Class EcdhEngine

java.lang.Object
cloud.opencode.base.crypto.keyexchange.EcdhEngine
All Implemented Interfaces:
KeyExchangeEngine
public final class EcdhEngine extends Object implements KeyExchangeEngine
ECDH (Elliptic Curve Diffie-Hellman) key exchange engine ECDH 密钥协商引擎 - 椭圆曲线 Diffie-Hellman 密钥交换

Features | 主要功能:

  • ECDH key exchange with NIST curves - ECDH 密钥交换(NIST 曲线)
  • P-256, P-384, P-521 support - P-256、P-384、P-521 支持

Usage Examples | 使用示例:

EcdhEngine engine = EcdhEngine.p256();
KeyPair kp = engine.generateKeyPair();
byte[] shared = engine.computeSharedSecret(kp.getPrivate(), peerPubKey);

Security | 安全性:

  • Thread-safe: No - 线程安全: 否
  • Null-safe: Yes - 空值安全: 是
Since:
JDK 25, opencode-base-crypto V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    static byte[]
    agree(PrivateKey myPrivateKey, PublicKey theirPublicKey)
    Performs ECDH key agreement between two parties (static method) 执行两方之间的 ECDH 密钥协商(静态方法)
    static byte[]
    agreeAndDerive(PrivateKey myPrivateKey, PublicKey theirPublicKey, byte[] info, int keyLength)
    Performs ECDH key agreement and derives key material using HKDF (static method) 执行 ECDH 密钥协商并使用 HKDF 派生密钥材料(静态方法)
    byte[]
    computeSharedSecret()
    Computes the shared secret using the configured keys 使用配置的密钥计算共享密钥
    byte[]
    deriveKey(byte[] info, int length)
    Derives key material from the shared secret using HKDF 使用 HKDF 从共享密钥派生密钥材料
    KeyPair
    generateKeyPair()
    Generates a new key pair for the key exchange 为密钥交换生成新的密钥对
    String
    getAlgorithm()
    Gets the algorithm name of this key exchange engine 获取密钥交换引擎的算法名称
    CurveType
    getCurve()
    Gets the curve type used by this engine 获取此引擎使用的曲线类型
    static EcdhEngine
    p256()
    Creates an ECDH engine with NIST P-256 curve 创建使用 NIST P-256 曲线的 ECDH 引擎
    static EcdhEngine
    p384()
    Creates an ECDH engine with NIST P-384 curve 创建使用 NIST P-384 曲线的 ECDH 引擎
    static EcdhEngine
    p521()
    Creates an ECDH engine with NIST P-521 curve 创建使用 NIST P-521 曲线的 ECDH 引擎
    EcdhEngine
    setPrivateKey(PrivateKey privateKey)
    Sets the private key for this party 设置本方的私钥
    EcdhEngine
    setRemotePublicKey(PublicKey publicKey)
    Sets the remote party's public key 设置对方的公钥
    static EcdhEngine
    withCurve(CurveType curve)
    Creates an ECDH engine with the specified curve 创建使用指定曲线的 ECDH 引擎
    static EcdhEngine
    withGeneratedKeyPair(CurveType curve)
    Creates an ECDH engine with the specified curve and generates a key pair 创建使用指定曲线的 ECDH 引擎并生成密钥对

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • p256

      public static EcdhEngine p256()
      Creates an ECDH engine with NIST P-256 curve 创建使用 NIST P-256 曲线的 ECDH 引擎
      Returns:
      new ECDH engine instance

    • p384

      public static EcdhEngine p384()
      Creates an ECDH engine with NIST P-384 curve 创建使用 NIST P-384 曲线的 ECDH 引擎
      Returns:
      new ECDH engine instance

    • p521

      public static EcdhEngine p521()
      Creates an ECDH engine with NIST P-521 curve 创建使用 NIST P-521 曲线的 ECDH 引擎
      Returns:
      new ECDH engine instance

