Jwts.KEY (JJWT :: API 0.12.5 API)

java.lang.Object
- io.jsonwebtoken.Jwts.KEY

Enclosing class:

Jwts
```
public static final class Jwts.KEY
extends Object
```
Constants for all standard JWA (RFC 7518) Cryptographic Algorithms for Key Management. Each standard algorithm is available as a (public static final) constant for direct type-safe reference in application code. For example:
```
 Jwts.builder()
    // ... etc ...
    .encryptWith(aKey, Jwts.KEY.ECDH_ES_A256KW, Jwts.ENC.A256GCM)
    .build();
```
They are also available together as a Registry instance via the get() method.
Since:

0.12.0

See Also:
get()

Field Summary

Fields
Modifier and Type	Field and Description
`static SecretKeyAlgorithm`	`A128GCMKW` Key wrap algorithm with AES GCM using a 128-bit key, as defined by RFC 7518 (JWA), Section 4.7.
`static SecretKeyAlgorithm`	`A128KW` AES Key Wrap algorithm with default initial value using a 128-bit key, as defined by RFC 7518 (JWA), Section 4.4.
`static SecretKeyAlgorithm`	`A192GCMKW` Key wrap algorithm with AES GCM using a 192-bit key, as defined by RFC 7518 (JWA), Section 4.7.
`static SecretKeyAlgorithm`	`A192KW` AES Key Wrap algorithm with default initial value using a 192-bit key, as defined by RFC 7518 (JWA), Section 4.4.
`static SecretKeyAlgorithm`	`A256GCMKW` Key wrap algorithm with AES GCM using a 256-bit key, as defined by RFC 7518 (JWA), Section 4.7.
`static SecretKeyAlgorithm`	`A256KW` AES Key Wrap algorithm with default initial value using a 256-bit key, as defined by RFC 7518 (JWA), Section 4.4.
`static KeyAlgorithm<SecretKey,SecretKey>`	`DIRECT` Key algorithm reflecting direct use of a shared symmetric key as the JWE AEAD encryption key, as defined by RFC 7518 (JWA), Section 4.5.
`static KeyAlgorithm<PublicKey,PrivateKey>`	`ECDH_ES` Key Agreement with `ECDH-ES using Concat KDF` as defined by RFC 7518 (JWA), Section 4.6.
`static KeyAlgorithm<PublicKey,PrivateKey>`	`ECDH_ES_A128KW` Key Agreement with Key Wrapping via `ECDH-ES using Concat KDF and CEK wrapped with "A128KW"` as defined by RFC 7518 (JWA), Section 4.6.
`static KeyAlgorithm<PublicKey,PrivateKey>`	`ECDH_ES_A192KW` Key Agreement with Key Wrapping via `ECDH-ES using Concat KDF and CEK wrapped with "A192KW"` as defined by RFC 7518 (JWA), Section 4.6.
`static KeyAlgorithm<PublicKey,PrivateKey>`	`ECDH_ES_A256KW` Key Agreement with Key Wrapping via `ECDH-ES using Concat KDF and CEK wrapped with "A256KW"` as defined by RFC 7518 (JWA), Section 4.6.
`static KeyAlgorithm<Password,Password>`	`PBES2_HS256_A128KW` Key encryption algorithm using `PBES2 with HMAC SHA-256 and "A128KW" wrapping` as defined by RFC 7518 (JWA), Section 4.8.
`static KeyAlgorithm<Password,Password>`	`PBES2_HS384_A192KW` Key encryption algorithm using `PBES2 with HMAC SHA-384 and "A192KW" wrapping` as defined by RFC 7518 (JWA), Section 4.8.
`static KeyAlgorithm<Password,Password>`	`PBES2_HS512_A256KW` Key encryption algorithm using `PBES2 with HMAC SHA-512 and "A256KW" wrapping` as defined by RFC 7518 (JWA), Section 4.8.
`static KeyAlgorithm<PublicKey,PrivateKey>`	`RSA_OAEP` Key Encryption with `RSAES OAEP using default parameters`, as defined by RFC 7518 (JWA), Section 4.3.
`static KeyAlgorithm<PublicKey,PrivateKey>`	`RSA_OAEP_256` Key Encryption with `RSAES OAEP using SHA-256 and MGF1 with SHA-256`, as defined by RFC 7518 (JWA), Section 4.3.
`static KeyAlgorithm<PublicKey,PrivateKey>`	`RSA1_5` Key Encryption with `RSAES-PKCS1-v1_5`, as defined by RFC 7518 (JWA), Section 4.2.

