Package com.nimbusds.jose.crypto.impl

Class LegacyConcatKDF

  • public class LegacyConcatKDF
extends java.lang.Object
    Legacy implementation of a Concatenation Key Derivation Function (KDF) for use by the deprecated A128CBC+HS256 and A256CBC+HS512 encryption methods. Provides static methods for deriving the Content Encryption Key (CEK) and the Content Integrity Key (CIK) from a Content Master Key (CMKs).

    See draft-ietf-jose-json-web-encryption-08, appendices A.4 and A.5.

    See NIST.800-56A.

    Version:
    2018-01-04
    Author:
    Vladimir Dzhuvinov

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.crypto.SecretKey generateCEK​(javax.crypto.SecretKey key, EncryptionMethod enc, byte[] epu, byte[] epv)
      Generates a Content Encryption Key (CEK) from the specified Content Master Key (CMK) and JOSE encryption method.
      static javax.crypto.SecretKey generateCIK​(javax.crypto.SecretKey key, EncryptionMethod enc, byte[] epu, byte[] epv)
      Generates a Content Integrity Key (CIK) from the specified Content Master Key (CMK) and JOSE encryption method.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • generateCEK

        public static javax.crypto.SecretKey generateCEK​(javax.crypto.SecretKey key,
                                                 EncryptionMethod enc,
                                                 byte[] epu,
                                                 byte[] epv)
                                          throws JOSEException
        Generates a Content Encryption Key (CEK) from the specified Content Master Key (CMK) and JOSE encryption method.
        Parameters:
        key - The Content Master Key (CMK). Must not be null.
        enc - The JOSE encryption method. Must not be null.
        epu - The value of the encryption PartyUInfo header parameter, null if not specified.
        epv - The value of the encryption PartyVInfo header parameter, null if not specified.
        Returns:
        The generated AES CEK.
        Throws:
        JOSEException - If CEK generation failed.

      • generateCIK

        public static javax.crypto.SecretKey generateCIK​(javax.crypto.SecretKey key,
                                                 EncryptionMethod enc,
                                                 byte[] epu,
                                                 byte[] epv)
                                          throws JOSEException
        Generates a Content Integrity Key (CIK) from the specified Content Master Key (CMK) and JOSE encryption method.
        Parameters:
        key - The Content Master Key (CMK). Must not be null.
        enc - The JOSE encryption method. Must not be null.
        epu - The value of the encryption PartyUInfo header parameter, null if not specified.
        epv - The value of the encryption PartyVInfo header parameter, null if not specified.
        Returns:
        The generated HMAC SHA CIK.
        Throws:
        JOSEException - If CIK generation failed.