This uses 128-bit AES (Rijndael) as the symmetric encryption algorithm. This is the only key * strength ICANN allows. The other valid algorithms are TripleDES and CAST5 per RFC 4880. It's * probably for the best that we're not using AES-256 since it's been weakened over the years to * potentially being worse than AES-128. * *
The key for the symmetric algorithm is generated by a random number generator which SHOULD * come from {@code /dev/random} (see: {@link sun.security.provider.NativePRNG}) but Java doesn't * offer any guarantees that {@link SecureRandom} isn't pseudo-random. * *
The asymmetric algorithm is whatever one is associated with the {@link PGPPublicKey} object * you provide. That should be either RSA or DSA, per the ICANN escrow spec. The underlying * {@link PGPEncryptedDataGenerator} class uses PGP Cipher Feedback Mode to chain blocks. No * integrity packet is used. * * @see RFC 4880 (OpenPGP Message Format) * @see AES (Wikipedia) */ @AutoFactory(allowSubclasses = true) public class RydePgpEncryptionOutputStream extends ImprovedOutputStream { /** * The symmetric encryption algorithm to use. Do not change this value without checking the * RFCs to make sure the encryption algorithm and strength combination is allowed. * * @see org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags */ private static final int CIPHER = AES_128; /** * This option adds an additional checksum to the OpenPGP message. From what I can tell, this is * meant to fix a bug that made a certain type of message tampering possible. GPG will actually * complain on the command line when decrypting a message without this feature. * *
However I'm reasonably certain that this is not required if you have a signature (and * remember to use it!) and the ICANN requirements document do not mention this. So we're going * to leave it out. */ private static final boolean USE_INTEGRITY_PACKET = false; /** * The source of random bits. This should not be changed at Google because it uses dev random * in production, and the testing environment is configured to make this go fast and not drain * system entropy. * * @see SecureRandom#getInstance(String) */ private static final String RANDOM_SOURCE = "NativePRNG"; /** * Creates a new instance that encrypts data for the owner of {@code receiverKey}. * * @param os is the upstream {@link OutputStream} which is not closed by this object * @throws IllegalArgumentException if {@code publicKey} is invalid * @throws RuntimeException to rethrow {@link PGPException} and {@link IOException} */ public RydePgpEncryptionOutputStream( @Provided @Config("rdeRydeBufferSize") Integer bufferSize, @WillNotClose OutputStream os, PGPPublicKey receiverKey) { super(createDelegate(bufferSize, os, receiverKey)); } private static OutputStream createDelegate(int bufferSize, OutputStream os, PGPPublicKey receiverKey) { try { PGPEncryptedDataGenerator encryptor = new PGPEncryptedDataGenerator( new JcePGPDataEncryptorBuilder(CIPHER) .setWithIntegrityPacket(USE_INTEGRITY_PACKET) .setSecureRandom(SecureRandom.getInstance(RANDOM_SOURCE)) .setProvider(PROVIDER_NAME)); encryptor.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(receiverKey)); return encryptor.open(os, new byte[bufferSize]); } catch (NoSuchAlgorithmException e) { throw new ProviderException(e); } catch (IOException | PGPException e) { throw new RuntimeException(e); } } }