Package com.google.crypto.tink.aead

Class ChaCha20Poly1305Key

  • @Immutable
public final class ChaCha20Poly1305Key
extends AeadKey
    Represents the Aead ChaCha20-Poly1305 specified in RFC 8439.

    ChaCha20-Poly1305 allows no parameters; hence the main part here is really just the keys. However, Tink allows prefixing every ciphertext with an ID-dependent prefix, see ChaCha20Poly1305Parameters.Variant.

    • Method Detail

      • getOutputPrefix

        public Bytes getOutputPrefix()
        Description copied from class: AeadKey
        Returns a Bytes instance which is prefixed to the ciphertext.

        In order to make key rotation more efficient, Tink allows every Aead key to be prefixed with a sequence of bytes. When decrypting data, only keys with matching prefix have to be tried.

        Note that a priori, the output prefix may not be unique in a keyset (i.e., different keys in a keyset may have the same prefix or, one prefix may be a prefix of the other). To avoid this, built in Tink keys use the convention that the prefix is either '0x00' or '0x01'. See the Tink keys for details.

        Specified by:
        getOutputPrefix in class AeadKey

      • create

        public static ChaCha20Poly1305Key create​(SecretBytes secretBytes)
                                  throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

      • getIdRequirementOrNull

        @Nullable
public java.lang.Integer getIdRequirementOrNull()
        Description copied from class: Key
        Returns null if this key has no id requirement, otherwise the required id.

        Some keys, when they are in a keyset, are required to have a certain ID to work properly. This comes from the fact that Tink in some cases prefixes ciphertexts or signatures with the string 0x01<id>, where the ID is encoded in big endian (see the documentation of the key type for details), in which case the key requires a certain ID.

        Specified by:
        getIdRequirementOrNull in class Key

      • equalsKey

        public boolean equalsKey​(Key o)
        Description copied from class: Key
        Returns true if the key is guaranteed to be equal to other.

        Implementations are required to do this in constant time.

        Note: this is allowed to return false even if two keys are guaranteed to represent the same function, but are represented differently. For example, a key is allowed to internally store the number of zero-bytes used as padding when a large number is represented as a byte array, and use this in the comparison.

        Note: Tink Key objects should typically not override hashCode (because it could risk leaking key material). Hence, they typically also should not override equals.

        Specified by:
        equalsKey in class Key