org.bouncycastle.openpgp.operator
Class PBEKeyEncryptionMethodGenerator

java.lang.Object
  org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator

All Implemented Interfaces:

PGPKeyEncryptionMethodGenerator

Direct Known Subclasses:

BcPBEKeyEncryptionMethodGenerator, JcePBEKeyEncryptionMethodGenerator

public abstract class PBEKeyEncryptionMethodGenerator

extends java.lang.Object

implements PGPKeyEncryptionMethodGenerator

PGP style PBE encryption method.

A pass phrase is used to generate an encryption key using the PGP string-to-key method.

Note that the iteration count provided to this method is a single byte as described by the S2K algorithm, and the actual iteration count ranges exponentially from 0x01 == 1088 to 0xFF == 65,011,712.

Constructor Summary

protected	PBEKeyEncryptionMethodGenerator(char[] passPhrase, PGPDigestCalculator s2kDigestCalculator) Construct a PBE key generator using the default iteration count ( 0x60 == 65536 iterations).
protected	PBEKeyEncryptionMethodGenerator(char[] passPhrase, PGPDigestCalculator s2kDigestCalculator, int s2kCount) Construct a PBE key generator using a specific iteration level.
protected	PBEKeyEncryptionMethodGenerator(char[] passPhrase, S2K.Argon2Params params) Construct a PBE key generator using Argon2 as S2K mechanism.

Method Summary

protected abstract byte[]	encryptSessionInfo(int encAlgorithm, byte[] key, byte[] sessionInfo)
ContainedPacket	generate(PGPDataEncryptorBuilder dataEncryptorBuilder, byte[] sessionKey) Generates a version 4 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted session-key for this method.
protected abstract byte[]	generateV6KEK(int kekAlgorithm, byte[] ikm, byte[] info)
protected abstract byte[]	getEskAndTag(int kekAlgorithm, int aeadAlgorithm, byte[] sessionKey, byte[] key, byte[] iv, byte[] info)
byte[]	getKey(int encAlgorithm) Generate a key for a symmetric encryption algorithm using the PBE configuration in this method.
int	getSessionKeyWrapperAlgorithm(int defaultWrapAlg) Return the key wrapping algorithm this PBE key method is associated with.
PBEKeyEncryptionMethodGenerator	setSecureRandom(java.security.SecureRandom random) Sets a user defined source of randomness.
PBEKeyEncryptionMethodGenerator	setSessionKeyWrapperAlgorithm(int wrapAlg) Set a specific algorithm to be used where this PBE method generator is used to wrap a session key for encrypting data, rather than providing the encryption key for the data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PBEKeyEncryptionMethodGenerator

protected PBEKeyEncryptionMethodGenerator(char[] passPhrase,
                                          PGPDigestCalculator s2kDigestCalculator)

Construct a PBE key generator using the default iteration count ( 0x60 == 65536 iterations).

Parameters:

passPhrase - the pass phrase to encrypt with.

s2kDigestCalculator - a digest calculator to use in the string-to-key function.

PBEKeyEncryptionMethodGenerator

protected PBEKeyEncryptionMethodGenerator(char[] passPhrase,
                                          S2K.Argon2Params params)

Construct a PBE key generator using Argon2 as S2K mechanism.

Parameters:

passPhrase - passphrase

params - argon2 parameters

PBEKeyEncryptionMethodGenerator

protected PBEKeyEncryptionMethodGenerator(char[] passPhrase,
                                          PGPDigestCalculator s2kDigestCalculator,
                                          int s2kCount)

Construct a PBE key generator using a specific iteration level.

Parameters:

passPhrase - the pass phrase to encrypt with.

s2kDigestCalculator - a digest calculator to use in the string-to-key function.

s2kCount - a single byte S2K iteration count specifier, which is translated to an actual iteration count by the S2K class.

Method Detail

setSecureRandom

public PBEKeyEncryptionMethodGenerator setSecureRandom(java.security.SecureRandom random)

Sets a user defined source of randomness.

If no SecureRandom is configured, a default SecureRandom will be used.

Returns:

the current generator.

setSessionKeyWrapperAlgorithm

public PBEKeyEncryptionMethodGenerator setSessionKeyWrapperAlgorithm(int wrapAlg)

Set a specific algorithm to be used where this PBE method generator is used to wrap a session key for encrypting data, rather than providing the encryption key for the data.

The default wrapping algorithm is the same algorithm as the one specified for data encryption with the PGPEncryptedDataGenerator used.

Returns:

the current generator.

getSessionKeyWrapperAlgorithm

public int getSessionKeyWrapperAlgorithm(int defaultWrapAlg)

Return the key wrapping algorithm this PBE key method is associated with.

Parameters:

defaultWrapAlg - the default wrapping algorithm if none was set.

Returns:

the PBE method's wrapping algorithm, defaultWrapAlg is setSessionKeyWrapperAlgorithm was not called.

getKey

public byte[] getKey(int encAlgorithm)
              throws PGPException

Generate a key for a symmetric encryption algorithm using the PBE configuration in this method.

Parameters:

encAlgorithm - the encryption algorithm to generate the key for.

Returns:

the bytes of the generated key.

Throws:

PGPException - if an error occurs performing the string-to-key generation.

generate

public ContainedPacket generate(PGPDataEncryptorBuilder dataEncryptorBuilder,
                                byte[] sessionKey)
                         throws PGPException

Generates a version 4 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted session-key for this method. SKESKv4 packets are used by Symmetrically-Encrypted-Integrity-Protected-Data (SEIPD) packets of version 1, or by (deprecated) Symmetrically-Encrypted-Data (SED) packets.

Generates a version 5 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted session-key for this method. SKESKv5 packets are used with OCB-Encrypted Data (OED) packets only. AEAD algorithm ID (MUST be AEADAlgorithmTags.OCB)

Generates a version 6 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted session-key for this method. SKESKv6 packets are used with Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets of version 2 only. A SKESKv6 packet MUST NOT precede a SEIPDv1, OED or SED packet.

Specified by:

generate in interface PGPKeyEncryptionMethodGenerator

Parameters:

sessionKey - session data generated by the encrypted data generator.

Returns:

a packet encoding the provided information and the configuration of this instance.

Throws:

PGPException - if an error occurs constructing the packet.

See Also:

RFC9580 - Symmetric-Key Encrypted Session-Key Packet version 4, LibrePGP - Symmetric-Key Encrypted Session-Key Packet version 5, RFC9580 - Symmetric-Key Encrypted Session-Key Packet version 6

encryptSessionInfo

protected abstract byte[] encryptSessionInfo(int encAlgorithm,
                                             byte[] key,
                                             byte[] sessionInfo)
                                      throws PGPException

Throws:

PGPException

getEskAndTag

protected abstract byte[] getEskAndTag(int kekAlgorithm,
                                       int aeadAlgorithm,
                                       byte[] sessionKey,
                                       byte[] key,
                                       byte[] iv,
                                       byte[] info)
                                throws PGPException

Throws:

PGPException

generateV6KEK

protected abstract byte[] generateV6KEK(int kekAlgorithm,
                                        byte[] ikm,
                                        byte[] info)
                                 throws PGPException

Throws:

PGPException