NAME

Crypt::OpenPGP::SKSessionKey - Symmetric-Key Encrypted Session Key

SYNOPSIS

use Crypt::OpenPGP::SKSessionKey;

my $passphrase = 'foobar';  # Not a very good passphrase
my $key_data = 'f' x 64;    # Not a very good key

my $skey = Crypt::OpenPGP::SKSessionKey->new(
    Passphrase  => $passphrase,
    SymKey      => $key_data,
);
my $serialized = $skey->save;

DESCRIPTION

Crypt::OpenPGP::SKSessionKey implements symmetric-key encrypted session key packets; these packets store symmetric-key-encrypted key data that, when decrypted using the proper passphrase, can be used to decrypt a block of ciphertext--that is, a Crypt::OpenPGP::Ciphertext object.

Symmetric-key encrypted session key packets can work in two different ways: in one scenario the passphrase you provide is used to encrypt a randomly chosen string of key material; the key material is the key that is actually used to encrypt the data packet, and the passphrase just serves to encrypt the key material. This encrypted key material is then serialized into the symmetric-key encrypted session key packet.

The other method of using this encryption form is to use the passphrase directly to encrypt the data packet. In this scenario the need for any additional key material goes away, because all the receiver needs is the same passphrase that you have entered to encrypt the data.

At the moment Crypt::OpenPGP really only supports the first scenario; note also that the interface to new may change in the future when support for the second scenario is added.

USAGE

Crypt::OpenPGP::SKSessionKey->new( %arg )

Creates a new encrypted session key packet object and returns that object. If there are no arguments in %arg, the object is created empty; this is used, for example in parse (below), to create an empty packet which is then filled from the data in the buffer.

If you wish to initialize a non-empty object, %arg can contain:

  • Passphrase

    An arbitrary-length passphrase; that is, a string of octets. The passphrase is used to encrypt the actual session key such that it can only be decrypted by supplying the correct passphrase.

    This argument is required (for a non-empty object).

  • SymKey

    The symmetric cipher key: a string of octets that make up the key data of the symmetric cipher key. This should be at least long enough for the key length of your chosen cipher (see Cipher, below), or, if you have not specified a cipher, at least 64 bytes (to allow for long cipher key sizes).

    This argument is required (for a non-empty object).

  • S2k

    An object of type Crypt::OpenPGP::S2k (or rather, of one of its subclasses). If you use the passphrase directly to encrypt the data packet (scenario one, above), you will probably be generating the key material outside of this class, meaning that you will need to pass in the S2k object that was used to generate that key material from the passphrase. This is the way to do that.

  • Cipher

    The name (or ID) of a supported PGP cipher. See Crypt::OpenPGP::Cipher for a list of valid cipher names.

    This argument is optional; by default Crypt::OpenPGP::Cipher will use DES3.

$skey->save

Serializes the session key packet and returns the string of octets.

Crypt::OpenPGP::SKSessionKey->parse($buffer)

Given $buffer, a Crypt::OpenPGP::Buffer object holding (or with offset pointing to) an encrypted session key packet, returns a new Crypt::OpenPGP::Ciphertext object, initialized with the data in the buffer.

$skey->decrypt($passphrase)

Given a passphrase $passphrase, decrypts the encrypted session key data. The key data includes the symmetric key itself, along with a one-octet ID of the symmetric cipher used to encrypt the message.

Returns a list containing two items: the symmetric key and the cipher algorithm ID. These are suitable for passing off to the decrypt method of a Crypt::OpenPGP::Ciphertext object to decrypt a block of encrypted data.

AUTHOR & COPYRIGHTS

Please see the Crypt::OpenPGP manpage for author, copyright, and license information.