretKey

      public static SecretKey deriveSecretKey(Secret clientSecret, int bits) throws com.nimbusds.jose.JOSEException
      Derives a secret encryption key from the specified client secret.
      Parameters:
      clientSecret - The client secret. Must not be null.
      bits - The secret key bits (128, 192, 256, 384 or 512).
      Returns:
      The matching secret key (with algorithm set to "AES").
      Throws:
      com.nimbusds.jose.JOSEException - If the secret key bit size it not supported.