W3cubDocs

Class EncryptedPrivateKeyInfo

java.lang.Object

javax.crypto.EncryptedPrivateKeyInfo

All Implemented Interfaces:: DEREncodable^PREVIEW

public non-sealed class EncryptedPrivateKeyInfo extends Object implements DEREncodablePREVIEW

This class implements the EncryptedPrivateKeyInfo type as defined in PKCS #8.

Its ASN.1 definition is as follows:

EncryptedPrivateKeyInfo ::=  SEQUENCE {
    encryptionAlgorithm   AlgorithmIdentifier,
    encryptedData   OCTET STRING }

AlgorithmIdentifier  ::=  SEQUENCE  {
    algorithm              OBJECT IDENTIFIER,
    parameters             ANY DEFINED BY algorithm OPTIONAL  }

Since:

1.4

See Also:

Constructor Summary

Constructor	Description
`EncryptedPrivateKeyInfo(byte[] encoded)`	Constructs an `EncryptedPrivateKeyInfo` from a given encrypted PKCS#8 ASN.1 encoding.
`EncryptedPrivateKeyInfo(String algName, byte[] encryptedData)`	Constructs an `EncryptedPrivateKeyInfo` from the encryption algorithm name and the encrypted data.
`EncryptedPrivateKeyInfo(AlgorithmParameters algParams, byte[] encryptedData)`	Constructs an `EncryptedPrivateKeyInfo` from the encryption algorithm parameters and the encrypted data.

Method Summary

Modifier and Type	Method	Description
`static EncryptedPrivateKeyInfo`	`encryptKey(PrivateKey key, char[] password)`	Preview. Creates and encrypts an `EncryptedPrivateKeyInfo` from a given `PrivateKey` and password.
`static EncryptedPrivateKeyInfo`	`encryptKey(PrivateKey key, char[] password, String algorithm, AlgorithmParameterSpec params, Provider provider)`	Preview. Creates and encrypts an `EncryptedPrivateKeyInfo` from a given `PrivateKey`.
`static EncryptedPrivateKeyInfo`	`encryptKey(PrivateKey key, Key encKey, String algorithm, AlgorithmParameterSpec params, Provider provider, SecureRandom random)`	Preview. Creates and encrypts an `EncryptedPrivateKeyInfo` from the given `PrivateKey` using the `encKey` and given parameters.
`String`	`getAlgName()`	Returns the encryption algorithm.
`AlgorithmParameters`	`getAlgParameters()`	Returns the algorithm parameters used by the encryption algorithm.
`byte[]`	`getEncoded()`	Returns the ASN.1 encoding of this object.
`byte[]`	`getEncryptedData()`	Returns the encrypted data.
`PrivateKey`	`getKey(char[] password)`	Preview. Extract the enclosed `PrivateKey` object from the encrypted data and return it.
`PrivateKey`	`getKey(Key decryptKey, Provider provider)`	Preview. Extract the enclosed `PrivateKey` object from the encrypted data and return it.
`PKCS8EncodedKeySpec`	`getKeySpec(Key decryptKey)`	Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
`PKCS8EncodedKeySpec`	`getKeySpec(Key decryptKey, String providerName)`	Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
`PKCS8EncodedKeySpec`	`getKeySpec(Key decryptKey, Provider provider)`	Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
`PKCS8EncodedKeySpec`	`getKeySpec(Cipher cipher)`	Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.

Methods declared in class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

EncryptedPrivateKeyInfo

public EncryptedPrivateKeyInfo(byte[] encoded) throws IOException

Constructs an EncryptedPrivateKeyInfo from a given encrypted PKCS#8 ASN.1 encoding.

Parameters:: encoded - the ASN.1 encoding of this object. The contents of the array are copied to protect against subsequent modification.
Throws:: NullPointerException - if encoded is null.; IOException - if error occurs when parsing the ASN.1 encoding.

EncryptedPrivateKeyInfo

public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData) throws NoSuchAlgorithmException

Constructs an EncryptedPrivateKeyInfo from the encryption algorithm name and the encrypted data.

Note: This constructor will use null as the value of the algorithm parameters. If the encryption algorithm has parameters whose value is not null, a different constructor, e.g. EncryptedPrivateKeyInfo(AlgorithmParameters, byte[]), should be used.

Parameters:

algName - encryption algorithm name. See the Java Security Standard Algorithm Names document for information about standard Cipher algorithm names.

encryptedData - encrypted data. The contents of encryptedData are copied to protect against subsequent modification when constructing this object.

Throws:

NullPointerException - if algName or encryptedData is null.

IllegalArgumentException - if encryptedData is empty, i.e. 0-length.

