KEM
 class. A security provider implements this interface to provide an
 implementation of a Key Encapsulation Mechanism (KEM) algorithm.
 
 A KEM algorithm may support a family of configurations. Each configuration
 may accept different types of keys, cryptographic primitives, and sizes of
 shared secrets and key encapsulation messages. A configuration is defined
 by the KEM algorithm name, the key it uses, and an optional
 AlgorithmParameterSpec argument that is specified when creating
 an encapsulator or decapsulator. The result of calling
 engineNewEncapsulator(java.security.PublicKey, java.security.spec.AlgorithmParameterSpec, java.security.SecureRandom) or engineNewDecapsulator(java.security.PrivateKey, java.security.spec.AlgorithmParameterSpec) must return
 an encapsulator or decapsulator that maps to a single configuration,
 where its engineSecretSize() and engineEncapsulationSize()
 methods return constant values.
 
 A KEMSpi implementation must be immutable. It must be safe to
 call multiple engineNewEncapsulator and engineNewDecapsulator
 methods at the same time.
 
 EncapsulatorSpi and DecapsulatorSpi implementations must also
 be immutable. It must be safe to invoke multiple encapsulate and
 decapsulate methods at the same time. Each invocation of
 encapsulate should generate a new shared secret and key
 encapsulation message.
 
For example,
public static class MyKEMImpl implements KEMSpi {
    @Override
    public KEMSpi.EncapsulatorSpi engineNewEncapsulator(PublicKey publicKey,
            AlgorithmParameterSpec spec, SecureRandom secureRandom)
            throws InvalidAlgorithmParameterException, InvalidKeyException {
        if (!checkPublicKey(publicKey)) {
            throw new InvalidKeyException("unsupported key");
        }
        if (!checkParameters(spec)) {
            throw new InvalidAlgorithmParameterException("unsupported params");
        }
        return new MyEncapsulator(publicKey, spec, secureRandom);
    }
    class MyEncapsulator implements KEMSpi.EncapsulatorSpi {
        MyEncapsulator(PublicKey publicKey, AlgorithmParameterSpec spec,
                SecureRandom secureRandom){
            this.spec = spec != null ? spec : getDefaultParameters();
            this.secureRandom = secureRandom != null
                    ? secureRandom
                    : getDefaultSecureRandom();
            this.publicKey = publicKey;
        }
        @Override
        public KEM.Encapsulated encapsulate(int from, int to, String algorithm) {
            byte[] encapsulation;
            byte[] secret;
            // calculating...
            return new KEM.Encapsulated(
                    new SecretKeySpec(secret, from, to - from, algorithm),
                    encapsulation, null);
        }
        // ...
    }
    // ...
}
- Since:
- 21
- See Also:
- 
Nested Class SummaryNested ClassesModifier and TypeInterfaceDescriptionstatic interfaceThe KEM decapsulator implementation, generated byengineNewDecapsulator(java.security.PrivateKey, java.security.spec.AlgorithmParameterSpec)on the KEM receiver side.static interfaceThe KEM encapsulator implementation, generated byengineNewEncapsulator(java.security.PublicKey, java.security.spec.AlgorithmParameterSpec, java.security.SecureRandom)on the KEM sender side.
- 
Method SummaryModifier and TypeMethodDescriptionengineNewDecapsulator(PrivateKey privateKey, AlgorithmParameterSpec spec) Creates a KEM decapsulator on the KEM receiver side.engineNewEncapsulator(PublicKey publicKey, AlgorithmParameterSpec spec, SecureRandom secureRandom) Creates a KEM encapsulator on the KEM sender side.
- 
Method Details- 
engineNewEncapsulatorKEMSpi.EncapsulatorSpi engineNewEncapsulator(PublicKey publicKey, AlgorithmParameterSpec spec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException, InvalidKeyException Creates a KEM encapsulator on the KEM sender side.- Parameters:
- publicKey- the receiver's public key, must not be- null
- spec- the optional parameter, can be- null
- secureRandom- the source of randomness for encapsulation. If- null, the implementation must provide a default one.
- Returns:
- the encapsulator for this key
- Throws:
- InvalidAlgorithmParameterException- if- specis invalid or one is required but- specis- null
- InvalidKeyException- if- publicKeyis- nullor invalid
- See Also:
 
- 
engineNewDecapsulatorKEMSpi.DecapsulatorSpi engineNewDecapsulator(PrivateKey privateKey, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException, InvalidKeyException Creates a KEM decapsulator on the KEM receiver side.- Parameters:
- privateKey- the receiver's private key, must not be- null
- spec- the optional parameter, can be- null
- Returns:
- the decapsulator for this key
- Throws:
- InvalidAlgorithmParameterException- if- specis invalid or one is required but- specis- null
- InvalidKeyException- if- privateKeyis- nullor invalid
- See Also:
 
 
-