io.jsonwebtoken.security

Interface KeyAlgorithm<E extends Key,D extends Key>

Type Parameters:

E - The type of key to use to obtain the AEAD encryption key

D - The type of key to use to obtain the AEAD decryption key

All Superinterfaces:

Identifiable

All Known Subinterfaces:

SecretKeyAlgorithm

public interface KeyAlgorithm<E extends Key,D extends Key>
extends Identifiable

A KeyAlgorithm produces the SecretKey used to encrypt or decrypt a JWE. The KeyAlgorithm used for a particular JWE is identified in the JWE's alg header. The KeyAlgorithm interface is JJWT's idiomatic approach to the JWE specification's Key Management Mode concept.

All standard Key Algorithms are defined in JWA (RFC 7518), Section 4.1, and they are all available as concrete instances via Jwts.KEY.

"alg" identifier

KeyAlgorithm extends Identifiable: the value returned from keyAlgorithm.getId() will be used as the JWE "alg" protected header value.

Since:

0.12.0

See Also:

Jwts.KEY, RFC 7561, Section 2: JWE Key (Management) Algorithms

Method Summary

Methods

Modifier and Type	Method and Description
SecretKey	getDecryptionKey(DecryptionKeyRequest<D> request) Return the SecretKey that should be used to decrypt a JWE via the request's specified AeadAlgorithm.
KeyResult	getEncryptionKey(KeyRequest<E> request) Return the SecretKey that should be used to encrypt a JWE via the request's specified AeadAlgorithm.

Methods inherited from interface io.jsonwebtoken.Identifiable

getId

Method Detail

getEncryptionKey

KeyResult getEncryptionKey(KeyRequest<E> request)
                           throws SecurityException

Return the SecretKey that should be used to encrypt a JWE via the request's specified AeadAlgorithm. The encryption key will be available via the result's result.getKey() method.

If the key algorithm uses key encryption or key agreement to produce an encrypted key value that must be included in the JWE, the encrypted key ciphertext will be available via the result's result.getPayload() method. If the key algorithm does not produce encrypted key ciphertext, result.getPayload() will be a non-null empty byte array.

Parameters:

request - the KeyRequest containing information necessary to produce a SecretKey for AEAD encryption.

Returns:

the SecretKey that should be used to encrypt a JWE via the request's specified AeadAlgorithm, along with any optional encrypted key ciphertext.

Throws:

SecurityException - if there is a problem obtaining or encrypting the AEAD SecretKey.

getDecryptionKey

SecretKey getDecryptionKey(DecryptionKeyRequest<D> request)
                           throws SecurityException

Return the SecretKey that should be used to decrypt a JWE via the request's specified AeadAlgorithm.

If the key algorithm used key encryption or key agreement to produce an encrypted key value, the encrypted key ciphertext will be available via the request's result.getPayload() method. If the key algorithm did not produce encrypted key ciphertext, request.getPayload() will return a non-null empty byte array.

Parameters:

request - the DecryptionKeyRequest containing information necessary to obtain a SecretKey for AEAD decryption.

Returns:

the SecretKey that should be used to decrypt a JWE via the request's specified AeadAlgorithm.

Throws:

SecurityException - if there is a problem obtaining or decrypting the AEAD SecretKey.