Page History

final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
        
JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
JweHeaders sharedUnprotectedHeaders = new JweHeaders();
sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);
        
ContentEncryptionProvider contentEncryption = JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
        
KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
JweEncryptionProvider jweEnc1 = new JweEncryption(keyEncryption1, contentEncryption);

KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
JweEncryptionProvider jweEnc2 = new JweEncryption(keyEncryption2, contentEncryption);

List<JweEncryptionProvider> jweListjweProviders = new LinkedList<JweEncryptionProvider>();
jweListjweProviders.add(jweEnc1);
jweListjweProviders.add(jweEnc2);
        
List<JweHeaders> perRecipientHeades = new LinkedList<JweHeaders>();
perRecipientHeades.add(new JweHeaders("key1"));
perRecipientHeades.add(new JweHeaders("key2"));

JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                        sharedUnprotectedHeaders,
                                        StringUtils.toBytesUTF8(text),
                                        StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                        false);
String jweJsonOut = p.encryptWith(jweList);

// first consumer:
JweDecryptionProvider jweDecrypt = JweUtils.createJweDecryptionProvider(wrapperKey1, 
 {
                         protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
                           JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
            KeyAlgorithm.A128KW, 
                input.setCek(CEK_BYTES);
                           input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
                           return input;
                         }
                    } 
String jweJsonOut = p.encryptWith(jweProviders, perRecipientHeades);

JweJsonConsumer consumer = new JweJsonConsumer(jweJsonOut);

// first recipient:
JweDecryptionProvider jwe1 = JweUtils.createJweDecryptionProvider(wrapperKey1, 
                                                                 KeyAlgorithm.A128KW, 
                                                                 ContentAlgorithm.A128GCM);

// the consumer will iterate over JWE entries and will try to find the one which can be decrypted with this decryptor
// or do consumer.getRecipientsMap() returning a list of entries and their metadata to do a more precise selection.

String content = consumer.decryptWith(jwe1, Collections.singletonMap("kid", "key1")).getContent();

// second recipient:
JweDecryptionProvider jwe2 = JweUtils.createJweDecryptionProvider(wrapperKey2, 
                                                                 KeyAlgorithm.A128KW, 
           ContentAlgorithm.A128GCM);
JweJsonConsumer c = new JweJsonConsumer(jweJsonOut);
// the consumer will iterate over JWE entries and will try to find the one which can be decrypted with this decryptor
// which is always precise if only a single receipient entry is available
// or do consumer.getRecipientsMap() returning a list of entries and their metadata to do a more precise selectionContentAlgorithm.A128GCM);

String content = consumer.decryptWith(jweDecrypt(jwe2, Collections.singletonMap("kid", "key1")).getContent();