in src/main/java/com/amazonaws/encryptionsdk/internal/JceKeyCipher.java [66:109]
abstract WrappingData buildWrappingCipher(Key key, Map<String, String> encryptionContext)
throws GeneralSecurityException;
abstract Cipher buildUnwrappingCipher(
Key key, byte[] extraInfo, int offset, Map<String, String> encryptionContext)
throws GeneralSecurityException;
/**
* Encrypts the given key, incorporating the given keyName and encryptionContext.
*
* @param key The key to encrypt.
* @param keyName A UTF-8 encoded representing a name for the key.
* @param keyNamespace A UTF-8 encoded value that namespaces the key.
* @param encryptionContext A key-value mapping of arbitrary, non-secret, UTF-8 encoded strings
* used during encryption and decryption to provide additional authenticated data (AAD).
* @return The encrypted data key.
*/
public EncryptedDataKey encryptKey(
final byte[] key,
final String keyName,
final String keyNamespace,
final Map<String, String> encryptionContext) {
final byte[] keyNameBytes = keyName.getBytes(KEY_NAME_ENCODING);
try {
final JceKeyCipher.WrappingData wData = buildWrappingCipher(wrappingKey, encryptionContext);
final Cipher cipher = wData.cipher;
final byte[] encryptedKey = cipher.doFinal(key);
final byte[] provInfo;
if (wData.extraInfo.length == 0) {
provInfo = keyNameBytes;
} else {
provInfo = new byte[keyNameBytes.length + wData.extraInfo.length];
System.arraycopy(keyNameBytes, 0, provInfo, 0, keyNameBytes.length);
System.arraycopy(wData.extraInfo, 0, provInfo, keyNameBytes.length, wData.extraInfo.length);
}
return new KeyBlob(keyNamespace, provInfo, encryptedKey);
} catch (final GeneralSecurityException gsex) {
throw new AwsCryptoException(gsex);
}
}