The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode .

If the certificate is of type X.509 and has a key usage extension field marked as critical, and the value of the key usage extension field implies that the public key in the certificate and its corresponding private key are not supposed to be used for the operation represented by the value of opmode , an InvalidKeyException is thrown.

If this cipher requires any algorithm parameters that cannot be derived from the public key in the given certificate , the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidKeyException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using getParameters or getIV (if the parameter is an IV).

If this cipher requires algorithm parameters that cannot be derived from the input parameters, and there are no reasonable provider-specific default values, initialization will necessarily fail.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random .

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing

Parameters:

opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE , DECRYPT_MODE , WRAP_MODE or UNWRAP_MODE )

certificate - the certificate

random - the source of randomness

Throws:

InvalidKeyException - if the public key in the given certificate is inappropriate for initializing this cipher, or this cipher requires algorithm parameters that cannot be determined from the public key in the given certificate, or the keysize of the public key in the given certificate has a keysize that exceeds the maximum allowable keysize (as determined by the configured jurisdiction policy files).

update

public final byte[] update(byte[] input)

Parameters:

input - the input buffer

Returns:

the new buffer with the result, or null if the underlying cipher is a block cipher and the input data is too short to result in a new block.

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

Returns:

the new buffer with the result, or null if the underlying cipher is a block cipher and the input data is too short to result in a new block.

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

output - the buffer for the result

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

ShortBufferException - if the given output buffer is too small to hold the result

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

output - the buffer for the result

outputOffset - the offset in output where the result is stored

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

ShortBufferException - if the given output buffer is too small to hold the result

public final int update(ByteBuffer input,
         ByteBuffer output)
                 throws ShortBufferException

Parameters:

input - the input ByteBuffer

output - the output ByteByffer

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalArgumentException - if input and output are the same object

ReadOnlyBufferException - if the output buffer is read-only

ShortBufferException - if there is insufficient space in the output buffer

Since:

throws IllegalBlockSizeException , BadPaddingException

Finishes a multiple-part encryption or decryption operation, depending on how this cipher was initialized.

Input data that may have been buffered during a previous update operation is processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in a new buffer.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init . That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init ) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Returns:

the new buffer with the result

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

public final int doFinal(byte[] output,
          int outputOffset)
                  throws IllegalBlockSizeException,
                         ShortBufferException,
                         BadPaddingException

Finishes a multiple-part encryption or decryption operation, depending on how this cipher was initialized.

Input data that may have been buffered during a previous update operation is processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init . That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init ) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Parameters:

output - the buffer for the result

outputOffset - the offset in output where the result is stored

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

ShortBufferException - if the given output buffer is too small to hold the result

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

public final byte[] doFinal(byte[] input)
                     throws IllegalBlockSizeException,
                            BadPaddingException

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The bytes in the input buffer, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in a new buffer.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init . That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init ) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Parameters:

input - the input buffer

Returns:

the new buffer with the result

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

throws IllegalBlockSizeException , BadPaddingException

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in a new buffer.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init . That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init ) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

Returns:

the new buffer with the result

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

IllegalBlockSizeException , BadPaddingException

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in the output buffer.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init . That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init ) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer.

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

output - the buffer for the result

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

ShortBufferException - if the given output buffer is too small to hold the result

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

IllegalBlockSizeException , BadPaddingException

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init . That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init ) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer.

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

output - the buffer for the result

outputOffset - the offset in output where the result is stored

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

ShortBufferException - if the given output buffer is too small to hold the result

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

public final int doFinal(ByteBuffer input,
          ByteBuffer output)
                  throws ShortBufferException,
                         IllegalBlockSizeException,
                         BadPaddingException

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

All input.remaining() bytes starting at input.position() are processed. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in the output buffer. Upon return, the input buffer's position will be equal to its limit; its limit will not have changed. The output buffer's position will have advanced by n, where n is the value returned by this method; the output buffer's limit will not have changed.

If output.remaining() bytes are insufficient to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

Upon finishing, this method resets this cipher object to the state it was in when previously initialized via a call to init . That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init ) more data.

Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.

Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer.

Parameters:

input - the input ByteBuffer

output - the output ByteBuffer

Returns:

the number of bytes stored in output

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

IllegalArgumentException - if input and output are the same object

ReadOnlyBufferException - if the output buffer is read-only

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

ShortBufferException - if there is insufficient space in the output buffer

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

Since:

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized).

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.

InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software-only cipher).

public final Key unwrap(byte[] wrappedKey,
         String wrappedKeyAlgorithm,
         int wrappedKeyType)
                 throws InvalidKeyException,
                        NoSuchAlgorithmException

Unwrap a previously wrapped key.

