Package com.nimbusds.jose.crypto.impl

Class AESKW

java.lang.Object

com.nimbusds.jose.crypto.impl.AESKW

@ThreadSafe
public class AESKW
extends Object

AES key Wrapping methods for Content Encryption Key (CEK) encryption and decryption. This class is thread-safe.

See RFC 7518 (JWA), section 4.4.

Version:

2018-03-09

Author:

Melisa Halsband, Vladimir Dzhuvinov

Method Summary

Modifier and Type	Method	Description
static SecretKey	unwrapCEK(SecretKey kek, byte[] encryptedCEK, Provider provider)	Unwraps the specified encrypted Content Encryption Key (CEK).
static byte[]	wrapCEK(SecretKey cek, SecretKey kek, Provider provider)	Wraps the specified Content Encryption Key (CEK).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

wrapCEK

public static byte[] wrapCEK(SecretKey cek,
 SecretKey kek,
 Provider provider)
                      throws JOSEException

Wraps the specified Content Encryption Key (CEK).

Parameters:

cek - The Content Encryption Key (CEK) to wrap. Must not be null.

kek - The AES Key Encryption Key (KEK) (wrapping key). Must not be null.

provider - The JCA provider to use, null implies the default.

Returns:

The wrapped Content Encryption Key (CEK).

Throws:

JOSEException - If wrapping failed.

unwrapCEK

public static SecretKey unwrapCEK(SecretKey kek,
 byte[] encryptedCEK,
 Provider provider)
                           throws JOSEException

Unwraps the specified encrypted Content Encryption Key (CEK).

Parameters:

kek - The AES Key Encryption Key (KEK) (wrapping key). Must not be null.

encryptedCEK - The wrapped Content Encryption Key (CEK) with authentication tag. Must not be null.

provider - The JCA provider use, null implies the default.

Returns:

The unwrapped Content Encryption Key (CEK).

Throws:

JOSEException - If unwrapping failed.