Package org.bouncycastle.openpgp.operator

Class PBEKeyEncryptionMethodGenerator

java.lang.Object

org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator

org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator

Direct Known Subclasses:

BcPBEKeyEncryptionMethodGenerator, JcePBEKeyEncryptionMethodGenerator

public abstract class PBEKeyEncryptionMethodGenerator
extends PGPKeyEncryptionMethodGenerator

PGP style PBE encryption method.

A pass phrase is used to generate an encryption key using the PGP string-to-key method. This class always uses the salted and iterated form of the S2K algorithm.

Note that the iteration count provided to this method is a single byte as described by the S2K algorithm, and the actual iteration count ranges exponentially from 0x01 == 1088 to 0xFF == 65,011,712.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	PBEKeyEncryptionMethodGenerator(char[] passPhrase, S2K.Argon2Params params)	Construct a PBE key generator using Argon2 as S2K mechanism.
protected	PBEKeyEncryptionMethodGenerator(char[] passPhrase, PGPDigestCalculator s2kDigestCalculator)	Construct a PBE key generator using the default iteration count (0x60 == 65536 iterations).
protected	PBEKeyEncryptionMethodGenerator(char[] passPhrase, PGPDigestCalculator s2kDigestCalculator, int s2kCount)	Construct a PBE key generator using a specific iteration level.

Method Summary

Modifier and Type	Method	Description
protected abstract byte[]	encryptSessionInfo(int encAlgorithm, byte[] key, byte[] sessionInfo)
ContainedPacket	generate(int encAlgorithm, byte[] sessionInfo)	Generate a V4 SKESK packet.
ContainedPacket	generateV5(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo)
ContainedPacket	generateV6(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo)
protected abstract byte[]	generateV6KEK(int kekAlgorithm, byte[] ikm, byte[] info)
protected abstract byte[]	getEskAndTag(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo, byte[] key, byte[] iv, byte[] info)
byte[]	getKey(int encAlgorithm)	Generate a key for a symmetric encryption algorithm using the PBE configuration in this method.
int	getSessionKeyWrapperAlgorithm(int defaultWrapAlg)	Return the key wrapping algorithm this PBE key method is associated with.
PBEKeyEncryptionMethodGenerator	setSecureRandom(java.security.SecureRandom random)	Sets a user defined source of randomness.
PBEKeyEncryptionMethodGenerator	setSessionKeyWrapperAlgorithm(int wrapAlg)	Set a specific algorithm to be used where this PBE method generator is used to wrap a session key for encrypting data, rather than providing the encryption key for the data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PBEKeyEncryptionMethodGenerator

protected PBEKeyEncryptionMethodGenerator(char[] passPhrase,
                                          PGPDigestCalculator s2kDigestCalculator)

Construct a PBE key generator using the default iteration count (0x60 == 65536 iterations).

Parameters:

passPhrase - the pass phrase to encrypt with.

s2kDigestCalculator - a digest calculator to use in the string-to-key function.

PBEKeyEncryptionMethodGenerator

protected PBEKeyEncryptionMethodGenerator(char[] passPhrase,
                                          S2K.Argon2Params params)

Construct a PBE key generator using Argon2 as S2K mechanism.

Parameters:

passPhrase - passphrase

params - argon2 parameters

PBEKeyEncryptionMethodGenerator

protected PBEKeyEncryptionMethodGenerator(char[] passPhrase,
                                          PGPDigestCalculator s2kDigestCalculator,
                                          int s2kCount)

Construct a PBE key generator using a specific iteration level.

Parameters:

passPhrase - the pass phrase to encrypt with.

s2kDigestCalculator - a digest calculator to use in the string-to-key function.

s2kCount - a single byte S2K iteration count specifier, which is translated to an actual iteration count by the S2K class.

Method Detail

setSecureRandom

public PBEKeyEncryptionMethodGenerator setSecureRandom(java.security.SecureRandom random)

Sets a user defined source of randomness.

If no SecureRandom is configured, a default SecureRandom will be used.

Returns:

the current generator.

setSessionKeyWrapperAlgorithm

public PBEKeyEncryptionMethodGenerator setSessionKeyWrapperAlgorithm(int wrapAlg)

Set a specific algorithm to be used where this PBE method generator is used to wrap a session key for encrypting data, rather than providing the encryption key for the data.

The default wrapping algorithm is the same algorithm as the one specified for data encryption with the PGPEncryptedDataGenerator used.

Returns:

the current generator.

getSessionKeyWrapperAlgorithm

public int getSessionKeyWrapperAlgorithm(int defaultWrapAlg)

Return the key wrapping algorithm this PBE key method is associated with.

Parameters:

defaultWrapAlg - the default wrapping algorithm if none was set.

Returns:

the PBE method's wrapping algorithm, defaultWrapAlg is setSessionKeyWrapperAlgorithm was not called.

getKey

public byte[] getKey(int encAlgorithm)
              throws PGPException

Generate a key for a symmetric encryption algorithm using the PBE configuration in this method.

Parameters:

encAlgorithm - the encryption algorithm to generate the key for.

Returns:

the bytes of the generated key.

Throws:

PGPException - if an error occurs performing the string-to-key generation.

generateV5

public ContainedPacket generateV5(int kekAlgorithm,
                                  int aeadAlgorithm,
                                  byte[] sessionInfo)
                           throws PGPException

Specified by:

generateV5 in class PGPKeyEncryptionMethodGenerator

Throws:

PGPException

generateV6

public ContainedPacket generateV6(int kekAlgorithm,
                                  int aeadAlgorithm,
                                  byte[] sessionInfo)
                           throws PGPException

Specified by:

generateV6 in class PGPKeyEncryptionMethodGenerator

Throws:

PGPException

generate

public ContainedPacket generate(int encAlgorithm,
                                byte[] sessionInfo)
                         throws PGPException

Generate a V4 SKESK packet.

Specified by:

generate in class PGPKeyEncryptionMethodGenerator

Parameters:

encAlgorithm - the encryption algorithm being used

sessionInfo - session data generated by the encrypted data generator.

Returns:

v4 SKESK packet

Throws:

PGPException

encryptSessionInfo

protected abstract byte[] encryptSessionInfo(int encAlgorithm,
                                             byte[] key,
                                             byte[] sessionInfo)
                                      throws PGPException

Throws:

PGPException

getEskAndTag

protected abstract byte[] getEskAndTag(int kekAlgorithm,
                                       int aeadAlgorithm,
                                       byte[] sessionInfo,
                                       byte[] key,
                                       byte[] iv,
                                       byte[] info)
                                throws PGPException

Throws:

PGPException

generateV6KEK

protected abstract byte[] generateV6KEK(int kekAlgorithm,
                                        byte[] ikm,
                                        byte[] info)
                                 throws PGPException

Throws:

PGPException