AESCBC (PicketLink Parent 2.7.0.CR3 API)

java.lang.Object
- org.picketlink.json.jose.crypto.AESCBC

```
public class AESCBC
extends Object
```
AES/CBC/PKCS5Padding and AES/CBC/PKCS5Padding/HMAC-SHA2 encryption and decryption methods.
Also supports the deprecated AES/CBC/HMAC encryption using a custom concat KDF (JOSE draft suite 08).
See draft-ietf-jose-json-web-algorithms-26, section 5.2.

Author:

Giriraj Sharma

Field Summary

Fields
Modifier and Type Field and Description

static int IV_BIT_LENGTH
The standard Initialization Vector (IV) length (128 bits).

Fields
Modifier and Type	Field and Description
`static int`	`IV_BIT_LENGTH` The standard Initialization Vector (IV) length (128 bits).

Method Summary

Methods
Modifier and Type	Method and Description
`static byte[]`	`computeAADLength(byte[] aad)` Computes the bit length of the specified Additional Authenticated Data (AAD).
`static byte[]`	`decrypt(SecretKey secretKey, byte[] iv, byte[] cipherText)` Decrypts the specified cipher text using AES/CBC/PKCS5Padding.
`static byte[]`	`decryptAuthenticated(SecretKey secretKey, byte[] iv, byte[] cipherText, byte[] aad, byte[] authTag)` Decrypts the specified cipher text using AES/CBC/PKCS5Padding/ HMAC-SHA2.
`static byte[]`	`encrypt(SecretKey secretKey, byte[] iv, byte[] plainText)` Encrypts the specified plain text using AES/CBC/PKCS5Padding.
`static AuthenticatedCipherText`	`encryptAuthenticated(SecretKey secretKey, byte[] iv, byte[] plainText, byte[] aad)` Encrypts the specified plain text using AES/CBC/PKCS5Padding/ HMAC-SHA2.
`static byte[]`	`generateIV(SecureRandom randomGen)` Generates a random 128 bit (16 byte) Initialization Vector(IV) for use in AES-CBC encryption.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - IV_BIT_LENGTH
```
public static final int IV_BIT_LENGTH
```
    The standard Initialization Vector (IV) length (128 bits).
    
    See Also:
    Constant Field Values
- Method Detail
  - generateIV
```
public static byte[] generateIV(SecureRandom randomGen)
```
    Generates a random 128 bit (16 byte) Initialization Vector(IV) for use in AES-CBC encryption.
    
    Parameters:
    randomGen - The secure random generator to use. Must be correctly initialized and not null.
    
    Returns:
    The random 128 bit IV, as 16 byte array.
  - encrypt
```
public static byte[] encrypt(SecretKey secretKey,
             byte[] iv,
             byte[] plainText)
```
    Encrypts the specified plain text using AES/CBC/PKCS5Padding.
    
    Parameters:
    secretKey - The AES key. Must not be null.
    iv - The initialization vector (IV). Must not be null.
    plainText - The plain text. Must not be null.
    
    Returns:
    The cipher text.
    
    Throws:
    
    RuntimeException - If encryption failed.
  - computeAADLength
```
public static byte[] computeAADLength(byte[] aad)
```
    Computes the bit length of the specified Additional Authenticated Data (AAD). Used in AES/CBC/PKCS5Padding/HMAC-SHA2 encryption.
    
    Parameters:
    aad - The Additional Authenticated Data (AAD). Must not be null.
    
    Returns:
    The computed AAD bit length, as a 64 bit big-ending representation (8 byte array).
  - encryptAuthenticated
```
public static AuthenticatedCipherText encryptAuthenticated(SecretKey secretKey,
                                           byte[] iv,
                                           byte[] plainText,
                                           byte[] aad)
```
    Encrypts the specified plain text using AES/CBC/PKCS5Padding/ HMAC-SHA2.
    See draft-ietf-jose-json-web-algorithms-26, section 5.2.
    See draft-mcgrew-aead-aes-cbc-hmac-sha2-01
    
    Parameters:
    secretKey - The secret key. Must be 256 or 512 bits long. Must not be null.
    iv - The initialisation vector (IV). Must not be null.
    plainText - The plain text. Must not be null.
    aad - The additional authenticated data. Must not be null.
    
    Returns:
    The authenticated cipher text.
    
    Throws:
    
    RuntimeException - If encryption failed.
  - decrypt
```
public static byte[] decrypt(SecretKey secretKey,
             byte[] iv,
             byte[] cipherText)
```
    Decrypts the specified cipher text using AES/CBC/PKCS5Padding.
    
    Parameters:
    secretKey - The AES key. Must not be null.
    iv - The initialization vector (IV). Must not be null.
    cipherText - The cipher text. Must not be null.
    
    Returns:
    The decrypted plain text.
    
    Throws:
    
    RuntimeException - If decryption failed.
  - decryptAuthenticated
```
public static byte[] decryptAuthenticated(SecretKey secretKey,
                          byte[] iv,
                          byte[] cipherText,
                          byte[] aad,
                          byte[] authTag)
```
    Decrypts the specified cipher text using AES/CBC/PKCS5Padding/ HMAC-SHA2.
    See draft-ietf-jose-json-web-algorithms-26, section 5.2.
    
    Parameters:
    secretKey - The secret key. Must be 256 or 512 bits long. Must not be null.
    iv - The initialization vector (IV). Must not be null.
    cipherText - The cipher text. Must not be null.
    aad - The additional authenticated data. Must not be null.
    authTag - The authentication tag. Must not be null.
    
    Returns:
    The decrypted plain text.
    
    Throws:
    
    RuntimeException - If decryption failed.

Class AESCBC

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

IV_BIT_LENGTH

Method Detail

generateIV

encrypt

computeAADLength

encryptAuthenticated

decrypt

decryptAuthenticated