Package com.yahoo.security

Record Class SealedSharedKey

java.lang.Object
java.lang.Record
com.yahoo.security.SealedSharedKey
public record SealedSharedKey(int version, KeyId keyId, byte[] enc, byte[] ciphertext) extends Record
A SealedSharedKey represents the public part of a secure one-way ephemeral key exchange. It is "sealed" in the sense that it is expected to be computationally infeasible for anyone to derive the correct shared key from the sealed key without holding the correct private key. A SealedSharedKey can be converted to--and from--an opaque string token representation. This token representation is expected to be used as a convenient serialization form when communicating shared keys.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    CURRENT_TOKEN_VERSION
    Current encoding version of opaque sealed key tokens.
    static final int
    MAX_ENC_CONTEXT_LENGTH
    Encryption context for v{1,2} tokens is always a 32-byte X25519 public key
    static final int
    MAX_TOKEN_STRING_LENGTH
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    SealedSharedKey(int version, KeyId keyId, byte[] enc, byte[] ciphertext)
    Creates an instance of a SealedSharedKey record class.

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    ciphertext()
    Returns the value of the ciphertext record component.
    byte[]
    enc()
    Returns the value of the enc record component.
    boolean
    equals(Object o)
    Indicates whether some other object is "equal to" this one.
    static SealedSharedKey
    fromTokenString(String tokenString)
    Attempts to unwrap a SealedSharedKey opaque token representation that was previously created by a call to toTokenString().
    int
    hashCode()
    Returns a hash code value for this object.
    KeyId
    keyId()
    Returns the value of the keyId record component.
    int
    tokenVersion()
     
    String
    toString()
    Returns a string representation of this record class.
    String
    toTokenString()
    Creates an opaque URL-safe string token that contains enough information to losslessly reconstruct the SealedSharedKey instance when passed verbatim to fromTokenString().
    int
    version()
    Returns the value of the version record component.

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

  • Field Details

    • CURRENT_TOKEN_VERSION

      public static final int CURRENT_TOKEN_VERSION
      Current encoding version of opaque sealed key tokens. Must be less than 256.
      See Also:

    • MAX_ENC_CONTEXT_LENGTH

      public static final int MAX_ENC_CONTEXT_LENGTH
      Encryption context for v{1,2} tokens is always a 32-byte X25519 public key
      See Also:

    • MAX_TOKEN_STRING_LENGTH

      public static final int MAX_TOKEN_STRING_LENGTH
      See Also:

  • Constructor Details

    • SealedSharedKey

      public SealedSharedKey(int version, KeyId keyId, byte[] enc, byte[] ciphertext)
      Creates an instance of a SealedSharedKey record class.
      Parameters:
      version - the value for the version record component
      keyId - the value for the keyId record component
      enc - the value for the enc record component
      ciphertext - the value for the ciphertext record component

  • Method Details

    • toTokenString

      public String toTokenString()
      Creates an opaque URL-safe string token that contains enough information to losslessly reconstruct the SealedSharedKey instance when passed verbatim to fromTokenString().

    • fromTokenString

      public static SealedSharedKey fromTokenString(String tokenString)
      Attempts to unwrap a SealedSharedKey opaque token representation that was previously created by a call to toTokenString().

    • tokenVersion

      public int tokenVersion()

    • toString

      public String toString()
      Returns a string representation of this record class. The representation contains the name of the class, followed by the name and value of each of the record components.
      Specified by:
      toString in class Record
      Returns:
      a string representation of this object

    • equals

      public boolean equals(Object o)
      Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. Reference components are compared with Objects::equals(Object,Object); primitive components are compared with '=='.
      Specified by:
      equals in class Record
      Parameters:
      o - the object with which to compare
      Returns:
      true if this object is the same as the o argument; false otherwise.

    • hashCode

      public int hashCode()
      Returns a hash code value for this object. The value is derived from the hash code of each of the record components.
      Specified by:
      hashCode in class Record
      Returns:
      a hash code value for this object

    • version

      public int version()
      Returns the value of the version record component.
      Returns:
      the value of the version record component

    • keyId

      public KeyId keyId()
      Returns the value of the keyId record component.
      Returns:
      the value of the keyId record component

    • enc

      public byte[] enc()
      Returns the value of the enc record component.
      Returns:
      the value of the enc record component

    • ciphertext

      public byte[] ciphertext()
      Returns the value of the ciphertext record component.
      Returns:
      the value of the ciphertext record component