com.absio.crypto.ecc

Class AbsioIESHelper

java.lang.Object

com.absio.crypto.ecc.AbsioIESHelper

public class AbsioIESHelper
extends Object

This class is used to encrypt and decrypt data using the Absio Integrated Encryption Scheme (AbsioIES). This uses the AbsioIESStruct for managing the data contained in the AbsioIES format. AbsioIES uses ECDH (see KeyAgreementHelper) to create the key used to encrypt the data using CipherTransformation.AES_CTR_NOPADDING. It also uses ECDSA to sign the encrypted data (see SignatureHelper and SignatureHelper.SignatureAlgorithm#SHA384WithECDSA.

Constructor Summary

Constructors

Constructor and Description
AbsioIESHelper() Create the helper.

Method Summary

Modifier and Type	Method and Description
byte[]	decrypt(byte[] data, ECPublicKey signingPublicKey, ECPrivateKey derivationPrivateKey) Decrypt the AbsioIES formatted data.
byte[]	decrypt(byte[] data, PublicKey signingPublicKey, PrivateKey derivationPrivateKey) Decrypt the AbsioIES formatted data.
byte[]	encrypt(byte[] data, IndexedECPrivateKey signingPrivateKey, IndexedECPublicKey derivationPublicKey, UUID userId, UUID objectId) Perform the AbsioIES encryption of the data.
byte[]	encrypt(byte[] data, PrivateKey signingPrivateKey, PublicKey derivationPublicKey, UUID userId) Perform the AbsioIES encryption of the data.
byte[]	encrypt(byte[] data, PrivateKey signingPrivateKey, PublicKey derivationPublicKey, UUID userId, UUID objectId) Perform the AbsioIES encryption of the data.
AbsioIESStruct	parseStruct(byte[] data) This will parse the AbsioIES formatted data into a AbsioIESStruct.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbsioIESHelper

public AbsioIESHelper()
               throws NoSuchAlgorithmException,
                      NoSuchPaddingException

Create the helper.

Throws:

NoSuchAlgorithmException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

NoSuchPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

Method Detail

decrypt

public byte[] decrypt(byte[] data,
                      PublicKey signingPublicKey,
                      PrivateKey derivationPrivateKey)
               throws IOException,
                      InvalidKeyException,
                      SignatureException,
                      IllegalBlockSizeException,
                      BadPaddingException,
                      InvalidAlgorithmParameterException,
                      InvalidKeySpecException

Decrypt the AbsioIES formatted data. This will also ensure that the data is properly ECDSA signed as well. NOTE: this will fail if he keys are not EC keys!

Parameters:

data - the AbsioIES formatted data

signingPublicKey - the public signing key of the creator used to ECDSA sign the ciphertext

derivationPrivateKey - the private derivation key used in the ECDH key exchange

Returns:

the decrypted data

Throws:

IOException - thrown if there are any IO issues processing the data

InvalidKeyException - thrown if the key is not valid

SignatureException - thrown if the signature of the encrypted data is not correct

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeySpecException - thrown if the key is not valid

decrypt

public byte[] decrypt(byte[] data,
                      ECPublicKey signingPublicKey,
                      ECPrivateKey derivationPrivateKey)
               throws IOException,
                      InvalidKeyException,
                      SignatureException,
                      IllegalBlockSizeException,
                      BadPaddingException,
                      InvalidAlgorithmParameterException,
                      InvalidKeySpecException

Decrypt the AbsioIES formatted data. This will also ensure that the data is properly ECDSA signed as well.

Parameters:

data - the AbsioIES formatted data

signingPublicKey - the public signing key of the creator used to ECDSA sign the ciphertext

derivationPrivateKey - the private derivation key used in the ECDH key exchange

Returns:

the decrypted data

Throws:

IOException - thrown if there are any IO issues processing the data

InvalidKeyException - thrown if the key is not valid

SignatureException - thrown if the signature of the encrypted data is not correct

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeySpecException - thrown if the key is not valid

encrypt

public byte[] encrypt(byte[] data,
                      PrivateKey signingPrivateKey,
                      PublicKey derivationPublicKey,
                      UUID userId)
               throws InvalidAlgorithmParameterException,
                      InvalidKeyException,
                      BadPaddingException,
                      IllegalBlockSizeException,
                      SignatureException,
                      IOException

Perform the AbsioIES encryption of the data. This will encrypt the data using CipherTransformation.AES_CTR_NOPADDING with a ECDH generated key. The resulting ciphertext will be ECDSA signed with the private signing key. NOTE: this will fail if the keys are not EC keys! Also, this will create a random id for the object.

Parameters:

data - the data to encrypt

signingPrivateKey - the private signing key of the creator that will ECDSA sign the ciphertext

derivationPublicKey - he public derivation key used in the ECDH key exchange

userId - the user's id calling this method (the signer)

Returns:

the AbsioIES encrypted/formatted data

Throws:

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeyException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

SignatureException - thrown if there is an issue signing the ciphertext

IOException - thrown if there are any IO issues processing the data

encrypt

public byte[] encrypt(byte[] data,
                      PrivateKey signingPrivateKey,
                      PublicKey derivationPublicKey,
                      UUID userId,
                      UUID objectId)
               throws InvalidAlgorithmParameterException,
                      InvalidKeyException,
                      BadPaddingException,
                      IllegalBlockSizeException,
                      SignatureException,
                      IOException

Perform the AbsioIES encryption of the data. This will encrypt the data using CipherTransformation.AES_CTR_NOPADDING with a ECDH generated key. The resulting ciphertext will be ECDSA signed with the private signing key. NOTE: this will fail if the keys are not EC keys!

Parameters:

data - the data to encrypt

signingPrivateKey - the private signing key of the creator that will ECDSA sign the ciphertext

derivationPublicKey - he public derivation key used in the ECDH key exchange

userId - the user's id calling this method (the signer)

objectId - the id of the data in the AbsioIES structure

Returns:

the AbsioIES encrypted/formatted data

Throws:

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeyException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

SignatureException - thrown if there is an issue signing the ciphertext

IOException - thrown if there are any IO issues processing the data

encrypt

public byte[] encrypt(byte[] data,
                      IndexedECPrivateKey signingPrivateKey,
                      IndexedECPublicKey derivationPublicKey,
                      UUID userId,
                      UUID objectId)
               throws InvalidAlgorithmParameterException,
                      InvalidKeyException,
                      BadPaddingException,
                      IllegalBlockSizeException,
                      SignatureException,
                      IOException

Perform the AbsioIES encryption of the data. This will encrypt the data using CipherTransformation.AES_CTR_NOPADDING with a ECDH generated key. The resulting ciphertext will be ECDSA signed with the private signing key.

Parameters:

data - the data to encrypt

signingPrivateKey - the private signing key of the creator that will ECDSA sign the ciphertext

derivationPublicKey - he public derivation key used in the ECDH key exchange

userId - the user's id calling this method (the signer)

objectId - the id of the data in the AbsioIES structure

Returns:

the AbsioIES encrypted/formatted data

Throws:

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeyException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

SignatureException - thrown if there is an issue signing the ciphertext

IOException - thrown if there are any IO issues processing the data

parseStruct

public AbsioIESStruct parseStruct(byte[] data)
                           throws IOException

This will parse the AbsioIES formatted data into a AbsioIESStruct.

Parameters:

data - the AbsioIES formatted data

Returns:

the parsed data as a AbsioIESStruct

Throws:

IOException - thrown if there were any IO issues