org.keycloak.crypto.fips.FIPSRsaKeyEncryptionJWEAlgorithmProvider

All Implemented Interfaces:: JWEAlgorithmProvider

public class FIPSRsaKeyEncryptionJWEAlgorithmProvider extends Object implements JWEAlgorithmProvider

Fips note: Based on https://downloads.bouncycastle.org/fips-java/BC-FJA-UserGuide-1.0.2.pdf, Section 4 There are no direct public/private key ciphers available in approved mode. Available ciphers are restricted to use for key wrapping and key transport, see section 7 and section 8 for details. Our solution is to pull out the CEK signature and encryption keys , encode them separately , and then

Constructor Summary

Constructors

Constructor

Description

FIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters)
Method Summary

Modifier and Type

Method

Description

byte[]

decodeCek(byte[] encodedCek, Key privateKey)

byte[]

encodeCek(JWEEncryptionProvider encryptionProvider, JWEKeyStorage keyStorage, Key publicKey)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- FIPSRsaKeyEncryptionJWEAlgorithmProvider
  
  public FIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters)
Method Details
- decodeCek
  
  public byte[] decodeCek(byte[] encodedCek, Key privateKey) throws Exception
  
  Specified by:
  
  decodeCek in interface JWEAlgorithmProvider
  
  Throws:
  
  Exception
- encodeCek
  
  public byte[] encodeCek(JWEEncryptionProvider encryptionProvider, JWEKeyStorage keyStorage, Key publicKey) throws Exception
  
  Specified by:
  
  encodeCek in interface JWEAlgorithmProvider
  
  Throws:
  
  Exception

Class FIPSRsaKeyEncryptionJWEAlgorithmProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

FIPSRsaKeyEncryptionJWEAlgorithmProvider

Method Details

decodeCek

encodeCek