com.cosmian.jna.covercrypt

Class CoverCrypt

java.lang.Object

com.cosmian.jna.covercrypt.CoverCrypt

public final class CoverCrypt
extends Object

Constructor Summary

Constructors

Constructor and Description
CoverCrypt() Instantiate a CoverCrypt instance by loading the native library `cosmian_cover_crypt`.
CoverCrypt(CoverCryptWrapper instance)

Method Summary

Modifier and Type	Method and Description
String	booleanAccessPolicyToJson(String booleanExpression) Convert a boolean access policy expression to JSON that can be used in KMIP calls to create user decryption keys.
int	createDecryptionCache(byte[] userDecryptionKeyBytes) Create a decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up the decryption of the header.
int	createDecryptionCache(PrivateKey userDecryptionKey) Create an decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up decryption of the header WARN: the cache MUST be destroyed after use with destroyDecryptionCache(int)
int	createEncryptionCache(Policy policy, byte[] publicKeyBytes) Create an encryption cache that can be used with encryptHeaderUsingCache(int, String) Use of the cache speeds up the encryption of the header.
int	createEncryptionCache(PublicKey publicKey) Create an encryption cache that can be used with encryptHeaderUsingCache(int, String) se of the cache speeds up the encryption of the header.
DecryptedData	decrypt(byte[] userDecryptionKeyBytes, byte[] ciphertext) Decrypt a hybrid encryption
DecryptedData	decrypt(byte[] userDecryptionKeyBytes, byte[] ciphertext, byte[] authenticationData) Decrypt a hybrid encryption
byte[]	decryptBlock(byte[] symmetricKey, byte[] encryptedBytes) Symmetrically decrypt a block of encrypted data.
byte[]	decryptBlock(byte[] symmetricKey, byte[] authenticationData, byte[] encryptedBytes) Symmetrically decrypt a block of encrypted data.
DecryptedHeader	decryptHeader(byte[] userDecryptionKeyBytes, byte[] encryptedHeaderBytes) Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data
DecryptedHeader	decryptHeader(byte[] userDecryptionKeyBytes, byte[] encryptedHeaderBytes, int additionalDataLen, Optional<byte[]> authenticationData) Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data
DecryptedHeader	decryptHeader(PrivateKey userDecryptionKey, byte[] encryptedHeaderBytes) Decrypt a hybrid header, recovering the symmetric key
DecryptedHeader	decryptHeader(PrivateKey userDecryptionKey, byte[] encryptedHeaderBytes, int additionalDataLen, Optional<byte[]> authenticationData) Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data
DecryptedHeader	decryptHeaderUsingCache(int cacheHandle, byte[] encryptedHeaderBytes) Decrypt a hybrid header using a cache, recovering the symmetric key
DecryptedHeader	decryptHeaderUsingCache(int cacheHandle, byte[] encryptedHeaderBytes, int additionalDataLen, Optional<byte[]> authenticationData) Decrypt a hybrid header using a cache, recovering the symmetric key, and optionally, the resource UID and additional data
void	destroyDecryptionCache(int cacheHandle) Destroy the cache created with createDecryptionCache(byte[])
void	destroyEncryptionCache(int cacheHandle) Destroy the cache created with createEncryptionCache(Policy, byte[])
byte[]	encrypt(Policy policy, byte[] publicKeyBytes, String encryptionPolicy, byte[] plaintext) Generate an hybrid encryption of a plaintext.
byte[]	encrypt(Policy policy, byte[] publicKeyBytes, String encryptionPolicy, byte[] plaintext, byte[] authenticationData) Generate an hybrid encryption of a plaintext.
byte[]	encrypt(Policy policy, byte[] publicKeyBytes, String encryptionPolicy, byte[] plaintext, byte[] authenticationData, byte[] headerMetadata) Generate an hybrid encryption of a plaintext.
byte[]	encryptBlock(byte[] symmetricKey, byte[] clearText) Symmetrically encrypt a block of clear text data.
byte[]	encryptBlock(byte[] symmetricKey, byte[] authenticationData, byte[] clearText) Symmetrically encrypt a block of clear text data.
EncryptedHeader	encryptHeader(Policy policy, byte[] publicKeyBytes, String encryptionPolicy) Generate an hybrid encryption header.
EncryptedHeader	encryptHeader(Policy policy, byte[] publicKeyBytes, String encryptionPolicy, Optional<byte[]> additionalData, Optional<byte[]> authenticationData) Generate an hybrid encryption header.
EncryptedHeader	encryptHeader(PublicKey publicKey, String encryptionPolicy) Generate an hybrid encryption header.
EncryptedHeader	encryptHeader(PublicKey publicKey, String encryptionPolicy, Optional<byte[]> additionalData, Optional<byte[]> authenticationData) Generate an hybrid encryption header.
EncryptedHeader	encryptHeaderUsingCache(int cacheHandle, String encryptionPolicy) Generate an hybrid encryption header using a pre-cached Public Key and Policy.
EncryptedHeader	encryptHeaderUsingCache(int cacheHandle, String encryptionPolicy, Optional<byte[]> additionalData, Optional<byte[]> authenticationData) Generate an hybrid encryption header using a pre-cached Public Key and Policy.
MasterKeys	generateMasterKeys(Policy policy) Generate the master private and public keys using the ABE policy
byte[]	generateUserPrivateKey(byte[] masterPrivateKey, AccessPolicy accessPolicy, Policy policy) Generate the user private key
byte[]	generateUserPrivateKey(byte[] masterPrivateKey, String booleanAccessPolicy, Policy policy) Generate the user private key
String	get_last_error() Return the last error in a String that does not exceed 1023 bytes
String	get_last_error(int max_len) Return the last error in a String that does not exceed `max_len` bytes
Policy	rotateAttributes(Attr[] attributes, Policy policy) Rotate attributes, changing their underlying value with that of an unused slot
void	set_error(String error_msg) Set the last error on the native lib
int	symmetricEncryptionOverhead() The overhead in bytes (over the clear text) generated by the symmetric encryption scheme (AES 256 GCM)
int	unwrap(int result) If the result of the last FFI call is in Error, recover the last error from the native code and throw an exception wrapping it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CoverCrypt

