Class HKDFParameterSpec.Builder
- Enclosing interface:
HKDFParameterSpec
Builder builds Extract and ExtractThenExpand
objects.
The Builder is initialized via the ofExtract method of
HKDFParameterSpec. As stated in the class description,
addIKM and/or addSalt may be called as needed. Finally,
an object is "built" by calling either extractOnly or
thenExpand for Extract and ExtractThenExpand
use-cases respectively. Note that the Builder is not
thread-safe.
- Since:
- 25
-
Method Summary
Modifier and TypeMethodDescriptionaddIKM(byte[] ikm) Adds input keying material (IKM) to the builder.Adds input keying material (IKM) to the builder.addSalt(byte[] salt) Adds a salt to the builder.Adds a salt to the builder.Builds anExtractobject from the current state of theBuilder.thenExpand(byte[] info, int length) Builds anExtractThenExpandobject from the current state of theBuilder.
-
Method Details
-
extractOnly
Builds anExtractobject from the current state of theBuilder.- Returns:
- an immutable
Extractobject
-
thenExpand
Builds anExtractThenExpandobject from the current state of theBuilder.- Implementation Note:
- HKDF implementations will enforce that the length is not greater than 255 * HMAC length. HKDF implementations will also enforce that a {code null} info value is treated as zero-length byte array.
- Parameters:
info- the optional context and application specific information (may benull); the byte array is cloned to prevent subsequent modificationlength- the length of the output keying material (must be greater than 0)- Returns:
- an immutable
ExtractThenExpandobject - Throws:
IllegalArgumentException- iflengthis not greater than 0
-
addIKM
Adds input keying material (IKM) to the builder.Users may call
addIKMmultiple times when the input keying material value is to be assembled piece-meal or if part of the IKM is to be supplied by a hardware crypto device. Theikms()method of theExtractorExtractThenExpandobject that is subsequently built returns the assembled input keying material as a list ofSecretKeyobjects.- Parameters:
ikm- the input keying material (IKM) value- Returns:
- this builder
- Throws:
NullPointerException- if theikmargument is null
-
addIKM
Adds input keying material (IKM) to the builder. Note that anikmbyte array of length zero will be discarded.Users may call
addIKMmultiple times when the input keying material value is to be assembled piece-meal or if part of the IKM is to be supplied by a hardware crypto device. Theikms()method of theExtractorExtractThenExpandobject that is subsequently built returns the assembled input keying material as a list ofSecretKeyobjects.- Parameters:
ikm- the input keying material (IKM) value; theikmbyte array will be converted to aSecretKeySpec, which means that the byte array will be cloned inside theSecretKeySpecconstructor- Returns:
- this builder
- Throws:
NullPointerException- if theikmargument is null
-
addSalt
Adds a salt to the builder.Users may call
addSaltmultiple times when the salt value is to be assembled piece-meal or if part of the salt is to be supplied by a hardware crypto device. Thesalts()method of theExtractorExtractThenExpandobject that is subsequently built returns the assembled salt as a list ofSecretKeyobjects.- Parameters:
salt- the salt value- Returns:
- this builder
- Throws:
NullPointerException- if thesaltis null
-
addSalt
Adds a salt to the builder. Note that asaltbyte array of length zero will be discarded.Users may call
addSaltmultiple times when the salt value is to be assembled piece-meal or if part of the salt is to be supplied by a hardware crypto device. Thesalts()method of theExtractorExtractThenExpandobject that is subsequently built returns the assembled salt as a list ofSecretKeyobjects.- Parameters:
salt- the salt value; thesaltbyte array will be converted to aSecretKeySpec, which means that the byte array will be cloned inside theSecretKeySpecconstructor- Returns:
- this builder
- Throws:
NullPointerException- if thesaltis null
-