Loading…

Kryptel/Java

KeyRecord structure

Declaration

public final class KeyRecord {
    public UUID keyMaterial;
    public String password;
    public byte[] keyData;
	public String keyPath;
	public UUID keyAssociatedMaterial;
    public byte[] keyAssociatedData;
    
    public void clear()
}

Description

Key callback function returns the received key material in this structure.

clear

public void clear()

Overwrites structure fields with zeros (except strings, which are unmutable in Java). It is recommended to call this method before discarding KeyRecord.

keyMaterial

public UUID keyMaterial;

The type of the key material as defined in KeyIdent class.

password

public String password;

If keyMaterial is IDENT_PASSWORD, IDENT_LOWERCASE_PASSWORD, IDENT_PROTECTED_KEY, or IDENT_YUBIKEY_PASSWORD, this field contains the password string.

The client uses this password as is; it is responsibility of the key callback function that the password is properly normalized (see KryptelAPI.NormalizePassword) and truncated to MAX_PASSWORD_LENGTH (in this order!).

keyData

public byte[] keyData;

Contains non-text key material; not used if keyMaterial is IDENT_PASSWORD or IDENT_LOWERCASE_PASSWORD.

keyPath

public String keyPath;

If the key material is a binary key file, this field should contain its path. Although is is optional, it is highly recommended that key callback provides this data.

The reason for adding this argument is that several users did the weirdest thing ever encrypting their key file with itself, thus effectively losing the key and all the files being encrypted with it. In order to avoid this situation, the file agent checks all files being encrypted against this argument and aborts with error if the file path matches the key file path.

keyAssociatedMaterial

public UUID keyAssociatedMaterial;

Contains ID of additional key data. If keyMaterial is IDENT_PROTECTED_KEY, then this field contains the ID of the key file, and keyAssociatedData contains the key itself.

keyAssociatedData

public byte[] keyAssociatedData;

Contains additional key data. If keyMaterial is IDENT_PROTECTED_KEY, then this field contains the binary key.

Kryptel/Java does not support Yubikey as Yubico at the moment do not provide Java interface to Yubikey.