Package com.nimbusds.jose.crypto

Class ECDH1PUEncrypter

java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWEProvider
com.nimbusds.jose.crypto.impl.ECDH1PUCryptoProvider
com.nimbusds.jose.crypto.ECDH1PUEncrypter
All Implemented Interfaces:
JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider
@ThreadSafe public class ECDH1PUEncrypter extends ECDH1PUCryptoProvider implements JWEEncrypter
Elliptic Curve Diffie-Hellman encrypter of JWE objects for curves using an EC JWK. Expects a public EC key (with a P-256, P-384, or P-521 curve).

Public Key Authenticated Encryption for JOSE ECDH-1PU for more information.

For Curve25519/X25519, see ECDH1PUX25519Encrypter instead.

This class is thread-safe.

Supports the following key management algorithms:

Supports the following elliptic curves:

Supports the following content encryption algorithms for Direct key agreement mode:

Supports the following content encryption algorithms for Key wrapping mode:

Version:
2023-05-17
Author:
Alexander Martynov, Egor Puzanov

  • Field Details

  • Constructor Details

    • ECDH1PUEncrypter

      public ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey) throws JOSEException
      Creates a new Elliptic Curve Diffie-Hellman encrypter.
      Parameters:
      privateKey - The private EC key. Must not be null.
      publicKey - The public EC key. Must not be null.
      Throws:
      JOSEException - If the elliptic curve is not supported.

    • ECDH1PUEncrypter

      public ECDH1PUEncrypter(ECPrivateKey privateKey, ECPublicKey publicKey, SecretKey contentEncryptionKey) throws JOSEException
      Creates a new Elliptic Curve Diffie-Hellman encrypter with an optionally specified content encryption key (CEK).
      Parameters:
      privateKey - The private EC key. Must not be null.
      publicKey - The public EC key. Must not be null.
      contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.
      Throws:
      JOSEException - If the elliptic curve is not supported.

  • Method Details

    • getPublicKey

      public ECPublicKey getPublicKey()
      Returns the public EC key.
      Returns:
      The public EC key.

    • getPrivateKey

      public ECPrivateKey getPrivateKey()
      Returns the private EC key.
      Returns:
      The private EC key.

    • supportedEllipticCurves

      public Set<Curve> supportedEllipticCurves()
      Description copied from class: ECDH1PUCryptoProvider
      Returns the names of the supported elliptic curves. These correspond to the crv JWK parameter.
      Specified by:
      supportedEllipticCurves in class ECDH1PUCryptoProvider
      Returns:
      The supported elliptic curves.

    • encrypt

      @Deprecated public JWECryptoParts encrypt(JWEHeader header, byte[] clearText) throws JOSEException
      Deprecated.
      Encrypts the specified clear text of a JWE object.
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      clearText - The clear text to encrypt. Must not be null.
      Returns:
      The resulting JWE crypto parts.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

    • encrypt

      public JWECryptoParts encrypt(JWEHeader header, byte[] clearText, byte[] aad) throws JOSEException
      Description copied from interface: JWEEncrypter
      Encrypts the specified clear text of a JWE object.
      Specified by:
      encrypt in interface JWEEncrypter
      Parameters:
      header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.
      clearText - The clear text to encrypt. Must not be null.
      aad - The additional authenticated data. Must not be null.
      Returns:
      The resulting JWE crypto parts.
      Throws:
      JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.