com.google.crypto.tink.aead

Class ChaCha20Poly1305Key

java.lang.Object

com.google.crypto.tink.Key

com.google.crypto.tink.aead.AeadKey

com.google.crypto.tink.aead.ChaCha20Poly1305Key

@Alpha
 @Immutable
public final class ChaCha20Poly1305Key
extends AeadKey

Represents the Aead ChaCha20-Poly1305 specified in RFC 8439.

ChaCha20-Poly1305 allows no parameters; hence the main part here is really just the keys. However, Tink allows prefixing every ciphertext with an ID-dependent prefix, see ChaCha20Poly1305Parameters.Variant.

Method Summary

Modifier and Type	Method and Description
static ChaCha20Poly1305Key	create(ChaCha20Poly1305Parameters.Variant variant, SecretBytes secretBytes, Integer idRequirement)
static ChaCha20Poly1305Key	create(SecretBytes secretBytes)
boolean	equalsKey(Key o) Returns true if the key is equal to the passed in key.
Integer	getIdRequirementOrNull() Returns null if this key has no id requirement, otherwise the required id.
SecretBytes	getKeyBytes()
Bytes	getOutputPrefix() Returns a Bytes instance which is prefixed to the ciphertext.
ChaCha20Poly1305Parameters	getParameters() Returns the parameters of this key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getOutputPrefix

public Bytes getOutputPrefix()

Description copied from class: AeadKey

Returns a Bytes instance which is prefixed to the ciphertext.

In order to make key rotation more efficient, Tink allows every Aead key to be prefixed with a sequence of bytes. When decrypting data, only keys with matching prefix have to be tried.

Note that a priori, the output prefix may not be unique in a keyset (i.e., different keys in a keyset may have the same prefix or, one prefix may be a prefix of the other). To avoid this, built in Tink keys use the convention that the prefix is either '0x00' or '0x01'. See the Tink keys for details.

Specified by:

getOutputPrefix in class AeadKey

create

public static ChaCha20Poly1305Key create(SecretBytes secretBytes)
                                  throws GeneralSecurityException

Throws:

GeneralSecurityException

create

public static ChaCha20Poly1305Key create(ChaCha20Poly1305Parameters.Variant variant,
                                         SecretBytes secretBytes,
                                         @Nullable
                                         Integer idRequirement)
                                  throws GeneralSecurityException

Throws:

GeneralSecurityException

getKeyBytes

public SecretBytes getKeyBytes()

getParameters

public ChaCha20Poly1305Parameters getParameters()

Description copied from class: AeadKey

Returns the parameters of this key.

Specified by:

getParameters in class AeadKey

getIdRequirementOrNull

@Nullable
public Integer getIdRequirementOrNull()

Description copied from class: Key

Returns null if this key has no id requirement, otherwise the required id.

Some keys, when they are in a keyset, are required to have a certain ID to work properly. This comes from the fact that Tink in some cases prefixes ciphertexts or signatures with the string 0x01<id>, where the ID is encoded in big endian (see the documentation of the key type for details), in which case the key requires a certain ID.

Specified by:

getIdRequirementOrNull in class Key

equalsKey

public boolean equalsKey(Key o)

Description copied from class: Key

Returns true if the key is equal to the passed in key.

Implementations are required to do this in constant time.

Note: Tink Key objects should typically not override hashCode (because it could risk leaking key material). Hence, they typically also should not override equals.

Specified by:

equalsKey in class Key