/** * Generates and returns the content encryption material with the given kek material and security * providers. */ protected final ContentCryptoMaterial newContentCryptoMaterial( EncryptionMaterialsProvider kekMaterialProvider, Provider provider) { // Generate a one-time use symmetric key and initialize a cipher to encrypt object data SecretKey cek = generateCEK(); // Randomly generate the IV byte[] iv = new byte[contentCryptoScheme.getIVLengthInBytes()]; cryptoScheme.getSecureRandom().nextBytes(iv); // Encrypt the envelope symmetric key EncryptionMaterials kekMaterials = kekMaterialProvider.getEncryptionMaterials(); SecuredCEK cekSecured = secureCEK(cek, kekMaterials, provider); // Return a new instruction with the appropriate fields. return new ContentCryptoMaterial( kekMaterials.getMaterialsDescription(), cekSecured.encrypted, cekSecured.keyWrapAlgorithm, contentCryptoScheme.createCipherLite(cek, iv, Cipher.ENCRYPT_MODE, provider)); }