Interface DelegatedKey
- All Superinterfaces:
Destroyable,Key,SecretKey,Serializable
Identifies keys which should not be used directly with
Cipher but instead contain their
own cryptographic logic. This can be used to wrap more complex logic, HSM integration, or
service-calls.
Most delegated keys will only support a subset of these operations. (For example, AES keys
will generally not support sign(byte[], String) or verify(byte[], byte[], String) and HMAC keys will generally not support anything except sign and
verify.) UnsupportedOperationException should be thrown in these cases.
- Author:
- Greg Rubin
-
Field Summary
Fields inherited from interface javax.crypto.SecretKey
serialVersionUID -
Method Summary
Modifier and TypeMethodDescriptionbyte[]Decrypts the provided ciphertext and returns a byte-array containing the plaintext.byte[]Encrypts the provided plaintext and returns a byte-array containing the ciphertext.byte[]Calculates and returns a signature fordataToSign.unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType, byte[] additionalAssociatedData, String algorithm) Unwraps (decrypts) the providedwrappedKeyto recover the original key.booleanChecks the provided signature for correctness.byte[]Wraps (encrypts) the providedkeyto make it safe for storage or transmission.Methods inherited from interface javax.security.auth.Destroyable
destroy, isDestroyedMethods inherited from interface java.security.Key
getAlgorithm, getEncoded, getFormat
-
Method Details
-
encrypt
byte[] encrypt(byte[] plainText, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException Encrypts the provided plaintext and returns a byte-array containing the ciphertext.- Parameters:
plainText-additionalAssociatedData- Optional additional data which must then also be provided for successful decryption. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when encrypting the data- Returns:
- ciphertext the ciphertext produced by this encryption operation
- Throws:
UnsupportedOperationException- if encryption is not supported or ifadditionalAssociatedDatais provided, but not supported.InvalidKeyExceptionIllegalBlockSizeExceptionBadPaddingExceptionNoSuchAlgorithmExceptionNoSuchPaddingException
-
decrypt
byte[] decrypt(byte[] cipherText, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException Decrypts the provided ciphertext and returns a byte-array containing the plaintext.- Parameters:
cipherText-additionalAssociatedData- Optional additional data which was provided during encryption. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when decrypting the data- Returns:
- plaintext the result of decrypting the input ciphertext
- Throws:
UnsupportedOperationException- if decryption is not supported or ifadditionalAssociatedDatais provided, but not supported.InvalidKeyExceptionIllegalBlockSizeExceptionBadPaddingExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidAlgorithmParameterException
-
wrap
byte[] wrap(Key key, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException Wraps (encrypts) the providedkeyto make it safe for storage or transmission.- Parameters:
key-additionalAssociatedData- Optional additional data which must then also be provided for successful unwrapping. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when wrapping the key- Returns:
- the wrapped key
- Throws:
UnsupportedOperationException- if wrapping is not supported or ifadditionalAssociatedDatais provided, but not supported.InvalidKeyExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionIllegalBlockSizeException
-
unwrap
Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType, byte[] additionalAssociatedData, String algorithm) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException Unwraps (decrypts) the providedwrappedKeyto recover the original key.- Parameters:
wrappedKey-additionalAssociatedData- Optional additional data which was provided during wrapping. Bothnulland arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm- the transformation to be used when unwrapping the key- Returns:
- the unwrapped key
- Throws:
UnsupportedOperationException- if wrapping is not supported or ifadditionalAssociatedDatais provided, but not supported.NoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyException
-
sign
Calculates and returns a signature fordataToSign.- Parameters:
dataToSign-algorithm-- Returns:
- the signature
- Throws:
UnsupportedOperationException- if signing is not supportedGeneralSecurityException
-
verify
Checks the provided signature for correctness.- Parameters:
dataToSign-signature-algorithm-- Returns:
- true if and only if the
signaturematches thedataToSign. - Throws:
UnsupportedOperationException- if signature validation is not supported
-