com.google.crypto.tink.KeyWrap Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of tink Show documentation
Show all versions of tink Show documentation
Tink is a small cryptographic library that provides a safe, simple, agile and fast way to accomplish some common cryptographic tasks.
// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
package com.google.crypto.tink;
import java.security.GeneralSecurityException;
/**
* Interface for symmetric Key wrapping. A key wrap algorithm is a primitive specifically meant for
* encrypting key material. Primitives implementing the interface may either be deterministic or
* non-deterministic.
*
* The interface is somewhat limited. It does not allow additional data during key wrapping. The
* security guarantees are not including a multi user setting. The reason for these limitations is
* that it allows to include KWP, with the plan to allow rotation to other algorithms.
*
*
Requirements
*
* Primitives implementing use key sizes of 128-bits or higher. Key wrapping includes an integrity
* check. The minimal strength of the integrity check is about 64 bits. In particular, the minimal
* key strength allows KWP to be included.
*
* Key size of the wrapped key.
*
* Valid key sizes are in the range 16 .. 4096 bytes. The lower bound assures a low probability of
* key collisions, and hence allows deterministic key wrappings to be used.
*/
public interface KeyWrap {
/**
* Wraps some key material {@code data}.
*
* @param data the key to wrap.
* @return the wrapped key
*/
byte[] wrap(final byte[] data) throws GeneralSecurityException;
/**
* Unwraps a wrapped key.
*
* @throws GeneralSecurityException if {@code data} fails the integrity check.
*/
byte[] unwrap(final byte[] data) throws GeneralSecurityException;
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy