Package com.nimbusds.jose.crypto.impl
Class ECDH1PU
java.lang.Object
com.nimbusds.jose.crypto.impl.ECDH1PU
Elliptic Curve Diffie-Hellman One-Pass Unified Model (ECDH-1PU) key
agreement functions and utilities.
- Version:
- 2021-08-03
- Author:
- Alexander Martynov
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionstatic SecretKey
deriveRecipientZ
(OctetKeyPair privateKey, OctetKeyPair publicKey, OctetKeyPair epk) Derives a shared secret (also called 'Z') for recipient where Z is the concatenation of Ze and Zs.static SecretKey
deriveRecipientZ
(ECPrivateKey privateKey, ECPublicKey publicKey, ECPublicKey epk, Provider provider) Derives a shared secret (also called 'Z') for sender where Z is the concatenation of Ze and Zs.static SecretKey
deriveSenderZ
(OctetKeyPair privateKey, OctetKeyPair publicKey, OctetKeyPair epk) Derives a shared secret (also called 'Z') for sender where Z is the concatenation of Ze and Zs.static SecretKey
deriveSenderZ
(ECPrivateKey privateKey, ECPublicKey publicKey, ECPrivateKey epk, Provider provider) Derives a shared secret (also called 'Z') for sender where Z is the concatenation of Ze and Zs.static SecretKey
deriveSharedKey
(JWEHeader header, SecretKey Z, ConcatKDF concatKDF) Derives a shared key (via concat KDF).static SecretKey
deriveSharedKey
(JWEHeader header, SecretKey Z, Base64URL tag, ConcatKDF concatKDF) Derives a shared key (via concat KDF).static SecretKey
Derives a shared secret (also called 'Z') where Z is the concatenation of Ze and Zs.static ECDH.AlgorithmMode
Resolves the ECDH algorithm mode.static int
sharedKeyLength
(JWEAlgorithm alg, EncryptionMethod enc) Returns the bit length of the shared key (derived via concat KDF) for the specified JWE ECDH algorithm.static void
validateSameCurve
(OctetKeyPair privateKey, OctetKeyPair publicKey) Ensures the private key and public key are from the same curve.static void
validateSameCurve
(ECPrivateKey privateKey, ECPublicKey publicKey) Ensures the private key and public key are from the same curve.
-
Method Details
-
resolveAlgorithmMode
Resolves the ECDH algorithm mode.- Parameters:
alg
- The JWE algorithm. Must be supported and notnull
.- Returns:
- The algorithm mode.
- Throws:
JOSEException
- If the JWE algorithm is not supported.
-
deriveZ
Derives a shared secret (also called 'Z') where Z is the concatenation of Ze and Zs.- Parameters:
Ze
- The shared secret derived from applying the ECDH primitive to the sender's ephemeral private key and the recipient's static public key (when sending) or the recipient's static private key and the sender's ephemeral public key (when receiving). Must not benull
.Zs
- The shared secret derived from applying the ECDH primitive to the sender's static private key and the recipient's static public key (when sending) or the recipient's static private key and the sender's static public key (when receiving). Must not benull
.- Returns:
- The derived shared key.
-
deriveSenderZ
public static SecretKey deriveSenderZ(ECPrivateKey privateKey, ECPublicKey publicKey, ECPrivateKey epk, Provider provider) throws JOSEException Derives a shared secret (also called 'Z') for sender where Z is the concatenation of Ze and Zs. Where Ze is shared secret from applying the ECDH primitive to the sender's ephemeral private key and the recipient's static public key, Zs is the shared secret derived from applying the ECDH primitive to the sender's static private key and the recipient's static public key.- Parameters:
privateKey
- The sender EC private key.publicKey
- The recipient EC public key.epk
- The sender EC ephemeral private key.provider
- The JCA provider for the ECDH key agreement,null
to use the default.- Returns:
- The derived shared secret ('Z'), with algorithm "AES".
- Throws:
JOSEException
- If derivation of the shared secret failed.
-
deriveSenderZ
public static SecretKey deriveSenderZ(OctetKeyPair privateKey, OctetKeyPair publicKey, OctetKeyPair epk) throws JOSEException Derives a shared secret (also called 'Z') for sender where Z is the concatenation of Ze and Zs. Where Ze is shared secret from applying the ECDH primitive to the sender's ephemeral public key and the recipient's static private key, Zs is the shared secret derived from applying the ECDH primitive to the sender's static public key and the recipient's static private key.- Parameters:
privateKey
- The sender OctetKey private key.publicKey
- The recipient OctetKey public key.epk
- The sender OctetKey ephemeral private key.- Returns:
- The derived shared secret ('Z'), with algorithm "AES".
- Throws:
JOSEException
- If derivation of the shared secret failed.
-
deriveRecipientZ
public static SecretKey deriveRecipientZ(ECPrivateKey privateKey, ECPublicKey publicKey, ECPublicKey epk, Provider provider) throws JOSEException Derives a shared secret (also called 'Z') for sender where Z is the concatenation of Ze and Zs. Where Ze is shared secret from applying the ECDH primitive to the sender's ephemeral public key and the recipient's static private key, Zs is the shared secret derived from applying the ECDH primitive to the sender's static public key and the recipient's static private key.- Parameters:
privateKey
- The sender EC private key.publicKey
- The recipient EC public key.epk
- The sender EC ephemeral public key.provider
- The JCA provider for the ECDH key agreement,null
to use the default.- Returns:
- The derived shared secret ('Z'), with algorithm "AES".
- Throws:
JOSEException
- If derivation of the shared secret failed.
-
deriveRecipientZ
public static SecretKey deriveRecipientZ(OctetKeyPair privateKey, OctetKeyPair publicKey, OctetKeyPair epk) throws JOSEException Derives a shared secret (also called 'Z') for recipient where Z is the concatenation of Ze and Zs.- Parameters:
privateKey
- The sender OctetKey private key.publicKey
- The recipient OctetKey public key.epk
- The sender OctetKey ephemeral private key.- Returns:
- The derived shared secret ('Z'), with algorithm "AES".
- Throws:
JOSEException
- If derivation of the shared secret failed.
-
validateSameCurve
public static void validateSameCurve(ECPrivateKey privateKey, ECPublicKey publicKey) throws JOSEException Ensures the private key and public key are from the same curve.- Parameters:
privateKey
- EC private key. Must not benull
.publicKey
- EC public key. Must not benull
.- Throws:
JOSEException
- If the key curves don't match.
-
validateSameCurve
public static void validateSameCurve(OctetKeyPair privateKey, OctetKeyPair publicKey) throws JOSEException Ensures the private key and public key are from the same curve.- Parameters:
privateKey
- OKP private key. Must not benull
.publicKey
- OKP public key. Must not benull
.- Throws:
JOSEException
- If the curves don't match.
-