Package com.google.crypto.tink.hybrid.internal

Class HpkeHelperForAndroidKeystore

java.lang.Object

com.google.crypto.tink.hybrid.internal.HpkeHelperForAndroidKeystore

public final class HpkeHelperForAndroidKeystore
extends java.lang.Object

A class with functions helping for HPKE implementations based on Android Keystore.

It is currently possible (starting with Android 31) to store ECDH P256 keys in AndroidKeystore, and do the DH key exchange part of HPKE on Android Keystore, without the key ever leaving Android Keystore.

The goal of this class is to do as much as possible to help this. Hence, it does all of HPKE except the initial DH key agreement.

Method Summary

Modifier and Type	Method	Description
static HpkeHelperForAndroidKeystore	create(HpkePublicKey receiverPublicKey)	Creates a new HpkeHelperForAndroidKeystore object.
byte[]	decryptUnauthenticatedWithEncapsulatedKeyAndP256SharedSecret(byte[] encapsulatedKey, byte[] dhSharedSecret, byte[] ciphertext, int ciphertextOffset, byte[] contextInfo)	Decrypts a ciphertext.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

create

public static HpkeHelperForAndroidKeystore create(HpkePublicKey receiverPublicKey)
                                           throws java.security.GeneralSecurityException

Creates a new HpkeHelperForAndroidKeystore object.

The public key provided is the one corresponding to the private key which is typically stored in Android Keystore. In other words, this class is only useful if the caller can somehow do the Diffie-Hellman key exchange with the private key corresponding to the public key provided here.

Throws:

java.security.GeneralSecurityException

decryptUnauthenticatedWithEncapsulatedKeyAndP256SharedSecret

public byte[] decryptUnauthenticatedWithEncapsulatedKeyAndP256SharedSecret(byte[] encapsulatedKey,
                                                                           byte[] dhSharedSecret,
                                                                           byte[] ciphertext,
                                                                           int ciphertextOffset,
                                                                           byte[] contextInfo)
                                                                    throws java.security.GeneralSecurityException

Decrypts a ciphertext.

The ciphertext must have been encrypted with the public key used to create this helper object. The encapsulated key must be in encapsulatedKey. The dhSharedSecret must be the shared secret computed from the private key and the encapsulated key.

Throws:

java.security.GeneralSecurityException