Package org.pgpainless.key.protection
Class CachingSecretKeyRingProtector
- java.lang.Object
-
- org.pgpainless.key.protection.CachingSecretKeyRingProtector
-
- All Implemented Interfaces:
SecretKeyPassphraseProvider,SecretKeyRingProtector
public class CachingSecretKeyRingProtector extends Object implements SecretKeyRingProtector, SecretKeyPassphraseProvider
Implementation of theSecretKeyRingProtectorwhich holds a map of key ids and their passwords. In case the needed passphrase is not contained in the map, themissingPassphraseCallbackwill be consulted, and the passphrase is added to the map. If you need to unlock multiplePGPKeyRings, it is advised to use a separateCachingSecretKeyRingProtectorinstance for each ring.
-
-
Constructor Summary
Constructors Constructor Description CachingSecretKeyRingProtector()CachingSecretKeyRingProtector(Map<Long,Passphrase> passphrases, KeyRingProtectionSettings protectionSettings, SecretKeyPassphraseProvider missingPassphraseCallback)CachingSecretKeyRingProtector(SecretKeyPassphraseProvider missingPassphraseCallback)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddPassphrase(Long keyId, Passphrase passphrase)Add a passphrase to the cache.voidaddPassphrase(org.bouncycastle.openpgp.PGPKeyRing keyRing, Passphrase passphrase)Remember the given passphrase for all keys in the given key ring.voidaddPassphrase(org.bouncycastle.openpgp.PGPPublicKey key, Passphrase passphrase)Remember the given passphrase for the given (sub-)key.voidaddPassphrase(OpenPgpFingerprint fingerprint, Passphrase passphrase)voidforgetPassphrase(Long keyId)Remove a passphrase from the cache.voidforgetPassphrase(org.bouncycastle.openpgp.PGPKeyRing keyRing)Forget the passphrase to all keys in the provided key ring.voidforgetPassphrase(org.bouncycastle.openpgp.PGPPublicKey key)Forget the passphrase of the given public key.org.bouncycastle.openpgp.operator.PBESecretKeyDecryptorgetDecryptor(Long keyId)Return a decryptor for the key of idkeyId.org.bouncycastle.openpgp.operator.PBESecretKeyEncryptorgetEncryptor(Long keyId)Return an encryptor for the key of idkeyId.PassphrasegetPassphraseFor(Long keyId)Return a passphrase for the given key.booleanhasPassphrase(Long keyId)booleanhasPassphraseFor(Long keyId)voidreplacePassphrase(Long keyId, Passphrase passphrase)Replace the passphrase for the given key-id in the cache.voidreplacePassphrase(org.bouncycastle.openpgp.PGPKeyRing keyRing, Passphrase passphrase)Replace the cached passphrases for all keys in the key ring with the provided passphrase.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.pgpainless.key.protection.passphrase_provider.SecretKeyPassphraseProvider
getPassphraseFor
-
-
-
-
Constructor Detail
-
CachingSecretKeyRingProtector
public CachingSecretKeyRingProtector()
-
CachingSecretKeyRingProtector
public CachingSecretKeyRingProtector(@Nullable SecretKeyPassphraseProvider missingPassphraseCallback)
-
CachingSecretKeyRingProtector
public CachingSecretKeyRingProtector(@Nonnull Map<Long,Passphrase> passphrases, @Nonnull KeyRingProtectionSettings protectionSettings, @Nullable SecretKeyPassphraseProvider missingPassphraseCallback)
-
-
Method Detail
-
addPassphrase
public void addPassphrase(@Nonnull Long keyId, @Nonnull Passphrase passphrase)
Add a passphrase to the cache. If the cache already contains a passphrase for the given key-id, aIllegalArgumentExceptionis thrown. The reason for this is to prevent accidental override of passphrases when dealing with multiple key rings containing a key with the same key-id but different passphrases. If you can ensure that there will be no key-id clash, and you want to replace the passphrase, you can usereplacePassphrase(Long, Passphrase)to replace the passphrase.- Parameters:
keyId- id of the keypassphrase- passphrase
-
replacePassphrase
public void replacePassphrase(@Nonnull Long keyId, @Nonnull Passphrase passphrase)
