Class VaultTransitProvider

  • All Implemented Interfaces:
    Serializable, Cloneable, Map<Object,​Object>

    public class VaultTransitProvider
    extends Provider
    Cryptographic provider that delegates cryptographic operations to the Hashicorp Vault transit backend. All cryptographic operations are offloaded to the Vault server. The following algorithms are supported:

    Symmetric Encryption

    • AES/GCM/NoPadding
    • ChaCha20-Poly1305
    • Note: associated data is not supported for either algorithm. Neither is providing an explicit IV (nonce). Instead you should retrieve the randomly generated IV by calling Cipher.getIV() after the plaintext has been encrypted.

    HMAC

    • HmacSHA224
    • HmacSHA256
    • HmacSHA384
    • HmacSHA512

    Public Key Encryption

    • RSA/ECB/OAEPWithSHA-256AndMGF1Padding.

    Public Key Signatures

    • SHA256WithRSA
    • SHA384WithRSA
    • SHA512WithRSA
    • SHA256WithRSAAndMGF1 - this is RSA-PSS with SHA-256 for MGF1
    • SHA384WithRSAAndMGF1 - this is RSA-PSS with SHA-384 for MGF1
    • SHA512WithRSAAndMGF1 - this is RSA-PSS with SHA-512 for MGF1
    • RSASSA-PSS - this is a generic RSA-PSS. You must initialize the signature with a PSSParameterSpec that matches one of the above three configurations.
    • SHA256WithECDSA
    • SHA384WithECDSA
    • SHA512WithECDSA
    • Ed25519
    See Also:
    Serialized Form
    • Constructor Detail

      • VaultTransitProvider

        public VaultTransitProvider()
        Registers the algorithms implemented by this provider.