public final class RSAEncryptionHandler extends Object implements EncryptionHandler
Constructor and Description |
---|
RSAEncryptionHandler(EncryptionMethod encryptionMethod,
JweAlgorithm jweAlgorithm)
Constructs a new RSAEncryptionHandler instance.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
decryptCiphertext(Key contentEncryptionKey,
byte[] initialisationVector,
byte[] ciphertext,
byte[] authenticationTag,
byte[] additionalAuthenticatedData)
Decrypts the ciphertext with the Content Encryption Key, using the initialisation vector and additional
authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
|
Key |
decryptContentEncryptionKey(Key key,
byte[] encryptedContentEncryptionKey)
Decrypts the JWE Encrypted Key to produce the Content Encryption Key (CEK).
|
JweEncryption |
encryptPlaintext(Key contentEncryptionKey,
byte[] initialisationVector,
byte[] plaintext,
byte[] additionalAuthenticatedData)
Encrypts the plaintext with the Content Encryption Key, using the initialisation vector and additional
authenticated data, following the steps defined by the EncryptionHandler JweAlgorithm.
|
byte[] |
generateInitialisationVector()
Generates a random JWE Initialisation Vector of the correct size for the encryption algorithm.
|
byte[] |
generateJWEEncryptedKey(Key key,
Key contentEncryptionKey)
Generates the JWE Encrypted Key by encrypting the Content Encryption Key (CEK) using the JweAlgorithm
RSAES_PCKCS1_V1_5.
|
Key |
getContentEncryptionKey()
Creates a Content Encryption Key (CEK) by generating a random key value with a length equal to the
EncryptionMethod A128CBC_HS256 key size.
|
public RSAEncryptionHandler(EncryptionMethod encryptionMethod, JweAlgorithm jweAlgorithm)
encryptionMethod
- the content encryption method. Must not be null.jweAlgorithm
- the JWE algorithm. Must not be null. Must be an RSA encryption algorithm.public Key getContentEncryptionKey()
See point 2 in Section 5.1 of the JWE Specification.
getContentEncryptionKey
in interface EncryptionHandler
public byte[] generateJWEEncryptedKey(Key key, Key contentEncryptionKey)
See point 4 in Section 5.1 of the JWE Specification.
generateJWEEncryptedKey
in interface EncryptionHandler
key
- The key to use to encrypt the Content Encryption Key, if the EncryptionHandler JweAlgorithm requires.contentEncryptionKey
- The Content Encryption Key (CEK).public byte[] generateInitialisationVector()
See points 9 in Section 5.1 of the JWE Specification.
generateInitialisationVector
in interface EncryptionHandler
public JweEncryption encryptPlaintext(Key contentEncryptionKey, byte[] initialisationVector, byte[] plaintext, byte[] additionalAuthenticatedData)
See points 15, 16 in Section 5.1 of the JWE Specification.
encryptPlaintext
in interface EncryptionHandler
contentEncryptionKey
- The Content Encryption Key.initialisationVector
- The Initialisation Vector.plaintext
- The plaintext to encrypt.additionalAuthenticatedData
- An array of bytes representing the additional authenticated data.public Key decryptContentEncryptionKey(Key key, byte[] encryptedContentEncryptionKey)
See points 10 in Section 5.2 of the JWE Specification.
decryptContentEncryptionKey
in interface EncryptionHandler
key
- The private key pair to the public key that encrypted the JWT.encryptedContentEncryptionKey
- The encrypted Content Encryption Key.public byte[] decryptCiphertext(Key contentEncryptionKey, byte[] initialisationVector, byte[] ciphertext, byte[] authenticationTag, byte[] additionalAuthenticatedData)
See points 14, 15 in Section 5.2 of the JWE Specification.
decryptCiphertext
in interface EncryptionHandler
contentEncryptionKey
- The Content Encryption Key.initialisationVector
- The Initialisation Vector.ciphertext
- The ciphertext to decrypt.authenticationTag
- The authentication tag.additionalAuthenticatedData
- An array of bytes representing the additional authenticated data.Copyright © 2025 Open Identity Platform Community. All rights reserved.