Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

be.fgov.ehealth.etee.crypto.decrypt
Interface DataUnsealer

public interface DataUnsealer

A DataUnsealer is a thread safe object that can unseal data protected according to the eHealth end-to-end encryption specifications.

A DataUnsealer has a strong association with an reader, because it decrypts data with the private decryption keys of the reader. Consequently a DataUnsealer must be created for each reader. Use the DataUnsealerBuilder to create DataUnsealers. Once the DataUnsealer is created, it can be used for several messages. It can be used simultaniously by multiple threads.

To unseal the data, you need

  1. the dataToUnseal
  2. the Key Encryption Key, if the message was sealed with a SecretKey

The result of an unseal operation of the DataUnsealer is a UnsealResult containing error codes and the unsealed data.

The dataToUnseal can be a byte[] or an InputStream. Use the byte[] for small messages that can be loaded in memory in one take. Use the InputStream for bigger messages.

See Also:
DataUnsealerBuilder, UnsealedData

Method Summary
 java.lang.String getKekID(byte[] sealedData)
          Gets the base 64 encode KEK id in the sealed data.
 CryptoResult<UnsealedData> unseal(byte[] data)
          Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.
 CryptoResult<UnsealedData> unseal(byte[] data, javax.crypto.SecretKey kek)
          Unseals the data using the given Key Encryption Key.
 CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData)
          Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.
 CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData, javax.crypto.SecretKey kek)
          Unseals the data using the given Key Encryption Key.
 

Method Detail

unseal

CryptoResult<UnsealedData> unseal(byte[] data)
Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.

Parameters:
data - - the sealed message
Returns:
the result of the unseal operation, containing error codes and the unsealed data.

unseal

CryptoResult<UnsealedData> unseal(byte[] data,
                                  javax.crypto.SecretKey kek)
Unseals the data using the given Key Encryption Key.

Parameters:
data - - the sealed message
kek - - the Key Encryption Key by which the data can get decrypted.
Returns:
the result of the unseal operation, containing error codes and the unsealed data.

unseal

CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData)
Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created. The unsealed data is written to the given output stream. The output stream is closed afterwards by the DataUnsealer.

Parameters:
sealedData - - the sealed message
unsealedData - - the unsealed data is written to this OutputStream
Returns:
the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.

unseal

CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData,
                                  javax.crypto.SecretKey kek)
Unseals the data using the given Key Encryption Key.

Parameters:
sealedData - - the sealed message
unsealedData - - the unsealed data is written to this OutputStream
kek - - the Key Encryption Key by which the data can get decrypted.
Returns:
the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.

getKekID

java.lang.String getKekID(byte[] sealedData)
Gets the base 64 encode KEK id in the sealed data.

Parameters:
sealedData - - the sealed message
Returns:
base 64 encode KEK id in the sealed data.
Throws:
java.lang.RuntimeException - if the sealed data is not conform the eHealth ETEE spec (SignedData/EnvelopedData/SignedData, EnvelopedData with 0 or 1 KEKRecipientInfos).
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2018 eHealth. All Rights Reserved.