Package com.nimbusds.jose.crypto
Class RSAEncrypter
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.BaseJWEProvider
-
- com.nimbusds.jose.crypto.impl.RSACryptoProvider
-
- com.nimbusds.jose.crypto.RSAEncrypter
-
- All Implemented Interfaces:
JCAAware<JWEJCAContext>
,JOSEProvider
,JWEEncrypter
,JWEProvider
@ThreadSafe public class RSAEncrypter extends RSACryptoProvider implements JWEEncrypter
RSA encrypter ofJWE objects
. Expects a public RSA key.Encrypts the plain text with a generated AES key (the Content Encryption Key) according to the specified JOSE encryption method, then encrypts the CEK with the public RSA key and returns it alongside the IV, cipher text and authentication tag. See RFC 7518, sections 4.2 and 4.3 for more information.
This class is thread-safe.
Supports the following key management algorithms:
JWEAlgorithm.RSA_OAEP_256
JWEAlgorithm.RSA_OAEP_384
JWEAlgorithm.RSA_OAEP_512
JWEAlgorithm.RSA_OAEP
(deprecated)JWEAlgorithm.RSA1_5
(deprecated)
Supports the following content encryption algorithms:
- Version:
- 2023-09-10
- Author:
- David Ortiz, Vladimir Dzhuvinov, Jun Yu, Egor Puzanov
-
-
Field Summary
-
Fields inherited from class com.nimbusds.jose.crypto.impl.RSACryptoProvider
SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS
-
-
Constructor Summary
Constructors Constructor Description RSAEncrypter(RSAKey rsaJWK)
Creates a new RSA encrypter.RSAEncrypter(RSAPublicKey publicKey)
Creates a new RSA encrypter.RSAEncrypter(RSAPublicKey publicKey, SecretKey contentEncryptionKey)
Creates a new RSA encrypter with an optionally specified content encryption key (CEK).
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JWECryptoParts
encrypt(JWEHeader header, byte[] clearText)
Deprecated.JWECryptoParts
encrypt(JWEHeader header, byte[] clearText, byte[] aad)
Encrypts the specified clear text of aJWE object
.RSAPublicKey
getPublicKey()
Gets the public RSA key.-
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider
getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWEProvider
supportedEncryptionMethods, supportedJWEAlgorithms
-
-
-
-
Constructor Detail
-
RSAEncrypter
public RSAEncrypter(RSAPublicKey publicKey)
Creates a new RSA encrypter.- Parameters:
publicKey
- The public RSA key. Must not benull
.
-
RSAEncrypter
public RSAEncrypter(RSAKey rsaJWK) throws JOSEException
Creates a new RSA encrypter.- Parameters:
rsaJWK
- The RSA JSON Web Key (JWK). Must not benull
.- Throws:
JOSEException
- If the RSA JWK extraction failed.
-
RSAEncrypter
public RSAEncrypter(RSAPublicKey publicKey, SecretKey contentEncryptionKey)
Creates a new RSA encrypter with an optionally specified content encryption key (CEK).- Parameters:
publicKey
- The public RSA key. Must not benull
.contentEncryptionKey
- The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). Ifnull
a CEK will be generated for each JWE.
-
-
Method Detail
-
getPublicKey
public RSAPublicKey getPublicKey()
Gets the public RSA key.- Returns:
- The public RSA key.
-
encrypt
@Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
Deprecated.Encrypts the specified clear text of aJWE object
.- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
encrypt
public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
Description copied from interface:JWEEncrypter
Encrypts the specified clear text of aJWE object
.- Specified by:
encrypt
in interfaceJWEEncrypter
- Parameters:
header
- The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not benull
.clearText
- The clear text to encrypt. Must not benull
.aad
- The additional authenticated data. Must not benull
.- Returns:
- The resulting JWE crypto parts.
- Throws:
JOSEException
- If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.
-
-