Class EncryptionOptions

java.lang.Object
org.pgpainless.encryption_signing.EncryptionOptions

public class EncryptionOptions extends Object
Options for the encryption process. This class can be used to set encryption parameters, like encryption keys and passphrases, algorithms etc. A typical use might look like follows:
 
 EncryptionOptions opt = new EncryptionOptions();
 opt.addRecipient(aliceKey, "Alice <alice@wonderland.lit>");
 opt.addPassphrase(Passphrase.fromPassword("AdditionalDecryptionPassphrase123"));
 
 
To use a custom symmetric encryption algorithm, use overrideEncryptionAlgorithm(SymmetricKeyAlgorithm). This will cause PGPainless to use the provided algorithm for message encryption, instead of negotiating an algorithm by inspecting the provided recipient keys. By default, PGPainless will encrypt to all suitable, encryption capable subkeys on each recipient's certificate. This behavior can be changed per recipient, e.g. by calling
 
 opt.addRecipient(aliceKey, EncryptionOptions.encryptToFirstSubkey());
 
 
when adding the recipient key.
  • Constructor Details

  • Method Details

    • get

      public static EncryptionOptions get()
      Factory method to create an EncryptionOptions object which will encrypt for keys which carry either the KeyFlag.ENCRYPT_COMMS or KeyFlag.ENCRYPT_STORAGE flag. Use this if you are not sure.
      Returns:
      encryption options
    • encryptCommunications

      public static EncryptionOptions encryptCommunications()
      Factory method to create an EncryptionOptions object which will encrypt for keys which carry the flag KeyFlag.ENCRYPT_COMMS.
      Returns:
      encryption options
    • encryptDataAtRest

      public static EncryptionOptions encryptDataAtRest()
      Factory method to create an EncryptionOptions object which will encrypt for keys which carry the flag KeyFlag.ENCRYPT_STORAGE.
      Returns:
      encryption options
    • addRecipients

      public EncryptionOptions addRecipients(Iterable<org.bouncycastle.openpgp.PGPPublicKeyRing> keys)
      Add all key rings in the provided Iterable (e.g. PGPPublicKeyRingCollection) as recipients.
      Parameters:
      keys - keys
      Returns:
      this
    • addRecipients

      public EncryptionOptions addRecipients(@Nonnull Iterable<org.bouncycastle.openpgp.PGPPublicKeyRing> keys, @Nonnull EncryptionOptions.EncryptionKeySelector selector)
      Add all key rings in the provided Iterable (e.g. PGPPublicKeyRingCollection) as recipients. Per key ring, the selector is applied to select one or more encryption subkeys.
      Parameters:
      keys - keys
      selector - encryption key selector
      Returns:
      this
    • addRecipient

      public EncryptionOptions addRecipient(org.bouncycastle.openpgp.PGPPublicKeyRing key, String userId)
      Add a recipient by providing a key and recipient user-id. The user-id is used to determine the recipients preferences (algorithms etc.).
      Parameters:
      key - key ring
      userId - user id
      Returns:
      this
    • addRecipient

      public EncryptionOptions addRecipient(org.bouncycastle.openpgp.PGPPublicKeyRing key, String userId, EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy)
      Add a recipient by providing a key and recipient user-id, as well as a strategy for selecting one or multiple encryption capable subkeys from the key.
      Parameters:
      key - key
      userId - user-id
      encryptionKeySelectionStrategy - strategy to select one or more encryption subkeys to encrypt to
      Returns:
      this
    • addRecipient

      public EncryptionOptions addRecipient(org.bouncycastle.openpgp.PGPPublicKeyRing key)
      Add a recipient by providing a key.
      Parameters:
      key - key ring
      Returns:
      this
    • addRecipient

      public EncryptionOptions addRecipient(org.bouncycastle.openpgp.PGPPublicKeyRing key, EncryptionOptions.EncryptionKeySelector encryptionKeySelectionStrategy)
      Add a recipient by providing a key and an encryption key selection strategy.
      Parameters:
      key - key ring
      encryptionKeySelectionStrategy - strategy used to select one or multiple encryption subkeys.
      Returns:
      this
    • addPassphrase

      public EncryptionOptions addPassphrase(Passphrase passphrase)
      Add a symmetric passphrase which the message will be encrypted to.
      Parameters:
      passphrase - passphrase
      Returns:
      this
    • addEncryptionMethod

      public EncryptionOptions addEncryptionMethod(org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator encryptionMethod)
      Add an PGPKeyEncryptionMethodGenerator which will be used to encrypt the message. Method generators are either PBEKeyEncryptionMethodGenerator (passphrase) or PGPKeyEncryptionMethodGenerator (public key). This method is intended for advanced users to allow encryption for specific subkeys. This can come in handy for example if data needs to be encrypted to a subkey that's ignored by PGPainless.
      Parameters:
      encryptionMethod - encryption method
      Returns:
      this
    • overrideEncryptionAlgorithm

      public EncryptionOptions overrideEncryptionAlgorithm(SymmetricKeyAlgorithm encryptionAlgorithm)
      Override the used symmetric encryption algorithm. The symmetric encryption algorithm is used to encrypt the message itself, while the used symmetric key will be encrypted to all recipients using public key cryptography. If the algorithm is not overridden, a suitable algorithm will be negotiated.
      Parameters:
      encryptionAlgorithm - encryption algorithm override
      Returns:
      this
    • encryptToFirstSubkey

      public static EncryptionOptions.EncryptionKeySelector encryptToFirstSubkey()
      Only encrypt to the first valid encryption capable subkey we stumble upon.
      Returns:
      encryption key selector
    • encryptToAllCapableSubkeys

      public static EncryptionOptions.EncryptionKeySelector encryptToAllCapableSubkeys()
      Encrypt to any valid, encryption capable subkey on the key ring.
      Returns:
      encryption key selector