Parameters:

wrappedKey - the key to be unwrapped.

wrappedKeyAlgorithm - the algorithm associated with the wrapped key.

wrappedKeyType - the type of the wrapped key. This must be one of SECRET_KEY , PRIVATE_KEY , or PUBLIC_KEY .

Returns:

the unwrapped key.

Throws:

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized).

NoSuchAlgorithmException - if no installed providers can create keys of type wrappedKeyType for the wrappedKeyAlgorithm .

InvalidKeyException - if wrappedKey does not represent a wrapped key of type wrappedKeyType for the wrappedKeyAlgorithm .

getMaxAllowedKeyLength

public static final int getMaxAllowedKeyLength(String transformation)
                                        throws NoSuchAlgorithmException

Returns the maximum key length for the specified transformation according to the installed JCE jurisdiction policy files. If JCE unlimited strength jurisdiction policy files are installed, Integer.MAX_VALUE will be returned. For more information on default key size in JCE jurisdiction policy files, please see Appendix E in the Java Cryptography Architecture Reference Guide.

Parameters:

transformation - the cipher transformation.

Returns:

the maximum key length in bits or Integer.MAX_VALUE.

Throws:

NullPointerException - if transformation is null.

NoSuchAlgorithmException - if transformation is not a valid transformation, i.e. in the form of "algorithm" or "algorithm/mode/padding".

Since:

getMaxAllowedParameterSpec

public static final AlgorithmParameterSpec getMaxAllowedParameterSpec(String transformation)
                                                               throws NoSuchAlgorithmException

Returns an AlgorithmParameterSpec object which contains the maximum cipher parameter value according to the jurisdiction policy file. If JCE unlimited strength jurisdiction policy files are installed or there is no maximum limit on the parameters for the specified transformation in the policy file, null will be returned.

Parameters:

transformation - the cipher transformation.

Returns:

an AlgorithmParameterSpec which holds the maximum value or null.

Throws:

NullPointerException - if transformation is null.

NoSuchAlgorithmException - if transformation is not a valid transformation, i.e. in the form of "algorithm" or "algorithm/mode/padding".

Since:

updateAAD

public final void updateAAD(byte[] src)

Continues a multi-part update of the Additional Authentication Data (AAD). Calls to this method provide AAD to the cipher when operating in modes such as AEAD (GCM/CCM). If this cipher is operating in either GCM or CCM mode, all AAD must be supplied before beginning operations on the ciphertext (via the update and doFinal methods).

Parameters:

src - the buffer containing the Additional Authentication Data

Throws:

IllegalArgumentException - if the src byte array is null

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized), does not accept AAD, or if operating in either GCM or CCM mode and one of the update methods has already been called for the active encryption/decryption operation

UnsupportedOperationException - if the corresponding method in the CipherSpi has not been overridden by an implementation

Since:

int len)

Continues a multi-part update of the Additional Authentication Data (AAD), using a subset of the provided buffer. Calls to this method provide AAD to the cipher when operating in modes such as AEAD (GCM/CCM). If this cipher is operating in either GCM or CCM mode, all AAD must be supplied before beginning operations on the ciphertext (via the update and doFinal methods).

Parameters:

src - the buffer containing the AAD

offset - the offset in src where the AAD input starts

len - the number of AAD bytes

Throws:

IllegalArgumentException - if the src byte array is null, or the offset or length is less than 0, or the sum of the offset and len is greater than the length of the src byte array

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized), does not accept AAD, or if operating in either GCM or CCM mode and one of the update methods has already been called for the active encryption/decryption operation

UnsupportedOperationException - if the corresponding method in the CipherSpi has not been overridden by an implementation

Since:

updateAAD

public final void updateAAD(ByteBuffer src)

Continues a multi-part update of the Additional Authentication Data (AAD). Calls to this method provide AAD to the cipher when operating in modes such as AEAD (GCM/CCM). If this cipher is operating in either GCM or CCM mode, all AAD must be supplied before beginning operations on the ciphertext (via the update and doFinal methods). All src.remaining() bytes starting at src.position() are processed. Upon return, the input buffer's position will be equal to its limit; its limit will not have changed.

Parameters:

src - the buffer containing the AAD

Throws:

IllegalArgumentException - if the src ByteBuffer is null

IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized), does not accept AAD, or if operating in either GCM or CCM mode and one of the update methods has already been called for the active encryption/decryption operation

UnsupportedOperationException - if the corresponding method in the CipherSpi has not been overridden by an implementation

Since: