org.bouncycastle.openpgp.operator

Class PBESecretKeyEncryptor

java.lang.Object

org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor

public abstract class PBESecretKeyEncryptor
extends java.lang.Object

Class responsible for encrypting secret key material or data packets using a passphrase.

RFC9580 recommends the following S2K specifiers + usages:

S2K Specifier	S2K Usage	Note
S2K.ARGON_2	SecretKeyPacket.USAGE_AEAD	RECOMMENDED; Argon2 MUST be used with AEAD
S2K.SALTED_AND_ITERATED	SecretKeyPacket.USAGE_SHA1	MAY be used if Argon2 is not available; Take care to use high octet count + strong passphrase
none	SecretKeyPacket.USAGE_NONE	Unprotected

Additionally, implementations MAY use the following combinations with caution:

S2K Specifier	S2K Usage	Note
S2K.SALTED_AND_ITERATED	SecretKeyPacket.USAGE_AEAD	Does not provide memory hardness
S2K.SIMPLE	SecretKeyPacket.USAGE_SHA1	Only for reading secret keys in backwards compatibility mode

Field Summary

Fields

Modifier and Type	Field and Description
protected int	aeadAlgorithm
protected int	encAlgorithm
protected char[]	passPhrase
protected java.security.SecureRandom	random
protected S2K	s2k
protected int	s2kCount
protected PGPDigestCalculator	s2kDigestCalculator

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	PBESecretKeyEncryptor(int encAlgorithm, int aeadAlgorithm, S2K.Argon2Params argon2Params, java.security.SecureRandom random, char[] passPhrase)
protected	PBESecretKeyEncryptor(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, int s2kCount, java.security.SecureRandom random, char[] passPhrase)
protected	PBESecretKeyEncryptor(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, java.security.SecureRandom random, char[] passPhrase)

Method Summary

Modifier and Type	Method and Description
byte[]	encryptKeyData(byte[] key, byte[] iv, byte[] keyData, int keyOff, int keyLen) Encrypt the passed in keyData using the key and the iv provided.
abstract byte[]	encryptKeyData(byte[] key, byte[] keyData, int keyOff, int keyLen)
byte[]	encryptKeyData(byte[] keyData, int keyOff, int keyLen) Key encryption method invoked for V4 keys and greater.
int	getAeadAlgorithm()
int	getAlgorithm()
abstract byte[]	getCipherIV()
int	getHashAlgorithm()
byte[]	getKey()
S2K	getS2K()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

encAlgorithm

protected int encAlgorithm

aeadAlgorithm

protected int aeadAlgorithm

passPhrase

protected char[] passPhrase

s2kDigestCalculator

protected PGPDigestCalculator s2kDigestCalculator

s2kCount

protected int s2kCount

s2k

protected S2K s2k

random

protected java.security.SecureRandom random

Constructor Detail

PBESecretKeyEncryptor

protected PBESecretKeyEncryptor(int encAlgorithm,
                                int aeadAlgorithm,
                                S2K.Argon2Params argon2Params,
                                java.security.SecureRandom random,
                                char[] passPhrase)

PBESecretKeyEncryptor

protected PBESecretKeyEncryptor(int encAlgorithm,
                                PGPDigestCalculator s2kDigestCalculator,
                                java.security.SecureRandom random,
                                char[] passPhrase)

PBESecretKeyEncryptor

protected PBESecretKeyEncryptor(int encAlgorithm,
                                PGPDigestCalculator s2kDigestCalculator,
                                int s2kCount,
                                java.security.SecureRandom random,
                                char[] passPhrase)

Method Detail

getAlgorithm

public int getAlgorithm()

getAeadAlgorithm

public int getAeadAlgorithm()

getHashAlgorithm

public int getHashAlgorithm()

getKey

public byte[] getKey()
              throws PGPException

Throws:

PGPException

getS2K

public S2K getS2K()

encryptKeyData

public byte[] encryptKeyData(byte[] keyData,
                             int keyOff,
                             int keyLen)
                      throws PGPException

Key encryption method invoked for V4 keys and greater.

Parameters:

keyData - raw key data

keyOff - offset into raw key data

keyLen - length of key data to use.

Returns:

an encryption of the passed in keyData.

Throws:

PGPException - on error in the underlying encryption process.

encryptKeyData

public abstract byte[] encryptKeyData(byte[] key,
                                      byte[] keyData,
                                      int keyOff,
                                      int keyLen)
                               throws PGPException

Throws:

PGPException

encryptKeyData

public byte[] encryptKeyData(byte[] key,
                             byte[] iv,
                             byte[] keyData,
                             int keyOff,
                             int keyLen)
                      throws PGPException

Encrypt the passed in keyData using the key and the iv provided.

This method is only used for processing version 3 keys.

Throws:

PGPException

getCipherIV

public abstract byte[] getCipherIV()