summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java27
1 files changed, 27 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java b/security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java
index 3e90711d57f..da582eae92c 100644
--- a/security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java
+++ b/security-utils/src/main/java/com/yahoo/security/SecretSharedKey.java
@@ -21,4 +21,31 @@ public record SecretSharedKey(SecretKey secretKey, SealedSharedKey sealedSharedK
return "SharedSecretKey(sealed: %s)".formatted(sealedSharedKey.toTokenString());
}
+ /**
+ * @return an encryption cipher that matches the version of the SealedSharedKey bound to
+ * the secret shared key
+ */
+ public AeadCipher makeEncryptionCipher() {
+ var version = sealedSharedKey.tokenVersion();
+ return switch (version) {
+ case 1 -> SharedKeyGenerator.makeAesGcmEncryptionCipher(this);
+ case 2 -> SharedKeyGenerator.makeChaCha20Poly1305EncryptionCipher(this);
+ default -> throw new IllegalStateException("Unsupported token version: " + version);
+ };
+ }
+
+ /**
+ * @return a decryption cipher that matches the version of the SealedSharedKey bound to
+ * the secret shared key. In other words, the cipher shall match the cipher algorithm
+ * used to perform the encryption this key was used for.
+ */
+ public AeadCipher makeDecryptionCipher() {
+ var version = sealedSharedKey.tokenVersion();
+ return switch (version) {
+ case 1 -> SharedKeyGenerator.makeAesGcmDecryptionCipher(this);
+ case 2 -> SharedKeyGenerator.makeChaCha20Poly1305DecryptionCipher(this);
+ default -> throw new IllegalStateException("Unsupported token version: " + version);
+ };
+ }
+
}