Method Summary

Methods
Modifier and Type Method and Description

static Registry<String,KeyAlgorithm<?,?>> get()
Returns all standard JWA standard Cryptographic Algorithms for Key Management..
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods
Modifier and Type	Method and Description
`static Registry<String,KeyAlgorithm<?,?>>`	`get()` Returns all standard JWA standard Cryptographic Algorithms for Key Management..

- Field Detail
  - DIRECT
```
public static final KeyAlgorithm<SecretKey,SecretKey> DIRECT
```
    Key algorithm reflecting direct use of a shared symmetric key as the JWE AEAD encryption key, as defined by RFC 7518 (JWA), Section 4.5. This algorithm does not produce encrypted key ciphertext.
  - A128KW
```
public static final SecretKeyAlgorithm A128KW
```
    AES Key Wrap algorithm with default initial value using a 128-bit key, as defined by RFC 7518 (JWA), Section 4.4.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Encrypts this newly-generated SecretKey with a 128-bit shared symmetric key using the AES Key Wrap algorithm, producing encrypted key ciphertext.
    3. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the encrypted key ciphertext embedded in the received JWE.
    2. Decrypts the encrypted key ciphertext with the 128-bit shared symmetric key, using the AES Key Unwrap algorithm, producing the decryption key plaintext.
    3. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - A192KW
```
public static final SecretKeyAlgorithm A192KW
```
    AES Key Wrap algorithm with default initial value using a 192-bit key, as defined by RFC 7518 (JWA), Section 4.4.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Encrypts this newly-generated SecretKey with a 192-bit shared symmetric key using the AES Key Wrap algorithm, producing encrypted key ciphertext.
    3. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the encrypted key ciphertext embedded in the received JWE.
    2. Decrypts the encrypted key ciphertext with the 192-bit shared symmetric key, using the AES Key Unwrap algorithm, producing the decryption key plaintext.
    3. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - A256KW
```
public static final SecretKeyAlgorithm A256KW
```
    AES Key Wrap algorithm with default initial value using a 256-bit key, as defined by RFC 7518 (JWA), Section 4.4.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Encrypts this newly-generated SecretKey with a 256-bit shared symmetric key using the AES Key Wrap algorithm, producing encrypted key ciphertext.
    3. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the encrypted key ciphertext embedded in the received JWE.
    2. Decrypts the encrypted key ciphertext with the 256-bit shared symmetric key, using the AES Key Unwrap algorithm, producing the decryption key plaintext.
    3. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - A128GCMKW
```
public static final SecretKeyAlgorithm A128GCMKW
```
    Key wrap algorithm with AES GCM using a 128-bit key, as defined by RFC 7518 (JWA), Section 4.7.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Generates a new secure-random 96-bit Initialization Vector to use during key wrap/encryption.
    3. Encrypts this newly-generated SecretKey with a 128-bit shared symmetric key using the AES GCM Key Wrap algorithm with the generated Initialization Vector, producing encrypted key ciphertext and GCM authentication tag.
    4. Sets the generated initialization vector as the required "iv" (Initialization Vector) Header Parameter
    5. Sets the resulting GCM authentication tag as the required "tag" (Authentication Tag) Header Parameter
    6. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the encrypted key ciphertext embedded in the received JWE.
    2. Obtains the required initialization vector from the "iv" (Initialization Vector) Header Parameter
    3. Obtains the required GCM authentication tag from the "tag" (Authentication Tag) Header Parameter
    4. Decrypts the encrypted key ciphertext with the 128-bit shared symmetric key, the initialization vector and GCM authentication tag using the AES GCM Key Unwrap algorithm, producing the decryption key plaintext.
    5. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - A192GCMKW
```
public static final SecretKeyAlgorithm A192GCMKW
```
    Key wrap algorithm with AES GCM using a 192-bit key, as defined by RFC 7518 (JWA), Section 4.7.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Generates a new secure-random 96-bit Initialization Vector to use during key wrap/encryption.
    3. Encrypts this newly-generated SecretKey with a 192-bit shared symmetric key using the AES GCM Key Wrap algorithm with the generated Initialization Vector, producing encrypted key ciphertext and GCM authentication tag.
