Package org.bouncycastle.openpgp.operator

Class PBEKeyEncryptionMethodGenerator

java.lang.Object
org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator
org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator
Direct Known Subclasses:
BcPBEKeyEncryptionMethodGenerator, JcePBEKeyEncryptionMethodGenerator
public abstract class PBEKeyEncryptionMethodGenerator extends PGPKeyEncryptionMethodGenerator
PGP style PBE encryption method.

A pass phrase is used to generate an encryption key using the PGP string-to-key method. This class always uses the salted and iterated form of the S2K algorithm.

Note that the iteration count provided to this method is a single byte as described by the S2K algorithm, and the actual iteration count ranges exponentially from 0x01 == 1088 to 0xFF == 65,011,712.

  • Constructor Details

    • PBEKeyEncryptionMethodGenerator

      protected PBEKeyEncryptionMethodGenerator(char[] passPhrase, PGPDigestCalculator s2kDigestCalculator)
      Construct a PBE key generator using the default iteration count (0x60 == 65536 iterations).
      Parameters:
      passPhrase - the pass phrase to encrypt with.
      s2kDigestCalculator - a digest calculator to use in the string-to-key function.

    • PBEKeyEncryptionMethodGenerator

      protected PBEKeyEncryptionMethodGenerator(char[] passPhrase, S2K.Argon2Params params)
      Construct a PBE key generator using Argon2 as S2K mechanism.
      Parameters:
      passPhrase - passphrase
      params - argon2 parameters

    • PBEKeyEncryptionMethodGenerator

      protected PBEKeyEncryptionMethodGenerator(char[] passPhrase, PGPDigestCalculator s2kDigestCalculator, int s2kCount)
      Construct a PBE key generator using a specific iteration level.
      Parameters:
      passPhrase - the pass phrase to encrypt with.
      s2kDigestCalculator - a digest calculator to use in the string-to-key function.
      s2kCount - a single byte S2K iteration count specifier, which is translated to an actual iteration count by the S2K class.

  • Method Details

    • setSecureRandom

      public PBEKeyEncryptionMethodGenerator setSecureRandom(SecureRandom random)
      Sets a user defined source of randomness.

      If no SecureRandom is configured, a default SecureRandom will be used.

      Returns:
      the current generator.

    • setSessionKeyWrapperAlgorithm

      public PBEKeyEncryptionMethodGenerator setSessionKeyWrapperAlgorithm(int wrapAlg)
      Set a specific algorithm to be used where this PBE method generator is used to wrap a session key for encrypting data, rather than providing the encryption key for the data.

      The default wrapping algorithm is the same algorithm as the one specified for data encryption with the PGPEncryptedDataGenerator used.

      Returns:
      the current generator.

    • getSessionKeyWrapperAlgorithm

      public int getSessionKeyWrapperAlgorithm(int defaultWrapAlg)
      Return the key wrapping algorithm this PBE key method is associated with.
      Parameters:
      defaultWrapAlg - the default wrapping algorithm if none was set.
      Returns:
      the PBE method's wrapping algorithm, defaultWrapAlg is setSessionKeyWrapperAlgorithm was not called.

    • getKey

      public byte[] getKey(int encAlgorithm) throws PGPException
      Generate a key for a symmetric encryption algorithm using the PBE configuration in this method.
      Parameters:
      encAlgorithm - the encryption algorithm to generate the key for.
      Returns:
      the bytes of the generated key.
      Throws:
      PGPException - if an error occurs performing the string-to-key generation.

    • generateV5

      public ContainedPacket generateV5(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo) throws PGPException
      Specified by:
      generateV5 in class PGPKeyEncryptionMethodGenerator
      Throws:
      PGPException

    • generateV6

      public ContainedPacket generateV6(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo) throws PGPException
      Specified by:
      generateV6 in class PGPKeyEncryptionMethodGenerator
      Throws:
      PGPException

    • generate

      public ContainedPacket generate(int encAlgorithm, byte[] sessionInfo) throws PGPException
      Generate a V4 SKESK packet.
      Specified by:
      generate in class PGPKeyEncryptionMethodGenerator
      Parameters:
      encAlgorithm - the encryption algorithm being used
      sessionInfo - session data generated by the encrypted data generator.
      Returns:
      v4 SKESK packet
      Throws:
      PGPException

    • encryptSessionInfo

      protected abstract byte[] encryptSessionInfo(int encAlgorithm, byte[] key, byte[] sessionInfo) throws PGPException
      Throws:
      PGPException

    • getEskAndTag

      protected abstract byte[] getEskAndTag(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo, byte[] key, byte[] iv, byte[] info) throws PGPException
      Throws:
      PGPException

    • generateV6KEK

      protected abstract byte[] generateV6KEK(int kekAlgorithm, byte[] ikm, byte[] info) throws PGPException
      Throws:
      PGPException