Class LegacyKmsEnvelopeAeadKey
- java.lang.Object
-
- com.google.crypto.tink.Key
-
- com.google.crypto.tink.aead.AeadKey
-
- com.google.crypto.tink.aead.LegacyKmsEnvelopeAeadKey
-
public final class LegacyKmsEnvelopeAeadKey extends AeadKey
Describes an EnvelopeAead backed by a KMS.Usage of this key type is not recommended. Instead, we recommend to implement the idea of this class manually:
- Create an remote
Aeadobject for your KMS with an appropriate Tink extension (typically using a subclass ofKmsClient). - Create an envelope AEAD with
KmsEnvelopeAead.create(com.google.crypto.tink.aead.AeadParameters, com.google.crypto.tink.Aead).
LegacyKmsEnvelopeParametersfor known issues. - Create an remote
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static LegacyKmsEnvelopeAeadKeycreate(LegacyKmsEnvelopeAeadParameters parameters)static LegacyKmsEnvelopeAeadKeycreate(LegacyKmsEnvelopeAeadParameters parameters, java.lang.Integer idRequirement)booleanequalsKey(Key o)Returns true if the key is guaranteed to be equal toother.java.lang.IntegergetIdRequirementOrNull()Returns null if this key has no id requirement, otherwise the required id.BytesgetOutputPrefix()Returns aBytesinstance which is prefixed to the ciphertext.LegacyKmsEnvelopeAeadParametersgetParameters()Returns the parameters of this key.
-
-
-
Method Detail
-
create
public static LegacyKmsEnvelopeAeadKey create(LegacyKmsEnvelopeAeadParameters parameters, @Nullable java.lang.Integer idRequirement) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
create
public static LegacyKmsEnvelopeAeadKey create(LegacyKmsEnvelopeAeadParameters parameters) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
getOutputPrefix
public Bytes getOutputPrefix()
Description copied from class:AeadKeyReturns aBytesinstance which is prefixed to the ciphertext.In order to make key rotation more efficient, Tink allows every Aead key to be prefixed with a sequence of bytes. When decrypting data, only keys with matching prefix have to be tried.
Note that a priori, the output prefix may not be unique in a keyset (i.e., different keys in a keyset may have the same prefix or, one prefix may be a prefix of the other). To avoid this, built in Tink keys use the convention that the prefix is either '0x00' or '0x01'. See the Tink keys for details.
- Specified by:
getOutputPrefixin classAeadKey
-
getParameters
public LegacyKmsEnvelopeAeadParameters getParameters()
Description copied from class:AeadKeyReturns the parameters of this key.- Specified by:
getParametersin classAeadKey
-
getIdRequirementOrNull
public java.lang.Integer getIdRequirementOrNull()
Description copied from class:KeyReturns null if this key has no id requirement, otherwise the required id.Some keys, when they are in a keyset, are required to have a certain ID to work properly. This comes from the fact that Tink in some cases prefixes ciphertexts or signatures with the string
0x01<id>, where the ID is encoded in big endian (see the documentation of the key type for details), in which case the key requires a certain ID.- Specified by:
getIdRequirementOrNullin classKey
-
equalsKey
public boolean equalsKey(Key o)
Description copied from class:KeyReturns true if the key is guaranteed to be equal toother.Implementations are required to do this in constant time.
Note: this is allowed to return false even if two keys are guaranteed to represent the same function, but are represented differently. For example, a key is allowed to internally store the number of zero-bytes used as padding when a large number is represented as a byte array, and use this in the comparison.
Note: Tink
Keyobjects should typically not overridehashCode(because it could risk leaking key material). Hence, they typically also should not overrideequals.
-
-