Interface DelegatedKey
- All Superinterfaces:
Destroyable
,Key
,SecretKey
,Serializable
Identifies keys which should not be used directly with
Cipher
but instead contain their
own cryptographic logic. This can be used to wrap more complex logic, HSM integration, or
service-calls.
Most delegated keys will only support a subset of these operations. (For example, AES keys
will generally not support sign(byte[], String)
or verify(byte[], byte[], String)
and HMAC keys will generally not support anything except sign
and
verify
.) UnsupportedOperationException
should be thrown in these cases.
- Author:
- Greg Rubin
-
Field Summary
Fields inherited from interface javax.crypto.SecretKey
serialVersionUID
-
Method Summary
Modifier and TypeMethodDescriptionbyte[]
Decrypts the provided ciphertext and returns a byte-array containing the plaintext.byte[]
Encrypts the provided plaintext and returns a byte-array containing the ciphertext.byte[]
Calculates and returns a signature fordataToSign
.unwrap
(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType, byte[] additionalAssociatedData, String algorithm) Unwraps (decrypts) the providedwrappedKey
to recover the original key.boolean
Checks the provided signature for correctness.byte[]
Wraps (encrypts) the providedkey
to make it safe for storage or transmission.Methods inherited from interface javax.security.auth.Destroyable
destroy, isDestroyed
Methods inherited from interface java.security.Key
getAlgorithm, getEncoded, getFormat
-
Method Details
-
encrypt
byte[] encrypt(byte[] plainText, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException Encrypts the provided plaintext and returns a byte-array containing the ciphertext.- Parameters:
plainText
-additionalAssociatedData
- Optional additional data which must then also be provided for successful decryption. Bothnull
and arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm
- the transformation to be used when encrypting the data- Returns:
- ciphertext the ciphertext produced by this encryption operation
- Throws:
UnsupportedOperationException
- if encryption is not supported or ifadditionalAssociatedData
is provided, but not supported.InvalidKeyException
IllegalBlockSizeException
BadPaddingException
NoSuchAlgorithmException
NoSuchPaddingException
-
decrypt
byte[] decrypt(byte[] cipherText, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException Decrypts the provided ciphertext and returns a byte-array containing the plaintext.- Parameters:
cipherText
-additionalAssociatedData
- Optional additional data which was provided during encryption. Bothnull
and arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm
- the transformation to be used when decrypting the data- Returns:
- plaintext the result of decrypting the input ciphertext
- Throws:
UnsupportedOperationException
- if decryption is not supported or ifadditionalAssociatedData
is provided, but not supported.InvalidKeyException
IllegalBlockSizeException
BadPaddingException
NoSuchAlgorithmException
NoSuchPaddingException
InvalidAlgorithmParameterException
-
wrap
byte[] wrap(Key key, byte[] additionalAssociatedData, String algorithm) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException Wraps (encrypts) the providedkey
to make it safe for storage or transmission.- Parameters:
key
-additionalAssociatedData
- Optional additional data which must then also be provided for successful unwrapping. Bothnull
and arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm
- the transformation to be used when wrapping the key- Returns:
- the wrapped key
- Throws:
UnsupportedOperationException
- if wrapping is not supported or ifadditionalAssociatedData
is provided, but not supported.InvalidKeyException
NoSuchAlgorithmException
NoSuchPaddingException
IllegalBlockSizeException
-
unwrap
Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType, byte[] additionalAssociatedData, String algorithm) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException Unwraps (decrypts) the providedwrappedKey
to recover the original key.- Parameters:
wrappedKey
-additionalAssociatedData
- Optional additional data which was provided during wrapping. Bothnull
and arrays of length 0 are treated identically. Not all keys will support this parameter.algorithm
- the transformation to be used when unwrapping the key- Returns:
- the unwrapped key
- Throws:
UnsupportedOperationException
- if wrapping is not supported or ifadditionalAssociatedData
is provided, but not supported.NoSuchAlgorithmException
NoSuchPaddingException
InvalidKeyException
-
sign
Calculates and returns a signature fordataToSign
.- Parameters:
dataToSign
-algorithm
-- Returns:
- the signature
- Throws:
UnsupportedOperationException
- if signing is not supportedGeneralSecurityException
-
verify
Checks the provided signature for correctness.- Parameters:
dataToSign
-signature
-algorithm
-- Returns:
- true if and only if the
signature
matches thedataToSign
. - Throws:
UnsupportedOperationException
- if signature validation is not supported
-