ECDHEncrypter encrypter = new ECDHEncrypter((ECKey) jwk); encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); encrypters.put(id, encrypter);
@Override protected JWEEncrypter buildEncrypter() { CommonHelper.assertNotNull("publicKey", publicKey); try { return new ECDHEncrypter(this.publicKey); } catch (final JOSEException e) { throw new TechnicalException(e); } }
@Override public JWECryptoParts encrypt(final JWEHeader header, final byte[] clearText) throws JOSEException { // Generate ephemeral EC key pair on the same curve as the consumer's public key KeyPair ephemeralKeyPair = generateEphemeralKeyPair(publicKey.getParams()); ECPublicKey ephemeralPublicKey = (ECPublicKey)ephemeralKeyPair.getPublic(); ECPrivateKey ephemeralPrivateKey = (ECPrivateKey)ephemeralKeyPair.getPrivate(); // Add the ephemeral public EC key to the header JWEHeader updatedHeader = new JWEHeader.Builder(header). ephemeralPublicKey(new ECKey.Builder(getCurve(), ephemeralPublicKey).build()). build(); // Derive 'Z' SecretKey Z = ECDH.deriveSharedSecret( publicKey, ephemeralPrivateKey, getJCAContext().getKeyEncryptionProvider()); return encryptWithZ(updatedHeader, Z, clearText, contentEncryptionKey); }
/** * Generates a new ephemeral EC key pair with the specified curve. * * @param ecParameterSpec The EC key spec. Must not be {@code null}. * * @return The EC key pair. * * @throws JOSEException If the EC key pair couldn't be generated. */ private KeyPair generateEphemeralKeyPair(final ECParameterSpec ecParameterSpec) throws JOSEException { Provider keProvider = getJCAContext().getKeyEncryptionProvider(); try { KeyPairGenerator generator; if (keProvider != null) { generator = KeyPairGenerator.getInstance("EC", keProvider); } else { generator = KeyPairGenerator.getInstance("EC"); } generator.initialize(ecParameterSpec); return generator.generateKeyPair(); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { throw new JOSEException("Couldn't generate ephemeral EC key pair: " + e.getMessage(), e); } } }
public static JWEEncrypter getEncrypter(Key key, JWEAlgorithm encAlgo, EncryptionMethod encMethod) throws UnsupportedEncAlgorithmException, UnsupportedKeyLengthException { if (key instanceof RSAPublicKey) return new RSAEncrypter((RSAPublicKey) key); if (key instanceof ECPublicKey) { try { return new ECDHEncrypter((ECPublicKey) key); } catch (JOSEException e) { throw new UnsupportedEncAlgorithmException(e.getMessage(), e); } } if (key instanceof SecretKey) { if (AESEncrypter.SUPPORTED_ALGORITHMS.contains(encAlgo) && AESEncrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encMethod)) { try { return new AESEncrypter((SecretKey) key); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e); } } if (DirectEncrypter.SUPPORTED_ALGORITHMS.contains(encAlgo) && DirectEncrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encMethod)) { try { return new DirectEncrypter((SecretKey) key); } catch (KeyLengthException e) { throw new UnsupportedKeyLengthException(e.getMessage(), e); } } } throw new UnsupportedEncAlgorithmException("Unknown Algorithm"); }
return new ECDHEncrypter((ECKey) jwk); } catch (JOSEException e) { throw new UnsupportedEncAlgorithmException(e.getMessage(), e);