Package org.bouncycastle.openpgp.operator

Class PBESecretKeyEncryptor

java.lang.Object
org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
public abstract class PBESecretKeyEncryptor extends Object
Class responsible for encrypting secret key material or data packets using a passphrase.

RFC9580 recommends the following S2K specifiers + usages:

S2K Specifier S2K Usage Note
S2K.ARGON_2 SecretKeyPacket.USAGE_AEAD RECOMMENDED; Argon2 MUST be used with AEAD
S2K.SALTED_AND_ITERATED SecretKeyPacket.USAGE_SHA1 MAY be used if Argon2 is not available; Take care to use high octet count + strong passphrase
none SecretKeyPacket.USAGE_NONE Unprotected

Additionally, implementations MAY use the following combinations with caution:

S2K Specifier S2K Usage Note
S2K.SALTED_AND_ITERATED SecretKeyPacket.USAGE_AEAD Does not provide memory hardness
S2K.SIMPLE SecretKeyPacket.USAGE_SHA1 Only for reading secret keys in backwards compatibility mode

  • Field Details

    • encAlgorithm

      protected int encAlgorithm

    • aeadAlgorithm

      protected int aeadAlgorithm

    • passPhrase

      protected char[] passPhrase

    • s2kDigestCalculator

      protected PGPDigestCalculator s2kDigestCalculator

    • s2kCount

      protected int s2kCount

    • s2k

      protected S2K s2k

    • random

      protected SecureRandom random

  • Constructor Details

    • PBESecretKeyEncryptor

      protected PBESecretKeyEncryptor(int encAlgorithm, int aeadAlgorithm, S2K.Argon2Params argon2Params, SecureRandom random, char[] passPhrase)

    • PBESecretKeyEncryptor

      protected PBESecretKeyEncryptor(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, SecureRandom random, char[] passPhrase)

    • PBESecretKeyEncryptor

      protected PBESecretKeyEncryptor(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, int s2kCount, SecureRandom random, char[] passPhrase)

  • Method Details

    • getAlgorithm

      public int getAlgorithm()

    • getAeadAlgorithm

      public int getAeadAlgorithm()

    • getHashAlgorithm

      public int getHashAlgorithm()

    • getKey

      public byte[] getKey() throws PGPException
      Throws:
      PGPException

    • getS2K

      public S2K getS2K()

    • encryptKeyData

      public byte[] encryptKeyData(byte[] keyData, int keyOff, int keyLen) throws PGPException
      Key encryption method invoked for V4 keys and greater.
      Parameters:
      keyData - raw key data
      keyOff - offset into raw key data
      keyLen - length of key data to use.
      Returns:
      an encryption of the passed in keyData.
      Throws:
      PGPException - on error in the underlying encryption process.

    • encryptKeyData

      public abstract byte[] encryptKeyData(byte[] key, byte[] keyData, int keyOff, int keyLen) throws PGPException
      Throws:
      PGPException

    • encryptKeyData

      public byte[] encryptKeyData(byte[] key, byte[] iv, byte[] keyData, int keyOff, int keyLen) throws PGPException
      Encrypt the passed in keyData using the key and the iv provided.

      This method is only used for processing version 3 keys.

      Throws:
      PGPException

    • getCipherIV

      public abstract byte[] getCipherIV()