Loading…

Kryptel/Java

KeyRecord structure

Declaration

public final class KeyRecord {
    public UUID keyMaterial;
    public String password;
    public byte[] keyData;
    public byte[] keyAssociatedData;
    public String keyPath;
}

Description

Key callback function returns the received key material in this structure.

keyMaterial

public UUID keyMaterial;

The type of the key material as defined in KeyIdent class.

password

public String password;

If keyMaterial is IDENT_PASSWORD, IDENT_LOWERCASE_PASSWORD, IDENT_PROTECTED_KEY, or IDENT_YUBIKEY_PASSWORD, this field contains the password string.

The client uses this password as is; it is responsibility of the key callback function that the password is properly normalized (see KryptelAPI.NormalizePassword) and truncated to MAX_PASSWORD_LENGTH (in this order!).

keyData

public byte[] keyData;

Contains non-text key material; not used if keyMaterial is IDENT_PASSWORD or IDENT_LOWERCASE_PASSWORD.

keyAssociatedData

public byte[] keyAssociatedData;

Contains additional key data, for instance, Yubikey lists. Kryptel/Java does not support Yubikey as Yubico at the moment do not provide Java interface to Yubikey.

keyPath

public String keyPath;

If the key material is a binary key file, this field should contain its path. Although is is optional, it is highly recommended that key callback provides this data.

The reason for adding this argument is that several users did the weirdest thing ever encrypting their key file with itself, thus effectively losing the key and all the files being encrypted with it. To avoid it, the file agent checks all files being encrypted against this argument and aborts with error if the file path matches the key file path.