Skip navigation links

oracle.security.xmlsec.enc
Class XEEncryptedKey

java.lang.Object
oracle.security.xmlsec.util.XMLNode
oracle.security.xmlsec.util.XMLElement
oracle.security.xmlsec.enc.XEEncryptedObject
oracle.security.xmlsec.enc.XEEncryptedKey

All Implemented Interfaces:

KeyInfoData

public class XEEncryptedKey

extends XEEncryptedObject

implements KeyInfoData

This class represents an XML-ENC EncryptedKey element. The following algorithms for encrypting keys for the block encryption algorithms Triple-DES, AES-128, AES-196, AES-256, are supported:

• Key wrapping: Triple-DES, AES-128, AES-192 and AES-256
• Key transport: RSA-PKCS1 v1.5 and RSA-OAEP

See Also:

XEEncryptionMethod, XEEncryptedObject, XEEncryptedData, XEKeyInfo

Field Summary

Fields inherited from class oracle.security.xmlsec.util.XMLNode

node, systemId

Constructor Summary

XEEncryptedKey(org.w3c.dom.Document doc)
Create a new XEEncryptedKey instance with the given XML Document context.

XEEncryptedKey(org.w3c.dom.Document doc, java.lang.String id)
Create a new XEEncryptedKey instance with the given XML Document context and the id.

XEEncryptedKey(org.w3c.dom.Element encKey)
Create a XEEncryptedKey instance from the given EncryptedKey element.

XEEncryptedKey(org.w3c.dom.Element encKey, java.lang.String systemId)
Create a XEEncryptedKey instance from the given EncryptedKey element.

Method Summary

void	addReference(XEReference ref) Add an XEReference instance for an EncryptedData or EncryptedKey element encrypted using the key being encrypted in this structure.
byte[]	decrypt(XEEncryptionMethod ceEncMethod) Decrypt the cipher value specified in the CipherData child element in this EncryptedKey element.
byte[]	decrypt(XEEncryptionMethod ceEncMethod, java.security.Key keyDecKey) Decrypt the cipher value specified in the CipherData child element in this EncryptedKey element, with the given decryption key.
byte[]	encrypt(byte[] contentKeyBytes) Encrypt the content encryption key bytes with the given key encryption key.
byte[]	encrypt(byte[] contentKeyBytes, java.security.Key keyEncKey) Encrypt the content encryption key bytes with the given key encryption key.
byte[]	encrypt(javax.crypto.SecretKey contentKey) Encrypt the content encryption key with the given key encryption key.
byte[]	encrypt(javax.crypto.SecretKey contentKey, java.security.Key keyEncKey) Encrypt the content encryption key with the given key encryption key.
void	encryptKey(javax.crypto.SecretKey contentKey, java.security.Key keyEncKey, java.lang.String keyEncKeyName) Encrypt the content encryption key with the given key encryption key, and store the encrypted key inside this EncryptedKey element.
java.lang.String	getCarriedKeyName() Return the key name identifying the key being encrypted.
java.util.Vector	getDataReferences() Get XEDataReference objects refer EncryptedData elements encrypted using the key being encrypted in this structure.
javax.crypto.SecretKey	getKey(XEEncryptionMethod ceEncMethod) Get the content encryption key being encrypted in this EncryptedKey element.
javax.crypto.SecretKey	getKey(XEEncryptionMethod ceEncMethod, java.security.Key keyDecKey) Get the content encryption key being encrypted in this EncryptedKey element.
java.util.Vector	getKeyReferences() Get the XEKeyReference objects for EncryptedKey elements that were encrypted using the key being encrypted in this structure.
java.lang.String	getRecipient() Returns the value of the Recipient attribute, which indicates the recipient of this encrypted key value.
java.lang.String	getType() Returns the type URI for an EncryptedKey element.
static XEEncryptedKey	newInstance() Creates a new XEEncryptedKey instance in a new owner document, and makes it the root element of the document.
static XEEncryptedKey	newInstance(org.w3c.dom.Document doc) Creates a new XEEncryptedKey instance in the given owner document, but does not append it to any element.
static XEEncryptedKey	newInstance(org.w3c.dom.Document doc, java.lang.String id) Creates a new XEEncryptedKey instance in the given owner document, but does not append it to any element.
static XEEncryptedKey	newInstance(java.lang.String id) Creates a new XEEncryptedKey instance in a new owner document, and makes it the root element of the document.
void	setCarriedKeyName(java.lang.String keyName) Set the CarriedKeyName child element for this EncryptedKey element.
void	setRecipient(java.lang.String recipient) Sets the Recipient attribute, which indicates the recipient of this encrypted key value.

