com.google.crypto.tink

Interface Aead

All Known Implementing Classes:

AesEaxJce, AesGcmJce, AesGcmSiv, ChaCha20Poly1305, ChaCha20Poly1305Jce, EncryptThenAuthenticate, KmsEnvelopeAead, LegacyFullAead, XAesGcm, XChaCha20Poly1305, XChaCha20Poly1305Jce

public interface Aead

Interface for Authenticated Encryption with Associated Data (AEAD).

Security guarantees

Implementations of this interface are secure against adaptive chosen ciphertext attacks. Encryption with associated data ensures authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy. (see RFC 5116 for more info)

Since:

1.0.0

Method Summary

Modifier and Type	Method and Description
byte[]	decrypt(byte[] ciphertext, byte[] associatedData) Decrypts ciphertext with associatedData as associated authenticated data.
byte[]	encrypt(byte[] plaintext, byte[] associatedData) Encrypts plaintext with associatedData as associated authenticated data.

Method Detail

encrypt

byte[] encrypt(byte[] plaintext,
               byte[] associatedData)
        throws GeneralSecurityException

Encrypts plaintext with associatedData as associated authenticated data. The resulting ciphertext allows for checking authenticity and integrity of associated data (associatedData), but does not guarantee its secrecy.

Parameters:

plaintext - the plaintext to be encrypted. It must be non-null, but can also be an empty (zero-length) byte array

associatedData - associated data to be authenticated, but not encrypted. Associated data is optional, so this parameter can be null. In this case the null value is equivalent to an empty (zero-length) byte array. For successful decryption the same associatedData must be provided along with the ciphertext.

Returns:

resulting ciphertext

Throws:

GeneralSecurityException

decrypt

byte[] decrypt(byte[] ciphertext,
               byte[] associatedData)
        throws GeneralSecurityException

Decrypts ciphertext with associatedData as associated authenticated data. The decryption verifies the authenticity and integrity of the associated data, but there are no guarantees wrt. secrecy of that data.

Parameters:

ciphertext - the plaintext to be decrypted. It must be non-null.

associatedData - associated data to be authenticated. For successful decryption it must be the same as associatedData used during encryption. Can be null, which is equivalent to an empty (zero-length) byte array.

Returns:

resulting plaintext

Throws:

GeneralSecurityException - if decryption fails. Decryption must fail if ciphertext is not correctly authenticated for the given associatedData.