Class OpenSSHKeyPairResourceWriter.KeyEncryptor
- java.lang.Object
-
- org.apache.sshd.common.config.keys.loader.AbstractPrivateKeyObfuscator
-
- org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator
-
- org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyPairResourceWriter.KeyEncryptor
-
- All Implemented Interfaces:
PrivateKeyObfuscator
- Enclosing class:
- OpenSSHKeyPairResourceWriter
public static class OpenSSHKeyPairResourceWriter.KeyEncryptor extends AESPrivateKeyObfuscator
A key encryptor for modern-style OpenSSH private keys using the bcrypt KDF.
-
-
Field Summary
Fields Modifier and Type Field Description static int
BCRYPT_SALT_LENGTH
private byte[]
kdfOptions
protected OpenSSHKeyEncryptionContext
options
-
Fields inherited from class org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator
CIPHER_NAME, INSTANCE
-
-
Constructor Summary
Constructors Constructor Description KeyEncryptor(OpenSSHKeyEncryptionContext options)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected byte[]
convert(java.lang.String password)
protected byte[]
deriveEncryptionKey(PrivateKeyEncryptionContext context, int keyLength)
Derives an encryption key and set the IV on thecontext
from the passphase provided by the context using the OpenBSDBCrypt
KDF.byte[]
getKdfOptions()
Retrieves the KDF options used.-
Methods inherited from class org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator
applyPrivateKeyCipher, createCipherSelector, getAvailableKeyLengths, getSupportedKeySizes, resolveCipherInformation, resolveInitializationVectorLength, resolveKeyLength
-
Methods inherited from class org.apache.sshd.common.config.keys.loader.AbstractPrivateKeyObfuscator
appendPrivateKeyEncryptionContext, applyPrivateKeyCipher, generateInitializationVector, getCipherName
-
-
-
-
Field Detail
-
BCRYPT_SALT_LENGTH
public static final int BCRYPT_SALT_LENGTH
- See Also:
- Constant Field Values
-
options
protected final OpenSSHKeyEncryptionContext options
-
kdfOptions
private byte[] kdfOptions
-
-
Constructor Detail
-
KeyEncryptor
public KeyEncryptor(OpenSSHKeyEncryptionContext options)
-
-
Method Detail
-
getKdfOptions
public byte[] getKdfOptions()
Retrieves the KDF options used. Valid only afterderiveEncryptionKey(PrivateKeyEncryptionContext, int)
has been called.- Returns:
- the number of KDF rounds applied
-
deriveEncryptionKey
protected byte[] deriveEncryptionKey(PrivateKeyEncryptionContext context, int keyLength) throws java.io.IOException, java.security.GeneralSecurityException
Derives an encryption key and set the IV on thecontext
from the passphase provided by the context using the OpenBSDBCrypt
KDF.- Overrides:
deriveEncryptionKey
in classAbstractPrivateKeyObfuscator
- Parameters:
context
- for the encryption, provides the passphrase and transports other encryption-related information including the IVkeyLength
- number of key bytes to generate- Returns:
keyLength
bytes to use as encryption key- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
convert
protected byte[] convert(java.lang.String password)
-
-