com.absio.crypto.ecc

Class ECCHelper

java.lang.Object

com.absio.crypto.ecc.ECCHelper

public class ECCHelper
extends Object

This is a helper class for doing Elliptical Curve Cryptography (AbsioIES) operations. All of these operations can be accomplished using other helpers, this simply combines them into one helper as well as provides some simplification.

Constructor Summary

Constructors

Constructor and Description
ECCHelper() Default constructor that will create a helper that uses EllipticCurve.P384 and AESKeyStrength.AES256 for the curve and key strength respectively.
ECCHelper(EllipticCurve curve, AESKeyStrength keyStrength) Constructor that will create a helper that uses the defined EllipticCurve and AES Key Strength.

Method Summary

Modifier and Type	Method and Description
byte[]	absioIESDecrypt(byte[] absioIESData, ECPublicKey signingPublicKey, ECPrivateKey derivationPrivateKey) This will decrypt the data that was encrypted using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES).
byte[]	absioIESDecrypt(byte[] absioIESData, PublicKey signingPublicKey, PrivateKey derivationPrivateKey) This will decrypt the data that was encrypted using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES).
byte[]	absioIESEncrypt(byte[] plaintext, IndexedECPrivateKey signingPrivateKey, IndexedECPublicKey derivationPublicKey, UUID encryptorsId, UUID objectId) This will encrypt the data using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES).
byte[]	absioIESEncrypt(byte[] plaintext, PrivateKey signingPrivateKey, PublicKey derivationPublicKey, UUID encryptorsId) This will encrypt the data using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES).
byte[]	absioIESEncrypt(byte[] plaintext, PrivateKey signingPrivateKey, PublicKey derivationPublicKey, UUID encryptorsId, UUID objectId) This will encrypt the data using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES).
byte[]	generateDHSharedKey(PrivateKey privateKey, PublicKey publicKey) This will return the ECDH shared secret key the private and public key.
byte[]	generateDHSharedSecret(PrivateKey privateKey, PublicKey publicKey) This will return the ECDH shared secret given the private and public key.
KeyPair	generateKey() This will create a new Elliptic Curve KeyPair using the helpers defined EllipticCurve NOTE: this uses KeyPairHelper with KeyPairHelper.KeyAlgorithm#EC to generate the key.
EllipticCurve	getCurve() This is the EllipticCurve used by this helper.
AESKeyStrength	getKeyStrength() This is the AESKeyStrength used in when generating an ECDH shared key.
byte[]	sign(PrivateKey privateKey, byte[] data) ECDSA signs the given data with the given key.
boolean	verifySignature(PublicKey publicKey, byte[] data, byte[] signature) Verifies a ECDSA signature of the given data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ECCHelper

public ECCHelper()
          throws NoSuchAlgorithmException,
                 NoSuchPaddingException

Default constructor that will create a helper that uses EllipticCurve.P384 and AESKeyStrength.AES256 for the curve and key strength respectively.

Throws:

NoSuchAlgorithmException - thrown if ECDH is not supported

NoSuchPaddingException - thrown is AES256 CTR NoPadding is not supported

ECCHelper

public ECCHelper(EllipticCurve curve,
                 AESKeyStrength keyStrength)
          throws NoSuchAlgorithmException,
                 NoSuchPaddingException

Constructor that will create a helper that uses the defined EllipticCurve and AES Key Strength.

Parameters:

curve - the EllipticCurve of this helper

keyStrength - the AESKeyStrength of this helper

Throws:

NoSuchAlgorithmException - thrown if EllipticCurve is not supported

NoSuchPaddingException - thrown if padding of the AESKeyStrength is not supported

Method Detail

absioIESDecrypt

public byte[] absioIESDecrypt(byte[] absioIESData,
                              PublicKey signingPublicKey,
                              PrivateKey derivationPrivateKey)
                       throws IllegalBlockSizeException,
                              InvalidAlgorithmParameterException,
                              IOException,
                              BadPaddingException,
                              SignatureException,
                              InvalidKeyException,
                              InvalidKeySpecException

This will decrypt the data that was encrypted using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES). NOTE: this will fail if he keys are not EC keys!

