encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); encrypters.put(id, encrypter);
/** * Generates a new ephemeral EC key pair with the specified curve. * * @param ecParameterSpec The EC key spec. Must not be {@code null}. * * @return The EC key pair. * * @throws JOSEException If the EC key pair couldn't be generated. */ private KeyPair generateEphemeralKeyPair(final ECParameterSpec ecParameterSpec) throws JOSEException { Provider keProvider = getJCAContext().getKeyEncryptionProvider(); try { KeyPairGenerator generator; if (keProvider != null) { generator = KeyPairGenerator.getInstance("EC", keProvider); } else { generator = KeyPairGenerator.getInstance("EC"); } generator.initialize(ecParameterSpec); return generator.generateKeyPair(); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { throw new JOSEException("Couldn't generate ephemeral EC key pair: " + e.getMessage(), e); } } }
@Override public JWECryptoParts encrypt(final JWEHeader header, final byte[] clearText) throws JOSEException { // Generate ephemeral EC key pair on the same curve as the consumer's public key KeyPair ephemeralKeyPair = generateEphemeralKeyPair(publicKey.getParams()); ECPublicKey ephemeralPublicKey = (ECPublicKey)ephemeralKeyPair.getPublic(); ECPrivateKey ephemeralPrivateKey = (ECPrivateKey)ephemeralKeyPair.getPrivate(); // Add the ephemeral public EC key to the header JWEHeader updatedHeader = new JWEHeader.Builder(header). ephemeralPublicKey(new ECKey.Builder(getCurve(), ephemeralPublicKey).build()). build(); // Derive 'Z' SecretKey Z = ECDH.deriveSharedSecret( publicKey, ephemeralPrivateKey, getJCAContext().getKeyEncryptionProvider()); return encryptWithZ(updatedHeader, Z, clearText, contentEncryptionKey); }