se.swedenconnect.opensaml.xmlsec.encryption.support

Class ECDHSupport

java.lang.Object

se.swedenconnect.opensaml.xmlsec.encryption.support.ECDHSupport

public class ECDHSupport
extends Object

Support methods for performing ECDH key agreement.

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields

Modifier and Type	Field and Description
static String	EC_PUBLIC_KEY_OID The Object Identifier for an EC public key.

Constructor Summary

Constructors

Constructor and Description
ECDHSupport()

Method Summary

Modifier and Type	Method and Description
static KeyAgreementCredential	createKeyAgreementCredential(Credential peerCredential, String keyWrappingAlgorithm, KeyDerivationMethod keyDerivationMethod) Creates a KeyAgreementCredential by using the supplied peer credential to generate a EC key pair and a secret key that is the key agreement key.
static SecretKey	getKeyAgreementKey(PrivateKey decrypterKey, AgreementMethod agreementMethod, String keyWrappingJcaAlgorithmId, int keyWrappingKeySize) Derives the ephemeral-static DH agreed key encryption key for a decryption process.
static NamedCurve	getNamedCurve(ECPublicKey publicKey) Given a EC public key its named curve is returned.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EC_PUBLIC_KEY_OID

public static final String EC_PUBLIC_KEY_OID

The Object Identifier for an EC public key.

See Also:

Constant Field Values

Constructor Detail

ECDHSupport

public ECDHSupport()

Method Detail

createKeyAgreementCredential

public static KeyAgreementCredential createKeyAgreementCredential(Credential peerCredential,
                                                                  String keyWrappingAlgorithm,
                                                                  KeyDerivationMethod keyDerivationMethod)
                                                           throws SecurityException

Creates a KeyAgreementCredential by using the supplied peer credential to generate a EC key pair and a secret key that is the key agreement key.

This method works only for the key derivation algorithm.

Parameters:

peerCredential - the peer credential (containing an EC public key)

keyWrappingAlgorithm - the key wrapping algorithm

keyDerivationMethod - the key derivation method parameters for the key derivation algorithm

Returns:

a KeyAgreementCredential

Throws:

SecurityException - for errors during the key generation process

getKeyAgreementKey

public static SecretKey getKeyAgreementKey(PrivateKey decrypterKey,
                                           AgreementMethod agreementMethod,
                                           String keyWrappingJcaAlgorithmId,
                                           int keyWrappingKeySize)
                                    throws SecurityException

Derives the ephemeral-static DH agreed key encryption key for a decryption process.

ECDH is used to calculate the shared secret.

The ConcatKDF key derivation function is assumed and required for constructing the derived key encryption key.

Parameters:

decrypterKey - The private EC key of the decrypter

agreementMethod - the AgreementMethod element

keyWrappingJcaAlgorithmId - the JCA algorithm ID for the key wrapping method

keyWrappingKeySize - the key size for the key wrapping algorithm

Returns:

the key agreement key

Throws:

SecurityException - for error during the process

getNamedCurve

public static NamedCurve getNamedCurve(ECPublicKey publicKey)

Given a EC public key its named curve is returned.

Parameters:

publicKey - the public key

Returns:

the named curve, or null if the curve is not supported