public class KdbxHeader extends Object implements StreamConfiguration
In V4 the header became Outer Header and Inner Header. The class stores the configuration contents of both and binary attachments.
It is a factory for encryption and decryption streams. It provides for verification of its own serialization.
While KDBX streams are Little-Endian, data is passed to and from this class in standard Java byte order.
| Modifier and Type | Class and Description |
|---|---|
static class |
KdbxHeader.CompressionFlags
The ordinal 0 represents uncompressed and 1 GZip compressed
|
StreamConfiguration.None| Modifier and Type | Field and Description |
|---|---|
protected UUID |
cipherUuid |
static SecureRandom |
random |
| Constructor and Description |
|---|
KdbxHeader()
Construct a default version 3 KDBX header
|
KdbxHeader(int version)
Construct a default KDBX header with AES/AES/SALSA_20
|
KdbxHeader(org.linguafranca.pwdb.kdbx.KdbxHeader.KdbxHeaderOptions opts) |
| Modifier and Type | Method and Description |
|---|---|
void |
addBinary(byte[] bytes)
V4 add binary from inner header
|
InputStream |
createDecryptedStream(byte[] digest,
InputStream inputStream)
Create a decrypted input stream using supplied digest and this header
apply decryption to the passed encrypted input stream
|
OutputStream |
createEncryptedStream(byte[] digest,
OutputStream outputStream)
Create an unencrypted outputStream using the supplied digest and this header
and use the supplied output stream to write encrypted data.
|
List<byte[]> |
getBinaries() |
CipherAlgorithm |
getCipherAlgorithm() |
UUID |
getCipherUuid() |
KdbxHeader.CompressionFlags |
getCompressionFlags() |
byte[] |
getEncryptionIv() |
byte[] |
getHeaderBytes()
V4 provide access to the header as bytes for verification
|
byte[] |
getHeaderHash() |
byte[] |
getHmacKey(Credentials credentials)
Compute the Hmac Key Digest
from "KdbxFile.cs Computekeys"
|
byte[] |
getInnerRandomStreamKey() |
StreamEncryptor |
getInnerStreamEncryptor() |
VariantDictionary |
getKdfParameters() |
KeyDerivationFunction |
getKeyDerivationFunction() |
byte[] |
getMasterSeed() |
Encryption.ProtectedStreamAlgorithm |
getProtectedStreamAlgorithm() |
StreamEncryptor |
getStreamEncryptor() |
byte[] |
getStreamStartBytes() |
byte[] |
getTransformedKeyDigest(byte[] digest)
Takes the composite credentials and transforms them according to the underlying KDF algorithm.
|
long |
getTransformRounds() |
byte[] |
getTransformSeed() |
int |
getVersion() |
void |
setCipherAlgorithm(CipherAlgorithm cipherAlgorithm) |
void |
setCipherUuid(byte[] uuid) |
void |
setCipherUuid(UUID uuid) |
void |
setCompressionFlags(int flags) |
void |
setCustomData(VariantDictionary customData)
V4 Add custom data
|
void |
setEncryptionIv(byte[] encryptionIv) |
void |
setHeaderBytes(byte[] headerBytes)
V4 provide access to the header as bytes for verification
|
void |
setHeaderHash(byte[] headerHash) |
void |
setInnerRandomStreamId(int innerRandomStreamId) |
void |
setInnerRandomStreamKey(byte[] key) |
void |
setKdfParameters(VariantDictionary kdfParameters)
V4 add Key Definition Function Parameters
|
void |
setKeyDerivationFunction(KeyDerivationFunction keyDerivationFunction) |
void |
setMasterSeed(byte[] masterSeed) |
void |
setProtectedStreamAlgorithm(Encryption.ProtectedStreamAlgorithm protectedStreamAlgorithm) |
void |
setStreamStartBytes(byte[] streamStartBytes) |
void |
setTransformRounds(long transformRounds) |
void |
setTransformSeed(byte[] transformSeed) |
void |
setVersion(int version) |
void |
verifyHeaderHmac(byte[] key,
byte[] bytes)
Verify the header Hmac
|
protected UUID cipherUuid
public static SecureRandom random
public KdbxHeader()
public KdbxHeader(int version)
public KdbxHeader(org.linguafranca.pwdb.kdbx.KdbxHeader.KdbxHeaderOptions opts)
public byte[] getHmacKey(Credentials credentials)
credentials - the credentialspublic void verifyHeaderHmac(byte[] key,
byte[] bytes)
key - the transformed Hmac Key for the headerbytes - the bytes to compare to verifypublic InputStream createDecryptedStream(byte[] digest, InputStream inputStream)
digest - the key digestinputStream - the encrypted input streampublic StreamEncryptor getInnerStreamEncryptor()
public byte[] getTransformedKeyDigest(byte[] digest)
digest - the credentials digestedpublic OutputStream createEncryptedStream(byte[] digest, OutputStream outputStream)
digest - the key digestoutputStream - the output stream which is the destination for encrypted datapublic byte[] getTransformSeed()
public long getTransformRounds()
public UUID getCipherUuid()
public KdbxHeader.CompressionFlags getCompressionFlags()
public byte[] getMasterSeed()
public byte[] getEncryptionIv()
public byte[] getInnerRandomStreamKey()
public byte[] getStreamStartBytes()
public CipherAlgorithm getCipherAlgorithm()
public KeyDerivationFunction getKeyDerivationFunction()
public Encryption.ProtectedStreamAlgorithm getProtectedStreamAlgorithm()
public byte[] getHeaderHash()
public int getVersion()
public VariantDictionary getKdfParameters()
public StreamEncryptor getStreamEncryptor()
public void setCompressionFlags(int flags)
public void setMasterSeed(byte[] masterSeed)
public void setTransformSeed(byte[] transformSeed)
public void setTransformRounds(long transformRounds)
public void setEncryptionIv(byte[] encryptionIv)
public void setInnerRandomStreamKey(byte[] key)
public void setStreamStartBytes(byte[] streamStartBytes)
public void setInnerRandomStreamId(int innerRandomStreamId)
public void setProtectedStreamAlgorithm(Encryption.ProtectedStreamAlgorithm protectedStreamAlgorithm)
public void setKeyDerivationFunction(KeyDerivationFunction keyDerivationFunction)
public void setCipherAlgorithm(CipherAlgorithm cipherAlgorithm)
public void setCipherUuid(byte[] uuid)
public void setCipherUuid(UUID uuid)
public void setHeaderHash(byte[] headerHash)
public void setVersion(int version)
public void setKdfParameters(VariantDictionary kdfParameters)
public void setCustomData(VariantDictionary customData)
public void addBinary(byte[] bytes)
public List<byte[]> getBinaries()
public byte[] getHeaderBytes()
public void setHeaderBytes(byte[] headerBytes)
Copyright © 2025. All rights reserved.