Methods inherited from class oracle.security.xmlsec.enc.XEEncryptedObject

createCipherData, createCipherData, createCipherReference, createDataReference, createEncryptionMethod, createEncryptionProperties, createEncryptionProperties, createEncryptionProperty, createEncryptionProperty, createKeyInfo, createKeyInfo, createKeyReference, createOriginatorKeyInfo, createRecipientKeyInfo, getCipherData, getDataType, getDecryptionKey, getEncoding, getEncryptionKey, getEncryptionMethod, getEncryptionProperties, getId, getInstance, getInstance, getKeyInfo, getMimeType, setCipherData, setDataType, setEncoding, setEncryptionMethod, setEncryptionProperties, setId, setKeyInfo, setMimeType

Methods inherited from class oracle.security.xmlsec.util.XMLElement

addNSPrefixAttr, addNSPrefixAttr, addNSPrefixAttrDefault, addNSPrefixAttrDefault, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getChildElementsByTagName, getChildElementsByTagName, getChildElementsByTagNameNS, getChildElementsByTagNameNS, getDefaultNSPrefix, getElement, getElementsByTagName, getElementsByTagNameNS, getTagName, hasAttribute, hasAttributeNS, removeAttribute, removeAttributeNode, removeAttributeNS, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setDefaultNSPrefix

Methods inherited from class oracle.security.xmlsec.util.XMLNode

appendChild, appendChild, appendTo, cloneNode, getAttributes, getChildNodes, getFirstChild, getLastChild, getLocalName, getNamespaceURI, getNextSibling, getNode, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentNode, getPrefix, getPreviousSibling, getSystemId, hasAttributes, hasChildNodes, insertBefore, insertBefore, isSupported, normalize, removeChild, removeChild, replaceChild, replaceChild, setNodeValue, setPrefix, setSystemId, toBytesXML, toStringXML

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XEEncryptedKey

public XEEncryptedKey(org.w3c.dom.Element encKey)

Create a XEEncryptedKey instance from the given EncryptedKey element.

Parameters:

encKey - An EncryptedKey element.

XEEncryptedKey

public XEEncryptedKey(org.w3c.dom.Element encKey,
                      java.lang.String systemId)

Create a XEEncryptedKey instance from the given EncryptedKey element.

Parameters:

encKey - An EncryptedKey element.

systemId - The URI string system ID for the XEEncryptedKey.

Since:

2.0

XEEncryptedKey

public XEEncryptedKey(org.w3c.dom.Document doc)

Create a new XEEncryptedKey instance with the given XML Document context.

Parameters:

doc - An XML Document to be used as the owner document of this element.

XEEncryptedKey

public XEEncryptedKey(org.w3c.dom.Document doc,
                      java.lang.String id)

Create a new XEEncryptedKey instance with the given XML Document context and the id.

Parameters:

doc - An XML Document to be used as the owner document of this element.

id - An optional Id string for this EncryptedKey element.

Method Detail

newInstance

public static XEEncryptedKey newInstance()
                                  throws org.w3c.dom.DOMException

Creates a new XEEncryptedKey instance in a new owner document, and makes it the root element of the document.

Throws:

org.w3c.dom.DOMException

newInstance

public static XEEncryptedKey newInstance(java.lang.String id)
                                  throws org.w3c.dom.DOMException

Creates a new XEEncryptedKey instance in a new owner document, and makes it the root element of the document.

Parameters:

id - An optional Id string for this EncryptedKey element.

Throws:

org.w3c.dom.DOMException

newInstance

public static XEEncryptedKey newInstance(org.w3c.dom.Document doc)
                                  throws org.w3c.dom.DOMException

Creates a new XEEncryptedKey instance in the given owner document, but does not append it to any element.

Parameters:

doc - An XML Document to be used as the owner document of this EncryptedKey element.

