Package org.keycloak.crypto.fips
Class FIPSRsaKeyEncryptionJWEAlgorithmProvider
java.lang.Object
org.keycloak.crypto.fips.FIPSRsaKeyEncryptionJWEAlgorithmProvider
- All Implemented Interfaces:
JWEAlgorithmProvider
public class FIPSRsaKeyEncryptionJWEAlgorithmProvider
extends Object
implements JWEAlgorithmProvider
Fips note: Based on https://downloads.bouncycastle.org/fips-java/BC-FJA-UserGuide-1.0.2.pdf, Section 4
There are no direct public/private key ciphers available in approved mode. Available ciphers are
restricted to use for key wrapping and key transport, see section 7 and section 8 for details.
Our solution is to pull out the CEK signature and encryption keys , encode them separately , and then
-
Constructor Summary
ConstructorsConstructorDescriptionFIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters) -
Method Summary
Modifier and TypeMethodDescriptionbyte[]decodeCek(byte[] encodedCek, Key privateKey, JWEHeader header, JWEEncryptionProvider encryptionProvider) byte[]encodeCek(JWEEncryptionProvider encryptionProvider, JWEKeyStorage keyStorage, Key publicKey, JWEHeader.JWEHeaderBuilder headerBuilder)
-
Constructor Details
-
FIPSRsaKeyEncryptionJWEAlgorithmProvider
public FIPSRsaKeyEncryptionJWEAlgorithmProvider(org.bouncycastle.crypto.fips.FipsRSA.WrapParameters wrapParameters)
-
-
Method Details
-
decodeCek
public byte[] decodeCek(byte[] encodedCek, Key privateKey, JWEHeader header, JWEEncryptionProvider encryptionProvider) throws Exception - Specified by:
decodeCekin interfaceJWEAlgorithmProvider- Throws:
Exception
-
encodeCek
public byte[] encodeCek(JWEEncryptionProvider encryptionProvider, JWEKeyStorage keyStorage, Key publicKey, JWEHeader.JWEHeaderBuilder headerBuilder) throws Exception - Specified by:
encodeCekin interfaceJWEAlgorithmProvider- Throws:
Exception
-