org.bouncycastle.openpgp.operator
Class PublicKeyKeyEncryptionMethodGenerator

java.lang.Object
  org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator

All Implemented Interfaces:

PGPKeyEncryptionMethodGenerator

Direct Known Subclasses:

BcPublicKeyKeyEncryptionMethodGenerator, JcePublicKeyKeyEncryptionMethodGenerator

public abstract class PublicKeyKeyEncryptionMethodGenerator

extends java.lang.Object

implements PGPKeyEncryptionMethodGenerator

Abstract generator class for encryption methods that produce PKESK (public-key encrypted session key) packets. PKESKs are used when encrypting a message for a recipients public key. The purpose of this class is to allow subclasses to decide, which implementation to use.

Field Summary

static java.lang.String	SESSION_KEY_OBFUSCATION_PROPERTY
protected boolean	sessionKeyObfuscation
protected boolean	useWildcardRecipient
static long	WILDCARD
static byte[]	WILDCARD_FINGERPRINT
static long	WILDCARD_KEYID

Constructor Summary

protected

PublicKeyKeyEncryptionMethodGenerator(PGPPublicKey pubKey)

Method Summary

protected byte[]	createSessionInfo(byte algorithm, byte[] keyBytes)
byte[][]	encodeEncryptedSessionInfo(byte[] encryptedSessionInfo)
protected abstract byte[]	encryptSessionInfo(PGPPublicKey pubKey, byte[] sessionKey, byte symAlgId, boolean isV3) Encrypt a session key using the recipients public key.
ContainedPacket	generate(PGPDataEncryptorBuilder dataEncryptorBuilder, byte[] sessionKey) Generate a Public-Key Encrypted Session-Key (PKESK) packet of version 3.
protected static byte[]	getSessionInfo(byte[] ephPubEncoding, byte optSymKeyAlgorithm, byte[] wrappedSessionKey)
PublicKeyKeyEncryptionMethodGenerator	setSessionKeyObfuscation(boolean enabled) Controls whether to obfuscate the size of ECDH session keys using extra padding where necessary.
PublicKeyKeyEncryptionMethodGenerator	setUseWildcardKeyID(boolean enabled) Deprecated. use setUseWildcardRecipient(boolean) instead TODO: Remove in a future release
PublicKeyKeyEncryptionMethodGenerator	setUseWildcardRecipient(boolean enabled) Controls whether the recipient key ID/fingerprint is hidden (replaced by a wildcard value).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SESSION_KEY_OBFUSCATION_PROPERTY

public static final java.lang.String SESSION_KEY_OBFUSCATION_PROPERTY

See Also:

Constant Field Values

WILDCARD_KEYID

public static final long WILDCARD_KEYID

See Also:

Constant Field Values

WILDCARD

public static final long WILDCARD

See Also:

Constant Field Values

WILDCARD_FINGERPRINT

public static final byte[] WILDCARD_FINGERPRINT

sessionKeyObfuscation

protected boolean sessionKeyObfuscation

useWildcardRecipient

protected boolean useWildcardRecipient

Constructor Detail

PublicKeyKeyEncryptionMethodGenerator

protected PublicKeyKeyEncryptionMethodGenerator(PGPPublicKey pubKey)

Method Detail

setSessionKeyObfuscation

public PublicKeyKeyEncryptionMethodGenerator setSessionKeyObfuscation(boolean enabled)

Controls whether to obfuscate the size of ECDH session keys using extra padding where necessary.

The default behaviour can be configured using the system property "org.bouncycastle.openpgp.session_key_obfuscation", or else it will default to enabled.

Returns:

the current generator.

setUseWildcardKeyID

public PublicKeyKeyEncryptionMethodGenerator setUseWildcardKeyID(boolean enabled)

Deprecated. use setUseWildcardRecipient(boolean) instead TODO: Remove in a future release

Controls whether the recipient key ID/fingerprint is hidden (replaced by a wildcard value).

Parameters:

enabled - boolean

Returns:

this

setUseWildcardRecipient

public PublicKeyKeyEncryptionMethodGenerator setUseWildcardRecipient(boolean enabled)

Controls whether the recipient key ID/fingerprint is hidden (replaced by a wildcard value).

Parameters:

enabled - boolean

Returns:

this

encodeEncryptedSessionInfo

public byte[][] encodeEncryptedSessionInfo(byte[] encryptedSessionInfo)
                                    throws PGPException

Throws:

PGPException

generate

public ContainedPacket generate(PGPDataEncryptorBuilder dataEncryptorBuilder,
                                byte[] sessionKey)
                         throws PGPException

Generate a Public-Key Encrypted Session-Key (PKESK) packet of version 3. PKESKv3 packets are used with Symmetrically-Encrypted-Integrity-Protected Data (SEIPD) packets of version 1 or with Symmetrically-Encrypted Data (SED) packets and MUST NOT be used with SEIPDv2 packets. PKESKv3 packets are used with keys that do not support Features.FEATURE_SEIPD_V2 or as a fallback.

Generate a Public-Key Encrypted Session-Key (PKESK) packet of version 6. PKESKv6 packets are used with Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets of version 2 only. PKESKv6 packets are used with keys that support Features.FEATURE_SEIPD_V2.

Specified by:

generate in interface PGPKeyEncryptionMethodGenerator

Parameters:

sessionKey - session-key algorithm id + session-key + checksum

Returns:

PKESKv6 or v3 packet

Throws:

PGPException - if the PKESK packet cannot be generated

See Also:

RFC9580 - Version 6 Public Key Encrypted Session Key Packet, RFC9580 - Version 3 Public Key Encrypted Session Key Packet

createSessionInfo

protected byte[] createSessionInfo(byte algorithm,
                                   byte[] keyBytes)

encryptSessionInfo

protected abstract byte[] encryptSessionInfo(PGPPublicKey pubKey,
                                             byte[] sessionKey,
                                             byte symAlgId,
                                             boolean isV3)
                                      throws PGPException

Encrypt a session key using the recipients public key.

Parameters:

pubKey - recipients public key

sessionKey - session-key

symAlgId - for v3: session key algorithm ID; for v6: 0

Returns:

encrypted session info

Throws:

PGPException

getSessionInfo

protected static byte[] getSessionInfo(byte[] ephPubEncoding,
                                       byte optSymKeyAlgorithm,
                                       byte[] wrappedSessionKey)