Package com.nimbusds.jose.crypto

Class MultiEncrypter

java.lang.Object

com.nimbusds.jose.crypto.impl.BaseJWEProvider

com.nimbusds.jose.crypto.impl.MultiCryptoProvider

com.nimbusds.jose.crypto.MultiEncrypter

All Implemented Interfaces:

JCAAware<JWEJCAContext>, JOSEProvider, JWEEncrypter, JWEProvider

@ThreadSafe
public class MultiEncrypter
extends MultiCryptoProvider
implements JWEEncrypter

Multi-recipient encrypter of JWE objects.

This class is thread-safe.

Supports the following key management algorithms:

• JWEAlgorithm.A128KW
• JWEAlgorithm.A192KW
• JWEAlgorithm.A256KW
• JWEAlgorithm.A128GCMKW
• JWEAlgorithm.A192GCMKW
• JWEAlgorithm.A256GCMKW
• JWEAlgorithm.DIR
• JWEAlgorithm.ECDH_ES_A128KW
• JWEAlgorithm.ECDH_ES_A192KW
• JWEAlgorithm.ECDH_ES_A256KW
• JWEAlgorithm.RSA_OAEP_256
• JWEAlgorithm.RSA_OAEP_384
• JWEAlgorithm.RSA_OAEP_512
• JWEAlgorithm.RSA_OAEP (deprecated)
• JWEAlgorithm.RSA1_5 (deprecated)

Supports the following elliptic curves:

• Curve.P_256
• Curve.P_384
• Curve.P_521
• Curve.X25519 (Curve25519)

Supports the following content encryption algorithms:

• EncryptionMethod.A128CBC_HS256 (requires 256 bit key)
• EncryptionMethod.A192CBC_HS384 (requires 384 bit key)
• EncryptionMethod.A256CBC_HS512 (requires 512 bit key)
• EncryptionMethod.A128GCM (requires 128 bit key)
• EncryptionMethod.A192GCM (requires 192 bit key)
• EncryptionMethod.A256GCM (requires 256 bit key)
• EncryptionMethod.A128CBC_HS256_DEPRECATED (requires 256 bit key)
• EncryptionMethod.A256CBC_HS512_DEPRECATED (requires 512 bit key)
• EncryptionMethod.XC20P (requires 256 bit key)

Version:

2023-09-10

Author:

Egor Puzanov, Vladimir Dzhuvinov

Field Summary

Fields inherited from class com.nimbusds.jose.crypto.impl.MultiCryptoProvider

COMPATIBLE_ALGORITHMS, SUPPORTED_ALGORITHMS, SUPPORTED_ELLIPTIC_CURVES, SUPPORTED_ENCRYPTION_METHODS

Constructor Summary

Constructors

Constructor	Description
MultiEncrypter(JWKSet keys)	Creates a new multi-recipient encrypter.
MultiEncrypter(JWKSet keys, SecretKey contentEncryptionKey)	Creates a new multi-recipient encrypter.

Method Summary

Modifier and Type	Method	Description
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText)	Deprecated.
JWECryptoParts	encrypt(JWEHeader header, byte[] clearText, byte[] aad)	Encrypts the specified clear text of a JWE object.

Methods inherited from class com.nimbusds.jose.crypto.impl.MultiCryptoProvider

supportedEllipticCurves

Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWEProvider

getCEK, getJCAContext, isCEKProvided, supportedEncryptionMethods, supportedJWEAlgorithms

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.jca.JCAAware

getJCAContext

Methods inherited from interface com.nimbusds.jose.JWEProvider

supportedEncryptionMethods, supportedJWEAlgorithms

Constructor Details

MultiEncrypter

public MultiEncrypter(JWKSet keys)
               throws KeyLengthException

Creates a new multi-recipient encrypter.

Parameters:

keys - The keys to encrypt to. Must not be null.

Throws:

KeyLengthException - If the symmetric key length is not compatible.

MultiEncrypter

public MultiEncrypter(JWKSet keys,
 SecretKey contentEncryptionKey)
               throws KeyLengthException

Creates a new multi-recipient encrypter.

Parameters:

keys - The keys to encrypt to. Must not be null.

contentEncryptionKey - The content encryption key (CEK) to use. If specified its algorithm must be "AES" or "ChaCha20" and its length must match the expected for the JWE encryption method ("enc"). If null a CEK will be generated for each JWE.

Throws:

KeyLengthException - If the symmetric key length is not compatible.

Method Details

encrypt

@Deprecated
public JWECryptoParts encrypt(JWEHeader header,
 byte[] clearText)
                       throws JOSEException

Deprecated.

Encrypts the specified clear text of a JWE object.

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.

encrypt

public JWECryptoParts encrypt(JWEHeader header,
 byte[] clearText,
 byte[] aad)
                       throws JOSEException

Description copied from interface: JWEEncrypter

Encrypts the specified clear text of a JWE object.

Specified by:

encrypt in interface JWEEncrypter

Parameters:

header - The JSON Web Encryption (JWE) header. Must specify a supported JWE algorithm and method. Must not be null.

clearText - The clear text to encrypt. Must not be null.

aad - The additional authenticated data. Must not be null.

Returns:

The resulting JWE crypto parts.

Throws:

JOSEException - If the JWE algorithm or method is not supported or if encryption failed for some other internal reason.