Package com.nimbusds.jose.crypto.impl

Class AESGCMKW

  • @ThreadSafe
public class AESGCMKW
extends java.lang.Object
    AES GCM methods for Content Encryption Key (CEK) encryption and decryption. This class is thread-safe.

    See RFC 7518 (JWA), section 4.7.

    Version:
    2017-06-01
    Author:
    Melisa Halsband, Vladimir Dzhuvinov

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.crypto.SecretKey decryptCEK​(javax.crypto.SecretKey kek, byte[] iv, AuthenticatedCipherText authEncrCEK, int keyLength, java.security.Provider provider)
      Decrypts the specified encrypted Content Encryption Key (CEK).
      static AuthenticatedCipherText encryptCEK​(javax.crypto.SecretKey cek, Container<byte[]> iv, javax.crypto.SecretKey kek, java.security.Provider provider)
      Encrypts the specified Content Encryption Key (CEK).

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • encryptCEK

        public static AuthenticatedCipherText encryptCEK​(javax.crypto.SecretKey cek,
                                                 Container<byte[]> iv,
                                                 javax.crypto.SecretKey kek,
                                                 java.security.Provider provider)
                                          throws JOSEException
        Encrypts the specified Content Encryption Key (CEK).
        Parameters:
        cek - The Content Encryption Key (CEK) to encrypt. Must not be null.
        iv - The initialisation vector (IV). Must not be null. The contained IV must not be null either.
        kek - The AES Key Encryption Key (KEK). Must not be null.
        provider - The specific JCA provider to use, null implies the default system one.
        Returns:
        The encrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If encryption failed.

      • decryptCEK

        public static javax.crypto.SecretKey decryptCEK​(javax.crypto.SecretKey kek,
                                                byte[] iv,
                                                AuthenticatedCipherText authEncrCEK,
                                                int keyLength,
                                                java.security.Provider provider)
                                         throws JOSEException
        Decrypts the specified encrypted Content Encryption Key (CEK).
        Parameters:
        kek - The AES Key Encription Key. Must not be null.
        iv - The initialisation vector (IV). Must not be null.
        authEncrCEK - The encrypted Content Encryption Key (CEK) to decrypt and authentication tag. Must not be null.
        provider - The JCA provider, or null to use the default one.
        Returns:
        The decrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If decryption failed.