NoSuchAlgorithmException - if the specified algName is not supported.

External Specifications

EncryptedPrivateKeyInfo

public EncryptedPrivateKeyInfo(AlgorithmParameters algParams, byte[] encryptedData) throws NoSuchAlgorithmException

Constructs an EncryptedPrivateKeyInfo from the encryption algorithm parameters and the encrypted data.

Parameters:: algParams - the algorithm parameters for the encryption algorithm. algParams.getEncoded() should return the ASN.1 encoded bytes of the parameters field of the AlgorithmIdentifier component of the EncryptedPrivateKeyInfo type.; encryptedData - encrypted data. The contents of encryptedData are copied to protect against subsequent modification when constructing this object.
Throws:: NullPointerException - if algParams or encryptedData is null.; IllegalArgumentException - if encryptedData is empty, i.e. 0-length.; NoSuchAlgorithmException - if the specified algName of the specified algParams parameter is not supported.

Method Details

getAlgName

public String getAlgName()

Returns the encryption algorithm.

Note: Standard name is returned instead of the specified one in the constructor when such mapping is available. See the Java Security Standard Algorithm Names document for information about standard Cipher algorithm names.

Returns:

the encryption algorithm name.

External Specifications

getAlgParameters

public AlgorithmParameters getAlgParameters()

Returns the algorithm parameters used by the encryption algorithm.

Returns:: the algorithm parameters.

getEncryptedData

public byte[] getEncryptedData()

Returns the encrypted data.

Returns:: the encrypted data. Returns a new array each time this method is called.

getKeySpec

public PKCS8EncodedKeySpec getKeySpec(Cipher cipher) throws InvalidKeySpecException

Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
Note: In order to successfully retrieve the enclosed PKCS8EncodedKeySpec object, cipher needs to be initialized to either Cipher.DECRYPT_MODE or Cipher.UNWRAP_MODE, with the same key and parameters used for generating the encrypted data.

Parameters:: cipher - the initialized Cipher object which will be used for decrypting the encrypted data.
Returns:: the PKCS8EncodedKeySpec object.
Throws:: NullPointerException - if cipher is null.; InvalidKeySpecException - if the given cipher is inappropriate for the encrypted data or the encrypted data is corrupted and cannot be decrypted.

encryptKey

public static EncryptedPrivateKeyInfo encryptKey(PrivateKey key, char[] password, String algorithm, AlgorithmParameterSpec params, Provider provider)

encryptKey is a preview API of the Java platform.

Programs can only use encryptKey when preview features are enabled.

Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.

Creates and encrypts an EncryptedPrivateKeyInfo from a given PrivateKey. A valid password-based encryption (PBE) algorithm and password must be specified.

The PBE algorithm string format details can be found in the Cipher section of the Java Security Standard Algorithm Names Specification.

Implementation Note:: The jdk.epkcs8.defaultAlgorithm Security Property defines the default encryption algorithm and the AlgorithmParameterSpec are the provider's algorithm defaults.
Parameters:: key - the PrivateKey to be encrypted; password - the password used in the PBE encryption. This array will be cloned before being used.; algorithm - the PBE encryption algorithm. The default algorithm will be used if null. However, null is not allowed when params is non-null.; params - the AlgorithmParameterSpec to be used with encryption. The provider default will be used if null.; provider - the Provider will be used for PBE SecretKeyFactory generation and Cipher encryption operations. The default provider list will be used if null.
Returns:: an EncryptedPrivateKeyInfo
Throws:: IllegalArgumentException - on initialization errors based on the arguments passed to the method; RuntimeException - on an encryption error; NullPointerException - if the key or password are null. If params is non-null when algorithm is null.
Since:: 25

encryptKey

public static EncryptedPrivateKeyInfo encryptKey(PrivateKey key, char[] password)

encryptKey is a preview API of the Java platform.

Programs can only use encryptKey when preview features are enabled.

Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.

Creates and encrypts an EncryptedPrivateKeyInfo from a given PrivateKey and password. Default algorithm and parameters are used.

Implementation Note:: The jdk.epkcs8.defaultAlgorithm Security Property defines the default encryption algorithm and the AlgorithmParameterSpec are the provider's algorithm defaults.
Parameters:: key - the PrivateKey to be encrypted; password - the password used in the PBE encryption. This array will be cloned before being used.
Returns:: an EncryptedPrivateKeyInfo
Throws:: IllegalArgumentException - on initialization errors based on the arguments passed to the method; RuntimeException - on an encryption error; NullPointerException - when the key or password is null
Since:: 25

encryptKey

public static EncryptedPrivateKeyInfo encryptKey(PrivateKey key, Key encKey, String algorithm, AlgorithmParameterSpec params, Provider provider, SecureRandom random)

encryptKey is a preview API of the Java platform.

