Module org.cryptomator.cryptofs

Package org.cryptomator.cryptofs

Class VaultConfig

java.lang.Object

org.cryptomator.cryptofs.VaultConfig

public class VaultConfig
extends Object

Typesafe representation of vault configuration files.

To prevent config tampering, such as downgrade attacks, vault configurations are cryptographically signed using HMAC-256 with the vault's 64 byte master key.

If the signature could be successfully verified, the configuration can be assumed valid and the masterkey can be assumed eligible for the vault.

When loading a vault configuration, a key must be provided and the signature is checked. It is impossible to create an instance of this class from an existing configuration without signature verification.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	VaultConfig.UnverifiedVaultConfig
static class	VaultConfig.VaultConfigBuilder

Method Summary

Modifier and Type	Method	Description
static VaultConfig.VaultConfigBuilder	createNew()	Create a new configuration object for a new vault.
static VaultConfig.UnverifiedVaultConfig	decode(String token)	Decodes a vault configuration stored in JWT format to load it
org.cryptomator.cryptolib.api.CryptorProvider.Scheme	getCipherCombo()
String	getId()
int	getShorteningThreshold()
int	getVaultVersion()
static VaultConfig	load(String token, org.cryptomator.cryptolib.api.MasterkeyLoader keyLoader, int expectedVaultVersion)	Convenience wrapper for decode(String) and VaultConfig.UnverifiedVaultConfig.verify(byte[], int)
String	toToken(String keyId, byte[] rawKey)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getId

public String getId()

getVaultVersion

public int getVaultVersion()

getCipherCombo

public org.cryptomator.cryptolib.api.CryptorProvider.Scheme getCipherCombo()

getShorteningThreshold

public int getShorteningThreshold()

toToken

public String toToken(String keyId,
 byte[] rawKey)

load

public static VaultConfig load(String token,
 org.cryptomator.cryptolib.api.MasterkeyLoader keyLoader,
 int expectedVaultVersion)
                        throws org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException,
VaultConfigLoadException

Convenience wrapper for decode(String) and VaultConfig.UnverifiedVaultConfig.verify(byte[], int)

Parameters:

token - The token

keyLoader - A key loader capable of providing a key for this token

expectedVaultVersion - The vault version this token should contain

Returns:

The decoded configuration

Throws:

org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException - If the key loader was unable to provide a key for this vault configuration

VaultConfigLoadException - When loading the configuration fails

decode

public static VaultConfig.UnverifiedVaultConfig decode(String token)
                                                throws VaultConfigLoadException

Decodes a vault configuration stored in JWT format to load it

Parameters:

token - The token

Returns:

A loader object that allows loading the configuration (if providing the required key)

Throws:

VaultConfigLoadException - When parsing the token failed

createNew

public static VaultConfig.VaultConfigBuilder createNew()

Create a new configuration object for a new vault.

Returns:

A new configuration builder