java.lang.Object
- com.nimbusds.jose.crypto.impl.ContentCryptoProvider

```
public class ContentCryptoProvider
extends Object
```
JWE content encryption / decryption provider.

Version:

2023-03-21

Author:

Vladimir Dzhuvinov

Field Summary

Fields
Modifier and Type	Field	Description
`static Map<Integer,Set<EncryptionMethod>>`	`COMPATIBLE_ENCRYPTION_METHODS`	The encryption methods compatible with each key size in bits.
`static Set<EncryptionMethod>`	`SUPPORTED_ENCRYPTION_METHODS`	The supported encryption methods.

Constructor Summary

Constructors
Constructor Description

ContentCryptoProvider()

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static byte[]`	`decrypt(JWEHeader header, byte[] aad, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, SecretKey cek, JWEJCAContext jcaProvider)`	Decrypts the specified cipher text.
`static byte[]`	`decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, SecretKey cek, JWEJCAContext jcaProvider)`	Decrypts the specified cipher text.
`static JWECryptoParts`	`encrypt(JWEHeader header, byte[] clearText, byte[] aad, SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider)`	Encrypts the specified clear text (content).
`static JWECryptoParts`	`encrypt(JWEHeader header, byte[] clearText, SecretKey cek, Base64URL encryptedKey, JWEJCAContext jcaProvider)`	Encrypts the specified clear text (content).
`static SecretKey`	`generateCEK(EncryptionMethod enc, SecureRandom randomGen)`	Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUPPORTED_ENCRYPTION_METHODS

public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported encryption methods.

COMPATIBLE_ENCRYPTION_METHODS

public static final Map<Integer,Set<EncryptionMethod>> COMPATIBLE_ENCRYPTION_METHODS

The encryption methods compatible with each key size in bits.

Constructor Detail
- ContentCryptoProvider
```
public ContentCryptoProvider()
```

Method Detail

generateCEK
```
public static SecretKey generateCEK(EncryptionMethod enc,
                                    SecureRandom randomGen)
                             throws JOSEException
```
Generates a Content Encryption Key (CEK) for the specified JOSE encryption method.

Parameters:

enc - The encryption method. Must not be null.

randomGen - The secure random generator to use. Must not be null.

Returns:

The generated CEK (with algorithm "AES").

Throws:

JOSEException - If the encryption method is not supported.

encrypt

public static JWECryptoParts encrypt(JWEHeader header,
                                     byte[] clearText,
                                     SecretKey cek,
                                     Base64URL encryptedKey,
                                     JWEJCAContext jcaProvider)
                              throws JOSEException

Encrypts the specified clear text (content).

Parameters:: header - The final JWE header. Must not be null.; clearText - The clear text to encrypt and optionally compress. Must not be null.; cek - The Content Encryption Key (CEK). Must not be null.; encryptedKey - The encrypted CEK, null if not required.; jcaProvider - The JWE JCA provider specification. Must not be null.
Returns:: The JWE crypto parts.
Throws:: JOSEException - If encryption failed.

encrypt
```
public static JWECryptoParts encrypt(JWEHeader header,
                                     byte[] clearText,
                                     byte[] aad,
                                     SecretKey cek,
                                     Base64URL encryptedKey,
                                     JWEJCAContext jcaProvider)
                              throws JOSEException
```
Encrypts the specified clear text (content).

Parameters:

header - The final JWE header. Must not be null.

clearText - The clear text to encrypt and optionally compress. Must not be null.

aad - The Additional Authenticated Data (AAD), if null the JWE header becomes the AAD.

cek - The Content Encryption Key (CEK). Must not be null.

encryptedKey - The encrypted CEK, null if not required.

jcaProvider - The JWE JCA provider specification. Must not be null.

Returns:

The JWE crypto parts.

Throws:

JOSEException - If encryption failed.

decrypt

public static byte[] decrypt(JWEHeader header,
                             Base64URL encryptedKey,
                             Base64URL iv,
                             Base64URL cipherText,
                             Base64URL authTag,
                             SecretKey cek,
                             JWEJCAContext jcaProvider)
                      throws JOSEException

Decrypts the specified cipher text.

Parameters:: header - The JWE header. Must not be null.; encryptedKey - The encrypted key, null if not specified.; iv - The initialisation vector (IV). Must not be null.; cipherText - The cipher text. Must not be null.; authTag - The authentication tag. Must not be null.; cek - The Content Encryption Key (CEK). Must not be null.; jcaProvider - The JWE JCA provider specification. Must not be null.
Returns:: The clear text.
Throws:: JOSEException - If decryption failed.

decrypt

public static byte[] decrypt(JWEHeader header,
                             byte[] aad,
                             Base64URL encryptedKey,
                             Base64URL iv,
                             Base64URL cipherText,
                             Base64URL authTag,
                             SecretKey cek,
                             JWEJCAContext jcaProvider)
                      throws JOSEException

Decrypts the specified cipher text.

Parameters:: header - The JWE header. Must not be null.; aad - The Additional Authenticated Data (AAD), if null the JWE header becomes the AAD.; encryptedKey - The encrypted key, null if not specified.; iv - The initialisation vector (IV). Must not be null.; cipherText - The cipher text. Must not be null.; authTag - The authentication tag. Must not be null.; cek - The Content Encryption Key (CEK). Must not be null.; jcaProvider - The JWE JCA provider specification. Must not be null.
Returns:: The clear text.
Throws:: JOSEException - If decryption failed.

Class ContentCryptoProvider

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

SUPPORTED_ENCRYPTION_METHODS

COMPATIBLE_ENCRYPTION_METHODS

Constructor Detail

ContentCryptoProvider

Method Detail

generateCEK

encrypt

encrypt

decrypt

decrypt