org.cumulus4j.keymanager.back.shared.KeyEncryptionUtil
|
Cumulus4j API (1.1.0) |
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public final class KeyEncryptionUtil
Utility class to en- & decrypt symmetric secret keys using asymmetric encryption.
TODO the MAC algorithm should be communicated between key-manager and app-server (maybe the app-server specifies it, but with the possibility that the key-manager can override, i.e. use another one?! thus requiring the GetKeyResponse to tell the app-server, which one was actually used - or maybe encode this into the binary result here? Or maybe only specify it here on the key-manager-side (and encode in the binary)? less work and probably sufficient).
| Method Summary | |
|---|---|
static byte[] |
decryptKey(Cipher decrypter,
byte[] keyEncodedEncrypted)
Decrypt a previously encrypted secret key and verify its integrity
via a MAC. |
static byte[] |
encryptKey(byte[] key,
Cipher encrypter)
Encrypt the given symmetric secret key with the given Cipher. |
static byte[] |
encryptKey(byte[] key,
String keyEncryptionTransformation,
byte[] keyEncryptionPublicKey)
Encrypt the given symmetric secret key. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static byte[] encryptKey(byte[] key,
Cipher encrypter)
throws CryptoException,
NoSuchAlgorithmException
key with the given Cipher.
The key will be protected against manipulation/corruption by a MAC.
key - the symmetric secret key to be encrypted.encrypter - the cipher used for encryption.
CryptoException - in case the encryption fails.
NoSuchAlgorithmException - in case a crypto algorithm's name (e.g. for the MAC) does not exist in the CryptoRegistry.encryptKey(byte[], String, byte[])
public static byte[] encryptKey(byte[] key,
String keyEncryptionTransformation,
byte[] keyEncryptionPublicKey)
throws GeneralSecurityException,
IOException,
CryptoException
key.
The key will be protected against manipulation/corruption by a MAC (the algorithm is currently hard-coded, but this might be changed, soon).
key - the symmetric secret key to be encrypted.keyEncryptionTransformation - the transformation to be used to encrypt (see CryptoRegistry.createCipher(String)).keyEncryptionPublicKey - the public key to be used to encrypt the given key.
GeneralSecurityException - if there's a problem obtaining the cipher from the CryptoRegistry.
IOException - if decoding the public key from its binary representation fails.
CryptoException - in case the encryption fails.encryptKey(byte[], Cipher),
decryptKey(Cipher, byte[])
public static byte[] decryptKey(Cipher decrypter,
byte[] keyEncodedEncrypted)
throws CryptoException,
IOException,
NoSuchAlgorithmException
encrypted secret key and verify its integrity
via a MAC.
decrypter - the cipher to be used for decryption (already initialised with key + IV).keyEncodedEncrypted - the encrypted key as produced by encryptKey(byte[], Cipher)
encryptKey(byte[], Cipher).
CryptoException - if decryption failed.
IOException - if data cannot be read or is corrupted - e.g. if MAC verification failed.
NoSuchAlgorithmException - if the CryptoRegistry does not know the (MAC) algorithm.encryptKey(byte[], Cipher),
encryptKey(byte[], String, byte[])
|
Cumulus4j API (1.1.0) |
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||