Throws:

org.w3c.dom.DOMException

newInstance

public static XEEncryptedKey newInstance(org.w3c.dom.Document doc,
                                         java.lang.String id)
                                  throws org.w3c.dom.DOMException

Creates a new XEEncryptedKey instance in the given owner document, but does not append it to any element.

Parameters:

doc - An XML Document to be used as the owner document of this EncryptedKey element.

id - An optional Id string for this EncryptedKey element.

Throws:

org.w3c.dom.DOMException

setCarriedKeyName

public void setCarriedKeyName(java.lang.String keyName)
                       throws org.w3c.dom.DOMException

Set the CarriedKeyName child element for this EncryptedKey element.

Parameters:

keyName - The name identifying the key to be encrypted.

Throws:

org.w3c.dom.DOMException

getCarriedKeyName

public java.lang.String getCarriedKeyName()

Return the key name identifying the key being encrypted.

Returns:

The key name of the key encrypted, or null if not specified

setRecipient

public void setRecipient(java.lang.String recipient)
                  throws org.w3c.dom.DOMException

Sets the Recipient attribute, which indicates the recipient of this encrypted key value.

Parameters:

recipient - The string name of this encrypted key's recipient.

Throws:

org.w3c.dom.DOMException

getRecipient

public java.lang.String getRecipient()

Returns the value of the Recipient attribute, which indicates the recipient of this encrypted key value.

Returns:

The string name of this encrypted key's recipient, or null if the attribute is not set.

addReference

public void addReference(XEReference ref)
                  throws org.w3c.dom.DOMException

Add an XEReference instance for an EncryptedData or EncryptedKey element encrypted using the key being encrypted in this structure.

Parameters:

ref - An XEReference instance.

Throws:

org.w3c.dom.DOMException

getDataReferences

public java.util.Vector getDataReferences()

Get XEDataReference objects refer EncryptedData elements encrypted using the key being encrypted in this structure.

Returns:

A Vector of XEDataReference objects.

getKeyReferences

public java.util.Vector getKeyReferences()

Get the XEKeyReference objects for EncryptedKey elements that were encrypted using the key being encrypted in this structure.

Returns:

A Vector of XEKeyReference objects.

getType

public java.lang.String getType()

Returns the type URI for an EncryptedKey element.

Specified by:

getType in interface KeyInfoData

Returns:

The URI string XMLURI.obj_EncryptedKey.

encrypt

public byte[] encrypt(byte[] contentKeyBytes,
                      java.security.Key keyEncKey)
               throws XESchemaException,
                      XECipherException

Encrypt the content encryption key bytes with the given key encryption key. Key transport with RSA-OAEP and RSA-PKCS1.5 and key wrap with triple DES, AES128, AES192, AES256 are supported.

Parameters:

contentKeyBytes - The key bytes of the content encryption key to be encrypted.

keyEncKey - The key to be used in encrypting the content encryption key bytes.

Returns:

The cipher text.

Throws:

XESchemaException

XECipherException

encrypt

public byte[] encrypt(byte[] contentKeyBytes)
               throws XEException

Encrypt the content encryption key bytes with the given key encryption key. Key transport with RSA-OAEP and RSA-PKCS1.5 and key wrap with triple DES, AES128, AES192, AES256 are supported.

The KeyInfo is used to locate the encryption key using the KeyRetriever facility. If no KeyInfo is present, or if the encryption key cannot be retrieved, a XECipherException is thrown. This method should NOT be used if the encryption key is identified by an EncryptedKey element.

Parameters:

contentKeyBytes - The key bytes of the content encryption key to be encrypted.

Returns:

The cipher text.

Throws:

XEException

encrypt

public byte[] encrypt(javax.crypto.SecretKey contentKey,
                      java.security.Key keyEncKey)
               throws XESchemaException,
                      XECipherException

Encrypt the content encryption key with the given key encryption key. Both key transport with RSA-OAEP and RSA-PKCS1.5 and key wrap with triple DES, AES128, AES192, AES256 are supported.

Parameters:

contentKey - The content encryption key to be encrypted.

keyEncKey - The key to be used in encrypting the content encryption key.

Returns:

The cipher text.

