Package com.nimbusds.jose.crypto.impl

Class RSA_OAEP

  • @ThreadSafe
public class RSA_OAEP
extends java.lang.Object
    RSAES OAEP methods for Content Encryption Key (CEK) encryption and decryption. Uses the BouncyCastle.org provider. This class is thread-safe
    Version:
    2017-11-27
    Author:
    Vladimir Dzhuvinov

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.crypto.SecretKey decryptCEK​(java.security.PrivateKey priv, byte[] encryptedCEK, java.security.Provider provider)
      Decrypts the specified encrypted Content Encryption Key (CEK).
      static byte[] encryptCEK​(java.security.interfaces.RSAPublicKey pub, javax.crypto.SecretKey cek, java.security.Provider provider)
      Encrypts the specified Content Encryption Key (CEK).

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • encryptCEK

        public static byte[] encryptCEK​(java.security.interfaces.RSAPublicKey pub,
                                javax.crypto.SecretKey cek,
                                java.security.Provider provider)
                         throws JOSEException
        Encrypts the specified Content Encryption Key (CEK).
        Parameters:
        pub - The public RSA key. Must not be null.
        cek - The Content Encryption Key (CEK) to encrypt. Must not be null.
        provider - The JCA provider, or null to use the default one.
        Returns:
        The encrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If encryption failed.

      • decryptCEK

        public static javax.crypto.SecretKey decryptCEK​(java.security.PrivateKey priv,
                                                byte[] encryptedCEK,
                                                java.security.Provider provider)
                                         throws JOSEException
        Decrypts the specified encrypted Content Encryption Key (CEK).
        Parameters:
        priv - The private RSA key. Must not be null.
        encryptedCEK - The encrypted Content Encryption Key (CEK) to decrypt. Must not be null.
        provider - The JCA provider, or null to use the default one.
        Returns:
        The decrypted Content Encryption Key (CEK).
        Throws:
        JOSEException - If decryption failed.