1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-25 22:02:05 +01:00

Add information about KeyRingProtectionSettings to documentation

This commit is contained in:
Paul Schaub 2022-08-31 21:38:09 +02:00
parent 15046cdc32
commit 328b8ccf8a
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -58,3 +58,13 @@ SecretKeyRingProtector singlePassphrase = SecretKeyRingProtector
CachingSecretKeyRingProtector flexible = SecretKeyRingProtector CachingSecretKeyRingProtector flexible = SecretKeyRingProtector
.defaultSecretKeyRingProtector(passphraseCallback); .defaultSecretKeyRingProtector(passphraseCallback);
``` ```
The last example shows how to instantiate the `CachingSecretKeyRingProtector` with a `SecretKeyPassphraseProvider`.
As the name suggests, the `CachingSecretKeyRingProtector` caches passphrases in a map.
If you try to unlock a protected secret key for which no passphrase is cached, the `getPassphraseFor()` method of
the `SecretKeyPassphraseProvider` will be called to interactively ask for the missing passphrase. Afterwards, the
acquired passphrase will be cached for future use.
Most `SecretKeyRingProtector` implementations can be instantiated with custom `KeyRingProtectionSettings`.
By default, most implementations use `KeyRingProtectionSettings.secureDefaultSettings()` which corresponds to iterated
and salted S2K using AES256 and SHA256 with an iteration count of 65536.