public final class AesSiv extends Object implements DeterministicAead
Each AES-SIV key consists of two sub keys. To meet the security requirements of DeterministicAead, each sub key must be 256 bits. The total size of ASE-SIV keys is then 512
bits.
| Modifier and Type | Field and Description |
|---|---|
static TinkFipsUtil.AlgorithmFipsCompatibility |
FIPS |
| Constructor and Description |
|---|
AesSiv(byte[] key) |
| Modifier and Type | Method and Description |
|---|---|
byte[] |
decryptDeterministically(byte[] ciphertext,
byte[] associatedData)
Deterministically decrypts
ciphertext with associatedData as associated
authenticated data. |
byte[] |
encryptDeterministically(byte[] plaintext,
byte[] associatedData)
Deterministically encrypts
plaintext with associatedData as associated
authenticated data. |
public static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS
public AesSiv(byte[] key)
throws GeneralSecurityException
GeneralSecurityExceptionpublic byte[] encryptDeterministically(byte[] plaintext,
byte[] associatedData)
throws GeneralSecurityException
DeterministicAeadplaintext with associatedData as associated
authenticated data.
Warning
Encrypting the same plaintext multiple times protects the integrity of that
plaintext, but confidentiality is compromised to the extent that an attacker can determine that
the same plaintext was encrypted.
The resulting ciphertext allows for checking authenticity and integrity of associated data
(associatedData), but does not guarantee its secrecy.
encryptDeterministically in interface DeterministicAeadGeneralSecurityExceptionpublic byte[] decryptDeterministically(byte[] ciphertext,
byte[] associatedData)
throws GeneralSecurityException
DeterministicAeadciphertext with associatedData as associated
authenticated data.
The decryption verifies the authenticity and integrity of the associated data, but there are no guarantees wrt. secrecy of that data.
decryptDeterministically in interface DeterministicAeadGeneralSecurityException