这是indexloc提供的服务,不要输入任何密码
Skip to content

BAEL-6958: Key Encapsulation Mechanism API in Java #18919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 18, 2025
+89 −0
Merged

BAEL-6958: Key Encapsulation Mechanism API in Java #18919

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9855fd9
#BAEL-6958: add KemUtils main source
hmdrzsharifi Nov 7, 2025
f6134b2
#BAEL-6958: add test source
hmdrzsharifi Nov 7, 2025
19a5292
#BAEL-6958: add Java 21 support
hmdrzsharifi Nov 7, 2025
e059aa7
#BAEL-6958: reformat code
hmdrzsharifi Nov 10, 2025
f844f47
#BAEL-6958: change Test class name
hmdrzsharifi Nov 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions core-java-modules/core-java-security-5/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,14 @@
</environmentVariables>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>21</source>
<target>21</target>
</configuration>
</plugin>
</plugins>
</build>

Expand Down
28 changes: 28 additions & 0 deletions core-java-modules/core-java-security-5/src/main/java/com/baeldung/kem/KemUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package com.baeldung.kem;

import java.security.PrivateKey;
import java.security.PublicKey;

import javax.crypto.KEM;
import javax.crypto.SecretKey;

public class KemUtils {

public record KemResult(SecretKey sharedSecret, byte[] encapsulation) {}

public static KemResult encapsulate(String algorithm, PublicKey publicKey) throws Exception {
KEM kem = KEM.getInstance(algorithm);
KEM.Encapsulator encapsulator = kem.newEncapsulator(publicKey);
KEM.Encapsulated result = encapsulator.encapsulate();
return new KemResult(result.key(), result.encapsulation());
}

public static KemResult decapsulate(String algorithm, PrivateKey privateKey, byte[] encapsulation)
throws Exception {
KEM kem = KEM.getInstance(algorithm);
KEM.Decapsulator decapsulator = kem.newDecapsulator(privateKey);
SecretKey recoveredSecret = decapsulator.decapsulate(encapsulation);
return new KemResult(recoveredSecret, encapsulation);
}

}
53 changes: 53 additions & 0 deletions core-java-modules/core-java-security-5/src/test/java/com/baeldung/kem/KemUtilsUnitTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
package com.baeldung.kem;

import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;

import java.security.KeyPair;
import java.security.KeyPairGenerator;

import javax.crypto.SecretKey;

import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

public class KemUtilsUnitTest {
private static KeyPair keyPair;
public static final String KEM_ALGORITHM = "DHKEM";


@BeforeAll
static void setup() throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519");
keyPair = kpg.generateKeyPair();
}

@Test
void givenKem_whenSenderEncapsulatesAndReceiverDecapsulates_thenSecretsMatch() throws Exception {
KemUtils.KemResult senderResult = KemUtils.encapsulate(KEM_ALGORITHM, keyPair.getPublic());
assertNotNull(senderResult.sharedSecret());
assertNotNull(senderResult.encapsulation());

KemUtils.KemResult receiverResult = KemUtils.decapsulate(KEM_ALGORITHM, keyPair.getPrivate(),
senderResult.encapsulation());

SecretKey senderSecret = senderResult.sharedSecret();
SecretKey receiverSecret = receiverResult.sharedSecret();

assertArrayEquals(senderSecret.getEncoded(), receiverSecret.getEncoded(),
"Shared secrets from sender and receiver must match");
}

@Test
void givenDifferentReceiverKey_whenDecapsulate_thenFails() throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair wrongKeyPair = kpg.generateKeyPair();

KemUtils.KemResult senderResult = KemUtils.encapsulate(KEM_ALGORITHM, keyPair.getPublic());

assertThrows(Exception.class, () ->
KemUtils.decapsulate(KEM_ALGORITHM, wrongKeyPair.getPrivate(), senderResult.encapsulation()));
}

}