From 328b8ccf8aa7f1a58bbce90f20648e8158eb6a2c Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 31 Aug 2022 21:38:09 +0200 Subject: [PATCH] Add information about KeyRingProtectionSettings to documentation --- docs/source/pgpainless-core/passphrase.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/source/pgpainless-core/passphrase.md b/docs/source/pgpainless-core/passphrase.md index 27769aad..4a6e4393 100644 --- a/docs/source/pgpainless-core/passphrase.md +++ b/docs/source/pgpainless-core/passphrase.md @@ -57,4 +57,14 @@ SecretKeyRingProtector singlePassphrase = SecretKeyRingProtector // If you want to be flexible, use this: CachingSecretKeyRingProtector flexible = SecretKeyRingProtector .defaultSecretKeyRingProtector(passphraseCallback); -``` \ No newline at end of file +``` + +The last example shows how to instantiate the `CachingSecretKeyRingProtector` with a `SecretKeyPassphraseProvider`. +As the name suggests, the `CachingSecretKeyRingProtector` caches passphrases in a map. +If you try to unlock a protected secret key for which no passphrase is cached, the `getPassphraseFor()` method of +the `SecretKeyPassphraseProvider` will be called to interactively ask for the missing passphrase. Afterwards, the +acquired passphrase will be cached for future use. + +Most `SecretKeyRingProtector` implementations can be instantiated with custom `KeyRingProtectionSettings`. +By default, most implementations use `KeyRingProtectionSettings.secureDefaultSettings()` which corresponds to iterated +and salted S2K using AES256 and SHA256 with an iteration count of 65536.