public class ContentCryptoProvider extends Object
Modifier and Type | Field and Description |
---|---|
static Map<Integer,Set<EncryptionMethod>> |
COMPATIBLE_ENCRYPTION_METHODS
The encryption methods compatible with each key size in bits.
|
static Set<EncryptionMethod> |
SUPPORTED_ENCRYPTION_METHODS
The supported encryption methods.
|
Constructor and Description |
---|
ContentCryptoProvider() |
Modifier and Type | Method and Description |
---|---|
static byte[] |
decrypt(JWEHeader header,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag,
SecretKey cek,
JWEJCAContext jcaProvider)
Decrypts the specified cipher text.
|
static JWECryptoParts |
encrypt(JWEHeader header,
byte[] clearText,
SecretKey cek,
Base64URL encryptedKey,
JWEJCAContext jcaProvider)
Encrypts the specified clear text (content).
|
static SecretKey |
generateCEK(EncryptionMethod enc,
SecureRandom randomGen)
Generates a Content Encryption Key (CEK) for the specified JOSE
encryption method.
|
public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS
public static final Map<Integer,Set<EncryptionMethod>> COMPATIBLE_ENCRYPTION_METHODS
public ContentCryptoProvider()
public static SecretKey generateCEK(EncryptionMethod enc, SecureRandom randomGen) throws JOSEException
enc
- The encryption method. Must not be null
.randomGen
- The secure random generator to use. Must not be
null
.JOSEException
- If the encryption method is not supported.public static JWECryptoParts encrypt(JWEHeader header, byte[] clearText, SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider) throws JOSEException
header
- The final JWE header. Must not be null
.clearText
- The clear text to encrypt and optionally
compress. Must not be null
.cek
- The Content Encryption Key (CEK). Must not be
null
.encryptedKey
- The encrypted CEK, null
if not required.jcaProvider
- The JWE JCA provider specification. Must not be
null
.JOSEException
- If encryption failed.public static byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, SecretKey cek, JWEJCAContext jcaProvider) throws JOSEException
header
- The JWE header. Must not be null
.encryptedKey
- The encrypted key, null
if not
specified.iv
- The initialisation vector (IV). Must not be
null
.cipherText
- The cipher text. Must not be null
.authTag
- The authentication tag. Must not be
null
.cek
- The Content Encryption Key (CEK). Must not be
null
.jcaProvider
- The JWE JCA provider specification. Must not be
null
.JOSEException
- If decryption failed.Copyright © 2019 Connect2id Ltd.. All rights reserved.