Interface CryptoService

All Known Implementing Classes:

CryptoServiceImpl

public interface CryptoService

High-level encryption / decryption / re-encryption contract.

Implementations are stateless and therefore thread-safe.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CryptoService.DecryptBytesHolder	Bundles the plaintext bytes and the metadata returned by the decrypt API.

Method Summary

Modifier and Type	Method	Description
CryptoService.DecryptBytesHolder	decryptBytes(String ciphertextJwe)	Decrypts a textual Compact JWE that is already in memory.
DecryptResultMetadata	decryptFile(Path input, Path output)
DecryptResultMetadata	decryptFileStream(Path input, Path output)
EncryptResult	encryptBytes(String kid, byte[] plaintext)	Encrypts raw bytes with the public key identified by kid.
EncryptResult	encryptFile(String kid, Path input, Path output)
EncryptResult	encryptFileStream(String kid, Path input, Path output)
ReencryptResult	reencryptBytes(String newKid, String jweCiphertext)	Re-encrypts (rotates) an existing Compact JWE that is in memory so it becomes protected by newKid.
ReencryptResult	reencryptFile(String newKid, Path input, Path output)
ReencryptResult	reencryptFileStream(String newKid, String sourceKidOverride, Path input, Path output)

Method Details

encryptFile

EncryptResult encryptFile(String kid,
 Path input,
 Path output)
                   throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

decryptFile

DecryptResultMetadata decryptFile(Path input,
 Path output)
                           throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

reencryptFile

ReencryptResult reencryptFile(String newKid,
 Path input,
 Path output)
                       throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

encryptFileStream

EncryptResult encryptFileStream(String kid,
 Path input,
 Path output)
                         throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

decryptFileStream

DecryptResultMetadata decryptFileStream(Path input,
 Path output)
                                 throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

reencryptFileStream

ReencryptResult reencryptFileStream(String newKid,
 String sourceKidOverride,
 Path input,
 Path output)
                             throws AnkaSecureSdkException

Throws:

AnkaSecureSdkException

encryptBytes

EncryptResult encryptBytes(String kid,
 byte[] plaintext)
                    throws AnkaSecureSdkException

Encrypts raw bytes with the public key identified by kid.

Parameters:

kid - key ID in the platform (must not be null)

plaintext - data to protect (must not be null)

Returns:

EncryptResult exposing the Compact JWE token and metadata

Throws:

AnkaSecureSdkException - on validation or remote failure

decryptBytes

CryptoService.DecryptBytesHolder decryptBytes(String ciphertextJwe)
                                       throws AnkaSecureSdkException

Decrypts a textual Compact JWE that is already in memory.

Parameters:

ciphertextJwe - textual Compact JWE (UTF-8, not Base64 wrapped)

Returns:

CryptoService.DecryptBytesHolder containing plaintext and metadata

Throws:

AnkaSecureSdkException - on validation or remote failure

reencryptBytes

ReencryptResult reencryptBytes(String newKid,
 String jweCiphertext)
                        throws AnkaSecureSdkException

Re-encrypts (rotates) an existing Compact JWE that is in memory so it becomes protected by newKid.

Parameters:

newKid - key that must protect the data after rotation

jweCiphertext - current Compact JWE (text form)

Returns:

metadata for old/new keys plus the refreshed JWE token

Throws:

AnkaSecureSdkException - on validation or remote failure