Package org.webpki.crypto

Class EncryptionCore

java.lang.Object
org.webpki.crypto.EncryptionCore
public class EncryptionCore extends Object
Core JOSE and COSE encryption support.

Implements a subset of the RFC 7516 (JWE) and RFC 8152 (COSE) algorithms.

  • Method Details

    • setAesProvider

      public static void setAesProvider(String providerName)
      Explicitly set provider for AES operations.

      DO NOT USE.

      Parameters:
      providerName - Name of provider

    • setEcProvider

      public static void setEcProvider(String ecStaticProviderName, String ecEphemeralProviderName)
      Explicitly set provider for ECDH operations.

      DO NOT USE.

      Parameters:
      ecStaticProviderName - Name of provider for static private keys
      ecEphemeralProviderName - Name of provider for ephemeral private keys

    • setRsaProvider

      public static void setRsaProvider(String rsaProviderName)
      Explicitly set provider for RSA operations.

      DO NOT USE.

      Parameters:
      rsaProviderName - Name of provider

    • createIv

      public static byte[] createIv(ContentEncryptionAlgorithms contentEncryptionAlgorithm)
      Create an IV with an algorithm specific length.
      Parameters:
      contentEncryptionAlgorithm -
      Returns:

    • contentEncryption

      public static EncryptionCore.SymmetricEncryptionResult contentEncryption(ContentEncryptionAlgorithms contentEncryptionAlgorithm, byte[] key, byte[] iv, byte[] plainText, byte[] authData)
      Perform a symmetric key encryption.
      Parameters:
      contentEncryptionAlgorithm - Encryption algorithm
      key - Encryption key
      iv - Initialization vector
      plainText - Data to be encrypted
      authData - Additional input factor for authentication
      Returns:
      A composite object including encrypted data

    • contentDecryption

      public static byte[] contentDecryption(ContentEncryptionAlgorithms contentEncryptionAlgorithm, byte[] key, byte[] cipherText, byte[] iv, byte[] authData, byte[] tag)
      Decrypt using a symmetric key.
      Parameters:
      contentEncryptionAlgorithm - Encryption algorithm
      key - Encryption key
      cipherText - Encrypted data
      iv - Initialization Vector
      authData - Additional input used for authentication purposes
      tag - Authentication tag
      Returns:
      Decrypted data

    • rsaEncryptKey

      public static EncryptionCore.AsymmetricEncryptionResult rsaEncryptKey(byte[] contentEncryptionKey, KeyEncryptionAlgorithms keyEncryptionAlgorithm, PublicKey publicKey)
      Perform an RSA encrypt key operation.
      Parameters:
      contentEncryptionKey - Also known as CEK
      keyEncryptionAlgorithm - The RSA encryption algorithm
      publicKey - The receiver's (usually static) public key
      Returns:
      A composite object including the (plain text) data encryption key

    • rsaDecryptKey

      public static byte[] rsaDecryptKey(PrivateKey privateKey, KeyEncryptionAlgorithms keyEncryptionAlgorithm, byte[] encryptedKey)
      Decrypt a symmetric key using an RSA cipher.
      Parameters:
      privateKey - The RSA private key
      keyEncryptionAlgorithm - The algorithm to use
      encryptedKey - Contains a symmetric key used for encrypting the data
      Returns:
      The key in plain text

    • receiverKeyAgreement

      public static byte[] receiverKeyAgreement(boolean coseMode, PrivateKey privateKey, KeyEncryptionAlgorithms keyEncryptionAlgorithm, ContentEncryptionAlgorithms contentEncryptionAlgorithm, PublicKey publicKey, byte[] encryptedKey)
      Perform a receiver side ECDH operation.
      Parameters:
      coseMode - If true => hmacKdf, else concatKdf
      privateKey - The receiver's private key
      keyEncryptionAlgorithm - The ECDH algorithm
      contentEncryptionAlgorithm - The designated content encryption algorithm
      publicKey - The sender's (usually ephemeral) public key
      encryptedKey - For ECDH+KW based operations only
      Returns:
      Shared secret

    • senderKeyAgreement

      public static EncryptionCore.AsymmetricEncryptionResult senderKeyAgreement(boolean coseMode, byte[] contentEncryptionKey, KeyEncryptionAlgorithms keyEncryptionAlgorithm, ContentEncryptionAlgorithms contentEncryptionAlgorithm, PublicKey publicKey)
      Perform a sender side ECDH operation.
      Parameters:
      coseMode - If true => hmacKdf, else concatKdf
      contentEncryptionKey - Also known as CEK
      keyEncryptionAlgorithm - The ECDH algorithm
      contentEncryptionAlgorithm - The designated content encryption algorithm
      publicKey - The receiver's (usually static) public key
      Returns:
      A composite object including the (plain text) data encryption key

    • encryptKey

      public static EncryptionCore.AsymmetricEncryptionResult encryptKey(boolean coseMode, PublicKey publicKey, KeyEncryptionAlgorithms keyEncryptionAlgorithm, ContentEncryptionAlgorithms contentEncryptionAlgorithm)
      Key encryption convenience method.
      Parameters:
      coseMode - true for COSE, false for JOSE
      publicKey - Public decryption key
      keyEncryptionAlgorithm - Key encryption algorithm
      contentEncryptionAlgorithm - Content encryption algorithm
      Returns:
      Encryption parameters including a content encryption key

    • decryptKey

      public static byte[] decryptKey(boolean coseMode, PrivateKey privateKey, byte[] optionalEncryptedKey, PublicKey optionalEphemeralKey, KeyEncryptionAlgorithms keyEncryptionAlgorithm, ContentEncryptionAlgorithms contentEncryptionAlgorithm)
      Key decryption convenience method.
      Parameters:
      coseMode - true for COSE, false for JOSE
      privateKey - Private decryption key
      optionalEncryptedKey - For key-wrapping algorithms
      optionalEphemeralKey - For ECDH*
      keyEncryptionAlgorithm - Key encryption algorithm
      contentEncryptionAlgorithm - Content encryption algorithm
      Returns:
      Decrypted content encryption key