Package com.nimbusds.jose.crypto.impl

Class ECDHCryptoProvider

java.lang.Object

com.nimbusds.jose.crypto.impl.BaseJWEProvider

com.nimbusds.jose.crypto.impl.ECDHCryptoProvider

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEProvider

Direct Known Subclasses:

ECDHDecrypter, ECDHEncrypter, X25519Decrypter, X25519Encrypter

public abstract class ECDHCryptoProvider
extends BaseJWEProvider

The base abstract class for Elliptic Curve Diffie-Hellman encrypters and decrypters of JWE objects.

Supports the following key management algorithms:

• JWEAlgorithm.ECDH_ES
• JWEAlgorithm.ECDH_ES_A128KW
• JWEAlgorithm.ECDH_ES_A192KW
• JWEAlgorithm.ECDH_ES_A256KW

Supports the following elliptic curves:

• Curve.P_256
• Curve.P_384
• Curve.P_521
• Curve.X25519

Supports the following content encryption algorithms:

• EncryptionMethod.A128CBC_HS256
• EncryptionMethod.A192CBC_HS384
• EncryptionMethod.A256CBC_HS512
• EncryptionMethod.A128GCM
• EncryptionMethod.A192GCM
• EncryptionMethod.A256GCM
• EncryptionMethod.A128CBC_HS256_DEPRECATED
• EncryptionMethod.A256CBC_HS512_DEPRECATED
• EncryptionMethod.XC20P

Version:

2023-09-10

Author:

Tim McLean, Vladimir Dzhuvinov, Fernando González Callejas, Egor Puzanov

Field Summary

Fields

Modifier and Type	Field	Description
static Set<JWEAlgorithm>	SUPPORTED_ALGORITHMS	The supported JWE algorithms by the ECDH crypto provider class.
static Set<EncryptionMethod>	SUPPORTED_ENCRYPTION_METHODS	The supported encryption methods by the ECDH crypto provider class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	ECDHCryptoProvider(Curve curve, SecretKey cek)	Creates a new Elliptic Curve Diffie-Hellman encryption /decryption provider.

Method Summary

Modifier and Type	Method	Description
protected byte[]	decryptWithZ(JWEHeader header, byte[] aad, SecretKey Z, Base64URL encryptedKey, Base64URL iv, Base64URL cipherText, Base64URL authTag)	Decrypts the encrypted JWE parts using the specified shared secret ("Z").
protected JWECryptoParts	encryptWithZ(JWEHeader header, SecretKey Z, byte[] clearText, byte[] aad)	Encrypts the specified plaintext using the specified shared secret ("Z").
protected ConcatKDF	getConcatKDF()	Returns the Concatenation Key Derivation Function (KDF).
Curve	getCurve()	Returns the elliptic curve of the key (JWK designation).
abstract Set<Curve>	supportedEllipticCurves()	Returns the names of the supported elliptic curves.

Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider

getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWEAlgorithm> SUPPORTED_ALGORITHMS

The supported JWE algorithms by the ECDH crypto provider class.

SUPPORTED_ENCRYPTION_METHODS

public static final Set<EncryptionMethod> SUPPORTED_ENCRYPTION_METHODS

The supported encryption methods by the ECDH crypto provider class.

Constructor Detail

ECDHCryptoProvider

protected ECDHCryptoProvider(Curve curve,
                             SecretKey cek)
                      throws JOSEException

Creates a new Elliptic Curve Diffie-Hellman encryption /decryption provider.

Parameters:

curve - The elliptic curve. Must be supported and not null.

cek - The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.

Throws:

JOSEException - If the elliptic curve is not supported.

Method Detail

getConcatKDF

protected ConcatKDF getConcatKDF()

Returns the Concatenation Key Derivation Function (KDF).

Returns:

The concat KDF.

supportedEllipticCurves

public abstract Set<Curve> supportedEllipticCurves()

Returns the names of the supported elliptic curves. These correspond to the crv EC JWK parameter.

Returns:

The supported elliptic curves.

getCurve

public Curve getCurve()

Returns the elliptic curve of the key (JWK designation).

Returns:

The elliptic curve.

encryptWithZ

protected JWECryptoParts encryptWithZ(JWEHeader header,
                                      SecretKey Z,
                                      byte[] clearText,
                                      byte[] aad)
                               throws JOSEException

Encrypts the specified plaintext using the specified shared secret ("Z").

Throws:

JOSEException

decryptWithZ

protected byte[] decryptWithZ(JWEHeader header,
                              byte[] aad,
                              SecretKey Z,
                              Base64URL encryptedKey,
                              Base64URL iv,
                              Base64URL cipherText,
                              Base64URL authTag)
                       throws JOSEException

Decrypts the encrypted JWE parts using the specified shared secret ("Z").

Throws:

JOSEException