Package com.nimbusds.jose.crypto

Source Code of com.nimbusds.jose.crypto.RSA1_5

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package com.nimbusds.jose.crypto;


import java.security.Provider;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import net.jcip.annotations.ThreadSafe;

import com.nimbusds.jose.JOSEException;


/**
* RSAES-PKCS1-V1_5 methods for Content Encryption Key (CEK) encryption and
* decryption. This class is thread-safe.
*
* @author Vladimir Dzhuvinov
* @version $version$ (2014-01-24)
*/
@ThreadSafe
class RSA1_5 {


  /**
   * Encrypts the specified Content Encryption Key (CEK).
   *
   * @param pub      The public RSA key. Must not be {@code null}.
   * @param cek      The Content Encryption Key (CEK) to encrypt. Must
   *                 not be {@code null}.
   * @param provider The JCA provider, or {@code null} to use the default
   *                 one.
   *
   * @return The encrypted Content Encryption Key (CEK).
   *
   * @throws JOSEException If encryption failed.
   */
  public static byte[] encryptCEK(final RSAPublicKey pub, final SecretKey cek, Provider provider)
    throws JOSEException {

    try {
      Cipher cipher = CipherHelper.getInstance("RSA/ECB/PKCS1Padding", provider);
      cipher.init(Cipher.ENCRYPT_MODE, pub);
      return cipher.doFinal(cek.getEncoded());

    } catch (Exception e) {

      // java.security.NoSuchAlgorithmException
      // java.security.InvalidKeyException
      // javax.crypto.IllegalBlockSizeException
      throw new JOSEException("Couldn't encrypt Content Encryption Key (CEK): " + e.getMessage(), e);
    }
  }


  /**
   * Decrypts the specified encrypted Content Encryption Key (CEK).
   *
   * @param priv         The private RSA key. Must not be {@code null}.
   * @param encryptedCEK The encrypted Content Encryption Key (CEK) to
   *                     decrypt. Must not be {@code null}.
   * @param provider     The JCA provider, or {@code null} to use the
   *                     default one.
   *
   * @return The decrypted Content Encryption Key (CEK).
   *
   * @throws JOSEException If decryption failed.
   */
  public static SecretKey decryptCEK(final RSAPrivateKey priv,
                               final byte[] encryptedCEK,
                               final int keyLength,
                               final Provider provider)
    throws JOSEException {

    try {
      Cipher cipher = CipherHelper.getInstance("RSA/ECB/PKCS1Padding", provider);
      cipher.init(Cipher.DECRYPT_MODE, priv);
      byte[] secretKeyBytes = cipher.doFinal(encryptedCEK);

      if (8 * secretKeyBytes.length != keyLength) {

        throw new JOSEException("CEK key length mismatch: " +
                          secretKeyBytes.length + " != " + keyLength);
      }

      return new SecretKeySpec(secretKeyBytes, "AES");

    } catch (Exception e) {

      // java.security.NoSuchAlgorithmException
      // java.security.InvalidKeyException
      // javax.crypto.IllegalBlockSizeException
      throw new JOSEException("Couldn't decrypt Content Encryption Key (CEK): " + e.getMessage(), e);
    }
  }


  /**
   * Prevents public instantiation.
   */
  private RSA1_5() { }
}
TOP

Related Classes of com.nimbusds.jose.crypto.RSA1_5

  • javax.crypto.spec.SecretKeySpec
  • javax.crypto.Cipher
  • com.nimbusds.jose.JOSEException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.