Interface CryptoService

All Known Implementing Classes:

CryptoServiceImpl

public interface CryptoService

High-level encryption / decryption / re-encryption contract.

Implementations are stateless and therefore thread-safe.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CryptoService.DecryptBytesHolder	Bundles the plaintext bytes and the metadata returned by the decrypt API.

Method Summary

Modifier and Type	Method	Description
CryptoService.DecryptBytesHolder	decryptBytes(String ciphertextJwe)	Decrypts a textual Compact JWE that is already in memory.
DecryptFileResult	decryptFile(Path input, Path output)
DecryptFileResult	decryptFileStream(Path input, Path output)
EncryptFileResult	encryptBytes(String kid, byte[] plaintext)	Encrypts raw bytes with the public key identified by kid.
EncryptFileResult	encryptFile(String kid, Path input, Path output)
EncryptFileResult	encryptFileStream(String kid, Path input, Path output)
ReencryptFileResult	reencryptBytes(String newKid, String jweCiphertext)	Re-encrypts (rotates) an existing Compact JWE that is in memory so it becomes protected by newKid.
ReencryptFileResult	reencryptFile(String newKid, Path input, Path output)
ReencryptFileResult	reencryptFileStream(String newKid, Path input, Path output)

Method Details

encryptFile

EncryptFileResult encryptFile(String kid,
 Path input,
 Path output)
                       throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

decryptFile

DecryptFileResult decryptFile(Path input,
 Path output)
                       throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

reencryptFile

ReencryptFileResult reencryptFile(String newKid,
 Path input,
 Path output)
                           throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

encryptFileStream

EncryptFileResult encryptFileStream(String kid,
 Path input,
 Path output)
                             throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

decryptFileStream

DecryptFileResult decryptFileStream(Path input,
 Path output)
                             throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

reencryptFileStream

ReencryptFileResult reencryptFileStream(String newKid,
 Path input,
 Path output)
                                 throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

encryptBytes

EncryptFileResult encryptBytes(String kid,
 byte[] plaintext)
                        throws AnkaSecureSdkException

Encrypts raw bytes with the public key identified by kid.

Parameters:

kid - key ID in the platform (must not be null)

plaintext - data to protect (must not be null)

Returns:

EncryptFileResult exposing the Compact JWE token and metadata

Throws:

AnkaSecureSdkException - on validation or remote failure

decryptBytes

CryptoService.DecryptBytesHolder decryptBytes(String ciphertextJwe)
                                       throws AnkaSecureSdkException

Decrypts a textual Compact JWE that is already in memory.

Parameters:

ciphertextJwe - textual Compact JWE (UTF-8, not Base64 wrapped)

Returns:

CryptoService.DecryptBytesHolder containing plaintext and metadata

Throws:

AnkaSecureSdkException - on validation or remote failure

reencryptBytes

ReencryptFileResult reencryptBytes(String newKid,
 String jweCiphertext)
                            throws AnkaSecureSdkException

Re-encrypts (rotates) an existing Compact JWE that is in memory so it becomes protected by newKid.

Parameters:

newKid - key that must protect the data after rotation

jweCiphertext - current Compact JWE (text form)

Returns:

metadata for old/new keys plus the refreshed JWE token

Throws:

AnkaSecureSdkException - on validation or remote failure