com.google.crypto.tink.hybrid

Class HpkePublicKey

java.lang.Object

com.google.crypto.tink.Key

com.google.crypto.tink.hybrid.HybridPublicKey

com.google.crypto.tink.hybrid.HpkePublicKey

@Immutable
public final class HpkePublicKey
extends HybridPublicKey

Representation of the encryption function for an HPKE hybrid encryption primitive.

Method Summary

Modifier and Type	Method and Description
static HpkePublicKey	create(HpkeParameters parameters, Bytes publicKeyBytes, Integer idRequirement) Creates a new HPKE public key.
boolean	equalsKey(Key o) Returns true if the key is guaranteed to be equal to other.
Integer	getIdRequirementOrNull() Returns null if this key has no id requirement, otherwise the required id.
Bytes	getOutputPrefix() Returns a Bytes instance, which is prefixed to every ciphertext.
HpkeParameters	getParameters() Returns a Parameters object containing all the information about the key which is not randomly chosen.
Bytes	getPublicKeyBytes()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

create

public static HpkePublicKey create(HpkeParameters parameters,
                                   Bytes publicKeyBytes,
                                   @Nullable
                                   Integer idRequirement)
                            throws GeneralSecurityException

Creates a new HPKE public key.

Parameters:

parameters - HPKE parameters for the public key

publicKeyBytes - Public key encoded according to https://www.rfc-editor.org/rfc/rfc9180.html#section-7.1.1

idRequirement - Key id requirement, which must be null for NO_PREFIX variant and non-null for all other variants

Throws:

GeneralSecurityException

getPublicKeyBytes

public Bytes getPublicKeyBytes()

getOutputPrefix

public Bytes getOutputPrefix()

Description copied from class: HybridPublicKey

Returns a Bytes instance, which is prefixed to every ciphertext.

Specified by:

getOutputPrefix in class HybridPublicKey

getParameters

public HpkeParameters getParameters()

Description copied from class: Key

Returns a Parameters object containing all the information about the key which is not randomly chosen.

Implementations need to ensure that getParameters().hasIdRequirement() returns true if and only if getIdRequirementOrNull is non-null.

Specified by:

getParameters in class HybridPublicKey

getIdRequirementOrNull

@Nullable
public Integer getIdRequirementOrNull()

Description copied from class: Key

Returns null if this key has no id requirement, otherwise the required id.

Some keys, when they are in a keyset, are required to have a certain ID to work properly. This comes from the fact that Tink in some cases prefixes ciphertexts or signatures with the string 0x01<id>, where the ID is encoded in big endian (see the documentation of the key type for details), in which case the key requires a certain ID.

Specified by:

getIdRequirementOrNull in class Key

equalsKey

public boolean equalsKey(Key o)

Description copied from class: Key

Returns true if the key is guaranteed to be equal to other.

Implementations are required to do this in constant time.

Note: this is allowed to return false even if two keys are guaranteed to represent the same function, but are represented differently. For example, a key is allowed to internally store the number of zero-bytes used as padding when a large number is represented as a byte array, and use this in the comparison.

Note: Tink Key objects should typically not override hashCode (because it could risk leaking key material). Hence, they typically also should not override equals.

Specified by:

equalsKey in class Key