/** * Generates a random 128 bit (16 byte) Initialisation Vector(IV) for * use in AES-CBC encryption. * * @param randomGen The secure random generator to use. Must be * correctly initialised and not {@code null}. * * @return The random 128 bit IV, as 16 byte array. */ public static byte[] generateIV(final SecureRandom randomGen) { byte[] bytes = new byte[ByteUtils.byteLength(IV_BIT_LENGTH)]; randomGen.nextBytes(bytes); return bytes; }
/** * Generates a Content Encryption Key (CEK) for the specified JOSE * encryption method. * * @param enc The encryption method. Must not be {@code null}. * @param randomGen The secure random generator to use. Must not be * {@code null}. * * @return The generated CEK (with algorithm "AES"). * * @throws JOSEException If the encryption method is not supported. */ public static SecretKey generateCEK(final EncryptionMethod enc, final SecureRandom randomGen) throws JOSEException { if (! SUPPORTED_ENCRYPTION_METHODS.contains(enc)) { throw new JOSEException(AlgorithmSupportMessage.unsupportedEncryptionMethod(enc, SUPPORTED_ENCRYPTION_METHODS)); } final byte[] cekMaterial = new byte[ByteUtils.byteLength(enc.cekBitLength())]; randomGen.nextBytes(cekMaterial); return new SecretKeySpec(cekMaterial, "AES"); }
final int keyLengthBytes = ByteUtils.byteLength(keyLengthBits);
final int tagPos = cipherOutput.length - ByteUtils.byteLength(AUTH_TAG_BIT_LENGTH); byte[] authTag = ByteUtils.subArray(cipherOutput, tagPos, ByteUtils.byteLength(AUTH_TAG_BIT_LENGTH));
@Override public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException { final int minRequiredLength = getMinRequiredSecretLength(header.getAlgorithm()); if (getSecret().length < ByteUtils.byteLength(minRequiredLength)) { throw new KeyLengthException("The secret length for " + header.getAlgorithm() + " must be at least " + minRequiredLength + " bits"); } String jcaAlg = getJCAAlgorithmName(header.getAlgorithm()); byte[] hmac = HMAC.compute(jcaAlg, getSecret(), signingInput, getJCAContext().getProvider()); return Base64URL.encode(hmac); } }