Package com.nimbusds.jose.crypto.impl

Class AESGCMKW

java.lang.Object
com.nimbusds.jose.crypto.impl.AESGCMKW
@ThreadSafe public class AESGCMKW extends Object
AES GCM methods for Content Encryption Key (CEK) encryption and decryption. This class is thread-safe.

See RFC 7518 (JWA), section 4.7.

Version:
2017-06-01
Author:
Melisa Halsband, Vladimir Dzhuvinov

  • Method Details

    • encryptCEK

      public static AuthenticatedCipherText encryptCEK(SecretKey cek, Container<byte[]> iv, SecretKey kek, Provider provider) throws JOSEException
      Encrypts the specified Content Encryption Key (CEK).
      Parameters:
      cek - The Content Encryption Key (CEK) to encrypt. Must not be null.
      iv - The initialisation vector (IV). Must not be null. The contained IV must not be null either.
      kek - The AES Key Encryption Key (KEK). Must not be null.
      provider - The JCA provider to use, null implies the default.
      Returns:
      The encrypted Content Encryption Key (CEK).
      Throws:
      JOSEException - If encryption failed.

    • decryptCEK

      public static SecretKey decryptCEK(SecretKey kek, byte[] iv, AuthenticatedCipherText authEncrCEK, int keyLength, Provider provider) throws JOSEException
      Decrypts the specified encrypted Content Encryption Key (CEK).
      Parameters:
      kek - The AES Key Encription Key. Must not be null.
      iv - The initialisation vector (IV). Must not be null.
      authEncrCEK - The encrypted Content Encryption Key (CEK) to decrypt and authentication tag. Must not be null.
      keyLength - The expected key length, in bits.
      provider - The JCA provider, null to use the default.
      Returns:
      The decrypted Content Encryption Key (CEK).
      Throws:
      JOSEException - If decryption failed.