    • withCurve

      public static EcdhEngine withCurve(CurveType curve)
      Creates an ECDH engine with the specified curve 创建使用指定曲线的 ECDH 引擎
      Parameters:
      curve - the elliptic curve to use
      Returns:
      new ECDH engine instance
      Throws:
      NullPointerException - if curve is null
      IllegalArgumentException - if curve is not supported for ECDH

    • withGeneratedKeyPair

      public static EcdhEngine withGeneratedKeyPair(CurveType curve)
      Creates an ECDH engine with the specified curve and generates a key pair 创建使用指定曲线的 ECDH 引擎并生成密钥对
      Parameters:
      curve - the elliptic curve to use
      Returns:
      new ECDH engine instance with generated key pair
      Throws:
      NullPointerException - if curve is null
      IllegalArgumentException - if curve is not supported for ECDH

    • agree

      public static byte[] agree(PrivateKey myPrivateKey, PublicKey theirPublicKey)
      Performs ECDH key agreement between two parties (static method) 执行两方之间的 ECDH 密钥协商(静态方法)
      Parameters:
      myPrivateKey - the local private key
      theirPublicKey - the remote public key
      Returns:
      the shared secret
      Throws:
      NullPointerException - if any key is null

    • agreeAndDerive

      public static byte[] agreeAndDerive(PrivateKey myPrivateKey, PublicKey theirPublicKey, byte[] info, int keyLength)
      Performs ECDH key agreement and derives key material using HKDF (static method) 执行 ECDH 密钥协商并使用 HKDF 派生密钥材料(静态方法)
      Parameters:
      myPrivateKey - the local private key
      theirPublicKey - the remote public key
      info - optional context information for key derivation
      keyLength - desired key length in bytes
      Returns:
      derived key material
      Throws:
      NullPointerException - if any required parameter is null
      IllegalArgumentException - if keyLength is invalid

    • generateKeyPair

      public KeyPair generateKeyPair()
      Description copied from interface: KeyExchangeEngine
      Generates a new key pair for the key exchange 为密钥交换生成新的密钥对
      Specified by:
      generateKeyPair in interface KeyExchangeEngine
      Returns:
      a new key pair

    • setPrivateKey

      public EcdhEngine setPrivateKey(PrivateKey privateKey)
      Description copied from interface: KeyExchangeEngine
      Sets the private key for this party 设置本方的私钥
      Specified by:
      setPrivateKey in interface KeyExchangeEngine
      Parameters:
      privateKey - the private key to use
      Returns:
      this engine for method chaining

    • setRemotePublicKey

      public EcdhEngine setRemotePublicKey(PublicKey publicKey)
      Description copied from interface: KeyExchangeEngine
      Sets the remote party's public key 设置对方的公钥
      Specified by:
      setRemotePublicKey in interface KeyExchangeEngine
      Parameters:
      publicKey - the remote public key
      Returns:
      this engine for method chaining

    • computeSharedSecret

      public byte[] computeSharedSecret()
      Description copied from interface: KeyExchangeEngine
      Computes the shared secret using the configured keys 使用配置的密钥计算共享密钥
      Specified by:
      computeSharedSecret in interface KeyExchangeEngine
      Returns:
      the raw shared secret bytes

    • deriveKey

      public byte[] deriveKey(byte[] info, int length)
      Description copied from interface: KeyExchangeEngine
      Derives key material from the shared secret using HKDF 使用 HKDF 从共享密钥派生密钥材料
      Specified by:
      deriveKey in interface KeyExchangeEngine
      Parameters:
      info - optional context and application specific information (can be null)
      length - desired key length in bytes
      Returns:
      derived key material

    • getAlgorithm

      public String getAlgorithm()
      Description copied from interface: KeyExchangeEngine
      Gets the algorithm name of this key exchange engine 获取密钥交换引擎的算法名称
      Specified by:
      getAlgorithm in interface KeyExchangeEngine
      Returns:
      the algorithm name

    • getCurve

      public CurveType getCurve()
      Gets the curve type used by this engine 获取此引擎使用的曲线类型
      Returns:
      the curve type