@ThreadSafe public class ECDH1PUDecrypter extends ECDH1PUCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware
JWE objects
for curves using an EC JWK.
Expects a private EC key (with a P-256, P-384 or P-521 curve).
Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.
For Curve25519/X25519, see ECDH1PUX25519Decrypter
instead.
This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.ECDH_1PU
JWEAlgorithm.ECDH_1PU_A128KW
JWEAlgorithm.ECDH_1PU_A192KW
JWEAlgorithm.ECDH_1PU_A256KW
Supports the following elliptic curves:
Supports the following content encryption algorithms for Direct key agreement mode:
EncryptionMethod.A128CBC_HS256
EncryptionMethod.A192CBC_HS384
EncryptionMethod.A256CBC_HS512
EncryptionMethod.A128GCM
EncryptionMethod.A192GCM
EncryptionMethod.A256GCM
EncryptionMethod.A128CBC_HS256_DEPRECATED
EncryptionMethod.A256CBC_HS512_DEPRECATED
EncryptionMethod.XC20P
Supports the following content encryption algorithms for Key wrapping mode:
Modifier and Type | Field and Description |
---|---|
static Set<Curve> |
SUPPORTED_ELLIPTIC_CURVES
The supported EC JWK curves by the ECDH crypto provider class.
|
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
Constructor and Description |
---|
ECDH1PUDecrypter(ECPrivateKey privateKey,
ECPublicKey publicKey)
Creates a new Elliptic Curve Diffie-Hellman decrypter.
|
ECDH1PUDecrypter(ECPrivateKey privateKey,
ECPublicKey publicKey,
Set<String> defCritHeaders)
Creates a new Elliptic Curve Diffie-Hellman decrypter.
|
ECDH1PUDecrypter(ECPrivateKey privateKey,
ECPublicKey publicKey,
Set<String> defCritHeaders,
Curve curve)
Creates a new Elliptic Curve Diffie-Hellman decrypter.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decrypt(JWEHeader header,
Base64URL encryptedKey,
Base64URL iv,
Base64URL cipherText,
Base64URL authTag)
Decrypts the specified cipher text of a
JWE Object . |
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
JWEJCAContext |
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
|
PrivateKey |
getPrivateKey()
Returns the private EC key.
|
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
ECPublicKey |
getPublicKey()
Returns the public EC key.
|
Set<Curve> |
supportedEllipticCurves()
Returns the names of the supported elliptic curves.
|
Set<EncryptionMethod> |
supportedEncryptionMethods()
Returns the names of the supported encryption methods by the JWE
provier.
|
Set<JWEAlgorithm> |
supportedJWEAlgorithms()
Returns the names of the supported algorithms by the JWE provider
instance.
|
decryptWithZ, encryptWithZ, getConcatKDF, getCurve
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedEncryptionMethods, supportedJWEAlgorithms
getJCAContext
public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES
public ECDH1PUDecrypter(ECPrivateKey privateKey, ECPublicKey publicKey) throws JOSEException
privateKey
- The private EC key. Must not be null
.publicKey
- The public EC key. Must not be null
.JOSEException
- If the elliptic curve is not supported.public ECDH1PUDecrypter(ECPrivateKey privateKey, ECPublicKey publicKey, Set<String> defCritHeaders) throws JOSEException
privateKey
- The private EC key. Must not be null
.publicKey
- The public EC key. Must not be null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.JOSEException
- If the elliptic curve is not supported.public ECDH1PUDecrypter(ECPrivateKey privateKey, ECPublicKey publicKey, Set<String> defCritHeaders, Curve curve) throws JOSEException
privateKey
- The private EC key. Must not be null
.publicKey
- The public EC key. Must not be null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.curve
- The key curve. Must not be null
.JOSEException
- If the elliptic curve is not supported.public ECPublicKey getPublicKey()
public PrivateKey getPrivateKey()
ECPrivateKey
may not be
possible if the key is located in a PKCS#11 store that
doesn't expose the private key parameters.public Set<Curve> supportedEllipticCurves()
ECDH1PUCryptoProvider
crv
JWK parameter.supportedEllipticCurves
in class ECDH1PUCryptoProvider
public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
JWEDecrypter
JWE Object
.decrypt
in interface JWEDecrypter
header
- The JSON Web Encryption (JWE) header. Must
specify a supported JWE algorithm and method.
Must not be null
.encryptedKey
- The encrypted key, null
if not required
by the JWE algorithm.iv
- The initialisation vector, null
if not
required by the JWE algorithm.cipherText
- The cipher text to decrypt. Must not be
null
.authTag
- The authentication tag, null
if not
required.JOSEException
- If the JWE algorithm or method is not
supported, if a critical header parameter is
not supported or marked for deferral to the
application, or if decryption failed for some
other reason.public Set<JWEAlgorithm> supportedJWEAlgorithms()
JWEProvider
alg
JWE header parameter.supportedJWEAlgorithms
in interface JWEProvider
public Set<EncryptionMethod> supportedEncryptionMethods()
JWEProvider
enc
JWE header parameter.supportedEncryptionMethods
in interface JWEProvider
public JWEJCAContext getJCAContext()
JCAAware
getJCAContext
in interface JCAAware<JWEJCAContext>
null
.Copyright © 2021 Connect2id Ltd.. All rights reserved.