Programs can only use encryptKey when preview features are enabled.

Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.

Creates and encrypts an EncryptedPrivateKeyInfo from the given PrivateKey using the encKey and given parameters.

Implementation Note:: The jdk.epkcs8.defaultAlgorithm Security Property defines the default encryption algorithm and the AlgorithmParameterSpec are the provider's algorithm defaults.
Parameters:: key - the PrivateKey to be encrypted; encKey - the password-based encryption (PBE) Key used to encrypt key.; algorithm - the PBE encryption algorithm. The default algorithm is will be used if null; however, null is not allowed when params is non-null.; params - the AlgorithmParameterSpec to be used with encryption. The provider list default will be used if null.; provider - the Provider is used for Cipher encryption operation. The default provider list will be used if null.; random - the SecureRandom instance used during encryption. The default will be used if null.
Returns:: an EncryptedPrivateKeyInfo
Throws:: IllegalArgumentException - on initialization errors based on the arguments passed to the method; RuntimeException - on an encryption error; NullPointerException - if the key or encKey are null. If params is non-null, algorithm cannot be null.
Since:: 25

getKey

public PrivateKey getKey(char[] password) throws GeneralSecurityException

getKey is a preview API of the Java platform.

Programs can only use getKey when preview features are enabled.

Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.

Extract the enclosed PrivateKey object from the encrypted data and return it.

Parameters:: password - the password used in the PBE encryption. This array will be cloned before being used.
Returns:: a PrivateKey
Throws:: GeneralSecurityException - if an error occurs parsing or decrypting the encrypted data, or producing the key object.; NullPointerException - if password is null
Since:: 25

getKey

public PrivateKey getKey(Key decryptKey, Provider provider) throws GeneralSecurityException

getKey is a preview API of the Java platform.

Programs can only use getKey when preview features are enabled.

Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.

Extract the enclosed PrivateKey object from the encrypted data and return it.

Parameters:: decryptKey - the decryption key and cannot be null; provider - the Provider used for Cipher decryption and PrivateKey generation. A null value will use the default provider configuration.
Returns:: a PrivateKey
Throws:: GeneralSecurityException - if an error occurs parsing or decrypting the encrypted data, or producing the key object.; NullPointerException - if decryptKey is null
Since:: 25

getKeySpec

public PKCS8EncodedKeySpec getKeySpec(Key decryptKey) throws NoSuchAlgorithmException, InvalidKeyException

Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.

Parameters:: decryptKey - key used for decrypting the encrypted data.
Returns:: the PKCS8EncodedKeySpec object.
Throws:: NullPointerException - if decryptKey is null.; NoSuchAlgorithmException - if cannot find appropriate cipher to decrypt the encrypted data.; InvalidKeyException - if decryptKey cannot be used to decrypt the encrypted data or the decryption result is not a valid PKCS8KeySpec.
Since:: 1.5

getKeySpec

public PKCS8EncodedKeySpec getKeySpec(Key decryptKey, String providerName) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException

Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.

Parameters:: decryptKey - key used for decrypting the encrypted data.; providerName - the name of provider whose cipher implementation will be used.
Returns:: the PKCS8EncodedKeySpec object.
Throws:: NullPointerException - if decryptKey or providerName is null.; NoSuchProviderException - if no provider providerName is registered.; NoSuchAlgorithmException - if cannot find appropriate cipher to decrypt the encrypted data.; InvalidKeyException - if decryptKey cannot be used to decrypt the encrypted data or the decryption result is not a valid PKCS8KeySpec.
Since:: 1.5

getKeySpec

public PKCS8EncodedKeySpec getKeySpec(Key decryptKey, Provider provider) throws NoSuchAlgorithmException, InvalidKeyException

Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.

Parameters:: decryptKey - key used for decrypting the encrypted data.; provider - the name of provider whose cipher implementation will be used.
Returns:: the PKCS8EncodedKeySpec object.
Throws:: NullPointerException - if decryptKey or provider is null.; NoSuchAlgorithmException - if cannot find appropriate cipher to decrypt the encrypted data in provider.; InvalidKeyException - if decryptKey cannot be used to decrypt the encrypted data or the decryption result is not a valid PKCS8KeySpec.
Since:: 1.5

getEncoded

public byte[] getEncoded() throws IOException

Returns the ASN.1 encoding of this object.

Returns:: the ASN.1 encoding. Returns a new array each time this method is called.
Throws:: IOException - if error occurs when constructing its ASN.1 encoding.

© 1993, 2025, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/25/docs/api/java.base/javax/crypto/EncryptedPrivateKeyInfo.html