DataUnsealer (End-To-End Encryption - Crypto

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

be.fgov.ehealth.etee.crypto.decrypt
Interface DataUnsealer

public interface DataUnsealer

A DataUnsealer is a thread safe object that can unseal data protected according to the eHealth end-to-end encryption specifications.

A DataUnsealer has a strong association with an reader, because it decrypts data with the private decryption keys of the reader. Consequently a DataUnsealer must be created for each reader. Use the DataUnsealerBuilder to create DataUnsealers. Once the DataUnsealer is created, it can be used for several messages. It can be used simultaniously by multiple threads.

To unseal the data, you need

the dataToUnseal
the Key Encryption Key, if the message was sealed with a SecretKey
One or more SigningCredentials, if you want to verify that the message was signed with one of the given credentials

The result of an unseal operation of the DataUnsealer is a UnsealResult containing error codes and the unsealed data.

The dataToUnseal can be a byte[] or an InputStream. Use the byte[] for small messages that can be loaded in memory in one take. Use the InputStream for bigger messages.

See Also:: DataUnsealerBuilder, UnsealedData

Method Summary
`java.lang.String`	`getKekID(byte[] sealedData)` Gets the base 64 encode KEK id in the sealed data.
`java.lang.String`	`getSubjectKeyIdentifier(byte[] sealedData)` Gets the base 64 encoded SubjectKeyIdentifier of the signer's key in the signed data.
`CryptoResult<UnsealedData>`	`unseal(byte[] data)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.
`CryptoResult<UnsealedData>`	`unseal(byte[] data, javax.crypto.SecretKey kek)` Unseals the data using the given Key Encryption Key.
`CryptoResult<UnsealedData>`	`unseal(byte[] data, javax.crypto.SecretKey kek, SigningCredential... signers)` Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).
`CryptoResult<UnsealedData>`	`unseal(byte[] data, SigningCredential... signers)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s).
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData, javax.crypto.SecretKey kek)` Unseals the data using the given Key Encryption Key.
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData, javax.crypto.SecretKey kek, SigningCredential... signers)` Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData, SigningCredential... signers)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s).

Method Detail

unseal

CryptoResult<UnsealedData> unseal(byte[] data)

Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.

Parameters:: data - - the sealed message
Returns:: the result of the unseal operation, containing error codes and the unsealed data.

unseal

CryptoResult<UnsealedData> unseal(byte[] data,
                                  SigningCredential... signers)

Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s).

Parameters:: data - - the sealed message; signers - - credential(s) of expected signer
Returns:: the result of the unseal operation, containing error codes and the unsealed data.

unseal

CryptoResult<UnsealedData> unseal(byte[] data,
                                  javax.crypto.SecretKey kek)

Unseals the data using the given Key Encryption Key.

Parameters:: data - - the sealed message; kek - - the Key Encryption Key by which the data can get decrypted.
Returns:: the result of the unseal operation, containing error codes and the unsealed data.

unseal

CryptoResult<UnsealedData> unseal(byte[] data,
                                  javax.crypto.SecretKey kek,
                                  SigningCredential... signers)

Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).

Parameters:: data - - the sealed message; kek - - the Key Encryption Key by which the data can get decrypted.; signers - - credential(s) of expected signer
Returns:: the result of the unseal operation, containing error codes and the unsealed data.

unseal

CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData)

Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created. The unsealed data is written to the given output stream. The output stream is closed afterwards by the DataUnsealer.

Parameters:: sealedData - - the sealed message; unsealedData - - the unsealed data is written to this OutputStream
Returns:: the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.

unseal

CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData,
                                  SigningCredential... signers)

Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s). The unsealed data is written to the given output stream. The output stream is closed afterwards by the DataUnsealer.

Parameters:: sealedData - - the sealed message; unsealedData - - the unsealed data is written to this OutputStream; signers - - credential(s) of expected signer
Returns:: the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.

unseal

CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData,
                                  javax.crypto.SecretKey kek)

Unseals the data using the given Key Encryption Key.

Parameters:: sealedData - - the sealed message; unsealedData - - the unsealed data is written to this OutputStream; kek - - the Key Encryption Key by which the data can get decrypted.
Returns:: the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.

unseal

CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData,
                                  javax.crypto.SecretKey kek,
                                  SigningCredential... signers)

Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).

Parameters:: sealedData - - the sealed message; unsealedData - - the unsealed data is written to this OutputStream; kek - - the Key Encryption Key by which the data can get decrypted.; signers - - credential(s) of expected signer
Returns:: the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.

getKekID

java.lang.String getKekID(byte[] sealedData)

Gets the base 64 encode KEK id in the sealed data.

Parameters:: sealedData - - the sealed message
Returns:: base 64 encode KEK id in the sealed data.
Throws:: java.lang.RuntimeException - if the sealed data is not conform the eHealth ETEE spec (SignedData/EnvelopedData/SignedData, EnvelopedData with 0 or 1 KEKRecipientInfos).

getSubjectKeyIdentifier

java.lang.String getSubjectKeyIdentifier(byte[] sealedData)

Gets the base 64 encoded SubjectKeyIdentifier of the signer's key in the signed data.

Parameters:: sealedData - - the sealed message
Returns:: base 64 encoded SubjectKeyIdentifier in the sealed data.
Throws:: java.lang.RuntimeException - if the sealed data is not conform the eHealth ETEE spec (SignedData/EnvelopedData/SignedData).

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

be.fgov.ehealth.etee.crypto.decrypt Interface DataUnsealer

unseal

unseal

unseal

unseal

unseal

unseal

unseal

unseal

getKekID

getSubjectKeyIdentifier

be.fgov.ehealth.etee.crypto.decrypt
Interface DataUnsealer