Module org.apache.santuario.xmlsec
Package org.apache.xml.security.encryption

Interface AgreementMethod

  • All Known Implementing Classes:
    AgreementMethodImpl
    public interface AgreementMethod
    A Key Agreement algorithm provides for the derivation of a shared secret key based on a shared secret computed from certain types of compatible public keys from both the sender and the recipient. Information from the originator to determine the secret is indicated by an optional OriginatorKeyInfo parameter child of an AgreementMethod element while that associated with the recipient is indicated by an optional RecipientKeyInfo. A shared key is derived from this shared secret by a method determined by the Key Agreement algorithm.

    Note: XML Encryption does not provide an on-line key agreement negotiation protocol. The AgreementMethod element can be used by the originator to identify the keys and computational procedure that were used to obtain a shared encryption key. The method used to obtain or select the keys or algorithm used for the agreement computation is beyond the scope of this specification.

    The AgreementMethod element appears as the content of a ds:KeyInfo since, like other ds:KeyInfo children, it yields a key. This ds:KeyInfo is in turn a child of an EncryptedData or EncryptedKey element. The Algorithm attribute and KeySize child of the EncryptionMethod element under this EncryptedData or EncryptedKey element are implicit parameters to the key agreement computation. In cases where this EncryptionMethod algorithm URI is insufficient to determine the key length, a KeySize MUST have been included. In addition, the sender may place a KA-Nonce element under AgreementMethod to assure that different keying material is generated even for repeated agreements using the same sender and recipient public keys.

    If the agreed key is being used to wrap a key, then AgreementMethod would appear inside a ds:KeyInfo inside an EncryptedKey element.

    The Schema for AgreementMethod is as follows:

    • Method Detail

      • getKANonce

        byte[] getKANonce()
        Returns a byte array.
        Returns:
        a byte array.

      • setKANonce

        void setKANonce​(byte[] kanonce)
        Sets the KANonce.jj
        Parameters:
        kanonce -

      • setKeyDerivationMethod

        void setKeyDerivationMethod​(KeyDerivationMethod keyDerivationMethod)
        This method is used to set the KeyDerivationMethod when the AgreementMethod is being used to derive a key. The KeyDerivationMethod is declared as but is used in ECDH_ES
        Parameters:
        keyDerivationMethod -

      • getAgreementMethodInformation

        Iterator<Element> getAgreementMethodInformation()
        Returns additional information regarding the AgreementMethod.
        Returns:
        additional information regarding the AgreementMethod.

      • addAgreementMethodInformation

        void addAgreementMethodInformation​(Element info)
        Adds additional AgreementMethod information.
        Parameters:
        info - a Element that represents additional information specified by

      • removeAgreementMethodInformation

        void removeAgreementMethodInformation​(Element info)
        Removes additional AgreementMethod information.
        Parameters:
        info - a Element that represents additional information specified by

      • setOriginatorKeyInfo

        void setOriginatorKeyInfo​(OriginatorKeyInfo keyInfo)
        Sets the information relating to the originator's shared secret.
        Parameters:
        keyInfo - information relating to the originator's shared secret.

      • setOriginatorPublicKey

        void setOriginatorPublicKey​(PublicKey publicKey)
        Sets the originator's PublicKey to generate the secret
        Parameters:
        publicKey - originator's PublicKey

      • setRecipientKeyInfo

        void setRecipientKeyInfo​(RecipientKeyInfo keyInfo)
        Sets the information relating to the recipient's shared secret.
        Parameters:
        keyInfo - information relating to the recipient's shared secret.

      • getAlgorithm

        String getAlgorithm()
        Returns the algorithm URI of this CryptographicMethod.
        Returns:
        the algorithm URI of this CryptographicMethod