Package org.pgpainless.key.protection
Interface SecretKeyRingProtector
-
- All Known Implementing Classes:
CachingSecretKeyRingProtector
,PasswordBasedSecretKeyRingProtector
,UnprotectedKeysProtector
public interface SecretKeyRingProtector
Task of theSecretKeyRingProtector
is to map encryptor/decryptor objects to key-ids.PBESecretKeyEncryptors
/PBESecretKeyDecryptors
are used to encrypt/decrypt secret keys using a passphrase. While it is easy to create an implementation of this interface that fits your needs, there are a bunch of implementations ready for use.
-
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Modifier and Type Method Description static CachingSecretKeyRingProtector
defaultSecretKeyRingProtector(SecretKeyPassphraseProvider missingPassphraseCallback)
Return a protector for secret keys.static SecretKeyRingProtector
fromPassphraseMap(java.util.Map<java.lang.Long,Passphrase> passphraseMap)
Use the provided map of key-ids and passphrases to unlock keys.org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor
getDecryptor(java.lang.Long keyId)
Return a decryptor for the key of idkeyId
.org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
getEncryptor(java.lang.Long keyId)
Return an encryptor for the key of idkeyId
.static SecretKeyRingProtector
unlockAllKeysWith(Passphrase passphrase, org.bouncycastle.openpgp.PGPSecretKeyRing keys)
Use the provided passphrase to lock/unlock all subkeys in the provided key ring.static SecretKeyRingProtector
unlockSingleKeyWith(Passphrase passphrase, org.bouncycastle.openpgp.PGPSecretKey key)
Use the provided passphrase to lock/unlock only the provided (sub-)key.static SecretKeyRingProtector
unprotectedKeys()
Protector for unprotected keys.
-
-
-
Method Detail
-
getDecryptor
@Nullable org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor getDecryptor(java.lang.Long keyId) throws org.bouncycastle.openpgp.PGPException
Return a decryptor for the key of idkeyId
. This method returns null if the key is unprotected.- Parameters:
keyId
- id of the key- Returns:
- decryptor for the key
- Throws:
org.bouncycastle.openpgp.PGPException
-
getEncryptor
@Nullable org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor getEncryptor(java.lang.Long keyId) throws org.bouncycastle.openpgp.PGPException
Return an encryptor for the key of idkeyId
. This method returns null if the key is unprotected.- Parameters:
keyId
- id of the key- Returns:
- encryptor for the key
- Throws:
org.bouncycastle.openpgp.PGPException
- if the encryptor cannot be created for some reason
-
defaultSecretKeyRingProtector
static CachingSecretKeyRingProtector defaultSecretKeyRingProtector(SecretKeyPassphraseProvider missingPassphraseCallback)
Return a protector for secret keys. The protector maintains an in-memory cache of passphrases and can be extended with new passphrases at runtime. SeeCachingSecretKeyRingProtector
for how to memorize/forget additional passphrases during runtime.- Parameters:
missingPassphraseCallback
- callback that is used to provide missing passphrases.- Returns:
- caching secret key protector
-
unlockAllKeysWith
static SecretKeyRingProtector unlockAllKeysWith(Passphrase passphrase, org.bouncycastle.openpgp.PGPSecretKeyRing keys)
Use the provided passphrase to lock/unlock all subkeys in the provided key ring. This protector will use the provided passphrase to lock/unlock all subkeys present in the provided keys object. For other keys that are not present in the ring, it will return null.- Parameters:
passphrase
- passphrasekeys
- key ring- Returns:
- protector
-
unlockSingleKeyWith
static SecretKeyRingProtector unlockSingleKeyWith(Passphrase passphrase, org.bouncycastle.openpgp.PGPSecretKey key)
Use the provided passphrase to lock/unlock only the provided (sub-)key. This protector will only return a non-null encryptor/decryptor based on the provided passphrase ifgetEncryptor(Long)
/getDecryptor(Long)
is getting called with the key-id of the provided key. Otherwise this protector will always return null.- Parameters:
passphrase
- passphrasekey
- key to lock/unlock- Returns:
- protector
-
unprotectedKeys
static SecretKeyRingProtector unprotectedKeys()
Protector for unprotected keys. This protector returns null for allgetEncryptor(Long)
/getDecryptor(Long)
calls, no matter what the key-id is. As a consequence, this protector can only "unlock" keys which are not protected using a passphrase, and it will leave keys unprotected, should it be used to "protect" a key (eg. inSecretKeyRingEditorInterface.changePassphraseFromOldPassphrase(Passphrase)
).- Returns:
- protector
-
fromPassphraseMap
static SecretKeyRingProtector fromPassphraseMap(java.util.Map<java.lang.Long,Passphrase> passphraseMap)
Use the provided map of key-ids and passphrases to unlock keys.- Parameters:
passphraseMap
- map of key ids and their respective passphrases- Returns:
- protector
-
-