Package com.nimbusds.jose.crypto.impl

Class ECDH

  • public class ECDH
extends java.lang.Object
    Elliptic Curve Diffie-Hellman key agreement functions and utilities.
    Version:
    2018-12-12
    Author:
    Vladimir Dzhuvinov

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  ECDH.AlgorithmMode
      Enumeration of the Elliptic Curve Diffie-Hellman Ephemeral Static algorithm modes.

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.crypto.SecretKey deriveSharedKey​(JWEHeader header, javax.crypto.SecretKey Z, ConcatKDF concatKDF)
      Derives a shared key (via concat KDF).
      static javax.crypto.SecretKey deriveSharedSecret​(OctetKeyPair publicKey, OctetKeyPair privateKey)
      Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
      static javax.crypto.SecretKey deriveSharedSecret​(java.security.interfaces.ECPublicKey publicKey, java.security.PrivateKey privateKey, java.security.Provider provider)
      Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
      static ECDH.AlgorithmMode resolveAlgorithmMode​(JWEAlgorithm alg)
      Resolves the ECDH algorithm mode.
      static int sharedKeyLength​(JWEAlgorithm alg, EncryptionMethod enc)
      Returns the bit length of the shared key (derived via concat KDF) for the specified JWE ECDH algorithm.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • resolveAlgorithmMode

        public static ECDH.AlgorithmMode resolveAlgorithmMode​(JWEAlgorithm alg)
                                               throws JOSEException
        Resolves the ECDH algorithm mode.
        Parameters:
        alg - The JWE algorithm. Must be supported and not null.
        Returns:
        The algorithm mode.
        Throws:
        JOSEException - If the JWE algorithm is not supported.

      • sharedKeyLength

        public static int sharedKeyLength​(JWEAlgorithm alg,
                                  EncryptionMethod enc)
                           throws JOSEException
        Returns the bit length of the shared key (derived via concat KDF) for the specified JWE ECDH algorithm.
        Parameters:
        alg - The JWE ECDH algorithm. Must be supported and not null.
        enc - The encryption method. Must be supported} and not null.
        Returns:
        The bit length of the shared key.
        Throws:
        JOSEException - If the JWE algorithm or encryption method is not supported.

      • deriveSharedSecret

        public static javax.crypto.SecretKey deriveSharedSecret​(java.security.interfaces.ECPublicKey publicKey,
                                                        java.security.PrivateKey privateKey,
                                                        java.security.Provider provider)
                                                 throws JOSEException
        Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
        Parameters:
        publicKey - The public EC key, i.e. the consumer's public EC key on encryption, or the ephemeral public EC key on decryption. Must not be null.
        privateKey - The private EC Key, i.e. the ephemeral private EC key on encryption, or the consumer's private EC key on decryption. Must not be null.
        provider - The specific JCA provider for the ECDH key agreement, null to use the default one.
        Returns:
        The derived shared secret ('Z'), with algorithm "AES".
        Throws:
        JOSEException - If derivation of the shared secret failed.

      • deriveSharedSecret

        public static javax.crypto.SecretKey deriveSharedSecret​(OctetKeyPair publicKey,
                                                        OctetKeyPair privateKey)
                                                 throws JOSEException
        Derives a shared secret (also called 'Z') from the specified ECDH key agreement.
        Parameters:
        publicKey - The public OKP key, i.e. the consumer's public EC key on encryption, or the ephemeral public EC key on decryption. Must not be null.
        privateKey - The private OKP key, i.e. the ephemeral private EC key on encryption, or the consumer's private EC key on decryption. Must not be null.
        Returns:
        The derived shared secret ('Z'), with algorithm "AES".
        Throws:
        JOSEException - If derivation of the shared secret failed.

      • deriveSharedKey

        public static javax.crypto.SecretKey deriveSharedKey​(JWEHeader header,
                                                     javax.crypto.SecretKey Z,
                                                     ConcatKDF concatKDF)
                                              throws JOSEException
        Derives a shared key (via concat KDF).
        Parameters:
        header - The JWE header. Its algorithm and encryption method must be supported. Must not be null.
        Z - The derived shared secret ('Z'). Must not be null.
        concatKDF - The concat KDF. Must be initialised and not null.
        Returns:
        The derived shared key.
        Throws:
        JOSEException - If derivation of the shared key failed.