Package org.forgerock.json.jose.jwe

Enum EncryptionMethod

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description
      A128CBC_HS256
      AES encryption in CBC mode with PKCS5 Padding and a 128 bit length, AES encryption for CEK, HMAC using SHA-256 hash algorithm for authentication tag.
      A128GCM
      AES encryption in Galois Counter Mode (GCM) with a 128 bit key length.
      A192CBC_HS384
      AES encryption in CBC mode with PKCS5 Padding and a 192 bit length, AES encryption for CEK, HMAC using SHA-384 hash algorithm for the authentication tag.
      A192GCM
      AES encryption in Galois Counter Mode (GCM) with a 192 bit key length.
      A256CBC_HS512
      AES encryption in CBC mode with PKCS5 Padding and a 256 bit length, AES encryption for CEK, HMAC using SHA-256 hash algorithm for authentication tag.
      A256GCM
      AES encryption in Galois Counter Mode (GCM) with a 256 bit key length.
      CC20_P1305
      The ChaCha20-Poly1305 algorithm as described in RFC 7539.
      XC20_P1305
      The XChaCha20-Poly1305 algorithm as used in libsodium, Wireguard, etc.

    • Enum Constant Detail

      • A128CBC_HS256

        public static final EncryptionMethod A128CBC_HS256
        AES encryption in CBC mode with PKCS5 Padding and a 128 bit length, AES encryption for CEK, HMAC using SHA-256 hash algorithm for authentication tag.

      • A192CBC_HS384

        public static final EncryptionMethod A192CBC_HS384
        AES encryption in CBC mode with PKCS5 Padding and a 192 bit length, AES encryption for CEK, HMAC using SHA-384 hash algorithm for the authentication tag.

      • A256CBC_HS512

        public static final EncryptionMethod A256CBC_HS512
        AES encryption in CBC mode with PKCS5 Padding and a 256 bit length, AES encryption for CEK, HMAC using SHA-256 hash algorithm for authentication tag.

      • A128GCM

        public static final EncryptionMethod A128GCM
        AES encryption in Galois Counter Mode (GCM) with a 128 bit key length.

      • A192GCM

        public static final EncryptionMethod A192GCM
        AES encryption in Galois Counter Mode (GCM) with a 192 bit key length.

      • A256GCM

        public static final EncryptionMethod A256GCM
        AES encryption in Galois Counter Mode (GCM) with a 256 bit key length.

      • CC20_P1305

        public static final EncryptionMethod CC20_P1305
        The ChaCha20-Poly1305 algorithm as described in RFC 7539. This takes a 256-bit key, a 96-bit nonce, and produces a ciphertext and a 128-bit authentication tag.

      • XC20_P1305

        public static final EncryptionMethod XC20_P1305
        The XChaCha20-Poly1305 algorithm as used in libsodium, Wireguard, etc. This is a variant of CC20_P1305 that takes a 192-bit random nonce and uses the first 128-bits to derive a unique per-message key. The remaining bytes of the nonce and the fresh key are then used with CC20_P1305. This allows using random nonces, which are much easier to generate safely, for encrypting up to 280 messages with the same key.

    • Method Detail

      • values

        public static EncryptionMethod[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (EncryptionMethod c : EncryptionMethod.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static EncryptionMethod valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null

      • getName

        public String getName()
        Gets the full name of the encryption method.
        Returns:
        The name of the encryption method.

      • getTransformation

        public String getTransformation()
        Gets the Java Cryptographic algorithm name for the algorithm that will eb used to encrypt the plaintext.
        Returns:
        The transformation algorithm.

      • getMacAlgorithm

        public String getMacAlgorithm()
        Gets the Java Cryptographic algorithm name for the algorithm that will generate the MAC key.
        Returns:
        The mac algorithm.

      • getEncryptionAlgorithm

        public String getEncryptionAlgorithm()
        Gets the Java Cryptographic algorithm name for the algorithm that will create the Content Encryption Key (CEK).
        Returns:
        The encryption algorithm.

      • getKeyOffset

        public int getKeyOffset()
        Gets the number of octets in each of the CEK and MAC key.
        Returns:
        The Key Offset.

      • getKeySize

        public int getKeySize()
        Gets the bit length of the Content Encryption Key (CEK).
        Returns:
        The key size.

      • parseMethod

        public static EncryptionMethod parseMethod​(String method)
        Parses the given algorithm string to find the matching EncryptionMethod enum constant.
        Parameters:
        method - The encryption method.
        Returns:
        The EncryptionMethod enum.

      • getJweStandardName

        public String getJweStandardName()
        Returns the JWE standard encryption method name for this encryption method. For example A128GCM or A256CBC-HS512.
        Returns:
        the standard JWE name for this encryption method.