- Enclosing class:
- KEM
KEM.newDecapsulator(java.security.PrivateKey) on the KEM
 receiver side.
 
 This class represents the key decapsulation function of a KEM.
 An invocation of the decapsulate method recovers the
 secret key from the key encapsulation message.
- Since:
- 21
- 
Method SummaryModifier and TypeMethodDescriptiondecapsulate(byte[] encapsulation) The key decapsulation function.decapsulate(byte[] encapsulation, int from, int to, String algorithm) The key decapsulation function.intReturns the size of the key encapsulation message.Returns the name of the provider.intReturns the size of the shared secret.
- 
Method Details- 
providerNameReturns the name of the provider.- Returns:
- the name of the provider
 
- 
decapsulateThe key decapsulation function.This method is equivalent to decapsulate(encapsulation, 0, secretSize(), "Generic"). This combination of arguments must be supported by every implementation.The generated secret key is usually passed to a key derivation function (KDF) as the input keying material. - Parameters:
- encapsulation- the key encapsulation message from the sender. The size must be equal to the value returned by- encapsulationSize(), or a- DecapsulateExceptionwill be thrown.
- Returns:
- the shared secret as a SecretKeywith an algorithm name of "Generic"
- Throws:
- DecapsulateException- if an error occurs during the decapsulation process
- NullPointerException- if- encapsulationis- null
 
- 
decapsulatepublic SecretKey decapsulate(byte[] encapsulation, int from, int to, String algorithm) throws DecapsulateException The key decapsulation function.An invocation of this method recovers the secret key from the key encapsulation message. An implementation may choose to not support arbitrary combinations of from,to, andalgorithm.- Parameters:
- encapsulation- the key encapsulation message from the sender. The size must be equal to the value returned by- encapsulationSize(), or a- DecapsulateExceptionwill be thrown.
- from- the initial index of the shared secret byte array to be returned, inclusive
- to- the final index of the shared secret byte array to be returned, exclusive
- algorithm- the algorithm name for the secret key that is returned
- Returns:
- a portion of the shared secret as a SecretKeycontaining the bytes of the secret ranging fromfromtoto, exclusive, and an algorithm name as specified. For example,decapsulate(encapsulation, secretSize() - 16, secretSize(), "AES")uses the last 16 bytes of the shared secret as a 128-bit AES key.
- Throws:
- DecapsulateException- if an error occurs during the decapsulation process
- IndexOutOfBoundsException- if- from < 0,- from > to, or- to > secretSize()
- NullPointerException- if- encapsulationor- algorithmis- null
- UnsupportedOperationException- if the combination of- from,- to, and- algorithmis not supported by the decapsulator
 
- 
secretSizepublic int secretSize()Returns the size of the shared secret.This method can be called to find out the length of the shared secret before decapsulateis called or if the obtainedSecretKeyis not extractable.- Returns:
- the size of the shared secret
 
- 
encapsulationSizepublic int encapsulationSize()Returns the size of the key encapsulation message.This method can be used to extract the encapsulation message from a longer byte array if no length information is provided by a higher level protocol. - Returns:
- the size of the key encapsulation message
 
 
-