    4. Sets the generated initialization vector as the required "iv" (Initialization Vector) Header Parameter
    5. Sets the resulting GCM authentication tag as the required "tag" (Authentication Tag) Header Parameter
    6. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the encrypted key ciphertext embedded in the received JWE.
    2. Obtains the required initialization vector from the "iv" (Initialization Vector) Header Parameter
    3. Obtains the required GCM authentication tag from the "tag" (Authentication Tag) Header Parameter
    4. Decrypts the encrypted key ciphertext with the 192-bit shared symmetric key, the initialization vector and GCM authentication tag using the AES GCM Key Unwrap algorithm, producing the decryption key \ plaintext.
    5. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - A256GCMKW
```
public static final SecretKeyAlgorithm A256GCMKW
```
    Key wrap algorithm with AES GCM using a 256-bit key, as defined by RFC 7518 (JWA), Section 4.7.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Generates a new secure-random 96-bit Initialization Vector to use during key wrap/encryption.
    3. Encrypts this newly-generated SecretKey with a 256-bit shared symmetric key using the AES GCM Key Wrap algorithm with the generated Initialization Vector, producing encrypted key ciphertext and GCM authentication tag.
    4. Sets the generated initialization vector as the required "iv" (Initialization Vector) Header Parameter
    5. Sets the resulting GCM authentication tag as the required "tag" (Authentication Tag) Header Parameter
    6. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the encrypted key ciphertext embedded in the received JWE.
    2. Obtains the required initialization vector from the "iv" (Initialization Vector) Header Parameter
    3. Obtains the required GCM authentication tag from the "tag" (Authentication Tag) Header Parameter
    4. Decrypts the encrypted key ciphertext with the 256-bit shared symmetric key, the initialization vector and GCM authentication tag using the AES GCM Key Unwrap algorithm, producing the decryption key \ plaintext.
    5. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - PBES2_HS256_A128KW
```
public static final KeyAlgorithm<Password,Password> PBES2_HS256_A128KW
```
    Key encryption algorithm using PBES2 with HMAC SHA-256 and "A128KW" wrapping as defined by RFC 7518 (JWA), Section 4.8.
    During JWE creation, this algorithm:
    1. Determines the number of PBDKF2 iterations via the JWE header's pbes2Count value. If that value is not set, a suitable number of iterations will be chosen based on OWASP PBKDF2 recommendations and then that value is set as the JWE header pbes2Count value.
    2. Generates a new secure-random salt input and sets it as the JWE header pbes2Salt value.
    3. Derives a 128-bit Key Encryption Key with the PBES2-HS256 password-based key derivation algorithm, using the provided password, iteration count, and input salt as arguments.
    4. Generates a new secure-random Content Encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    5. Encrypts this newly-generated Content Encryption SecretKey with the A128KW key wrap algorithm using the 128-bit derived password-based Key Encryption Key from step #3, producing encrypted key ciphertext.
    6. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated Content Encryption SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the required PBKDF2 input salt from the "p2s" (PBES2 Salt Input) Header Parameter
    2. Obtains the required PBKDF2 iteration count from the "p2c" (PBES2 Count) Header Parameter
    3. Derives the 128-bit Key Encryption Key with the PBES2-HS256 password-based key derivation algorithm, using the provided password, obtained salt input, and obtained iteration count as arguments.
    4. Obtains the encrypted key ciphertext embedded in the received JWE.
    5. Decrypts the encrypted key ciphertext with with the A128KW key unwrap algorithm using the 128-bit derived password-based Key Encryption Key from step #3, producing the decryption key plaintext.
    6. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - PBES2_HS384_A192KW
```
public static final KeyAlgorithm<Password,Password> PBES2_HS384_A192KW
```
    Key encryption algorithm using PBES2 with HMAC SHA-384 and "A192KW" wrapping as defined by RFC 7518 (JWA), Section 4.8.
    During JWE creation, this algorithm:
    1. Determines the number of PBDKF2 iterations via the JWE header's pbes2Count value. If that value is not set, a suitable number of iterations will be chosen based on OWASP PBKDF2 recommendations and then that value is set as the JWE header pbes2Count value.
    2. Generates a new secure-random salt input and sets it as the JWE header pbes2Salt value.
