Package org.pgpainless.key.protection
Class CachingSecretKeyRingProtector
java.lang.Object
org.pgpainless.key.protection.CachingSecretKeyRingProtector
- All Implemented Interfaces:
SecretKeyPassphraseProvider,SecretKeyRingProtector
public class CachingSecretKeyRingProtector
extends Object
implements SecretKeyRingProtector, SecretKeyPassphraseProvider
Implementation of the
SecretKeyRingProtector which holds a map of key ids and their passwords.
In case the needed passphrase is not contained in the map, the missingPassphraseCallback will be consulted,
and the passphrase is added to the map.
If you need to unlock multiple PGPKeyRings, it is advised to use a separate
CachingSecretKeyRingProtector instance for each ring.-
Constructor Summary
ConstructorsConstructorDescriptionCachingSecretKeyRingProtector(Map<Long, Passphrase> passphrases, KeyRingProtectionSettings protectionSettings, SecretKeyPassphraseProvider missingPassphraseCallback) CachingSecretKeyRingProtector(SecretKeyPassphraseProvider missingPassphraseCallback) -
Method Summary
Modifier and TypeMethodDescriptionvoidaddPassphrase(Long keyId, Passphrase passphrase) Add a passphrase to the cache.voidaddPassphrase(org.bouncycastle.openpgp.PGPKeyRing keyRing, Passphrase passphrase) Remember the given passphrase for all keys in the given key ring.voidaddPassphrase(org.bouncycastle.openpgp.PGPPublicKey key, Passphrase passphrase) Remember the given passphrase for the given (sub-)key.voidaddPassphrase(OpenPgpFingerprint fingerprint, Passphrase passphrase) voidforgetPassphrase(Long keyId) Remove a passphrase from the cache.voidforgetPassphrase(org.bouncycastle.openpgp.PGPKeyRing keyRing) Forget the passphrase to all keys in the provided key ring.voidforgetPassphrase(org.bouncycastle.openpgp.PGPPublicKey key) Forget the passphrase of the given public key.org.bouncycastle.openpgp.operator.PBESecretKeyDecryptorgetDecryptor(Long keyId) Return a decryptor for the key of idkeyId.org.bouncycastle.openpgp.operator.PBESecretKeyEncryptorgetEncryptor(Long keyId) Return an encryptor for the key of idkeyId.getPassphraseFor(Long keyId) Return a passphrase for the given key.booleanhasPassphrase(Long keyId) booleanhasPassphraseFor(Long keyId) Returns true, if the protector has a passphrase for the key with the given key-id.voidreplacePassphrase(Long keyId, Passphrase passphrase) Replace the passphrase for the given key-id in the cache.voidreplacePassphrase(org.bouncycastle.openpgp.PGPKeyRing keyRing, Passphrase passphrase) Replace the cached passphrases for all keys in the key ring with the provided passphrase.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.pgpainless.key.protection.passphrase_provider.SecretKeyPassphraseProvider
getPassphraseFor
-
Constructor Details
-
CachingSecretKeyRingProtector
public CachingSecretKeyRingProtector() -
CachingSecretKeyRingProtector
public CachingSecretKeyRingProtector(@Nullable SecretKeyPassphraseProvider missingPassphraseCallback) -
CachingSecretKeyRingProtector
public CachingSecretKeyRingProtector(@Nonnull Map<Long, Passphrase> passphrases, @Nonnull KeyRingProtectionSettings protectionSettings, @Nullable SecretKeyPassphraseProvider missingPassphraseCallback)
-
-
Method Details
-
addPassphrase
Add a passphrase to the cache. If the cache already contains a passphrase for the given key-id, aIllegalArgumentExceptionis thrown. The reason for this is to prevent accidental override of passphrases when dealing with multiple key rings containing a key with the same key-id but different passphrases. If you can ensure that there will be no key-id clash, and you want to replace the passphrase, you can usereplacePassphrase(Long, Passphrase)to replace the passphrase.- Parameters:
keyId- id of the keypassphrase- passphrase
-
replacePassphrase
Replace the passphrase for the given key-id in the cache.- Parameters:
