Package org.pgpainless.encryption_signing

Class EncryptionOptions

  • public class EncryptionOptions
extends Object
    Options for the encryption process. This class can be used to set encryption parameters, like encryption keys and passphrases, algorithms etc. A typical use might look like follows: 
     
 EncryptionOptions opt = new EncryptionOptions();
 opt.addRecipient(aliceKey, "Alice <alice@wonderland.lit>");
 opt.addPassphrase(Passphrase.fromPassword("AdditionalDecryptionPassphrase123"));
    To use a custom symmetric encryption algorithm, use overrideEncryptionAlgorithm(SymmetricKeyAlgorithm). This will cause PGPainless to use the provided algorithm for message encryption, instead of negotiating an algorithm by inspecting the provided recipient keys. By default, PGPainless will only encrypt to a single encryption capable subkey per recipient key. This behavior can be changed, e.g. by calling 
     
 opt.addRecipient(aliceKey, EncryptionOptions.encryptToAllCapableSubkeys());
    when adding the recipient key.

    • Method Detail

      • addRecipients

        public EncryptionOptions addRecipients​(Iterable<org.bouncycastle.openpgp.PGPPublicKeyRing> keys)
        Add all key rings in the provided Iterable (e.g. PGPPublicKeyRingCollection) as recipients.
        Parameters:
        keys - keys
        Returns:
        this

      • addRecipient

        public EncryptionOptions addRecipient​(org.bouncycastle.openpgp.PGPPublicKeyRing key,
                                      String userId)
        Add a recipient by providing a key and recipient user-id. The user-id is used to determine the recipients preferences (algorithms etc.).
        Parameters:
        key - key ring
        userId - user id
        Returns:
        this

      • addRecipient

        public EncryptionOptions addRecipient​(org.bouncycastle.openpgp.PGPPublicKeyRing key,
                                      String userId,
                                      EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy)
        Add a recipient by providing a key and recipient user-id, as well as a strategy for selecting one or multiple encryption capable subkeys from the key.
        Parameters:
        key - key
        userId - user-id
        encryptionKeySelectionStrategy - strategy to select one or more encryption subkeys to encrypt to
        Returns:
        this

      • addRecipient

        public EncryptionOptions addRecipient​(org.bouncycastle.openpgp.PGPPublicKeyRing key)
        Add a recipient by providing a key.
        Parameters:
        key - key ring
        Returns:
        this

      • addRecipient

        public EncryptionOptions addRecipient​(org.bouncycastle.openpgp.PGPPublicKeyRing key,
                                      EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy)
        Add a recipient by providing a key and an encryption key selection strategy.
        Parameters:
        key - key ring
        encryptionKeySelectionStrategy - strategy used to select one or multiple encryption subkeys.
        Returns:
        this

      • addPassphrase

        public EncryptionOptions addPassphrase​(Passphrase passphrase)
        Add a symmetric passphrase which the message will be encrypted to.
        Parameters:
        passphrase - passphrase
        Returns:
        this

      • addEncryptionMethod

        public EncryptionOptions addEncryptionMethod​(org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator encryptionMethod)
        Add an PGPKeyEncryptionMethodGenerator which will be used to encrypt the message. Method generators are either PBEKeyEncryptionMethodGenerator (passphrase) or PGPKeyEncryptionMethodGenerator (public key). This method is intended for advanced users to allow encryption for specific subkeys. This can come in handy for example if data needs to be encrypted to a subkey that's ignored by PGPainless.
        Parameters:
        encryptionMethod - encryption method
        Returns:
        this

      • overrideEncryptionAlgorithm

        public EncryptionOptions overrideEncryptionAlgorithm​(SymmetricKeyAlgorithm encryptionAlgorithm)
        Override the used symmetric encryption algorithm. The symmetric encryption algorithm is used to encrypt the message itself, while the used symmetric key will be encrypted to all recipients using public key cryptography. If the algorithm is not overridden, a suitable algorithm will be negotiated.
        Parameters:
        encryptionAlgorithm - encryption algorithm override