Package com.nimbusds.jose.crypto

Class RSAEncrypter

java.lang.Object

com.nimbusds.jose.crypto.impl.BaseJWEProvider

com.nimbusds.jose.crypto.impl.RSACryptoProvider

com.nimbusds.jose.crypto.RSAEncrypter

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider

@ThreadSafe
public class RSAEncrypter
extends RSACryptoProvider
implements JWEEncrypter

RSA encrypter of JWE objects. Expects a public RSA key.

Encrypts the plain text with a generated AES key (the Content Encryption Key) according to the specified JOSE encryption method, then encrypts the CEK with the public RSA key and returns it alongside the IV, cipher text and authentication tag. See RFC 7518, sections 4.2 and 4.3 for more information.

This class is thread-safe.

Supports the following key management algorithms:

• JWEAlgorithm.RSA_OAEP_256
• JWEAlgorithm.RSA_OAEP_384
• JWEAlgorithm.RSA_OAEP_512
• JWEAlgorithm.RSA_OAEP (deprecated)
• JWEAlgorithm.RSA1_5 (deprecated)

Supports the following content encryption algorithms:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED
• EncryptionMethod.XC20P

Version:

2023-09-10

Author:

David Ortiz, Vladimir Dzhuvinov, Jun Yu, Egor Puzanov

Field Summary

Fields inherited from class com.nimbusds.jose.crypto.impl.RSACryptoProvider

SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS

Constructor Summary

Constructors

Constructor	Description
RSAEncrypter(RSAKey rsaJWK)	Creates a new RSA encrypter.
RSAEncrypter(RSAPublicKey publicKey)	Creates a new RSA encrypter.
RSAEncrypter(RSAPublicKey publicKey, SecretKey contentEncryptionKey)	Creates a new RSA encrypter with an optionally specified content encryption key (CEK).

Method Summary

Modifier and Type	Method	Description
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText)	Deprecated.
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText, byte[] aad)	Encrypts the specified clear text of a JWE object.
RSAPublicKey	getPublicKey()	Gets the public RSA key.

Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider

getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Methods inherited from interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods, supportedJWEAlgorithms

Constructor Detail

RSAEncrypter

public RSAEncrypter(RSAPublicKey publicKey)

Creates a new RSA encrypter.

Parameters:

publicKey - The public RSA key. Must not be null.

RSAEncrypter

public RSAEncrypter(RSAKey rsaJWK)
             throws JOSEException

Creates a new RSA encrypter.

Parameters:

rsaJWK - The RSA JSON Web Key (JWK). Must not be null.

Throws:

JOSEException - If the RSA JWK extraction failed.

RSAEncrypter

public RSAEncrypter(RSAPublicKey publicKey,
                    SecretKey contentEncryptionKey)

Creates a new RSA encrypter with an optionally specified content encryption key (CEK).

Parameters:

publicKey - The public RSA key. Must not be null.

contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.

Method Detail

getPublicKey

public RSAPublicKey getPublicKey()

Gets the public RSA key.

Returns:

The public RSA key.

encrypt

@Deprecated
public JWECryptoParts encrypt(JWEHeader header,
                              byte[] clearText)
                       throws JOSEException

Deprecated.

Encrypts the specified clear text of a JWE object.

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

encrypt

public JWECryptoParts encrypt(JWEHeader header,
                              byte[] clearText,
                              byte[] aad)
                       throws JOSEException

Description copied from interface: JWEEncrypter

Encrypts the specified clear text of a JWE object.

Specified by:

encrypt in interface JWEEncrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

aad - The additional authenticated data. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.