KEMpublic static final class KEM.Decapsulator extends Object
KEM.newDecapsulator(java.security.PrivateKey) on the KEM receiver side. This class represents the key decapsulation function of a KEM. An invocation of the decapsulate method recovers the secret key from the key encapsulation message.
| Modifier and Type | Method | Description |
|---|---|---|
SecretKey |
decapsulate |
The key decapsulation function. |
SecretKey |
decapsulate |
The key decapsulation function. |
int |
encapsulationSize() |
Returns the size of the key encapsulation message. |
String |
providerName() |
Returns the name of the provider. |
int |
secretSize() |
Returns the size of the shared secret. |
public String providerName()
public SecretKey decapsulate(byte[] encapsulation) throws DecapsulateException
This method is equivalent to decapsulate(encapsulation, 0, secretSize(), "Generic"). This combination of arguments must be supported by every implementation.
The generated secret key is usually passed to a key derivation function (KDF) as the input keying material.
encapsulation - the key encapsulation message from the sender. The size must be equal to the value returned by encapsulationSize(), or a DecapsulateException will be thrown.SecretKey with an algorithm name of "Generic"DecapsulateException - if an error occurs during the decapsulation processNullPointerException - if encapsulation is null
public SecretKey decapsulate(byte[] encapsulation, int from, int to, String algorithm) throws DecapsulateException
An invocation of this method recovers the secret key from the key encapsulation message.
An implementation may choose to not support arbitrary combinations of from, to, and algorithm.
encapsulation - the key encapsulation message from the sender. The size must be equal to the value returned by encapsulationSize(), or a DecapsulateException will be thrown.from - the initial index of the shared secret byte array to be returned, inclusiveto - the final index of the shared secret byte array to be returned, exclusivealgorithm - the algorithm name for the secret key that is returnedSecretKey containing the bytes of the secret ranging from from to to, exclusive, and an algorithm name as specified. For example, decapsulate(encapsulation, secretSize()
- 16, secretSize(), "AES") uses the last 16 bytes of the shared secret as a 128-bit AES key.DecapsulateException - if an error occurs during the decapsulation processIndexOutOfBoundsException - if from < 0, from > to, or to > secretSize()
NullPointerException - if encapsulation or algorithm is null
UnsupportedOperationException - if the combination of from, to, and algorithm is not supported by the decapsulatorpublic int secretSize()
This method can be called to find out the length of the shared secret before decapsulate is called or if the obtained SecretKey is not extractable.
public int encapsulationSize()
This method can be used to extract the encapsulation message from a longer byte array if no length information is provided by a higher level protocol.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/crypto/KEM.Decapsulator.html