DataUnsealer (End-To-End Encryption - Crypto

```
public interface DataUnsealer
```
A DataUnsealer is a thread safe object that can unseal data protected according to the eHealth end-to-end encryption specifications.
A DataUnsealer has a strong association with an reader, because it decrypts data with the private decryption keys of the reader. Consequently a DataUnsealer must be created for each reader. Use the DataUnsealerBuilder to create DataUnsealers. Once the DataUnsealer is created, it can be used for several messages. It can be used simultaneously by multiple threads.

To unseal the data, you need
1. the dataToUnseal
2. the Key Encryption Key, if the message was sealed with a SecretKey
3. One or more SigningCredentials, if you want to verify that the message was signed with one of the given credentials
The result of an unseal operation of the DataUnsealer is a UnsealResult containing error codes and the unsealed data.
The dataToUnseal can be a byte[] or an InputStream. Use the byte[] for small messages that can be loaded in memory in one take. Use the InputStream for bigger messages.
See Also:

DataUnsealerBuilder, UnsealedData

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`java.lang.String`	`getKekID(byte[] sealedData)` Gets the base 64 encode KEK id in the sealed data.
`java.lang.String`	`getSubjectKeyIdentifier(byte[] sealedData)` Gets the base 64 encoded SubjectKeyIdentifier of the signer's key in the signed data.
`CryptoResult<UnsealedData>`	`unseal(byte[] data)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.
`CryptoResult<UnsealedData>`	`unseal(byte[] data, javax.crypto.SecretKey kek)` Unseals the data using the given Key Encryption Key.
`CryptoResult<UnsealedData>`	`unseal(byte[] data, javax.crypto.SecretKey kek, SigningCredential... signers)` Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).
`CryptoResult<UnsealedData>`	`unseal(byte[] data, SigningCredential... signers)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s).
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData, javax.crypto.SecretKey kek)` Unseals the data using the given Key Encryption Key.
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData, javax.crypto.SecretKey kek, SigningCredential... signers)` Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).
`CryptoResult<UnsealedData>`	`unseal(java.io.InputStream sealedData, java.io.OutputStream unsealedData, SigningCredential... signers)` Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s).

- Method Detail
  - unseal
```
CryptoResult<UnsealedData> unseal(byte[] data)
```
    Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created.
    
    Parameters:
    
    data - - the sealed message
    
    Returns:
    
    the result of the unseal operation, containing error codes and the unsealed data.
  - unseal
```
CryptoResult<UnsealedData> unseal(byte[] data,
                                  SigningCredential... signers)
```
    Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s).
    
    Parameters:
    
    data - - the sealed message
    
    signers - - credential(s) of expected signer
    
    Returns:
    
    the result of the unseal operation, containing error codes and the unsealed data.
  - unseal
```
CryptoResult<UnsealedData> unseal(byte[] data,
                                  javax.crypto.SecretKey kek)
```
    Unseals the data using the given Key Encryption Key.
    
    Parameters:
    
    data - - the sealed message
    
    kek - - the Key Encryption Key by which the data can get decrypted.
    
    Returns:
    
    the result of the unseal operation, containing error codes and the unsealed data.
  - unseal
```
CryptoResult<UnsealedData> unseal(byte[] data,
                                  javax.crypto.SecretKey kek,
                                  SigningCredential... signers)
```
    Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).
    
    Parameters:
    
    data - - the sealed message
    
    kek - - the Key Encryption Key by which the data can get decrypted.
    
    signers - - credential(s) of expected signer
    
    Returns:
    
    the result of the unseal operation, containing error codes and the unsealed data.
  - unseal
```
CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData)
```
    Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created. The unsealed data is written to the given output stream. The output stream is closed afterwards by the DataUnsealer.
    
    Parameters:
    
    sealedData - - the sealed message
    
    unsealedData - - the unsealed data is written to this OutputStream
    
    Returns:
    
    the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.
  - unseal
```
CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData,
                                  SigningCredential... signers)
```
    Unseals the data using the private keys that were provided to the DataUnsealerFactory when this DataUnsealer was created and validate the signature using the given signer credential(s). The unsealed data is written to the given output stream. The output stream is closed afterwards by the DataUnsealer.
    
    Parameters:
    
    sealedData - - the sealed message
    
    unsealedData - - the unsealed data is written to this OutputStream
    
    signers - - credential(s) of expected signer
    
    Returns:
    
    the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.
  - unseal
```
CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData,
                                  javax.crypto.SecretKey kek)
```
    Unseals the data using the given Key Encryption Key.
    
    Parameters:
    
    sealedData - - the sealed message
    
    unsealedData - - the unsealed data is written to this OutputStream
    
    kek - - the Key Encryption Key by which the data can get decrypted.
    
    Returns:
    
    the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.
  - unseal
```
CryptoResult<UnsealedData> unseal(java.io.InputStream sealedData,
                                  java.io.OutputStream unsealedData,
                                  javax.crypto.SecretKey kek,
                                  SigningCredential... signers)
```
    Unseals the data using the given Key Encryption Key and validate the signature using the given signer credential(s).
    
    Parameters:
    
    sealedData - - the sealed message
    
    unsealedData - - the unsealed data is written to this OutputStream
    
    kek - - the Key Encryption Key by which the data can get decrypted.
    
    signers - - credential(s) of expected signer
    
    Returns:
    
    the result of the unseal operation, containing possible error codes but NO unsealed data as it was written to the given outputstream.
  - getKekID
```
java.lang.String getKekID(byte[] sealedData)
```
    Gets the base 64 encode KEK id in the sealed data.
    
    Parameters:
    
    sealedData - - the sealed message
    
    Returns:
    
    base 64 encode KEK id in the sealed data.
    
    Throws:
    
    java.lang.RuntimeException - if the sealed data is not conform the eHealth ETEE spec (SignedData/EnvelopedData/SignedData, EnvelopedData with 0 or 1 KEKRecipientInfos).
  - getSubjectKeyIdentifier
```
java.lang.String getSubjectKeyIdentifier(byte[] sealedData)
```
    Gets the base 64 encoded SubjectKeyIdentifier of the signer's key in the signed data.
    
    Parameters:
    
    sealedData - - the sealed message
    
    Returns:
    
    base 64 encoded SubjectKeyIdentifier in the sealed data.
    
    Throws:
    
    java.lang.RuntimeException - if the sealed data is not conform the eHealth ETEE spec (SignedData/EnvelopedData/SignedData).

Interface DataUnsealer

Method Summary

Method Detail

unseal

unseal

unseal

unseal

unseal

unseal

unseal

unseal

getKekID

getSubjectKeyIdentifier