T - the type of object relevant during key algorithm cryptographic operations.public interface KeyRequest<T> extends Request<T>
KeyAlgorithm to obtain the key necessary for AEAD encryption or decryption. The exact
AeadAlgorithm that will be used is accessible via getEncryptionAlgorithm().
Encryption Requests
For an encryption key request, Message.getPayload() will return
the encryption key to use. Additionally, any public information specific to the called
KeyAlgorithm implementation that is required to be transmitted in the JWE (such as an initialization vector,
authentication tag or ephemeral key, etc) may be added to the JWE protected header, accessible via
getHeader(). Although the JWE header is checked for authenticity and integrity, it itself is
not encrypted, so KeyAlgorithms should never place any secret or private information in the
header.
Decryption Requests
For a decryption request, the KeyRequest instance will be
a DecryptionKeyRequest instance, Message.getPayload() will return the encrypted key ciphertext (a
byte array), and the decryption key will be available via KeySupplier.getKey(). Additionally,
any public information necessary by the called KeyAlgorithm (such as an initialization vector,
authentication tag, ephemeral key, etc) is expected to be available in the JWE protected header, accessible
via getHeader().
DecryptionKeyRequest| Modifier and Type | Method and Description |
|---|---|
AeadAlgorithm |
getEncryptionAlgorithm()
Returns the
AeadAlgorithm that will be called for encryption or decryption after processing the
KeyRequest. |
JweHeader |
getHeader()
Returns the
JweHeader that will be used to construct the final JWE header, available for
reading or writing any KeyAlgorithm-specific information. |
getProvider, getSecureRandomgetPayloadAeadAlgorithm getEncryptionAlgorithm()
AeadAlgorithm that will be called for encryption or decryption after processing the
KeyRequest. KeyAlgorithm implementations that generate an ephemeral SecretKey to use
as what the JWE specification calls a
"Content Encryption Key (CEK)" should call the AeadAlgorithm's
key() builder to create a key suitable for that exact AeadAlgorithm.AeadAlgorithm that will be called for encryption or decryption after processing the
KeyRequest.JweHeader getHeader()
JweHeader that will be used to construct the final JWE header, available for
reading or writing any KeyAlgorithm-specific information.
For an encryption key request, any public information specific to the called KeyAlgorithm
implementation that is required to be transmitted in the JWE (such as an initialization vector,
authentication tag or ephemeral key, etc) is expected to be added to this header. Although the header is
checked for authenticity and integrity, it itself is not encrypted, so
KeyAlgorithms should never place any secret or private information in the header.
For a decryption request, any public information necessary by the called KeyAlgorithm
(such as an initialization vector, authentication tag, ephemeral key, etc) is expected to be available in
this header.
JweHeader that will be used to construct the final JWE header, available for
reading or writing any KeyAlgorithm-specific information.Copyright © 2014–2024 jsonwebtoken.io. All rights reserved.