|
Cumulus4j API (1.0.0) |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.cumulus4j.keymanager.back.shared.KeyEncryptionUtil
public final class KeyEncryptionUtil
Utility class to en- & decrypt symmetric secret keys using asymmetric encryption.
TODO the MAC algorithm should be communicated between key-manager and app-server (maybe the app-server specifies it, but with the possibility that the key-manager can override, i.e. use another one?! thus requiring the GetKeyResponse to tell the app-server, which one was actually used - or maybe encode this into the binary result here? Or maybe only specify it here on the key-manager-side (and encode in the binary)? less work and probably sufficient).
Method Summary | |
---|---|
static byte[] |
decryptKey(Cipher decrypter,
byte[] keyEncodedEncrypted)
Decrypt a previously encrypted secret key and verify its integrity
via a MAC. |
static byte[] |
encryptKey(byte[] key,
Cipher encrypter)
Encrypt the given symmetric secret key with the given Cipher . |
static byte[] |
encryptKey(byte[] key,
String keyEncryptionTransformation,
byte[] keyEncryptionPublicKey)
Encrypt the given symmetric secret key . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static byte[] encryptKey(byte[] key, Cipher encrypter) throws CryptoException, NoSuchAlgorithmException
key
with the given Cipher
.
The key will be protected against manipulation/corruption by a MAC.
key
- the symmetric secret key to be encrypted.encrypter
- the cipher used for encryption.
CryptoException
- in case the encryption fails.
NoSuchAlgorithmException
- in case a crypto algorithm's name (e.g. for the MAC) does not exist in the CryptoRegistry
.encryptKey(byte[], String, byte[])
public static byte[] encryptKey(byte[] key, String keyEncryptionTransformation, byte[] keyEncryptionPublicKey) throws GeneralSecurityException, IOException, CryptoException
key
.
The key will be protected against manipulation/corruption by a MAC (the algorithm is currently hard-coded, but this might be changed, soon).
key
- the symmetric secret key to be encrypted.keyEncryptionTransformation
- the transformation to be used to encrypt (see CryptoRegistry.createCipher(String)
).keyEncryptionPublicKey
- the public key to be used to encrypt the given key
.
GeneralSecurityException
- if there's a problem obtaining the cipher from the CryptoRegistry
.
IOException
- if decoding the public key from its binary representation fails.
CryptoException
- in case the encryption fails.encryptKey(byte[], Cipher)
,
decryptKey(Cipher, byte[])
public static byte[] decryptKey(Cipher decrypter, byte[] keyEncodedEncrypted) throws CryptoException, IOException, NoSuchAlgorithmException
encrypted
secret key and verify its integrity
via a MAC.
decrypter
- the cipher to be used for decryption (already initialised with key + IV).keyEncodedEncrypted
- the encrypted key as produced by encryptKey(byte[], Cipher)
encryptKey(byte[], Cipher)
.
CryptoException
- if decryption failed.
IOException
- if data cannot be read or is corrupted - e.g. if MAC verification failed.
NoSuchAlgorithmException
- if the CryptoRegistry
does not know the (MAC) algorithm.encryptKey(byte[], Cipher)
,
encryptKey(byte[], String, byte[])
|
Cumulus4j API (1.0.0) |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |