Package: org.conscrypt
HpkeContextRecipient
public class HpkeContextRecipient extends org.conscrypt.HpkeContext
Hybrid Public Key Encryption (HPKE) recipient APIs.
See:
HPKE RFC 9180
Recipient subclass of HpkeContext. See base class for details.
Public Methods
open
public byte[] open(byte[] ciphertext, byte[] aad) throws java.security.GeneralSecurityException
Opens a message, using the internal key schedule maintained by this HpkeContextRecipient.
| Parameters |
| ciphertext |
the ciphertext |
| aad |
optional associated data, may be null or empty |
| Returns |
| byte[] |
the plaintext |
| Throws |
| IllegalStateException |
if this HpkeContextRecipient has not been initialised |
| GeneralSecurityException |
on decryption failures |
getInstance
public static HpkeContextRecipient getInstance(String suite) throws java.security.NoSuchAlgorithmException
Returns an uninitialised HpkeContextRecipient.
| Parameters |
| suite |
the HPKE suite to use. @see
HpkeSuite
for details. |
| Returns |
| org.conscrypt.HpkeContextRecipient |
an uninitialised HpkeContextRecipient for the requested suite |
| Throws |
| NoSuchAlgorithmException |
if no implementation could be found |
getInstance
public static HpkeContextRecipient getInstance(String suite, String providerName) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException
Returns an uninitialised HpkeContextRecipient from a specific
Provider
| Parameters |
| suite |
the HPKE suite to use. @see
HpkeSuite
for details. |
| providerName |
the name of the Provider to use |
| Returns |
| org.conscrypt.HpkeContextRecipient |
an uninitialised HpkeContextRecipient for the requested suite |
| Throws |
| NoSuchAlgorithmException |
if no implementation could be found |
| NoSuchProviderException |
if providerName is null or no such Provider exists |
getInstance
public static HpkeContextRecipient getInstance(String suite, Provider provider) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException
Returns an uninitialised HpkeContextRecipient from a specific
Provider
| Parameters |
| suite |
the HPKE suite to use. @see
HpkeSuite
for details. |
| provider |
the Provider to use |
| Returns |
| org.conscrypt.HpkeContextRecipient |
an uninitialised HpkeContextRecipient for the requested suite |
| Throws |
| NoSuchAlgorithmException |
if no implementation could be found |
| NoSuchProviderException |
if providerName is null or no such Provider exists |
init
public void init(byte[] encapsulated, PrivateKey recipientKey, byte[] info) throws java.security.InvalidKeyException
Initialises this HpkeContextRecipient in BASE mode, i.e. no sender authentication.
| Parameters |
| encapsulated |
encapsulated ephemeral key from an
HpkeContextSender |
| recipientKey |
private key of the recipient |
| info |
application-supplied information, may be null or empty |
| Throws |
| InvalidKeyException |
if recipientKey is null or an unsupported key format |
| UnsupportedOperationException |
if mode is not a supported HPKE mode |
| IllegalStateException |
if this HpkeContextRecipient has already been initialised |
init
public void init(byte[] encapsulated, PrivateKey recipientKey, byte[] info, PublicKey senderKey) throws java.security.InvalidKeyException
Initialises this HpkeContextRecipient in AUTH mode, i.e. messages are authenticated using
the sender's public key.
| Parameters |
| encapsulated |
encapsulated ephemeral key from an
HpkeContextSender |
| recipientKey |
private key of the recipient |
| info |
application-supplied information, may be null or empty |
| senderKey |
the public key of the sender |
| Throws |
| InvalidKeyException |
if either recipientKey or senderKey are null
or an unsupported key format |
| UnsupportedOperationException |
if mode is not a supported HPKE mode |
| IllegalStateException |
if this HpkeContextRecipient has already been initialised |
init
public void init(byte[] encapsulated, PrivateKey recipientKey, byte[] info, byte[] psk, byte[] psk_id) throws java.security.InvalidKeyException
Initialises this HpkeContextRecipient in PSK_AUTH mode, i.e. messages are authenticated using
a pre-shared secret key.
| Parameters |
| encapsulated |
encapsulated ephemeral key from an
HpkeContextSender |
| recipientKey |
private key of the recipient |
| info |
application-supplied information, may be null or empty |
| psk |
the a pre-shared secret key |
| psk_id |
the id of the pre-shared secret key |
| Throws |
| NullPointerException |
if psk or psk_id are null |
| InvalidKeyException |
if recipientKey is null or an unsupported key format |
| UnsupportedOperationException |
if mode is not a supported HPKE mode |
| IllegalStateException |
if this HpkeContextRecipient has already been initialised |
init
public void init(byte[] encapsulated, PrivateKey recipientKey, byte[] info, PublicKey senderKey, byte[] psk, byte[] psk_id) throws java.security.InvalidKeyException
Initialises this HpkeContextRecipient in PSK_AUTH mode, i.e. messages are authenticated using
both the sender's public key and a pre-shared secret key.
| Parameters |
| encapsulated |
encapsulated ephemeral key from an
HpkeContextSender |
| recipientKey |
private key of the recipient |
| info |
application-supplied information, may be null or empty |
| senderKey |
the public key of the sender |
| psk |
the a pre-shared secret key |
| psk_id |
the id of the pre-shared secret key |
| Throws |
| NullPointerException |
if psk or psk_id are null |
| InvalidKeyException |
if either recipientKey or senderKey are null
or an unsupported key format |
| UnsupportedOperationException |
if mode is not a supported HPKE mode |
| IllegalStateException |
if this HpkeContextRecipient has already been initialised |