Package com.nimbusds.jose.crypto

Class ECDH1PUX25519Decrypter

java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWEProvider
com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
com.nimbusds.jose.crypto.ECDH1PUX25519Decrypter
All Implemented Interfaces:
CriticalHeaderParamsAware, JCAAware<JWEJCAContext>, JOSEProvider, JWEDecrypter, JWEProvider
@ThreadSafe public class ECDH1PUX25519Decrypter extends ECDH1PUCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware
Elliptic Curve Diffie-Hellman decrypter of JWE objects for curves using an OKP JWK. Expects a private OctetKeyPair key with "crv" X25519.

See RFC 8037 for more information.

See also ECDH1PUDecrypter for ECDH on other curves.

Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.

This class is thread-safe.

Supports the following key management algorithms:

Supports the following elliptic curves:

Supports the following content encryption algorithms for Direct key agreement mode:

Supports the following content encryption algorithms for Key wrapping mode:

Version:
2023-05-17
Author:
Alexander Martynov, Egor Puzanov

  • Constructor Details

    • ECDH1PUX25519Decrypter

      public ECDH1PUX25519Decrypter(OctetKeyPair privateKey, OctetKeyPair publicKey) throws JOSEException
      Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
      Parameters:
      privateKey - The private key. Must not be null.
      publicKey - The private key. Must not be null.
      Throws:
      JOSEException - If the key subtype is not supported.

    • ECDH1PUX25519Decrypter

      public ECDH1PUX25519Decrypter(OctetKeyPair privateKey, OctetKeyPair publicKey, Set<String> defCritHeaders) throws JOSEException
      Creates a new Curve25519 Elliptic Curve Diffie-Hellman decrypter.
      Parameters:
      privateKey - The private key. Must not be null.
      publicKey - The private key. Must not be null.
      defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.
      Throws:
      JOSEException - If the key subtype is not supported.

  • Method Details

    • supportedEllipticCurves

      public Set<Curve> supportedEllipticCurves()
      Description copied from class: ECDH1PUCryptoProvider
      Returns the names of the supported elliptic curves. These correspond to the crv JWK parameter.
      Specified by:
      supportedEllipticCurves in class ECDH1PUCryptoProvider
      Returns:
      The supported elliptic curves.

    • getPrivateKey

      public OctetKeyPair getPrivateKey()
      Returns the private key.
      Returns:
      The private key.

    • getPublicKey

      public OctetKeyPair getPublicKey()
      Returns the public key.
      Returns:
      The public key.

    • getProcessedCriticalHeaderParams

      public Set<String> getProcessedCriticalHeaderParams()
      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.
      Specified by:
      getProcessedCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are understood and processed, empty set if none.

    • getDeferredCriticalHeaderParams

      public Set<String> getDeferredCriticalHeaderParams()
      Description copied from interface: CriticalHeaderParamsAware
      Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.
      Specified by:
      getDeferredCriticalHeaderParams in interface CriticalHeaderParamsAware
      Returns:
      The names of the critical header parameters that are deferred to the application for processing, empty set if none.

    • decrypt

      @Deprecated public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag) throws JOSEException
      Deprecated.
      Decrypts the specified cipher text of a JWE Object.
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      encryptedKey - The encrypted key, null if not required by the JWE algorithm.
      iv - The initialisation vector, null if not required by the JWE algorithm.
      cipherText - The cipher text to decrypt. Must not be null.
      authTag - The authentication tag, null if not required.
      Returns:
      The clear text.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.

    • decrypt

      public byte[] decrypt(JWEHeader header, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag, byte[] aad) throws JOSEException
      Description copied from interface: JWEDecrypter
      Decrypts the specified cipher text of a JWE Object.
      Specified by:
      decrypt in interface JWEDecrypter
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      encryptedKey - The encrypted key, null if not required by the JWE algorithm.
      iv - The initialisation vector, null if not required by the JWE algorithm.
      cipherText - The cipher text to decrypt. Must not be null.
      authTag - The authentication tag, null if not required.
      aad - The additional authenticated data. Must not be null.
      Returns:
      The clear text.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if decryption failed for some other reason.