Package com.nimbusds.jose

Class JWEAlgorithm

java.lang.Object
com.nimbusds.jose.Algorithm
com.nimbusds.jose.JWEAlgorithm
All Implemented Interfaces:
Serializable
@Immutable public final class JWEAlgorithm extends Algorithm
JSON Web Encryption (JWE) algorithm name, represents the alg header parameter in JWE objects. This class is immutable.

Includes constants for the following JWE algorithm names:

Additional JWE algorithm names can be defined using the constructors.

Version:
2023-09-13
Author:
Vladimir Dzhuvinov
See Also:

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static final class 
    JWEAlgorithm.Family
    JWE algorithm family.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final JWEAlgorithm
    A128GCMKW
    AES in Galois/Counter Mode (GCM) (NIST.800-38D) 128 bit keys.
    static final JWEAlgorithm
    A128KW
    Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) using 128 bit keys.
    static final JWEAlgorithm
    A192GCMKW
    AES in Galois/Counter Mode (GCM) (NIST.800-38D) 192 bit keys.
    static final JWEAlgorithm
    A192KW
    Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) using 192 bit keys.
    static final JWEAlgorithm
    A256GCMKW
    AES in Galois/Counter Mode (GCM) (NIST.800-38D) 256 bit keys.
    static final JWEAlgorithm
    A256KW
    Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) using 256 bit keys.
    static final JWEAlgorithm
    DIR
    Direct use of a shared symmetric key as the Content Encryption Key (CEK) for the block encryption step (rather than using the symmetric key to wrap the CEK).
    static final JWEAlgorithm
    ECDH_1PU
    Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement using the Concat KDF, as defined in section 5.8.1 of NIST.800-56A, with the agreed-upon key being used directly as the Content Encryption Key (CEK) (rather than being used to wrap the CEK).
    static final JWEAlgorithm
    ECDH_1PU_A128KW
    Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement per "ECDH-1PU", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A128KW" function (rather than being used directly as the CEK).
    static final JWEAlgorithm
    ECDH_1PU_A192KW
    Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement per "ECDH-1PU", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A192KW" function (rather than being used directly as the CEK).
    static final JWEAlgorithm
    ECDH_1PU_A256KW
    Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement per "ECDH-1PU", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A256KW" function (rather than being used directly as the CEK).
    static final JWEAlgorithm
    ECDH_ES
    Elliptic Curve Diffie-Hellman Ephemeral Static (RFC 6090) key agreement using the Concat KDF, as defined in section 5.8.1 of NIST.800-56A, with the agreed-upon key being used directly as the Content Encryption Key (CEK) (rather than being used to wrap the CEK).
    static final JWEAlgorithm
    ECDH_ES_A128KW
    Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per "ECDH-ES", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A128KW" function (rather than being used directly as the CEK).
    static final JWEAlgorithm
    ECDH_ES_A192KW
    Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per "ECDH-ES", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A192KW" function (rather than being used directly as the CEK).
    static final JWEAlgorithm
    ECDH_ES_A256KW
    Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per "ECDH-ES", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A256KW" function (rather than being used directly as the CEK).
    static final JWEAlgorithm
    PBES2_HS256_A128KW
    PBES2 (RFC 2898) with HMAC SHA-256 as the PRF and AES Key Wrap (RFC 3394) using 128 bit keys for the encryption scheme.
    static final JWEAlgorithm
    PBES2_HS384_A192KW
    PBES2 (RFC 2898) with HMAC SHA-384 as the PRF and AES Key Wrap (RFC 3394) using 192 bit keys for the encryption scheme.
    static final JWEAlgorithm
    PBES2_HS512_A256KW
    PBES2 (RFC 2898) with HMAC SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256 bit keys for the encryption scheme.
    static final JWEAlgorithm
    RSA_OAEP
    Deprecated.
    static final JWEAlgorithm
    RSA_OAEP_256
    RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the SHA-256 hash function and the MGF1 with SHA-256 mask generation function.
    static final JWEAlgorithm
    RSA_OAEP_384
    RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the SHA-512 hash function and the MGF1 with SHA-384 mask generation function.
    static final JWEAlgorithm
    RSA_OAEP_512
    RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the SHA-512 hash function and the MGF1 with SHA-512 mask generation function.
    static final JWEAlgorithm
    RSA1_5
    Deprecated.

    Fields inherited from class com.nimbusds.jose.Algorithm

    NONE

  • Constructor Summary

    Constructors
    Constructor
    Description
    JWEAlgorithm(String name)
    Creates a new JSON Web Encryption (JWE) algorithm.
    JWEAlgorithm(String name, Requirement req)
    Creates a new JSON Web Encryption (JWE) algorithm.

  • Method Summary

    Modifier and Type
    Method
    Description
    static JWEAlgorithm
    parse(String s)
    Parses a JWE algorithm from the specified string.

    Methods inherited from class com.nimbusds.jose.Algorithm

    equals, getName, getRequirement, hashCode, toJSONString, toString

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

  • Field Details

    • RSA1_5

      @Deprecated public static final JWEAlgorithm RSA1_5
      Deprecated.
      RSAES-PKCS1-V1_5 (RFC 3447). Use of this RSA encryption algorithm is no longer recommended, use RSA_OAEP_256 instead.