Parameters:

absioIESData - the Absio IES data

signingPublicKey - the public key of the private key used to sign the encrypted data

derivationPrivateKey - the private key of the public key used to perform ECDH to generate the shared secret key

Returns:

the decrypted data

Throws:

IOException - thrown if there are any IO issues processing the data

InvalidKeyException - thrown if the key is not valid

SignatureException - thrown if the signature of the encrypted data is not correct

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeySpecException - thrown if the key is not valid

absioIESDecrypt

public byte[] absioIESDecrypt(byte[] absioIESData,
                              ECPublicKey signingPublicKey,
                              ECPrivateKey derivationPrivateKey)
                       throws IllegalBlockSizeException,
                              InvalidAlgorithmParameterException,
                              IOException,
                              BadPaddingException,
                              SignatureException,
                              InvalidKeyException,
                              InvalidKeySpecException

This will decrypt the data that was encrypted using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES).

Parameters:

absioIESData - the Absio IES data

signingPublicKey - the public key of the private key used to sign the encrypted data

derivationPrivateKey - the private key of the public key used to perform ECDH to generate the shared secret key

Returns:

the decrypted data

Throws:

IOException - thrown if there are any IO issues processing the data

InvalidKeyException - thrown if the key is not valid

SignatureException - thrown if the signature of the encrypted data is not correct

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeySpecException - thrown if the key is not valid

absioIESEncrypt

public byte[] absioIESEncrypt(byte[] plaintext,
                              IndexedECPrivateKey signingPrivateKey,
                              IndexedECPublicKey derivationPublicKey,
                              UUID encryptorsId,
                              UUID objectId)
                       throws BadPaddingException,
                              InvalidKeyException,
                              IllegalBlockSizeException,
                              SignatureException,
                              InvalidAlgorithmParameterException,
                              IOException

This will encrypt the data using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES).

Parameters:

plaintext - the data to be encrypted

signingPrivateKey - the key used to sign the encrypted data

derivationPublicKey - the key used to perform ECDH to generate the shared secret key

encryptorsId - the unique id of the user encrypting the data

objectId - the unique id of the formatted data - encrypted data with additional process data

Returns:

the AbsioIES encrypted/formatted data

Throws:

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeyException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

SignatureException - thrown if there is an issue signing the ciphertext

IOException - thrown if there are any IO issues processing the data

absioIESEncrypt

public byte[] absioIESEncrypt(byte[] plaintext,
                              PrivateKey signingPrivateKey,
                              PublicKey derivationPublicKey,
                              UUID encryptorsId,
                              UUID objectId)
                       throws BadPaddingException,
                              InvalidKeyException,
                              IllegalBlockSizeException,
                              SignatureException,
                              InvalidAlgorithmParameterException,
                              IOException

This will encrypt the data using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES). NOTE: this will fail if he keys are not EC keys!

Parameters:

plaintext - the data to be encrypted

signingPrivateKey - the key used to sign the encrypted data

derivationPublicKey - the key used to perform ECDH to generate the shared secret key

encryptorsId - the unique id of the user encrypting the data

objectId - the unique id of the formatted data - encrypted data with additional process data

Returns:

the AbsioIES encrypted/formatted data

Throws:

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeyException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

SignatureException - thrown if there is an issue signing the ciphertext

IOException - thrown if there are any IO issues processing the data

absioIESEncrypt

public byte[] absioIESEncrypt(byte[] plaintext,
                              PrivateKey signingPrivateKey,
                              PublicKey derivationPublicKey,
                              UUID encryptorsId)
                       throws BadPaddingException,
                              InvalidKeyException,
                              IllegalBlockSizeException,
                              SignatureException,
                              InvalidAlgorithmParameterException,
                              IOException

This will encrypt the data using Absio's Integrated Encryption Scheme (IES) that utilizes Elliptical Curve Cryptography (AbsioIES). NOTE: this will fail if he keys are not EC keys! Also, this will create a random id for the object.