    3. Derives a 192-bit Key Encryption Key with the PBES2-HS384 password-based key derivation algorithm, using the provided password, iteration count, and input salt as arguments.
    4. Generates a new secure-random Content Encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    5. Encrypts this newly-generated Content Encryption SecretKey with the A192KW key wrap algorithm using the 192-bit derived password-based Key Encryption Key from step #3, producing encrypted key ciphertext.
    6. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated Content Encryption SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the required PBKDF2 input salt from the "p2s" (PBES2 Salt Input) Header Parameter
    2. Obtains the required PBKDF2 iteration count from the "p2c" (PBES2 Count) Header Parameter
    3. Derives the 192-bit Key Encryption Key with the PBES2-HS384 password-based key derivation algorithm, using the provided password, obtained salt input, and obtained iteration count as arguments.
    4. Obtains the encrypted key ciphertext embedded in the received JWE.
    5. Decrypts the encrypted key ciphertext with with the A192KW key unwrap algorithm using the 192-bit derived password-based Key Encryption Key from step #3, producing the decryption key plaintext.
    6. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - PBES2_HS512_A256KW
```
public static final KeyAlgorithm<Password,Password> PBES2_HS512_A256KW
```
    Key encryption algorithm using PBES2 with HMAC SHA-512 and "A256KW" wrapping as defined by RFC 7518 (JWA), Section 4.8.
    During JWE creation, this algorithm:
    1. Determines the number of PBDKF2 iterations via the JWE header's pbes2Count value. If that value is not set, a suitable number of iterations will be chosen based on OWASP PBKDF2 recommendations and then that value is set as the JWE header pbes2Count value.
    2. Generates a new secure-random salt input and sets it as the JWE header pbes2Salt value.
    3. Derives a 256-bit Key Encryption Key with the PBES2-HS512 password-based key derivation algorithm, using the provided password, iteration count, and input salt as arguments.
    4. Generates a new secure-random Content Encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    5. Encrypts this newly-generated Content Encryption SecretKey with the A256KW key wrap algorithm using the 256-bit derived password-based Key Encryption Key from step #3, producing encrypted key ciphertext.
    6. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated Content Encryption SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the required PBKDF2 input salt from the "p2s" (PBES2 Salt Input) Header Parameter
    2. Obtains the required PBKDF2 iteration count from the "p2c" (PBES2 Count) Header Parameter
    3. Derives the 256-bit Key Encryption Key with the PBES2-HS512 password-based key derivation algorithm, using the provided password, obtained salt input, and obtained iteration count as arguments.
    4. Obtains the encrypted key ciphertext embedded in the received JWE.
    5. Decrypts the encrypted key ciphertext with with the A256KW key unwrap algorithm using the 256-bit derived password-based Key Encryption Key from step #3, producing the decryption key plaintext.
    6. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - RSA1_5
```
public static final KeyAlgorithm<PublicKey,PrivateKey> RSA1_5
```
    Key Encryption with RSAES-PKCS1-v1_5, as defined by RFC 7518 (JWA), Section 4.2. This algorithm requires a key size of 2048 bits or larger.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Encrypts this newly-generated SecretKey with the RSA key wrap algorithm, using the JWE recipient's RSA Public Key, producing encrypted key ciphertext.
    3. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Receives the encrypted key ciphertext embedded in the received JWE.
    2. Decrypts the encrypted key ciphertext with the RSA key unwrap algorithm, using the JWE recipient's RSA Private Key, producing the decryption key plaintext.
    3. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - RSA_OAEP
```
public static final KeyAlgorithm<PublicKey,PrivateKey> RSA_OAEP
```
    Key Encryption with RSAES OAEP using default parameters, as defined by RFC 7518 (JWA), Section 4.3. This algorithm requires a key size of 2048 bits or larger.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Encrypts this newly-generated SecretKey with the RSA OAEP with SHA-1 and MGF1 key wrap algorithm, using the JWE recipient's RSA Public Key, producing encrypted key ciphertext.
    3. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Receives the encrypted key ciphertext embedded in the received JWE.
    2. Decrypts the encrypted key ciphertext with the RSA OAEP with SHA-1 and MGF1 key unwrap algorithm, using the JWE recipient's RSA Private Key, producing the decryption key plaintext.
