clj-pgp.message

The functions in this namespace package raw data into PGP messages, which can be compressed, encrypted, and signed.

The encryption functions use the concept of encryptors and decryptors. A collection of encryptors may be used to encipher a message, and any corresponding decryptor will be able to decipher it.

For symmetric encryption, the encryptor is the passphrase string and the corresponding decryptor is the same string.

For public-key encryption, the encryptor is the public-key object and the decryptor is the corresponding private-key. Alternately, the decryptor can be a function which accepts a key id and returns the corresponding private-key, to look it up or unlock the key on demand.

armored-data-stream

(armored-data-stream output)

Wraps an OutputStream with an armored data stream. Packets written to this stream will be output in ASCII encoded Base64.

compressed-data-stream

(compressed-data-stream output algorithm)

Wraps an OutputStream with a compressed data generator, returning another stream. Typically, literal data packets will be written to this stream, which are compressed and written to an underlying encryption stream.

data-formats

Supported data formats which can be specified when building literal data packets.

decrypt

(decrypt input decryptor & opts)

Decrypts a message packet and attempts to decipher it with the given decryptor. Returns the data of the first message directly.

See read-messages for options.

encrypt

(encrypt data encryptors & opts)

Constructs a message packet enciphered for the given encryptors. See message-output-stream for options.

encrypted-data-stream

(encrypted-data-stream output cipher encryptors & opts)

Wraps an OutputStream with an encrypted data generator, returning another stream. The data written to the stream will be encrypted with a symmetric session key, which is then encrypted for each of the given public keys.

Typically, the data written to this will consist of compressed data packets. If the data is longer than the buffer size, the packet is written in chunks in a streaming fashion.

Options may be provided to customize the packet:

  • :buffer-size maximum number of bytes per chunk
  • :integrity-packet whether to include a Modification Detection Code packet
  • :random custom random number generator

literal-data-stream

(literal-data-stream output & opts)

Wraps an OutputStream with a literal data generator, returning another stream. Typically, the wrapped stream is a compressed data stream or encrypted data stream.

Data written to the returned stream will write a literal data packet to the wrapped output stream. If the data is longer than the buffer size, the packet is written in chunks in a streaming fashion.

Options may be provided to customize the packet:

  • :buffer-size maximum number of bytes per chunk
  • :format data format type
  • :filename filename string for the data
  • :mtime data modification time

message-output-stream

(message-output-stream output & opts)

Wraps the given output stream with compression and encryption layers. The data will decryptable by the corresponding decryptors. Does not close the wrapped stream when it is closed.

Opts may contain:

  • :buffer-size maximum number of bytes per chunk
  • :compress compress the cleartext with the given algorithm, if specified
  • :cipher symmetric key algorithm to use if encryptors are provided
  • :encryptors keys to encrypt the cipher session key with
  • :armor whether to ascii-encode the output

See literal-data-stream and encrypted-data-stream for more options.

package

(package data & opts)

Compresses, encrypts, and encodes the given data and returns an encoded message packet. If the :armor option is set, the result will be an ASCII string; otherwise, the function returns a byte array.

The message will readable by any of the corresponding decryptors.

See message-output-stream for options.

read-messages

(read-messages input & opts)

Reads message packets from an input source and returns a sequence of message maps which have realized :data entries.

See reduce-messages for options

reduce-messages

(reduce-messages input rf acc & opts)

Reads message packets form an input source and reduces over them with the given accumulator acc and reducing function rf. Each message contains keys similiar to the options used to build them, describing the type of compression used, cophier encrypted with, etc. The rf should take the accumulator and a message and return the resulting accumulator. It must consume the stream passed in the :data field. A message is a map containing: - :format one of #{:binary :text :utf8} - :data An InputStream - :filename the name of the file - :mtime the modified time of the message

Opts may contain:

  • :decryptor secret to decipher the message encryption