@Override protected JWEEncrypter buildEncrypter() { try { if (DirectDecrypter.SUPPORTED_ALGORITHMS.contains(algorithm)) { return new DirectEncrypter(this.secret); } else { return new AESEncrypter(this.secret); } } catch (final KeyLengthException e) { throw new TechnicalException(e); } }
if(ByteUtils.safeBitLength(getKey().getEncoded()) != 128){ throw new KeyLengthException("The Key Encryption Key (KEK) length must be 128 bits for A128KW encryption"); if(ByteUtils.safeBitLength(getKey().getEncoded()) != 192){ throw new KeyLengthException("The Key Encryption Key (KEK) length must be 192 bits for A192KW encryption"); if (ByteUtils.safeBitLength(getKey().getEncoded()) != 256) { throw new KeyLengthException("The Key Encryption Key (KEK) length must be 256 bits for A256KW encryption"); if(ByteUtils.safeBitLength(getKey().getEncoded()) != 128){ throw new KeyLengthException("The Key Encryption Key (KEK) length must be 128 bits for A128GCMKW encryption"); if(ByteUtils.safeBitLength(getKey().getEncoded()) != 192){ throw new KeyLengthException("The Key Encryption Key (KEK) length must be 192 bits for A192GCMKW encryption"); if(ByteUtils.safeBitLength(getKey().getEncoded()) != 256){ throw new KeyLengthException("The Key Encryption Key (KEK) length must be 256 bits for A256GCMKW encryption"); final SecretKey cek = ContentCryptoProvider.generateCEK(enc, getJCAContext().getSecureRandom()); encryptedKey = Base64URL.encode(AESKW.wrapCEK(cek, getKey(), getJCAContext().getKeyEncryptionProvider())); final Container<byte[]> keyIV = new Container<>(AESGCM.generateIV(getJCAContext().getSecureRandom())); final AuthenticatedCipherText authCiphCEK = AESGCMKW.encryptCEK(cek, keyIV, getKey(), getJCAContext().getKeyEncryptionProvider()); encryptedKey = Base64URL.encode(authCiphCEK.getCipherText()); return ContentCryptoProvider.encrypt(updatedHeader, clearText, cek, encryptedKey, getJCAContext());
@Override public Optional<EncryptedData> encryptData(byte[] data, String password) { try { Payload payload = new Payload(data); SecretKey key = getSecretKey(password); JWEHeader header = new JWEHeader(ALGORITHM, METHOD); JWEObject jweObject = new JWEObject(header, payload); JWEEncrypter encrypter = new AESEncrypter(key.getEncoded()); jweObject.encrypt(encrypter); String encryptedData = jweObject.serialize(); return Optional.of(new EncryptedData(encryptedData.getBytes())); } catch (GeneralSecurityException | JOSEException e) { log.error("Error encryption data: {}", e); } return Optional.empty(); }
@Override public Optional<EncryptedData> encryptData(byte[] data, String password) { try { Payload payload = new Payload(data); SecretKey key = getSecretKey(password); JWEHeader header = new JWEHeader(ALGORITHM, METHOD); JWEObject jweObject = new JWEObject(header, payload); JWEEncrypter encrypter = new AESEncrypter(key.getEncoded()); jweObject.encrypt(encrypter); String encryptedData = jweObject.serialize(); return Optional.of(new EncryptedData(encryptedData.getBytes())); } catch (GeneralSecurityException | JOSEException e) { log.error("Error encryption data: {}", e); } return Optional.empty(); }
public static JWEEncrypter getEncrypter(Key key, JWEAlgorithm encAlgo, EncryptionMethod encMethod) throws UnsupportedEncAlgorithmException, UnsupportedKeyLengthException { if (key instanceof RSAPublicKey) return new RSAEncrypter((RSAPublicKey) key); if (key instanceof ECPublicKey) { try { return new ECDHEncrypter((ECPublicKey) key); } catch (JOSEException e) { throw new UnsupportedEncAlgorithmException(e.getMessage(), e); } } if (key instanceof SecretKey) { if (AESEncrypter.SUPPORTED_ALGORITHMS.contains(encAlgo) && AESEncrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encMethod)) { try { return new AESEncrypter((SecretKey) key); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e); } } if (DirectEncrypter.SUPPORTED_ALGORITHMS.contains(encAlgo) && DirectEncrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encMethod)) { try { return new DirectEncrypter((SecretKey) key); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e); } } } throw new UnsupportedEncAlgorithmException("Unknown Algorithm"); }
if (AESEncrypter.SUPPORTED_ALGORITHMS.contains(encAlgo) && AESEncrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encMethod)) { try { return new AESEncrypter(octJWK); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e);