Package org.jivesoftware.smackx.ox.util

Class SecretKeyBackupHelper

java.lang.Object

org.jivesoftware.smackx.ox.util.SecretKeyBackupHelper

public class SecretKeyBackupHelper
extends Object

Helper class which provides some functions needed for backup/restore of the users secret key to/from their private PubSub node.

Constructor Summary

Constructors

Constructor	Description
SecretKeyBackupHelper()

Method Summary

Modifier and Type	Method	Description
static SecretkeyElement	createSecretkeyElement(byte[] keys, OpenPgpSecretKeyBackupPassphrase backupCode)	Create a SecretkeyElement which contains the secret keys which are serialized in keys and is symmetrically encrypted using the backupCode.
static SecretkeyElement	createSecretkeyElement(OpenPgpProvider provider, BareJid owner, Set<org.pgpainless.key.OpenPgpV4Fingerprint> fingerprints, OpenPgpSecretKeyBackupPassphrase backupCode)	Create a SecretkeyElement which contains the secret keys listed in fingerprints and is encrypted symmetrically using the backupCode.
static OpenPgpSecretKeyBackupPassphrase	generateBackupPassword()	Generate a secure backup code.
static org.bouncycastle.openpgp.PGPSecretKeyRing	restoreSecretKeyBackup(SecretkeyElement backup, OpenPgpSecretKeyBackupPassphrase backupCode)	Decrypt a secret key backup and return the PGPSecretKeyRing contained in it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecretKeyBackupHelper

public SecretKeyBackupHelper()

Method Details

generateBackupPassword

public static OpenPgpSecretKeyBackupPassphrase generateBackupPassword()

Generate a secure backup code. This code can be used to encrypt a secret key backup and follows the form described in XEP-0373 §5.3.

Returns:

backup code

See Also:

• XEP-0373 §5.4 Encrypting the Secret Key Backup

createSecretkeyElement

public static SecretkeyElement createSecretkeyElement(OpenPgpProvider provider,
 BareJid owner,
 Set<org.pgpainless.key.OpenPgpV4Fingerprint> fingerprints,
 OpenPgpSecretKeyBackupPassphrase backupCode)
                                               throws org.bouncycastle.openpgp.PGPException,
IOException,
MissingOpenPgpKeyException

Create a SecretkeyElement which contains the secret keys listed in fingerprints and is encrypted symmetrically using the backupCode.

Parameters:

provider - OpenPgpProvider for symmetric encryption.

owner - owner of the secret keys (usually our jid).

fingerprints - set of OpenPgpV4Fingerprints of the keys which are going to be backed up.

backupCode - passphrase for symmetric encryption.

Returns:

SecretkeyElement

Throws:

org.bouncycastle.openpgp.PGPException - PGP is brittle

IOException - IO is dangerous

MissingOpenPgpKeyException - in case one of the keys whose fingerprint is in fingerprints is not accessible.

createSecretkeyElement

public static SecretkeyElement createSecretkeyElement(byte[] keys,
 OpenPgpSecretKeyBackupPassphrase backupCode)
                                               throws org.bouncycastle.openpgp.PGPException,
IOException

Create a SecretkeyElement which contains the secret keys which are serialized in keys and is symmetrically encrypted using the backupCode.

Parameters:

keys - serialized OpenPGP secret keys in transferable key format

backupCode - passphrase for symmetric encryption

Returns:

SecretkeyElement

Throws:

org.bouncycastle.openpgp.PGPException - PGP is brittle

IOException - IO is dangerous

See Also:

• XEP-0373 §5.4 Encrypting the Secret Key Backup

restoreSecretKeyBackup

public static org.bouncycastle.openpgp.PGPSecretKeyRing restoreSecretKeyBackup(SecretkeyElement backup,
 OpenPgpSecretKeyBackupPassphrase backupCode)
                                                                        throws InvalidBackupCodeException,
IOException,
org.bouncycastle.openpgp.PGPException

Decrypt a secret key backup and return the PGPSecretKeyRing contained in it. TODO: Return a PGPSecretKeyRingCollection instead?

Parameters:

backup - encrypted SecretkeyElement containing the backup

backupCode - passphrase for decrypting the SecretkeyElement.

Returns:

the TODO javadoc me please

Throws:

InvalidBackupCodeException - in case the provided backup code is invalid.

IOException - IO is dangerous.

org.bouncycastle.openpgp.PGPException - PGP is brittle.