Throws:

XESchemaException

XECipherException

encryptKey

public void encryptKey(javax.crypto.SecretKey contentKey,
                       java.security.Key keyEncKey,
                       java.lang.String keyEncKeyName)
                throws XESchemaException,
                       XECipherException

Encrypt the content encryption key with the given key encryption key, and store the encrypted key inside this EncryptedKey element. Both key transport with RSA-OAEP and RSA-PKCS1.5 and key wrap with triple DES, AES128, AES192, AES256 are supported.

Parameters:

contentKey - The content encryption key to be encrypted.

keyEncKey - The key to be used in encrypting the content encryption key.

keyEncKeyName - If non null, a KeyInfo with a KeyName will be created for this element

Throws:

XESchemaException

XECipherException

encrypt

public byte[] encrypt(javax.crypto.SecretKey contentKey)
               throws XEException

Encrypt the content encryption key with the given key encryption key. Both key transport with RSA-OAEP and RSA-PKCS1.5 and key wrap with triple DES, AES128, AES192, AES256 are supported.

The KeyInfo is used to locate the encryption key using the KeyRetriever facility. If no KeyInfo is present, or if the encryption key cannot be retrieved, a XECipherException is thrown. This method should NOT be used if the encryption key is identified by an EncryptedKey element.

Parameters:

contentKey - The content encryption key to be encrypted.

Returns:

The cipher text.

Throws:

XEException

decrypt

public byte[] decrypt(XEEncryptionMethod ceEncMethod,
                      java.security.Key keyDecKey)
               throws XESchemaException,
                      XECipherException

Decrypt the cipher value specified in the CipherData child element in this EncryptedKey element, with the given decryption key.

Parameters:

ceEncMethod - An XEEncryptionMethod object identifying the content encryption algorithm for which the key encrypted in this structure is used.

keyDecKey - The key decryption key.

Returns:

The decrypted content encryption key bytes.

Throws:

XESchemaException

XECipherException

decrypt

public byte[] decrypt(XEEncryptionMethod ceEncMethod)
               throws XEException

Decrypt the cipher value specified in the CipherData child element in this EncryptedKey element. The decryption key is obtained by resolving the KeyInfo element. The decryption key for the bottom of the EncryptedKey chain is from the KeyRetriever facility.

Parameters:

ceEncMethod - The EncryptionMethod for the content. NOT the EncryptionMethod for the encryption key. This is required, because just by looking at the EncryptedKey it is possible to decrypt into a sequence of bytes, but not possible to determine the encryption algorithm that those bytes should be used for.
If you pass null for this, it will see if there is a ReferenceList in the EncryptedKey and then dereference the first reference to find an EncryptedData element, and then get the EncryptionMethod from tthe EncryptedData object. But if there is no ReferenceList of the reference cannot be dereferenced, then it will arbitrarily assume that the content encryption algorithm is AES.

Returns:

The decrypted content encryption key bytes.

Throws:

XEException

Since:

1.2

getKey

public javax.crypto.SecretKey getKey(XEEncryptionMethod ceEncMethod,
                                     java.security.Key keyDecKey)
                              throws org.w3c.dom.DOMException,
                                     XEException

Get the content encryption key being encrypted in this EncryptedKey element.

Parameters:

ceEncMethod - The EncryptionMethod for the content. NOT the EncryptionMethod for the encryption key. This is required, because just by looking at the EncryptedKey it is possible to decrypt into a sequence of bytes, but not possible to determine the encryption algorithm that those bytes should be used for.
If you pass null for this, it will see if there is a ReferenceList in the EncryptedKey and then dereference the first reference to find an EncryptedData element, and then get the EncryptionMethod from tthe EncryptedData object. But if there is no ReferenceList of the reference cannot be dereferenced, then it will arbitrarily assume that the content encryption algorithm is AES.

keyDecKey - The key used to decrypt the encrypted content key.

Returns:

The decrypted content encryption key.

Throws:

org.w3c.dom.DOMException

XEException

getKey

public javax.crypto.SecretKey getKey(XEEncryptionMethod ceEncMethod)
                              throws org.w3c.dom.DOMException,
                                     XEException

Get the content encryption key being encrypted in this EncryptedKey element. The key encryption key will be obtained from the KeyRetriever.

Parameters:

ceEncMethod - An XEEncryptionMethod object identifying the content encryption algorithm for which the key encrypted in this structure is used.

Returns:

The decrypted content encryption key.

Throws:

org.w3c.dom.DOMException

XEException

Skip navigation links