KeyRecord structure
Contents
- Introduction to the Library
- Basic support package (com.kryptel.bslx)
- Kryptel API Commons package (com.kryptel)
- Cipher package (com.kryptel.cipher)
- Compressor package (com.kryptel.compressor)
- Exceptions package (com.kryptel.exceptions)
- Hash function package (com.kryptel.hash_function)
- MAC function package (com.kryptel.mac)
- Key-related functions (com.kryptel.key)
- KeyRecord structure
- IKeyCallback interface
- BinaryKeyFile class
- KeyBlock class
- Example: Writing a key callback
- Silver Key engine (com.kryptel.silver_key)
- Kryptel encrypted storage (com.kryptel.storage)
Declaration
public final class KeyRecord {
public UUID keyMaterial;
public String password;
public byte[] keyData;
public String keyPath;
public UUID keyAssociatedMaterial;
public byte[] keyAssociatedData;
public void clear()
}
Description
Key callback function returns the received key material in this structure. This structure is outdated and is used only with legacy old-style callbacks (see the description of IKeyCallback interface for more details).
clear
public void clear()
Overwrites structure fields with zeros (except strings, which are unmutable in Java). It is recommended to call this method before discarding KeyRecord.
keyMaterial
public UUID keyMaterial;
The type of the key material as defined in KeyIdent class.
password
public String password;
If keyMaterial is IDENT_PASSWORD, IDENT_LOWERCASE_PASSWORD, IDENT_PROTECTED_KEY, or IDENT_YUBIKEY_PASSWORD, this field contains the password string.
The client uses this password as is; it is responsibility of the key callback function that the password is properly normalized (see KryptelAPI.NormalizePassword) and truncated to MAX_PASSWORD_LENGTH (in this order!).
keyData
public byte[] keyData;
Contains non-text key material; not used if keyMaterial is IDENT_PASSWORD or IDENT_LOWERCASE_PASSWORD.
keyPath
public String keyPath;
If the key material is a binary key file, this field should contain its path. Although is is optional, it is highly recommended that key callback provides this data.
The reason for adding this argument is that several users did the weirdest thing ever encrypting their key file with itself, thus effectively losing the key and all the files being encrypted with it. In order to avoid this situation, the file agent checks all files being encrypted against this argument and aborts with error if the file path matches the key file path.
keyAssociatedMaterial
public UUID keyAssociatedMaterial;
Contains ID of additional key data. If keyMaterial is IDENT_PROTECTED_KEY, then this field contains the ID of the key file, and keyAssociatedData contains the key itself.
keyAssociatedData
public byte[] keyAssociatedData;
Contains additional key data. If keyMaterial is IDENT_PROTECTED_KEY, then this field contains the binary key.
Kryptel/Java does not support Yubikey as Yubico at the moment do not provide Java interface to Yubikey.