    3. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - RSA_OAEP_256
```
public static final KeyAlgorithm<PublicKey,PrivateKey> RSA_OAEP_256
```
    Key Encryption with RSAES OAEP using SHA-256 and MGF1 with SHA-256, as defined by RFC 7518 (JWA), Section 4.3. This algorithm requires a key size of 2048 bits or larger.
    During JWE creation, this algorithm:
    1. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    2. Encrypts this newly-generated SecretKey with the RSA OAEP with SHA-256 and MGF1 key wrap algorithm, using the JWE recipient's RSA Public Key, producing encrypted key ciphertext.
    3. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Receives the encrypted key ciphertext embedded in the received JWE.
    2. Decrypts the encrypted key ciphertext with the RSA OAEP with SHA-256 and MGF1 key unwrap algorithm, using the JWE recipient's RSA Private Key, producing the decryption key plaintext.
    3. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - ECDH_ES
```
public static final KeyAlgorithm<PublicKey,PrivateKey> ECDH_ES
```
    Key Agreement with ECDH-ES using Concat KDF as defined by RFC 7518 (JWA), Section 4.6.
    During JWE creation, this algorithm:
    1. Generates a new secure-random Elliptic Curve public/private key pair on the same curve as the JWE recipient's EC Public Key.
    2. Generates a shared secret with the ECDH key agreement algorithm using the generated EC Private Key and the JWE recipient's EC Public Key.
    3. Derives a symmetric Content Encryption SecretKey with the Concat KDF algorithm using the generated shared secret and any available PartyUInfo and PartyVInfo.
    4. Sets the generated EC key pair's Public Key as the required "epk" (Ephemeral Public Key) Header Parameter to be transmitted in the JWE.
    5. Returns the derived symmetric SecretKey for JJWT to use to encrypt the entire JWE with the associated AeadAlgorithm. Encrypted key ciphertext is not produced with this algorithm, so the resulting JWE will not contain any embedded key ciphertext.
    For JWE decryption, this algorithm:
    1. Obtains the required ephemeral Elliptic Curve Public Key from the "epk" (Ephemeral Public Key) Header Parameter.
    2. Validates that the ephemeral Public Key is on the same curve as the recipient's EC Private Key.
    3. Obtains the shared secret with the ECDH key agreement algorithm using the obtained EC Public Key and the JWE recipient's EC Private Key.
    4. Derives the symmetric Content Encryption SecretKey with the Concat KDF algorithm using the obtained shared secret and any available PartyUInfo and PartyVInfo.
    5. Returns the derived symmetric SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - ECDH_ES_A128KW
```
public static final KeyAlgorithm<PublicKey,PrivateKey> ECDH_ES_A128KW
```
    Key Agreement with Key Wrapping via ECDH-ES using Concat KDF and CEK wrapped with "A128KW" as defined by RFC 7518 (JWA), Section 4.6.
    During JWE creation, this algorithm:
    1. Generates a new secure-random Elliptic Curve public/private key pair on the same curve as the JWE recipient's EC Public Key.
    2. Generates a shared secret with the ECDH key agreement algorithm using the generated EC Private Key and the JWE recipient's EC Public Key.
    3. Derives a 128-bit symmetric Key Encryption SecretKey with the Concat KDF algorithm using the generated shared secret and any available PartyUInfo and PartyVInfo.
    4. Sets the generated EC key pair's Public Key as the required "epk" (Ephemeral Public Key) Header Parameter to be transmitted in the JWE.
    5. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    6. Encrypts this newly-generated SecretKey with the A128KW key wrap algorithm using the derived symmetric Key Encryption Key from step #3, producing encrypted key ciphertext.
    7. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the required ephemeral Elliptic Curve Public Key from the "epk" (Ephemeral Public Key) Header Parameter.
    2. Validates that the ephemeral Public Key is on the same curve as the recipient's EC Private Key.
    3. Obtains the shared secret with the ECDH key agreement algorithm using the obtained EC Public Key and the JWE recipient's EC Private Key.
    4. Derives the symmetric Key Encryption SecretKey with the Concat KDF algorithm using the obtained shared secret and any available PartyUInfo and PartyVInfo.
    5. Obtains the encrypted key ciphertext embedded in the received JWE.
    6. Decrypts the encrypted key ciphertext with the AES Key Unwrap algorithm using the 128-bit derived symmetric key from step #4, producing the decryption key plaintext.
    7. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - ECDH_ES_A192KW
```
public static final KeyAlgorithm<PublicKey,PrivateKey> ECDH_ES_A192KW
