Module io.inverno.mod.security.jose

Package io.inverno.mod.security.jose.jwa

Interface EncryptingJWAKeyManager

All Superinterfaces:

JWA, JWAKeyManager

public interface EncryptingJWAKeyManager
extends JWAKeyManager

An encrypting Key Management algorithm used to encrypt a generated CEK used to encrypt a JWE payload.

Since:

1.5

Author:

Jeremy Kuhn

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	EncryptingJWAKeyManager.EncryptedCEK	An encrypted CEK composed of the encrypted key and a map of specific parameters resulting from the CEK encryption and required by the recipient to decrypt the key.

Method Summary

Modifier and Type	Method	Description
JWK	decryptCEK(byte[] encrypted_key, String enc, Map<String,Object> parameters)	Decrypts the specified encrypted key and returned the decrypted CEK.
default EncryptingJWAKeyManager.EncryptedCEK	encryptCEK(JWK cek, Map<String,Object> parameters)	Encrypts the CEK using a default SecureRandom.
EncryptingJWAKeyManager.EncryptedCEK	encryptCEK(JWK cek, Map<String,Object> parameters, SecureRandom secureRandom)	Encrypts the CEK using the specified SecureRandom.

Methods inherited from interface io.inverno.mod.security.jose.jwa.JWA

getProcessedParameters

Method Details

encryptCEK

default EncryptingJWAKeyManager.EncryptedCEK encryptCEK(JWK cek,
 Map<String,Object> parameters)
                                                 throws JWAKeyManagerException

Encrypts the CEK using a default SecureRandom.

Parameters:

cek - the Content encryption Key to encrypt.

parameters - the JOSE header custom parameters that might be required by the algorithm to encrypt the CEK

Returns:

an encrypted CEK

Throws:

JWAKeyManagerException - if there was an error encrypting the CEK

encryptCEK

EncryptingJWAKeyManager.EncryptedCEK encryptCEK(JWK cek,
 Map<String,Object> parameters,
 SecureRandom secureRandom)
                                         throws JWAKeyManagerException

Encrypts the CEK using the specified SecureRandom.

Parameters:

cek - the Content encryption Key to encrypt.

parameters - the JOSE header custom parameters that might be required by the algorithm to encrypt the CEK

secureRandom - a secure random

Returns:

an encrypted CEK

Throws:

JWAKeyManagerException - if there was an error encrypting the CEK

decryptCEK

JWK decryptCEK(byte[] encrypted_key,
 String enc,
 Map<String,Object> parameters)
        throws JWAKeyManagerException

Decrypts the specified encrypted key and returned the decrypted CEK.

Parameters:

encrypted_key - an encrypted key

enc - the content encryption algorithm

parameters - the JOSE header custom parameters that might be required by the algorithm to decrypt the CEK

Returns:

a decrypted CEK

Throws:

JWAKeyManagerException - if there was an error decrypting the CEK