Replace the passphrase for the given key-id in the cache.- Parameters:
keyId- keyIdpassphrase- passphrase
-
addPassphrase
public void addPassphrase(@Nonnull org.bouncycastle.openpgp.PGPKeyRing keyRing, @Nonnull Passphrase passphrase)
Remember the given passphrase for all keys in the given key ring. If for the key-id of any key on the key ring the cache already contains a passphrase, aIllegalArgumentExceptionis thrown before any changes are committed to the cache. This is to prevent accidental passphrase override when dealing with multiple key rings containing keys with conflicting key-ids. If you can ensure that there will be no key-id clashes, and you want to replace the passphrases for the key ring, usereplacePassphrase(PGPKeyRing, Passphrase)instead. If you need to unlock multiplePGPKeyRings, it is advised to use a separateCachingSecretKeyRingProtectorinstance for each ring.- Parameters:
keyRing- key ringpassphrase- passphrase
-
replacePassphrase
public void replacePassphrase(@Nonnull org.bouncycastle.openpgp.PGPKeyRing keyRing, @Nonnull Passphrase passphrase)
Replace the cached passphrases for all keys in the key ring with the provided passphrase.- Parameters:
keyRing- key ringpassphrase- passphrase
-
addPassphrase
public void addPassphrase(@Nonnull org.bouncycastle.openpgp.PGPPublicKey key, @Nonnull Passphrase passphrase)
Remember the given passphrase for the given (sub-)key.- Parameters:
key- keypassphrase- passphrase
-
addPassphrase
public void addPassphrase(@Nonnull OpenPgpFingerprint fingerprint, @Nonnull Passphrase passphrase)
-
forgetPassphrase
public void forgetPassphrase(@Nonnull Long keyId)
Remove a passphrase from the cache. The passphrase will be cleared and then removed.- Parameters:
keyId- id of the key
-
forgetPassphrase
public void forgetPassphrase(@Nonnull org.bouncycastle.openpgp.PGPKeyRing keyRing)
Forget the passphrase to all keys in the provided key ring.- Parameters:
keyRing- key ring
-
forgetPassphrase
public void forgetPassphrase(@Nonnull org.bouncycastle.openpgp.PGPPublicKey key)
Forget the passphrase of the given public key.- Parameters:
key- key
-
getPassphraseFor
@Nullable public Passphrase getPassphraseFor(Long keyId)
Description copied from interface:SecretKeyPassphraseProviderReturn a passphrase for the given key. If no record has been found, return null. Note: In case of an unprotected secret key, this method must may not return null, but aPassphrasewith a content of null.- Specified by:
getPassphraseForin interfaceSecretKeyPassphraseProvider- Parameters:
keyId- if of the secret key- Returns:
- passphrase or null, if no passphrase record has been found.
-
hasPassphrase
public boolean hasPassphrase(Long keyId)
- Specified by:
hasPassphrasein interfaceSecretKeyPassphraseProvider
-
hasPassphraseFor
public boolean hasPassphraseFor(Long keyId)
- Specified by:
hasPassphraseForin interfaceSecretKeyRingProtector
-
getDecryptor
@Nullable public org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor getDecryptor(@Nonnull Long keyId) throws org.bouncycastle.openpgp.PGPException
Description copied from interface:SecretKeyRingProtectorReturn a decryptor for the key of idkeyId. This method returns null if the key is unprotected.- Specified by:
getDecryptorin interfaceSecretKeyRingProtector- Parameters:
keyId- id of the key- Returns:
- decryptor for the key
- Throws:
org.bouncycastle.openpgp.PGPException
-
getEncryptor
@Nullable public org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor getEncryptor(@Nonnull Long keyId) throws org.bouncycastle.openpgp.PGPException
Description copied from interface:SecretKeyRingProtectorReturn an encryptor for the key of idkeyId. This method returns null if the key is unprotected.- Specified by:
getEncryptorin interfaceSecretKeyRingProtector- Parameters:
keyId- id of the key- Returns:
- encryptor for the key
- Throws:
org.bouncycastle.openpgp.PGPException- if the encryptor cannot be created for some reason
-
-