    • RSA_OAEP

      @Deprecated public static final JWEAlgorithm RSA_OAEP
      Deprecated.
      RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the default parameters specified by RFC 3447 in section A.2.1. Use of this encryption algorithm is no longer recommended, use RSA_OAEP_256 instead.

    • RSA_OAEP_256

      public static final JWEAlgorithm RSA_OAEP_256
      RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the SHA-256 hash function and the MGF1 with SHA-256 mask generation function.

    • RSA_OAEP_384

      public static final JWEAlgorithm RSA_OAEP_384
      RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the SHA-512 hash function and the MGF1 with SHA-384 mask generation function.

    • RSA_OAEP_512

      public static final JWEAlgorithm RSA_OAEP_512
      RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the SHA-512 hash function and the MGF1 with SHA-512 mask generation function.

    • A128KW

      public static final JWEAlgorithm A128KW
      Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) using 128 bit keys.

    • A192KW

      public static final JWEAlgorithm A192KW
      Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) using 192 bit keys.

    • A256KW

      public static final JWEAlgorithm A256KW
      Advanced Encryption Standard (AES) Key Wrap Algorithm (RFC 3394) using 256 bit keys.

    • DIR

      public static final JWEAlgorithm DIR
      Direct use of a shared symmetric key as the Content Encryption Key (CEK) for the block encryption step (rather than using the symmetric key to wrap the CEK).

    • ECDH_ES

      public static final JWEAlgorithm ECDH_ES
      Elliptic Curve Diffie-Hellman Ephemeral Static (RFC 6090) key agreement using the Concat KDF, as defined in section 5.8.1 of NIST.800-56A, with the agreed-upon key being used directly as the Content Encryption Key (CEK) (rather than being used to wrap the CEK).

    • ECDH_ES_A128KW

      public static final JWEAlgorithm ECDH_ES_A128KW
      Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per "ECDH-ES", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A128KW" function (rather than being used directly as the CEK).

    • ECDH_ES_A192KW

      public static final JWEAlgorithm ECDH_ES_A192KW
      Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per "ECDH-ES", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A192KW" function (rather than being used directly as the CEK).

    • ECDH_ES_A256KW

      public static final JWEAlgorithm ECDH_ES_A256KW
      Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per "ECDH-ES", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A256KW" function (rather than being used directly as the CEK).

    • ECDH_1PU

      public static final JWEAlgorithm ECDH_1PU
      Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement using the Concat KDF, as defined in section 5.8.1 of NIST.800-56A, with the agreed-upon key being used directly as the Content Encryption Key (CEK) (rather than being used to wrap the CEK).

    • ECDH_1PU_A128KW

      public static final JWEAlgorithm ECDH_1PU_A128KW
      Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement per "ECDH-1PU", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A128KW" function (rather than being used directly as the CEK).

    • ECDH_1PU_A192KW

      public static final JWEAlgorithm ECDH_1PU_A192KW
      Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement per "ECDH-1PU", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A192KW" function (rather than being used directly as the CEK).

    • ECDH_1PU_A256KW

      public static final JWEAlgorithm ECDH_1PU_A256KW
      Elliptic Curve Diffie-Hellman One-Pass Unified Model key agreement per "ECDH-1PU", but where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A256KW" function (rather than being used directly as the CEK).

    • A128GCMKW

      public static final JWEAlgorithm A128GCMKW
      AES in Galois/Counter Mode (GCM) (NIST.800-38D) 128 bit keys.

    • A192GCMKW

      public static final JWEAlgorithm A192GCMKW
      AES in Galois/Counter Mode (GCM) (NIST.800-38D) 192 bit keys.

    • A256GCMKW

      public static final JWEAlgorithm A256GCMKW
      AES in Galois/Counter Mode (GCM) (NIST.800-38D) 256 bit keys.

    • PBES2_HS256_A128KW

      public static final JWEAlgorithm PBES2_HS256_A128KW
      PBES2 (RFC 2898) with HMAC SHA-256 as the PRF and AES Key Wrap (RFC 3394) using 128 bit keys for the encryption scheme.

    • PBES2_HS384_A192KW

      public static final JWEAlgorithm PBES2_HS384_A192KW
      PBES2 (RFC 2898) with HMAC SHA-384 as the PRF and AES Key Wrap (RFC 3394) using 192 bit keys for the encryption scheme.

    • PBES2_HS512_A256KW

      public static final JWEAlgorithm PBES2_HS512_A256KW
      PBES2 (RFC 2898) with HMAC SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256 bit keys for the encryption scheme.

  • Constructor Details

    • JWEAlgorithm

      public JWEAlgorithm(String name, Requirement req)
      Creates a new JSON Web Encryption (JWE) algorithm.
      Parameters:
      name - The algorithm name. Must not be null.
      req - The implementation requirement, null if not known.

    • JWEAlgorithm

      public JWEAlgorithm(String name)
      Creates a new JSON Web Encryption (JWE) algorithm.
      Parameters:
      name - The algorithm name. Must not be null.

  • Method Details

    • parse

      public static JWEAlgorithm parse(String s)
      Parses a JWE algorithm from the specified string.
      Parameters:
      s - The string to parse. Must not be null.
      Returns:
      The JWE algorithm (matching standard algorithm constant, else a newly created algorithm).