Package org.forgerock.json.jose.jwe.handlers.encryption

Interface EncryptionHandler

All Known Implementing Classes:
AbstractEncryptionHandler, AESKeyWrapEncryptionHandler, DirectEncryptionHandler, ECDHEncryptionHandler, RSA15AES128CBCHS256EncryptionHandler, RSA15AES256CBCHS512EncryptionHandler, RSAEncryptionHandler
public interface EncryptionHandler
The interface for EncryptionHandlers for all the different encryption algorithms.

Provides methods for encrypting plaintexts and decrypting ciphertexts.

Since:
2.0.0
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    decryptCiphertext(Key contentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag, byte[] additionalAuthenticatedData)
    Decrypts the ciphertext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
    default Key
    decryptContentEncryptionKey(Key key, byte[] encryptedContentEncryptionKey)
    Deprecated.
    Use decryptContentEncryptionKey(Key, byte[], JweHeader) instead.
    default Key
    decryptContentEncryptionKey(Key key, byte[] encryptedContentEncryptionKey, JweHeader header)
    Decrypts the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.
    JweEncryption
    encryptPlaintext(Key contentEncryptionKey, byte[] initialisationVector, byte[] plaintext, byte[] additionalAuthenticatedData)
    Encrypts the plaintext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
    byte[]
    generateInitialisationVector()
    Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm, if the EncryptionHandler JweAlgorithm does not required an initialisation vector then the initialisation vector will be an empty octet sequence.
    default byte[]
    generateJWEEncryptedKey(Key key, Key contentEncryptionKey)
    Deprecated.
    Use generateJWEEncryptedKey(Key, Key, JweHeader) instead.
    default byte[]
    generateJWEEncryptedKey(Key key, Key contentEncryptionKey, JweHeader header)
    Generates the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.
    Key
    getContentEncryptionKey()
    Creates a Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.

  • Method Details

    • getContentEncryptionKey

      Key getContentEncryptionKey()
      Creates a Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.

      See points 1, 2, 3 in Section 5.1 of the JWE Specification.

      Returns:
      The Content Encryption Key or null if the shared key should be used directly.

    • generateJWEEncryptedKey

      default byte[] generateJWEEncryptedKey(Key key, Key contentEncryptionKey, JweHeader header)
      Generates the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.

      See points 4, 5, 6 in Section 5.1 of the JWE Specification.

      Parameters:
      key - The key to use to encrypt the Content Encryption Key, if the EncryptionHandler JweAlgorithm requires.
      contentEncryptionKey - The Content Encryption Key (CEK).
      header - The JWE header.
      Returns:
      A byte array of the JWE Encrypted Key.

    • generateJWEEncryptedKey

      @Deprecated default byte[] generateJWEEncryptedKey(Key key, Key contentEncryptionKey)
      Deprecated.
      Use generateJWEEncryptedKey(Key, Key, JweHeader) instead.
      Generates the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.

      See points 4, 5, 6 in Section 5.1 of the JWE Specification.

      Parameters:
      key - The key to use to encrypt the Content Encryption Key, if the EncryptionHandler JweAlgorithm requires.
      contentEncryptionKey - The Content Encryption Key (CEK).
      Returns:
      A byte array of the JWE Encrypted Key.

    • generateInitialisationVector

      byte[] generateInitialisationVector()
      Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm, if the EncryptionHandler JweAlgorithm does not required an initialisation vector then the initialisation vector will be an empty octet sequence.

      See points 9 in Section 5.1 of the JWE Specification.

      Returns:
      The Initialisation Vector.

    • encryptPlaintext

      JweEncryption encryptPlaintext(Key contentEncryptionKey, byte[] initialisationVector, byte[] plaintext, byte[] additionalAuthenticatedData)
      Encrypts the plaintext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.

      See points 15, 16 in Section 5.1 of the JWE Specification.

      Parameters:
      contentEncryptionKey - The Content Encryption Key.
      initialisationVector - The Initialisation Vector.
      plaintext - The plaintext to encrypt.
      additionalAuthenticatedData - An array of bytes representing the additional authenticated data.
      Returns:
      The JweEncryption object containing the ciphertext and authentication tag.

    • decryptContentEncryptionKey

      default Key decryptContentEncryptionKey(Key key, byte[] encryptedContentEncryptionKey, JweHeader header)
      Decrypts the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.

      See points 9, 10 in Section 5.2 of the JWE Specification.

      Parameters:
      key - The private key pair to the public key that encrypted the JWT.
      encryptedContentEncryptionKey - The encrypted Content Encryption Key.
      header - The JWE header.
      Returns:
      The decrypted Content Encryption Key.

    • decryptContentEncryptionKey

      @Deprecated default Key decryptContentEncryptionKey(Key key, byte[] encryptedContentEncryptionKey)
      Deprecated.
      Use decryptContentEncryptionKey(Key, byte[], JweHeader) instead.
      Decrypts the Content Encryption Key (CEK) following the appropriate steps defined by the EncryptionHandler JweAlgorithm.

      See points 9, 10 in Section 5.2 of the JWE Specification.

      Parameters:
      key - The private key pair to the public key that encrypted the JWT.
      encryptedContentEncryptionKey - The encrypted Content Encryption Key.
      Returns:
      The decrypted Content Encryption Key.

    • decryptCiphertext

      byte[] decryptCiphertext(Key contentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag, byte[] additionalAuthenticatedData)
      Decrypts the ciphertext with the Content Encryption Key, using the initialisation vector and additional authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.

      See points 14, 15 in Section 5.2 of the JWE Specification.

      Parameters:
      contentEncryptionKey - The Content Encryption Key.
      initialisationVector - The Initialisation Vector.
      ciphertext - The ciphertext to decrypt.
      authenticationTag - The authentication tag.
      additionalAuthenticatedData - An array of bytes representing the additional authenticated data.
      Returns:
      An array of bytes representing the decrypted ciphertext.