Package org.bouncycastle.cms.jcajce

Class JceKEMRecipient

    • Field Detail

      • extraMappings

        protected java.util.Map extraMappings

      • validateKeySize

        protected boolean validateKeySize

      • unwrappedKeyMustBeEncodable

        protected boolean unwrappedKeyMustBeEncodable

    • Constructor Detail

      • JceKEMRecipient

        public JceKEMRecipient​(java.security.PrivateKey recipientKey)

    • Method Detail

      • setProvider

        public JceKEMRecipient setProvider​(java.security.Provider provider)
        Set the provider to use for key recovery and content processing.
        Parameters:
        provider - provider to use.
        Returns:
        this recipient.

      • setProvider

        public JceKEMRecipient setProvider​(java.lang.String providerName)
        Set the provider to use for key recovery and content processing.
        Parameters:
        providerName - the name of the provider to use.
        Returns:
        this recipient.

      • setAlgorithmMapping

        public JceKEMRecipient setAlgorithmMapping​(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm,
                                           java.lang.String algorithmName)
        Internally algorithm ids are converted into cipher names using a lookup table. For some providers the standard lookup table won't work. Use this method to establish a specific mapping from an algorithm identifier to a specific algorithm.

        For example: 

             unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");
        Parameters:
        algorithm - OID of algorithm in recipient.
        algorithmName - JCE algorithm name to use.
        Returns:
        the current Recipient.

      • setContentProvider

        public JceKEMRecipient setContentProvider​(java.security.Provider provider)
        Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.
        Parameters:
        provider - the provider to use.
        Returns:
        this recipient.

      • setMustProduceEncodableUnwrappedKey

        public JceKEMRecipient setMustProduceEncodableUnwrappedKey​(boolean unwrappedKeyMustBeEncodable)
        Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded(). This is important if you are using a HSM for unwrapping and using a software based provider for decrypting the content. Default value: false.
        Parameters:
        unwrappedKeyMustBeEncodable - true if getEncoded() should return key bytes, false if not necessary.
        Returns:
        this recipient.

      • setContentProvider

        public JceKEMRecipient setContentProvider​(java.lang.String providerName)
        Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.
        Parameters:
        providerName - the name of the provider to use.
        Returns:
        this recipient.

      • setKeySizeValidation

        public JceKEMRecipient setKeySizeValidation​(boolean doValidate)
        Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.

        This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.

        Parameters:
        doValidate - true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.
        Returns:
        this recipient.

      • extractSecretKey

        protected java.security.Key extractSecretKey​(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm,
                                             org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm,
                                             byte[] encryptedEncryptionKey)
                                      throws CMSException
        Throws:
        CMSException