keyId- keyIdpassphrase- passphrase
-
addPassphrase
public void addPassphrase(@Nonnull org.bouncycastle.openpgp.PGPKeyRing keyRing, @Nonnull Passphrase passphrase) Remember the given passphrase for all keys in the given key ring. If for the key-id of any key on the key ring the cache already contains a passphrase, aIllegalArgumentExceptionis thrown before any changes are committed to the cache. This is to prevent accidental passphrase override when dealing with multiple key rings containing keys with conflicting key-ids. If you can ensure that there will be no key-id clashes, and you want to replace the passphrases for the key ring, usereplacePassphrase(PGPKeyRing, Passphrase)instead. If you need to unlock multiplePGPKeyRings, it is advised to use a separateCachingSecretKeyRingProtectorinstance for each ring.- Parameters:
keyRing- key ringpassphrase- passphrase
-
replacePassphrase
public void replacePassphrase(@Nonnull org.bouncycastle.openpgp.PGPKeyRing keyRing, @Nonnull Passphrase passphrase) Replace the cached passphrases for all keys in the key ring with the provided passphrase.- Parameters:
keyRing- key ringpassphrase- passphrase
-
addPassphrase
public void addPassphrase(@Nonnull org.bouncycastle.openpgp.PGPPublicKey key, @Nonnull Passphrase passphrase) Remember the given passphrase for the given (sub-)key.- Parameters:
key- keypassphrase- passphrase
-
addPassphrase
-
forgetPassphrase
Remove a passphrase from the cache. The passphrase will be cleared and then removed.- Parameters:
keyId- id of the key
-
forgetPassphrase
public void forgetPassphrase(@Nonnull org.bouncycastle.openpgp.PGPKeyRing keyRing) Forget the passphrase to all keys in the provided key ring.- Parameters:
keyRing- key ring
-
forgetPassphrase
public void forgetPassphrase(@Nonnull org.bouncycastle.openpgp.PGPPublicKey key) Forget the passphrase of the given public key.- Parameters:
key- key
-
getPassphraseFor
Description copied from interface:SecretKeyPassphraseProviderReturn a passphrase for the given key. If no record has been found, return null. Note: In case of an unprotected secret key, this method must may not return null, but aPassphrasewith a content of null.- Specified by:
getPassphraseForin interfaceSecretKeyPassphraseProvider- Parameters:
keyId- if of the secret key- Returns:
- passphrase or null, if no passphrase record has been found.
-
hasPassphrase
- Specified by:
hasPassphrasein interfaceSecretKeyPassphraseProvider
-
hasPassphraseFor
Description copied from interface:SecretKeyRingProtectorReturns true, if the protector has a passphrase for the key with the given key-id.- Specified by:
hasPassphraseForin interfaceSecretKeyRingProtector- Parameters:
keyId- key id- Returns:
- true if it has a passphrase, false otherwise
-
getDecryptor
@Nullable public org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor getDecryptor(@Nonnull Long keyId) throws org.bouncycastle.openpgp.PGPException Description copied from interface:SecretKeyRingProtectorReturn a decryptor for the key of idkeyId. This method returns null if the key is unprotected.- Specified by:
getDecryptorin interfaceSecretKeyRingProtector- Parameters:
keyId- id of the key- Returns:
- decryptor for the key
- Throws:
org.bouncycastle.openpgp.PGPException- if the decryptor cannot be created for some reason
-
getEncryptor
@Nullable public org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor getEncryptor(@Nonnull Long keyId) throws org.bouncycastle.openpgp.PGPException Description copied from interface:SecretKeyRingProtectorReturn an encryptor for the key of idkeyId. This method returns null if the key is unprotected.- Specified by:
getEncryptorin interfaceSecretKeyRingProtector- Parameters:
keyId- id of the key- Returns:
- encryptor for the key
- Throws:
org.bouncycastle.openpgp.PGPException- if the encryptor cannot be created for some reason
-