com.google.crypto.tink.subtle

Class XChaCha20Poly1305

java.lang.Object

com.google.crypto.tink.subtle.XChaCha20Poly1305

All Implemented Interfaces:

Aead

public final class XChaCha20Poly1305
extends Object

XChaCha20Poly1305 AEAD construction, as described in https://tools.ietf.org/html/draft-arciszewski-xchacha-01.

Constructor Summary

Constructors

Constructor and Description
XChaCha20Poly1305(byte[] key)

Method Summary

Modifier and Type	Method and Description
byte[]	decrypt(byte[] ciphertext, byte[] associatedData) Decryptes ciphertext with the following format: nonce || actual_ciphertext || tag
byte[]	encrypt(byte[] plaintext, byte[] associatedData) Encrypts the plaintext with Poly1305 authentication based on associatedData.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XChaCha20Poly1305

public XChaCha20Poly1305(byte[] key)
                  throws InvalidKeyException

Throws:

InvalidKeyException

Method Detail

encrypt

public byte[] encrypt(byte[] plaintext,
                      byte[] associatedData)
               throws GeneralSecurityException

Encrypts the plaintext with Poly1305 authentication based on associatedData.

Please note that nonce is randomly generated hence keys need to be rotated after encrypting a certain number of messages depending on the nonce size of the underlying ChaCha20Base.

Specified by:

encrypt in interface Aead

Parameters:

plaintext - data to encrypt

associatedData - associated authenticated data

Returns:

ciphertext with the following format nonce || actual_ciphertext || tag

Throws:

GeneralSecurityException

decrypt

public byte[] decrypt(byte[] ciphertext,
                      byte[] associatedData)
               throws GeneralSecurityException

Decryptes ciphertext with the following format: nonce || actual_ciphertext || tag

Specified by:

decrypt in interface Aead

Parameters:

ciphertext - with format nonce || actual_ciphertext || tag

associatedData - associated authenticated data

Returns:

plaintext if authentication is successful.

Throws:

GeneralSecurityException - when ciphertext is shorter than nonce size + tag size or when computed tag based on ciphertext and associatedData does not match the tag given in ciphertext.