Class EncryptionOptions
java.lang.Object
org.pgpainless.encryption_signing.EncryptionOptions
Options for the encryption process.
This class can be used to set encryption parameters, like encryption keys and passphrases, algorithms etc.
A typical use might look like follows:
EncryptionOptions opt = new EncryptionOptions();
opt.addRecipient(aliceKey, "Alice <alice@wonderland.lit>");
opt.addPassphrase(Passphrase.fromPassword("AdditionalDecryptionPassphrase123"));
To use a custom symmetric encryption algorithm, use overrideEncryptionAlgorithm(SymmetricKeyAlgorithm)
.
This will cause PGPainless to use the provided algorithm for message encryption, instead of negotiating an algorithm
by inspecting the provided recipient keys.
By default, PGPainless will encrypt to all suitable, encryption capable subkeys on each recipient's certificate.
This behavior can be changed per recipient, e.g. by calling
opt.addRecipient(aliceKey, EncryptionOptions.encryptToFirstSubkey());
when adding the recipient key.-
Nested Class Summary
Nested Classes -
Constructor Summary
ConstructorsConstructorDescriptionEncrypt to keys both carrying the key flagKeyFlag.ENCRYPT_COMMS
orKeyFlag.ENCRYPT_STORAGE
.EncryptionOptions
(EncryptionPurpose purpose) -
Method Summary
Modifier and TypeMethodDescriptionaddEncryptionMethod
(org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator encryptionMethod) Add anPGPKeyEncryptionMethodGenerator
which will be used to encrypt the message.addPassphrase
(Passphrase passphrase) Add a symmetric passphrase which the message will be encrypted to.addRecipient
(org.bouncycastle.openpgp.PGPPublicKeyRing key) Add a recipient by providing a key.addRecipient
(org.bouncycastle.openpgp.PGPPublicKeyRing key, String userId) Add a recipient by providing a key and recipient user-id.addRecipient
(org.bouncycastle.openpgp.PGPPublicKeyRing key, String userId, EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy) Add a recipient by providing a key and recipient user-id, as well as a strategy for selecting one or multiple encryption capable subkeys from the key.addRecipient
(org.bouncycastle.openpgp.PGPPublicKeyRing key, EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy) Add a recipient by providing a key and an encryption key selection strategy.addRecipients
(Iterable<org.bouncycastle.openpgp.PGPPublicKeyRing> keys) Add all key rings in the providedIterable
(e.g.addRecipients
(Iterable<org.bouncycastle.openpgp.PGPPublicKeyRing> keys, EncryptionOptions.EncryptionKeySelector selector) Add all key rings in the providedIterable
(e.g.static EncryptionOptions
Factory method to create anEncryptionOptions
object which will encrypt for keys which carry the flagKeyFlag.ENCRYPT_COMMS
.static EncryptionOptions
Factory method to create anEncryptionOptions
object which will encrypt for keys which carry the flagKeyFlag.ENCRYPT_STORAGE
.Encrypt to any valid, encryption capable subkey on the key ring.Only encrypt to the first valid encryption capable subkey we stumble upon.static EncryptionOptions
get()
Factory method to create anEncryptionOptions
object which will encrypt for keys which carry either theKeyFlag.ENCRYPT_COMMS
orKeyFlag.ENCRYPT_STORAGE
flag.overrideEncryptionAlgorithm
(SymmetricKeyAlgorithm encryptionAlgorithm) Override the used symmetric encryption algorithm.
-
Constructor Details
-
EncryptionOptions
public EncryptionOptions()Encrypt to keys both carrying the key flagKeyFlag.ENCRYPT_COMMS
orKeyFlag.ENCRYPT_STORAGE
. -
EncryptionOptions
-
-
Method Details
-
get
Factory method to create anEncryptionOptions
object which will encrypt for keys which carry either theKeyFlag.ENCRYPT_COMMS
orKeyFlag.ENCRYPT_STORAGE
flag. Use this if you are not sure.- Returns:
- encryption options
-
encryptCommunications
Factory method to create anEncryptionOptions
object which will encrypt for keys which carry the flagKeyFlag.ENCRYPT_COMMS
.- Returns:
- encryption options
-
encryptDataAtRest
Factory method to create anEncryptionOptions
object which will encrypt for keys which carry the flagKeyFlag.ENCRYPT_STORAGE
.- Returns:
- encryption options
-
addRecipients
Add all key rings in the providedIterable
(e.g.PGPPublicKeyRingCollection
) as recipients.- Parameters:
keys
- keys- Returns:
- this
-
addRecipients
public EncryptionOptions addRecipients(@Nonnull Iterable<org.bouncycastle.openpgp.PGPPublicKeyRing> keys, @Nonnull EncryptionOptions.EncryptionKeySelector selector) Add all key rings in the providedIterable
(e.g.PGPPublicKeyRingCollection
) as recipients. Per key ring, the selector is applied to select one or more encryption subkeys.- Parameters:
keys
- keysselector
- encryption key selector- Returns:
- this
-
addRecipient
Add a recipient by providing a key and recipient user-id. The user-id is used to determine the recipients preferences (algorithms etc.).- Parameters:
key
- key ringuserId
- user id- Returns:
- this
-
addRecipient
public EncryptionOptions addRecipient(org.bouncycastle.openpgp.PGPPublicKeyRing key, String userId, EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy) Add a recipient by providing a key and recipient user-id, as well as a strategy for selecting one or multiple encryption capable subkeys from the key.- Parameters:
key
- keyuserId
- user-idencryptionKeySelectionStrategy
- strategy to select one or more encryption subkeys to encrypt to- Returns:
- this
-
addRecipient
Add a recipient by providing a key.- Parameters:
key
- key ring- Returns:
- this
-
addRecipient
public EncryptionOptions addRecipient(org.bouncycastle.openpgp.PGPPublicKeyRing key, EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy) Add a recipient by providing a key and an encryption key selection strategy.- Parameters:
key
- key ringencryptionKeySelectionStrategy
- strategy used to select one or multiple encryption subkeys.- Returns:
- this
-
addPassphrase
Add a symmetric passphrase which the message will be encrypted to.- Parameters:
passphrase
- passphrase- Returns:
- this
-
addEncryptionMethod
public EncryptionOptions addEncryptionMethod(org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator encryptionMethod) Add anPGPKeyEncryptionMethodGenerator
which will be used to encrypt the message. Method generators are eitherPBEKeyEncryptionMethodGenerator
(passphrase) orPGPKeyEncryptionMethodGenerator
(public key). This method is intended for advanced users to allow encryption for specific subkeys. This can come in handy for example if data needs to be encrypted to a subkey that's ignored by PGPainless.- Parameters:
encryptionMethod
- encryption method- Returns:
- this
-
overrideEncryptionAlgorithm
Override the used symmetric encryption algorithm. The symmetric encryption algorithm is used to encrypt the message itself, while the used symmetric key will be encrypted to all recipients using public key cryptography. If the algorithm is not overridden, a suitable algorithm will be negotiated.- Parameters:
encryptionAlgorithm
- encryption algorithm override- Returns:
- this
-
encryptToFirstSubkey
Only encrypt to the first valid encryption capable subkey we stumble upon.- Returns:
- encryption key selector
-
encryptToAllCapableSubkeys
Encrypt to any valid, encryption capable subkey on the key ring.- Returns:
- encryption key selector
-