Package com.nimbusds.jose.crypto.impl
Class AESKW
java.lang.Object
com.nimbusds.jose.crypto.impl.AESKW
AES key Wrapping methods for Content Encryption Key (CEK) encryption and
decryption. This class is thread-safe.
See RFC 7518 (JWA), section 4.4.
- Version:
- 2018-03-09
- Author:
- Melisa Halsband, Vladimir Dzhuvinov
-
Method Summary
Modifier and TypeMethodDescriptionstatic SecretKey
Unwraps the specified encrypted Content Encryption Key (CEK).static byte[]
Wraps the specified Content Encryption Key (CEK).
-
Method Details
-
wrapCEK
Wraps the specified Content Encryption Key (CEK).- Parameters:
cek
- The Content Encryption Key (CEK) to wrap. Must not benull
.kek
- The AES Key Encryption Key (KEK) (wrapping key). Must not benull
.provider
- The JCA provider to use,null
implies the default.- Returns:
- The wrapped Content Encryption Key (CEK).
- Throws:
JOSEException
- If wrapping failed.
-
unwrapCEK
public static SecretKey unwrapCEK(SecretKey kek, byte[] encryptedCEK, Provider provider) throws JOSEException Unwraps the specified encrypted Content Encryption Key (CEK).- Parameters:
kek
- The AES Key Encryption Key (KEK) (wrapping key). Must not benull
.encryptedCEK
- The wrapped Content Encryption Key (CEK) with authentication tag. Must not benull
.provider
- The JCA provider use,null
implies the default.- Returns:
- The unwrapped Content Encryption Key (CEK).
- Throws:
JOSEException
- If unwrapping failed.
-