public CoverCrypt()

Instantiate a CoverCrypt instance by loading the native library `cosmian_cover_crypt`. The library must be on the classpath. Native libraries are already included for darwin-x86-64, linux-x86-64 and win32-x86-64

CoverCrypt

public CoverCrypt(CoverCryptWrapper instance)

Method Detail

get_last_error

public String get_last_error()
                      throws CloudproofException

Return the last error in a String that does not exceed 1023 bytes

Returns:

the last error recorded by the native library

Throws:

CloudproofException - in case of native library error

get_last_error

public String get_last_error(int max_len)
                      throws CloudproofException

Return the last error in a String that does not exceed `max_len` bytes

Parameters:

max_len - the maximum number of bytes to return

Returns:

the error

Throws:

CloudproofException - in case of native library error

set_error

public void set_error(String error_msg)
               throws CloudproofException

Set the last error on the native lib

Parameters:

error_msg - the last error to set on the native lib

Throws:

CloudproofException - n case of native library error

createEncryptionCache

public int createEncryptionCache(PublicKey publicKey)
                          throws CloudproofException

Create an encryption cache that can be used with encryptHeaderUsingCache(int, String) se of the cache speeds up the encryption of the header. WARN: the cache MUST be destroyed after use with destroyEncryptionCache(int)

Parameters:

publicKey - the public key to cache

Returns:

the cache handle that can be passed to the encryption routine

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

createEncryptionCache

public int createEncryptionCache(Policy policy,
                                 byte[] publicKeyBytes)
                          throws CloudproofException

Create an encryption cache that can be used with encryptHeaderUsingCache(int, String) Use of the cache speeds up the encryption of the header. WARN: the cache MUST be destroyed after use with destroyEncryptionCache(int)

Parameters:

policy - the Policy to cache

publicKeyBytes - the public key bytes to cache

Returns:

the cache handle that can be passed to the encryption routine

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

destroyEncryptionCache

public void destroyEncryptionCache(int cacheHandle)
                            throws CloudproofException

Destroy the cache created with createEncryptionCache(Policy, byte[])

Parameters:

cacheHandle - the pointer to the cache to destroy

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

encryptHeaderUsingCache

public EncryptedHeader encryptHeaderUsingCache(int cacheHandle,
                                               String encryptionPolicy)
                                        throws CloudproofException

Generate an hybrid encryption header using a pre-cached Public Key and Policy. A symmetric key is randomly generated and encrypted using the ABEschemes and the provided policy attributes for the given policy

Parameters:

cacheHandle - the pointer to the int

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeaderUsingCache

public EncryptedHeader encryptHeaderUsingCache(int cacheHandle,
                                               String encryptionPolicy,
                                               Optional<byte[]> additionalData,
                                               Optional<byte[]> authenticationData)
                                        throws CloudproofException

Generate an hybrid encryption header using a pre-cached Public Key and Policy. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided policy attributes for the given policy. . If provided, the resource `uid` and the `additionalData` are symmetrically encrypted and appended to the encrypted header.

