Package org.forgerock.secrets.vault

Class VaultTransitProvider

java.lang.Object

java.util.Dictionary<K,V>

java.util.Hashtable<Object,Object>

java.util.Properties

java.security.Provider

org.forgerock.secrets.vault.VaultTransitProvider

All Implemented Interfaces:

Serializable, Cloneable, Map<Object,Object>

public class VaultTransitProvider
extends Provider

Cryptographic provider that delegates cryptographic operations to the Hashicorp Vault transit backend. All cryptographic operations are offloaded to the Vault server. The following algorithms are supported:

Symmetric Encryption

• AES/GCM/NoPadding
• ChaCha20-Poly1305
• Note: associated data is not supported for either algorithm. Neither is providing an explicit IV (nonce). Instead you should retrieve the randomly generated IV by calling Cipher.getIV() after the plaintext has been encrypted.

HMAC

• HmacSHA224
• HmacSHA256
• HmacSHA384
• HmacSHA512

Public Key Encryption

• RSA/ECB/OAEPWithSHA-256AndMGF1Padding.

Public Key Signatures

• SHA256WithRSA
• SHA384WithRSA
• SHA512WithRSA
• SHA256WithRSAAndMGF1 - this is RSA-PSS with SHA-256 for MGF1
• SHA384WithRSAAndMGF1 - this is RSA-PSS with SHA-384 for MGF1
• SHA512WithRSAAndMGF1 - this is RSA-PSS with SHA-512 for MGF1
• RSASSA-PSS - this is a generic RSA-PSS. You must initialize the signature with a PSSParameterSpec that matches one of the above three configurations.
• SHA256WithECDSA
• SHA384WithECDSA
• SHA512WithECDSA
• Ed25519

See Also:

• Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Provider

Provider.Service

Field Summary

Fields

Modifier and Type	Field	Description
static final String	NAME	The name of the provider.

Fields inherited from class java.util.Properties

defaults

Constructor Summary

Constructors

Constructor	Description
VaultTransitProvider()	Registers the algorithms implemented by this provider.

Method Summary

Methods inherited from class java.security.Provider

clear, compute, computeIfAbsent, computeIfPresent, configure, elements, entrySet, forEach, get, getInfo, getName, getOrDefault, getProperty, getService, getServices, getVersion, getVersionStr, isConfigured, keys, keySet, load, merge, put, putAll, putIfAbsent, putService, remove, remove, removeService, replace, replace, replaceAll, toString, values

Methods inherited from class java.util.Properties

clone, contains, containsKey, containsValue, equals, getProperty, hashCode, isEmpty, list, list, load, loadFromXML, propertyNames, rehash, save, setProperty, size, store, store, storeToXML, storeToXML, storeToXML, stringPropertyNames

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details

NAME

public static final String NAME

The name of the provider.

See Also:

• Constant Field Values

Constructor Details

VaultTransitProvider

public VaultTransitProvider()

Registers the algorithms implemented by this provider.