All Classes and Interfaces
Class
Description
Authenticated encryption with associated data (AEAD)
AEAD cipher wrapper to hide the underlying crypto provider used.
A small collection of utils for working on arrays of bytes.
A
X509ExtendedKeyManager that reloads the certificate and private key from file regularly.Base58 encoding using the alphabet standardized by Bitcoin et al., which avoids
the use of characters [0OIl] to avoid visual ambiguity.
Base62 encoding which has the nice property that it does not feature any
potential word/line-breaking characters, which means encoded strings can
usually be selected in one go on web pages or in the terminal.
Codec that enables easy conversion from an array of bytes to any numeric base in [2, 256)
and back again, using a supplied custom alphabet.
A Ciphersuite is a 3-tuple that encapsulates the necessary primitives to use HKDF:
A key encapsulation mechanism (KEM)
A key derivation function (KDF)
An "authenticated encryption with associated data" (AEAD) algorithm
A
TlsContext that uses the tls configuration specified in the transport security options file.A static
TlsContextImplementation of RFC-5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
Restricted subset implementation of RFC 9180 Hybrid Public Key Encryption (HPKE)
Key derivation function (KDF)
Key encapsulation mechanism (KEM)
Key format
Represents a named key ID comprising an arbitrary (but length-limited)
sequence of valid UTF-8 bytes.
Utility methods for constructing
X509ExtendedKeyManager.Intentionally checked to force caller to handle missing permissions at call site.
A
X509ExtendedKeyManager which can be updated with new certificate chain and private key while in use.A
X509ExtendedTrustManager which can be updated with new CA certificates while in use.Uses rules from
AuthorizedPeers to evaluate X509 certificatesA SealedSharedKey represents the public part of a secure one-way ephemeral key exchange.
A SecretSharedKey represents a pairing of both the secret and public parts of
a secure one-way ephemeral key exchange.
Implements both the sender and receiver sides of a secure, anonymous one-way
key generation and exchange protocol implemented using HPKE; a hybrid crypto
scheme built around elliptic curves.
Delegated resealing protocol for getting access to a shared secret key of a token
whose private key we do not possess.
Utility functions for comparing the contents of arrays without leaking information about the
data contained within them via timing side-channels.
Misc signature utils
A builder for
SSLContext.A factory interface for creating
X509ExtendedKeyManager.A factory interface for creating
X509ExtendedTrustManager.A simplified version of
SSLContext modelled as an interface.A token represents an arbitrary, opaque sequence of secret bytes (preferably from a secure
random source) whose possession gives the holder the right to some resource(s) or action(s).
A token check hash represents a hash derived from a token in such a way that
distinct "audiences" for the token compute entirely different hashes even for
identical token values.
A token domain controls how token fingerprints and check-hashes are derived from
a particular token.
A token fingerprint represents an opaque sequence of bytes that is expected
to globally identify any particular token within a particular token domain.
Generates new
Token instances that encapsulate a given number of cryptographically
secure random bytes and, with a sufficiently high number of bytes (>= 16), can be expected
to be globally unique and computationally infeasible to guess or brute force.Generic TLS configuration for Vespa
Utility class for retrieving
TransportSecurityOptions from the system.A
X509ExtendedTrustManager that accepts all server certificates.Utility methods for constructing
X509ExtendedTrustManager.Wraps a
X509Certificate with its PrivateKey.Variant of
Base64 with the following modifications:
- + is replaced by .
- / is replaced by {code _}
- = is replaced by {code -}