Package org.bouncycastle.openpgp.operator

Class PublicKeyKeyEncryptionMethodGenerator

java.lang.Object
org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator
All Implemented Interfaces:
PGPKeyEncryptionMethodGenerator
Direct Known Subclasses:
BcPublicKeyKeyEncryptionMethodGenerator, JcePublicKeyKeyEncryptionMethodGenerator
public abstract class PublicKeyKeyEncryptionMethodGenerator extends Object implements PGPKeyEncryptionMethodGenerator
Abstract generator class for encryption methods that produce PKESK (public-key encrypted session key) packets. PKESKs are used when encrypting a message for a recipients public key. The purpose of this class is to allow subclasses to decide, which implementation to use.

  • Field Details

    • SESSION_KEY_OBFUSCATION_PROPERTY

      public static final String SESSION_KEY_OBFUSCATION_PROPERTY
      See Also:

    • WILDCARD_KEYID

      public static final long WILDCARD_KEYID
      See Also:

    • WILDCARD

      public static final long WILDCARD
      Deprecated.
      use WILDCARD_KEYID
      See Also:

    • WILDCARD_FINGERPRINT

      public static final byte[] WILDCARD_FINGERPRINT

    • sessionKeyObfuscation

      protected boolean sessionKeyObfuscation

    • useWildcardRecipient

      protected boolean useWildcardRecipient

  • Constructor Details

    • PublicKeyKeyEncryptionMethodGenerator

      protected PublicKeyKeyEncryptionMethodGenerator(PGPPublicKey pubKey)

  • Method Details

    • setSessionKeyObfuscation

      public PublicKeyKeyEncryptionMethodGenerator setSessionKeyObfuscation(boolean enabled)
      Controls whether to obfuscate the size of ECDH session keys using extra padding where necessary.

      The default behaviour can be configured using the system property "org.bouncycastle.openpgp.session_key_obfuscation", or else it will default to enabled.

      Returns:
      the current generator.

    • setUseWildcardKeyID

      @Deprecated public PublicKeyKeyEncryptionMethodGenerator setUseWildcardKeyID(boolean enabled)
      Deprecated.
      use setUseWildcardRecipient(boolean) instead TODO: Remove in a future release
      Controls whether the recipient key ID/fingerprint is hidden (replaced by a wildcard value).
      Parameters:
      enabled - boolean
      Returns:
      this

    • setUseWildcardRecipient

      public PublicKeyKeyEncryptionMethodGenerator setUseWildcardRecipient(boolean enabled)
      Controls whether the recipient key ID/fingerprint is hidden (replaced by a wildcard value).
      Parameters:
      enabled - boolean
      Returns:
      this

    • encodeEncryptedSessionInfo

      public byte[][] encodeEncryptedSessionInfo(byte[] encryptedSessionInfo) throws PGPException
      Throws:
      PGPException

    • generate

      public ContainedPacket generate(PGPDataEncryptorBuilder dataEncryptorBuilder, byte[] sessionKey) throws PGPException
      Generate a Public-Key Encrypted Session-Key (PKESK) packet of version 3. PKESKv3 packets are used with Symmetrically-Encrypted-Integrity-Protected Data (SEIPD) packets of version 1 or with Symmetrically-Encrypted Data (SED) packets and MUST NOT be used with SEIPDv2 packets. PKESKv3 packets are used with keys that do not support Features.FEATURE_SEIPD_V2 or as a fallback.

      Generate a Public-Key Encrypted Session-Key (PKESK) packet of version 6. PKESKv6 packets are used with Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets of version 2 only. PKESKv6 packets are used with keys that support Features.FEATURE_SEIPD_V2.

      Specified by:
      generate in interface PGPKeyEncryptionMethodGenerator
      Parameters:
      sessionKey - session-key algorithm id + session-key + checksum
      Returns:
      PKESKv6 or v3 packet
      Throws:
      PGPException - if the PKESK packet cannot be generated
      See Also:

    • createSessionInfo

      protected byte[] createSessionInfo(byte algorithm, byte[] keyBytes)

    • encryptSessionInfo

      protected abstract byte[] encryptSessionInfo(PGPPublicKey pubKey, byte[] sessionKey, byte symAlgId, boolean isV3) throws PGPException
      Encrypt a session key using the recipients public key.
      Parameters:
      pubKey - recipients public key
      sessionKey - session-key
      symAlgId - for v3: session key algorithm ID; for v6: 0
      Returns:
      encrypted session info
      Throws:
      PGPException

    • getSessionInfo

      protected static byte[] getSessionInfo(byte[] ephPubEncoding, byte optSymKeyAlgorithm, byte[] wrappedSessionKey)