```
    Key Agreement with Key Wrapping via ECDH-ES using Concat KDF and CEK wrapped with "A192KW" as defined by RFC 7518 (JWA), Section 4.6.
    During JWE creation, this algorithm:
    1. Generates a new secure-random Elliptic Curve public/private key pair on the same curve as the JWE recipient's EC Public Key.
    2. Generates a shared secret with the ECDH key agreement algorithm using the generated EC Private Key and the JWE recipient's EC Public Key.
    3. Derives a 192-bit symmetric Key Encryption SecretKey with the Concat KDF algorithm using the generated shared secret and any available PartyUInfo and PartyVInfo.
    4. Sets the generated EC key pair's Public Key as the required "epk" (Ephemeral Public Key) Header Parameter to be transmitted in the JWE.
    5. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    6. Encrypts this newly-generated SecretKey with the A192KW key wrap algorithm using the derived symmetric Key Encryption Key from step #3, producing encrypted key ciphertext.
    7. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the required ephemeral Elliptic Curve Public Key from the "epk" (Ephemeral Public Key) Header Parameter.
    2. Validates that the ephemeral Public Key is on the same curve as the recipient's EC Private Key.
    3. Obtains the shared secret with the ECDH key agreement algorithm using the obtained EC Public Key and the JWE recipient's EC Private Key.
    4. Derives the 192-bit symmetric Key Encryption SecretKey with the Concat KDF algorithm using the obtained shared secret and any available PartyUInfo and PartyVInfo.
    5. Obtains the encrypted key ciphertext embedded in the received JWE.
    6. Decrypts the encrypted key ciphertext with the AES Key Unwrap algorithm using the 192-bit derived symmetric key from step #4, producing the decryption key plaintext.
    7. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
  - ECDH_ES_A256KW
```
public static final KeyAlgorithm<PublicKey,PrivateKey> ECDH_ES_A256KW
```
    Key Agreement with Key Wrapping via ECDH-ES using Concat KDF and CEK wrapped with "A256KW" as defined by RFC 7518 (JWA), Section 4.6.
    During JWE creation, this algorithm:
    1. Generates a new secure-random Elliptic Curve public/private key pair on the same curve as the JWE recipient's EC Public Key.
    2. Generates a shared secret with the ECDH key agreement algorithm using the generated EC Private Key and the JWE recipient's EC Public Key.
    3. Derives a 256-bit symmetric Key Encryption SecretKey with the Concat KDF algorithm using the generated shared secret and any available PartyUInfo and PartyVInfo.
    4. Sets the generated EC key pair's Public Key as the required "epk" (Ephemeral Public Key) Header Parameter to be transmitted in the JWE.
    5. Generates a new secure-random content encryption SecretKey suitable for use with a specified AeadAlgorithm (using KeyBuilderSupplier.key()).
    6. Encrypts this newly-generated SecretKey with the A256KW key wrap algorithm using the derived symmetric Key Encryption Key from step #3, producing encrypted key ciphertext.
    7. Returns the encrypted key ciphertext for inclusion in the final JWE as well as the newly-generated SecretKey for JJWT to use to encrypt the entire JWE with associated AeadAlgorithm.
    For JWE decryption, this algorithm:
    1. Obtains the required ephemeral Elliptic Curve Public Key from the "epk" (Ephemeral Public Key) Header Parameter.
    2. Validates that the ephemeral Public Key is on the same curve as the recipient's EC Private Key.
    3. Obtains the shared secret with the ECDH key agreement algorithm using the obtained EC Public Key and the JWE recipient's EC Private Key.
    4. Derives the 256-bit symmetric Key Encryption SecretKey with the Concat KDF algorithm using the obtained shared secret and any available PartyUInfo and PartyVInfo.
    5. Obtains the encrypted key ciphertext embedded in the received JWE.
    6. Decrypts the encrypted key ciphertext with the AES Key Unwrap algorithm using the 256-bit derived symmetric key from step #4, producing the decryption key plaintext.
    7. Returns the decryption key plaintext as a SecretKey for JJWT to use to decrypt the entire JWE using the JWE's identified "enc" AeadAlgorithm.
- Method Detail
  - get
```
public static Registry<String,KeyAlgorithm<?,?>> get()
```
    Returns all standard JWA standard Cryptographic Algorithms for Key Management..
    
    Returns:
    all standard JWA Key Management algorithms.

Class Jwts.KEY

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DIRECT

A128KW

A192KW

A256KW

A128GCMKW

A192GCMKW

A256GCMKW

PBES2_HS256_A128KW

PBES2_HS384_A192KW

PBES2_HS512_A256KW

RSA1_5

RSA_OAEP

RSA_OAEP_256

ECDH_ES

ECDH_ES_A128KW

ECDH_ES_A192KW

ECDH_ES_A256KW

Method Detail

get