1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-26 04:47:59 +01:00

Add information about KeyRingProtectionSettings to documentation

This commit is contained in:
Paul Schaub 2022-08-31 21:38:09 +02:00
parent 15046cdc32
commit 328b8ccf8a
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -57,4 +57,14 @@ SecretKeyRingProtector singlePassphrase = SecretKeyRingProtector
// If you want to be flexible, use this:
CachingSecretKeyRingProtector flexible = SecretKeyRingProtector
.defaultSecretKeyRingProtector(passphraseCallback);
```
```
The last example shows how to instantiate the `CachingSecretKeyRingProtector` with a `SecretKeyPassphraseProvider`.
As the name suggests, the `CachingSecretKeyRingProtector` caches passphrases in a map.
If you try to unlock a protected secret key for which no passphrase is cached, the `getPassphraseFor()` method of
the `SecretKeyPassphraseProvider` will be called to interactively ask for the missing passphrase. Afterwards, the
acquired passphrase will be cached for future use.
Most `SecretKeyRingProtector` implementations can be instantiated with custom `KeyRingProtectionSettings`.
By default, most implementations use `KeyRingProtectionSettings.secureDefaultSettings()` which corresponds to iterated
and salted S2K using AES256 and SHA256 with an iteration count of 65536.