Parameters:

cacheHandle - the pointer to the int

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

additionalData - optional additional data to encrypt and add to the header

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeader

public EncryptedHeader encryptHeader(PublicKey publicKey,
                                     String encryptionPolicy)
                              throws CloudproofException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided encryption policy for the given policy

Parameters:

publicKey - the ABE public key also holds the Policy

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeader

public EncryptedHeader encryptHeader(PublicKey publicKey,
                                     String encryptionPolicy,
                                     Optional<byte[]> additionalData,
                                     Optional<byte[]> authenticationData)
                              throws CloudproofException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided encryption policy for the given policy. . If provided, the resource `uid` and the `additionalData` are symmetrically encrypted and appended to the encrypted header.

Parameters:

publicKey - the ABE public key also holds the Policy

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

additionalData - the additional data to encrypt and add to the header

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeader

public EncryptedHeader encryptHeader(Policy policy,
                                     byte[] publicKeyBytes,
                                     String encryptionPolicy)
                              throws CloudproofException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided encryption policy for the given policy.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

encryptHeader

public EncryptedHeader encryptHeader(Policy policy,
                                     byte[] publicKeyBytes,
                                     String encryptionPolicy,
                                     Optional<byte[]> additionalData,
                                     Optional<byte[]> authenticationData)
                              throws CloudproofException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided encryption policy for the given policy. If provided, the additionalData` are symmetrically encrypted and appended to the encrypted header. If provided the `authenticationData` are used as part of the authentication of the symmetric encryption scheme.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

additionalData - the additional data to encrypt and add to the header

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

createDecryptionCache

public int createDecryptionCache(PrivateKey userDecryptionKey)
                          throws CloudproofException

Create an decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up decryption of the header WARN: the cache MUST be destroyed after use with destroyDecryptionCache(int)

Parameters:

userDecryptionKey - the public key to cache

Returns:

the cache handle that can be passed to the decryption routine

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

createDecryptionCache

public int createDecryptionCache(byte[] userDecryptionKeyBytes)
                          throws CloudproofException

Create a decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up the decryption of the header. WARN: the cache MUST be destroyed after use with destroyDecryptionCache(int)

Parameters:

userDecryptionKeyBytes - the public key bytes to cache

Returns:

the cache handle that can be passed to the decryption routine

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

destroyDecryptionCache

public void destroyDecryptionCache(int cacheHandle)
                            throws CloudproofException

Destroy the cache created with createDecryptionCache(byte[])

Parameters:

cacheHandle - the pointer to the cache to destroy

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

decryptHeaderUsingCache

public DecryptedHeader decryptHeaderUsingCache(int cacheHandle,
                                               byte[] encryptedHeaderBytes)
                                        throws CloudproofException

Decrypt a hybrid header using a cache, recovering the symmetric key

Parameters:

cacheHandle - the cache to the user decryption key

encryptedHeaderBytes - the encrypted header

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the key bytes cannot be recovered from the PrivateKey

decryptHeaderUsingCache

public DecryptedHeader decryptHeaderUsingCache(int cacheHandle,
                                               byte[] encryptedHeaderBytes,
                                               int additionalDataLen,
                                               Optional<byte[]> authenticationData)
                                        throws CloudproofException

Decrypt a hybrid header using a cache, recovering the symmetric key, and optionally, the resource UID and additional data

Parameters:

cacheHandle - the cache to the user decryption key

encryptedHeaderBytes - the encrypted header

additionalDataLen - the maximum bytes length of the expected additional data

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

decryptHeader

public DecryptedHeader decryptHeader(PrivateKey userDecryptionKey,
                                     byte[] encryptedHeaderBytes)
                              throws CloudproofException

