* REASON: See DEFAULT_COMPRESSION_ALGORITHM */ public static final int[] PREFERRED_COMPRESSION_ALGORITHMS = new int[]{ CompressionAlgorithmTags.ZIP, // ZLIB: the format provides no benefits over DEFLATE, and is more malleable // BZIP2: very slow }; /** * Hash algorithm used to certify public keys */ public static final int CERTIFY_HASH_ALGO = HashAlgorithmTags.SHA512; /** * Always use AES-256! * We always ignore the preferred encryption algos of the recipient! */ public static final int DEFAULT_SYMMETRIC_ALGORITHM = SymmetricKeyAlgorithmTags.AES_256; public interface OpenKeychainSymmetricKeyAlgorithmTags extends SymmetricKeyAlgorithmTags { int USE_DEFAULT = -1; } /** * Always use SHA-512! * We always ignore the preferred hash algos of the recipient! */ public static final int DEFAULT_HASH_ALGORITHM = HashAlgorithmTags.SHA512; public interface OpenKeychainHashAlgorithmTags extends HashAlgorithmTags { int USE_DEFAULT = -1; } /** * Compression is disabled by default. *
* The default compression algorithm is only used if explicitly enabled in the activity's * overflow menu or via the OpenPGP API's extra OpenPgpApi.EXTRA_ENABLE_COMPRESSION *
* REASON: Enabling compression can lead to a sidechannel. Consider a voting that is done via * OpenPGP. Compression can lead to different ciphertext lengths based on the user's voting. * This has happened in a voting done by Wikipedia (Google it). */ public static final int DEFAULT_COMPRESSION_ALGORITHM = CompressionAlgorithmTags.ZIP; public interface OpenKeychainCompressionAlgorithmTags extends CompressionAlgorithmTags { int USE_DEFAULT = -1; } /** * Note: s2kcount is a number between 0 and 0xff that controls the * number of times to iterate the password hash before use. More * iterations are useful against offline attacks, as it takes more * time to check each password. The actual number of iterations is * rather complex, and also depends on the hash function in use. * Refer to Section 3.7.1.3 in rfc4880.txt. Bigger numbers give * you more iterations. As a rough rule of thumb, when using * SHA256 as the hashing function, 0x10 gives you about 64 * iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0, * or about 1 million iterations. The maximum you can go to is * 0xff, or about 2 million iterations. * from http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html *
* Bouncy Castle default: 0x60 * kbsriram proposes: 0xc0 * Yahoo's End-to-End: 96=0x60 (65536 iterations) (https://github.com/yahoo/end-to-end/blob/master/src/javascript/crypto/e2e/openpgp/keyring.js) */ public static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90; public static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA512; public static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256; public static final int SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO = HashAlgorithmTags.SHA512; // NOTE: only SHA1 is supported for key checksum calculations in OpenPGP, // see http://tools.ietf.org/html/rfc488 0#section-5.5.3 public static final int SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO = HashAlgorithmTags.SHA1; }