Parameters:

plaintext - the data to be encrypted

signingPrivateKey - the key used to sign the encrypted data

derivationPublicKey - the key used to perform ECDH to generate the shared secret key

encryptorsId - the unique id of the user encrypting the data

Returns:

the AbsioIES encrypted/formatted data

Throws:

InvalidAlgorithmParameterException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

InvalidKeyException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

BadPaddingException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

IllegalBlockSizeException - thrown if CipherTransformation.AES_CTR_NOPADDING is not supported

SignatureException - thrown if there is an issue signing the ciphertext

IOException - thrown if there are any IO issues processing the data

generateDHSharedKey

public byte[] generateDHSharedKey(PrivateKey privateKey,
                                  PublicKey publicKey)
                           throws InvalidKeyException

This will return the ECDH shared secret key the private and public key. If Alice wanted to generate the shared secret key for her and Bob, she would supply her private key and his public key. And if Bob wanted to do the same, he would supply his private key and Alice's public key. NOTE: this uses KeyAgreementHelper with KeyAgreementHelper.KeyAgreementAlgorithm#ECDH to generate the secret and KDF2Helper with MessageDigestAlgorithm.SHA384 and the AESKeyStrength to generate the Key.

Parameters:

privateKey - Alice's private key

publicKey - Bob's public key

Returns:

the shared secret key for Alice and Bob

Throws:

InvalidKeyException - thrown if there was an error creating the shared secret key

generateDHSharedSecret

public byte[] generateDHSharedSecret(PrivateKey privateKey,
                                     PublicKey publicKey)
                              throws InvalidKeyException

This will return the ECDH shared secret given the private and public key. If Alice wanted to generate the shared secret between her and Bob, she would supply her private key and his public key. And if Bob wanted to do the same, he would supply his private key and Alice's public key. NOTE: this uses KeyAgreementHelper with KeyAgreementHelper.KeyAgreementAlgorithm#ECDH to generate the secret.

Parameters:

privateKey - Alice's private key

publicKey - Bob's public key

Returns:

the shared secret for the Alice and Bob

Throws:

InvalidKeyException - thrown if the keys are not the correct type

generateKey

public KeyPair generateKey()
                    throws InvalidAlgorithmParameterException

This will create a new Elliptic Curve KeyPair using the helpers defined EllipticCurve NOTE: this uses KeyPairHelper with KeyPairHelper.KeyAlgorithm#EC to generate the key.

Returns:

a new Elliptic Curve KeyPair using the defined curve

Throws:

InvalidAlgorithmParameterException - thrown if the curve is not supported

getCurve

public EllipticCurve getCurve()

This is the EllipticCurve used by this helper.

Returns:

the EllipticCurve of this helper

getKeyStrength

public AESKeyStrength getKeyStrength()

This is the AESKeyStrength used in when generating an ECDH shared key.

Returns:

the AESKeyStrength of this helper

sign

public byte[] sign(PrivateKey privateKey,
                   byte[] data)
            throws SignatureException,
                   InvalidKeyException

ECDSA signs the given data with the given key. NOTE: this uses SignatureHelper with SignatureHelper.SignatureAlgorithm#SHA384WithECDSA to complete the signing of the data.

Parameters:

privateKey - the private key used to sign the data

data - the data to sign

Returns:

the signed data

Throws:

SignatureException - thrown if there was an issue signing the data

InvalidKeyException - thrown if there was an issue with the key

verifySignature

public boolean verifySignature(PublicKey publicKey,
                               byte[] data,
                               byte[] signature)
                        throws SignatureException,
                               InvalidKeyException

Verifies a ECDSA signature of the given data. NOTE: this uses SignatureHelper with SignatureHelper.SignatureAlgorithm#SHA384WithECDSA to verify the signature of the data.

Parameters:

publicKey - the public key of the private key used to sign the data

data - the data that was signed

signature - the signature

Returns:

true if the signature is correct for the given data

Throws:

SignatureException - thrown if there was an issue verifying the signature of the data

InvalidKeyException - thrown if there was an issue with the key