Decrypt a hybrid header, recovering the symmetric key

Parameters:

userDecryptionKey - the ABE user decryption key

encryptedHeaderBytes - the encrypted header

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the key bytes cannot be recovered from the PrivateKey

decryptHeader

public DecryptedHeader decryptHeader(PrivateKey userDecryptionKey,
                                     byte[] encryptedHeaderBytes,
                                     int additionalDataLen,
                                     Optional<byte[]> authenticationData)
                              throws CloudproofException

Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data

Parameters:

userDecryptionKey - the ABE user decryption key

encryptedHeaderBytes - the encrypted header

additionalDataLen - the maximum bytes length of the expected additional data

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the key bytes cannot be recovered from the PrivateKey

decryptHeader

public DecryptedHeader decryptHeader(byte[] userDecryptionKeyBytes,
                                     byte[] encryptedHeaderBytes)
                              throws CloudproofException

Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data

Parameters:

userDecryptionKeyBytes - the ABE user decryption key bytes

encryptedHeaderBytes - the encrypted header

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

decryptHeader

public DecryptedHeader decryptHeader(byte[] userDecryptionKeyBytes,
                                     byte[] encryptedHeaderBytes,
                                     int additionalDataLen,
                                     Optional<byte[]> authenticationData)
                              throws CloudproofException

Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data

Parameters:

userDecryptionKeyBytes - the ABE user decryption key bytes

encryptedHeaderBytes - the encrypted header

additionalDataLen - the maximum bytes length of the expected additional data

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

symmetricEncryptionOverhead

public int symmetricEncryptionOverhead()

The overhead in bytes (over the clear text) generated by the symmetric encryption scheme (AES 256 GCM)

Returns:

the overhead bytes

encryptBlock

public byte[] encryptBlock(byte[] symmetricKey,
                           byte[] clearText)
                    throws CloudproofException

Symmetrically encrypt a block of clear text data. No resource UID is used for authentication and the block number is assumed to be zero

Parameters:

symmetricKey - The key to use to symmetrically encrypt the block

clearText - the clear text to encrypt

Returns:

the encrypted block

Throws:

CloudproofException - in case of native library error

encryptBlock

public byte[] encryptBlock(byte[] symmetricKey,
                           byte[] authenticationData,
                           byte[] clearText)
                    throws CloudproofException

Symmetrically encrypt a block of clear text data. The UID and Block Number are part of the AEAD of the symmetric scheme.

Parameters:

symmetricKey - The key to use to symmetrically encrypt the block

authenticationData - The associated Data used to authenticate the symmetric encryption

clearText - the clear text to encrypt

Returns:

the encrypted block

Throws:

CloudproofException - in case of native library error

decryptBlock

public byte[] decryptBlock(byte[] symmetricKey,
                           byte[] encryptedBytes)
                    throws CloudproofException

Symmetrically decrypt a block of encrypted data. No resource UID is used for authentication and the block number is assumed to be zero

Parameters:

symmetricKey - the symmetric key to use

encryptedBytes - the encrypted block bytes

Returns:

the clear text bytes

Throws:

CloudproofException - in case of native library error

decryptBlock

public byte[] decryptBlock(byte[] symmetricKey,
                           byte[] authenticationData,
                           byte[] encryptedBytes)
                    throws CloudproofException

Symmetrically decrypt a block of encrypted data. The resource UID and block Number must match those supplied on encryption or decryption will fail.

Parameters:

symmetricKey - the symmetric key to use

authenticationData - The associated Data used to authenticate the symmetric encryption

encryptedBytes - the encrypted block bytes

Returns:

the clear text bytes

Throws:

CloudproofException - in case of native library error

generateMasterKeys

public MasterKeys generateMasterKeys(Policy policy)
                              throws CloudproofException

Generate the master private and public keys using the ABE policy

Parameters:

policy - the policy to use

Returns:

the master private and public keys in raw bytes

Throws:

CloudproofException - in case of native library error

generateUserPrivateKey

public byte[] generateUserPrivateKey(byte[] masterPrivateKey,
                                     String booleanAccessPolicy,
                                     Policy policy)
                              throws CloudproofException

Generate the user private key

Parameters:

masterPrivateKey - the master private key in bytes

booleanAccessPolicy - the access policy of the user private key as an boolean expression

policy - the ABE policy

Returns:

the corresponding user private key

Throws:

