public final class XECDHECryptography extends Object implements Destroyable
ECDHECryptography.
A ECDHE key exchange starts with negotiating a curve. The possible curves are
listed at
IANA Transport Layer Security (TLS) Parameters - TLS Supported Groups.
The XECDHECryptography.SupportedGroup reflects that and offer the curve's
Enum.name() (description in the IANA table) or
XECDHECryptography.SupportedGroup.getId() (value in the IANA table). You may refer
directly a member, e.g. XECDHECryptography.SupportedGroup.X25519, or get it by id
XECDHECryptography.SupportedGroup.fromId(int) or by the curve-name
XECDHECryptography.SupportedGroup.valueOf(String).
Once you have a curve negotiated, you create a instance of
XECDHECryptography(SupportedGroup) providing this
curve as parameter. This will also create the ephemeral key-pair for the key
exchange. After each peer creates such a instance (and so different
key-pairs), the "public key" is sent to the other peer. Though the curve is
transfered by it's XECDHECryptography.SupportedGroup.getId() (named curve), the public
key itself is sent just by the getEncodedPoint() and not the ASN.1
encoding (Key.getEncoded()). Each peer converts the received
encoded point of the other peer into a PublicKey and applies that to
KeyAgreement.doPhase(java.security.Key, boolean). Outside of this
class only the encoded point and the XECDHECryptography.SupportedGroup is used to do the
key exchange. Access to the PrivateKey nor PublicKey is
required outside.
SupportedGroup group = SupportedGroup.X25519; // peer 1 XECDHECryptography ecdhe1 = new XECDHECryptography(group); byte[] point1 = ecdhe1.getEncodedPoint(); // send group + encoded point to other peer // peer 2, use received group XECDHECryptography ecdhe2 = new XECDHECryptography(group); byte[] point2 = ecdhe2.getEncodedPoint(); SecretKey secret2 = ecdhe2.generateSecret(point1); // send own encoded point back to first peer // peer 1 SecretKey secret1 = ecdhe1.generateSecret(point2);results in same secrets
secret1 and secret2.| Modifier and Type | Class and Description |
|---|---|
static class |
XECDHECryptography.SupportedGroup
The Supported Groups as defined in the official
IANA Transport Layer Security (TLS) Parameters.
|
| Modifier and Type | Field and Description |
|---|---|
protected static org.slf4j.Logger |
LOGGER |
| Constructor and Description |
|---|
XECDHECryptography(XECDHECryptography.SupportedGroup supportedGroup)
Creates an ephemeral ECDH key pair for a given supported group.
|
| Modifier and Type | Method and Description |
|---|---|
void |
destroy() |
SecretKey |
generateSecret(byte[] encodedPoint)
Generate secret of key exchange.
|
byte[] |
getEncodedPoint()
Get public key as encoded point.
|
XECDHECryptography.SupportedGroup |
getSupportedGroup()
Get the supported group (curve) of this key exchange.
|
boolean |
isDestroyed() |
public XECDHECryptography(XECDHECryptography.SupportedGroup supportedGroup) throws GeneralSecurityException
supportedGroup - a curve as defined in the
IANA Supported Groups RegistryGeneralSecurityException - if the key pair cannot be created from
the given supported group, e.g. because the JRE's crypto
provider doesn't support the grouppublic XECDHECryptography.SupportedGroup getSupportedGroup()
public byte[] getEncodedPoint()
XECDHECryptography.SupportedGroup.getId(), therefore the ASN.1
Key.getEncoded() is not required.public SecretKey generateSecret(byte[] encodedPoint) throws GeneralSecurityException
encodedPoint - the other peer's public key as encoded pointNullPointerException - if encodedPoint is null.GeneralSecurityException - if a crypt error occurred.public void destroy()
destroy in interface Destroyablepublic boolean isDestroyed()
isDestroyed in interface DestroyableCopyright © 2023 Eclipse Foundation. All rights reserved.