Package com.nimbusds.jose.crypto

Class PasswordBasedEncrypter

java.lang.Object

com.nimbusds.jose.crypto.impl.BaseJWEProvider

com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider

com.nimbusds.jose.crypto.PasswordBasedEncrypter

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider

@ThreadSafe
public class PasswordBasedEncrypter
extends PasswordBasedCryptoProvider
implements JWEEncrypter

Password-based encrypter of JWE objects. Expects a password.

See RFC 7518 section 4.8 for more information.

This class is thread-safe.

Supports the following key management algorithms:

• JWEAlgorithm.PBES2_HS256_A128KW
• JWEAlgorithm.PBES2_HS384_A192KW
• JWEAlgorithm.PBES2_HS512_A256KW

Supports the following content encryption algorithms:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED
• EncryptionMethod.XC20P

Version:

2023-09-10

Author:

Vladimir Dzhuvinov, Egor Puzanov

Field Summary

Fields

Modifier and Type	Field	Description
static int	MIN_RECOMMENDED_ITERATION_COUNT	The minimum recommended iteration count (1000).
static int	MIN_SALT_LENGTH	The minimum salt length (8 bytes).

Fields inherited from class com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider

SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS

Constructor Summary

Constructors

Constructor	Description
PasswordBasedEncrypter(byte[] password, int saltLength, int iterationCount)	Creates a new password-based encrypter.
PasswordBasedEncrypter(String password, int saltLength, int iterationCount)	Creates a new password-based encrypter.

Method Summary

Modifier and Type	Method	Description
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText)	Deprecated.
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText, byte[] aad)	Encrypts the specified clear text of a JWE object.
int	getIterationCount()	Returns the pseudo-random function (PRF) iteration count.
int	getSaltLength()	Returns the length of the generated cryptographic salts.

Methods inherited from class com.nimbusds.jose.crypto.impl.PasswordBasedCryptoProvider

getPassword, getPasswordString

Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider

getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Methods inherited from interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods, supportedJWEAlgorithms

Field Detail

MIN_SALT_LENGTH

public static final int MIN_SALT_LENGTH

The minimum salt length (8 bytes).

See Also:

Constant Field Values

MIN_RECOMMENDED_ITERATION_COUNT

public static final int MIN_RECOMMENDED_ITERATION_COUNT

The minimum recommended iteration count (1000).

See Also:

Constant Field Values

Constructor Detail

PasswordBasedEncrypter

public PasswordBasedEncrypter(byte[] password,
                              int saltLength,
                              int iterationCount)

Creates a new password-based encrypter.

Parameters:

password - The password bytes. Must not be empty or null.

saltLength - The length of the generated cryptographic salts, in bytes. Must be at least 8 bytes.

iterationCount - The pseudo-random function (PRF) iteration count. Must be at least 1000.

PasswordBasedEncrypter

public PasswordBasedEncrypter(String password,
                              int saltLength,
                              int iterationCount)

Creates a new password-based encrypter.

Parameters:

password - The password, as a UTF-8 encoded string. Must not be empty or null.

saltLength - The length of the generated cryptographic salts, in bytes. Must be at least 8 bytes.

iterationCount - The pseudo-random function (PRF) iteration count. Must be at least 1000.

Method Detail

encrypt

@Deprecated
public JWECryptoParts encrypt(JWEHeader header,
                              byte[] clearText)
                       throws JOSEException

Deprecated.

Encrypts the specified clear text of a JWE object.

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

encrypt

public JWECryptoParts encrypt(JWEHeader header,
                              byte[] clearText,
                              byte[] aad)
                       throws JOSEException

Description copied from interface: JWEEncrypter

Encrypts the specified clear text of a JWE object.

Specified by:

encrypt in interface JWEEncrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

aad - The additional authenticated data. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

getSaltLength

public int getSaltLength()

Returns the length of the generated cryptographic salts.

Returns:

The length of the generated cryptographic salts, in bytes.

getIterationCount

public int getIterationCount()

Returns the pseudo-random function (PRF) iteration count.

Returns:

The iteration count.