CloudproofException - in case of native library error

generateUserPrivateKey

public byte[] generateUserPrivateKey(byte[] masterPrivateKey,
                                     AccessPolicy accessPolicy,
                                     Policy policy)
                              throws CloudproofException

Generate the user private key

Parameters:

masterPrivateKey - the master private key in bytes

accessPolicy - the access policy of the user private key as an AccessPolicy instance

policy - the ABE policy

Returns:

the corresponding user private key

Throws:

CloudproofException - in case of native library error

rotateAttributes

public Policy rotateAttributes(Attr[] attributes,
                               Policy policy)
                        throws CloudproofException,
                               com.fasterxml.jackson.core.exc.StreamReadException,
                               com.fasterxml.jackson.databind.DatabindException,
                               IOException

Rotate attributes, changing their underlying value with that of an unused slot

Parameters:

attributes: - a list of attributes to rotate

policy: - the current policy returns the new Policy

Returns:

the new policy

Throws:

CloudproofException - in case of native library error

IOException - standard IO exceptions

com.fasterxml.jackson.databind.DatabindException - standard databind exceptions

com.fasterxml.jackson.core.exc.StreamReadException - stream read exceptions

unwrap

public int unwrap(int result)
           throws CloudproofException

If the result of the last FFI call is in Error, recover the last error from the native code and throw an exception wrapping it.

Parameters:

result - the result of the FFI call

Returns:

the result if it is different from 1

Throws:

CloudproofException - in case of native library error (result is 1)

encrypt

public byte[] encrypt(Policy policy,
                      byte[] publicKeyBytes,
                      String encryptionPolicy,
                      byte[] plaintext)
               throws CloudproofException

Generate an hybrid encryption of a plaintext.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

plaintext - the plaintext to encrypt

Returns:

the ciphertext

Throws:

CloudproofException - in case of native library error

encrypt

public byte[] encrypt(Policy policy,
                      byte[] publicKeyBytes,
                      String encryptionPolicy,
                      byte[] plaintext,
                      byte[] authenticationData)
               throws CloudproofException

Generate an hybrid encryption of a plaintext. The `authenticationData` are used as part of the authentication of the symmetric encryption scheme.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

plaintext - the plaintext to encrypt

authenticationData - data used to authenticate the symmetric encryption

Returns:

the ciphertext

Throws:

CloudproofException - in case of native library error

encrypt

public byte[] encrypt(Policy policy,
                      byte[] publicKeyBytes,
                      String encryptionPolicy,
                      byte[] plaintext,
                      byte[] authenticationData,
                      byte[] headerMetadata)
               throws CloudproofException

Generate an hybrid encryption of a plaintext. The `authenticationData` are used as part of the authentication of the symmetric encryption scheme.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

plaintext - the plaintext to encrypt

authenticationData - data used to authenticate the symmetric encryption

headerMetadata - additional data to encrypt and add to the header

Returns:

the ciphertext

Throws:

CloudproofException - in case of native library error

decrypt

public DecryptedData decrypt(byte[] userDecryptionKeyBytes,
                             byte[] ciphertext)
                      throws CloudproofException

Decrypt a hybrid encryption

Parameters:

userDecryptionKeyBytes - the ABE user decryption key bytes

ciphertext - the ciphertext to decrypt

Returns:

the DecryptedData containing the plaintext and optional header metadata

Throws:

CloudproofException - in case of native library error

decrypt

public DecryptedData decrypt(byte[] userDecryptionKeyBytes,
                             byte[] ciphertext,
                             byte[] authenticationData)
                      throws CloudproofException

Decrypt a hybrid encryption

Parameters:

userDecryptionKeyBytes - the ABE user decryption key bytes

ciphertext - the ciphertext to decrypt

authenticationData - data used to authenticate the symmetric encryption

Returns:

the DecryptedData containing the plaintext and optional header metadata

Throws:

CloudproofException - in case of native library error

booleanAccessPolicyToJson

public String booleanAccessPolicyToJson(String booleanExpression)
                                 throws CloudproofException

Convert a boolean access policy expression to JSON that can be used in KMIP calls to create user decryption keys.

Parameters:

booleanExpression - access policy in the form of a boolean expression

Returns:

the JSON expression as a String

Throws:

CloudproofException - in case of native library error