Package com.nimbusds.jose.crypto

Class ECDH1PUX25519Encrypter

java.lang.Object

com.nimbusds.jose.crypto.impl.BaseJWEProvider

com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider

com.nimbusds.jose.crypto.ECDH1PUX25519Encrypter

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider

@ThreadSafe
public class ECDH1PUX25519Encrypter
extends ECDH1PUCryptoProvider
implements JWEEncrypter

Elliptic Curve Diffie-Hellman encrypter of JWE objects for curves using an OKP JWK. Expects a public OctetKeyPair key with "crv" X25519.

See RFC 8037 for more information.

See also ECDH1PUEncrypter for ECDH on other curves.

Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.

This class is thread-safe.

Supports the following key management algorithms:

• JWEAlgorithm.ECDH_1PU
• JWEAlgorithm.ECDH_1PU_A128KW
• JWEAlgorithm.ECDH_1PU_A192KW
• JWEAlgorithm.ECDH_1PU_A256KW

Supports the following elliptic curves:

• Curve.X25519

Supports the following content encryption algorithms for Direct key agreement mode:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED
• EncryptionMethod.XC20P

Supports the following content encryption algorithms for Key wrapping mode:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512

Version:

2023-05-17

Author:

Alexander Martynov, Egor Puzanov

Field Summary

Fields inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider

SUPPORTED_ALGORITHMS, SUPPORTED_ENCRYPTION_METHODS

Constructor Summary

Constructors

Constructor	Description
ECDH1PUX25519Encrypter(OctetKeyPair privateKey, OctetKeyPair publicKey)	Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.
ECDH1PUX25519Encrypter(OctetKeyPair privateKey, OctetKeyPair publicKey, SecretKey contentEncryptionKey)	Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.

Method Summary

Modifier and Type	Method	Description
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText)	Deprecated.
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText, byte[] aad)	Encrypts the specified clear text of a JWE object.
OctetKeyPair	getPrivateKey()	Returns the private key.
OctetKeyPair	getPublicKey()	Returns the public key.
Set<Curve>	supportedEllipticCurves()	Returns the names of the supported elliptic curves.

Methods inherited from class com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider

decryptWithZ, encryptWithZ, getConcatKDF, getCurve

Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider

getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Methods inherited from interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods, supportedJWEAlgorithms

Constructor Details

ECDH1PUX25519Encrypter

public ECDH1PUX25519Encrypter(OctetKeyPair privateKey,
 OctetKeyPair publicKey)
                       throws JOSEException

Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.

Parameters:

privateKey - The private key. Must not be null.

publicKey - The public key. Must not be null.

Throws:

JOSEException - If the key subtype is not supported.

ECDH1PUX25519Encrypter

public ECDH1PUX25519Encrypter(OctetKeyPair privateKey,
 OctetKeyPair publicKey,
 SecretKey contentEncryptionKey)
                       throws JOSEException

Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.

Parameters:

privateKey - The private key. Must not be null.

publicKey - The public key. Must not be null.

contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.

Throws:

JOSEException - If the key subtype is not supported.

Method Details

supportedEllipticCurves

public Set<Curve> supportedEllipticCurves()

Description copied from class: ECDH1PUCryptoProvider

Returns the names of the supported elliptic curves. These correspond to the crv JWK parameter.

Specified by:

supportedEllipticCurves in class ECDH1PUCryptoProvider

Returns:

The supported elliptic curves.

getPublicKey

public OctetKeyPair getPublicKey()

Returns the public key.

Returns:

The public key.

getPrivateKey

public OctetKeyPair getPrivateKey()

Returns the private key.

Returns:

The private key.

encrypt

@Deprecated
public JWECryptoParts encrypt(JWEHeader header,
 byte[] clearText)
                       throws JOSEException

Deprecated.

Encrypts the specified clear text of a JWE object.

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

encrypt

public JWECryptoParts encrypt(JWEHeader header,
 byte[] clearText,
 byte[] aad)
                       throws JOSEException

Description copied from interface: JWEEncrypter

Encrypts the specified clear text of a JWE object.

Specified by:

encrypt in interface JWEEncrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

aad - The additional authenticated data. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.