Package com.nimbusds.jose.crypto

Class RSAEncrypter

java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWEProvider
com.nimbusds.jose.crypto.impl.RSACryptoProvider
com.nimbusds.jose.crypto.RSAEncrypter
All Implemented Interfaces:
JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider
@ThreadSafe public class RSAEncrypter extends RSACryptoProvider implements JWEEncrypter
RSA encrypter of JWE objects. Expects a public RSA key.

Encrypts the plain text with a generated AES key (the Content Encryption Key) according to the specified JOSE encryption method, then encrypts the CEK with the public RSA key and returns it alongside the IV, cipher text and authentication tag. See RFC 7518, sections 4.2 and 4.3 for more information.

This class is thread-safe.

Supports the following key management algorithms:

Supports the following content encryption algorithms:

Version:
2024-04-20
Author:
David Ortiz, Vladimir Dzhuvinov, Jun Yu, Egor Puzanov

  • Constructor Details

    • RSAEncrypter

      public RSAEncrypter(RSAPublicKey publicKey)
      Creates a new RSA encrypter.
      Parameters:
      publicKey - The public RSA key. Must not be null.

    • RSAEncrypter

      public RSAEncrypter(RSAKey rsaJWK) throws JOSEException
      Creates a new RSA encrypter.
      Parameters:
      rsaJWK - The RSA JSON Web Key (JWK). Must not be null.
      Throws:
      JOSEException - If the RSA JWK extraction failed.

    • RSAEncrypter

      public RSAEncrypter(RSAPublicKey publicKey, SecretKey contentEncryptionKey)
      Creates a new RSA encrypter with an optionally specified content encryption key (CEK).
      Parameters:
      publicKey - The public RSA key. Must not be null.
      contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.

  • Method Details

    • getPublicKey

      public RSAPublicKey getPublicKey()
      Gets the public RSA key.
      Returns:
      The public RSA key.

    • encrypt

      @Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
      Deprecated.
      Encrypts the specified clear text of a JWE object.
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      clearText - The clear text to encrypt. Must not be null.
      Returns:
      The resulting JWE crypto parts.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

    • encrypt

      public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
      Description copied from interface: JWEEncrypter
      Encrypts the specified clear text of a JWE object.
      Specified by:
      encrypt in interface JWEEncrypter
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      clearText - The clear text to encrypt. Must not be null.
      aad - The additional authenticated data. Must not be null.
      Returns:
      The resulting JWE crypto parts.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.