Package org.signal.libsignal.messagebackup

Class BackupKey

  • All Implemented Interfaces:
    
public class BackupKey
extends ByteArray

    A key used for many aspects of backups.

    Clients are typically concerned with two long-lived keys: a "messages" key (sometimes called "the root backup key" or just "the backup key") that's derived from an , and a "media" key (formally the "media root backup key") that's not derived from anything else.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description

    • Constructor Summary

      Constructors 
      Constructor Description
      BackupKey(Array<byte> contents)

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description

    • Method Summary

      Modifier and Type Method Description
      static BackupKey generateRandom() Generates a random backup key.
      Array<byte> deriveBackupId(ServiceId.Aci aci) Derives the backup ID to use given the current device's ACI.
      ECPrivateKey deriveEcKey(ServiceId.Aci aci) Derives the backup EC key to use given the current device's ACI.
      Array<byte> deriveLocalBackupMetadataKey() Derives the AES key used for encrypted fields in local backup metadata.
      Array<byte> deriveMediaId(String mediaName) Derives the ID for uploading media with the name mediaName.
      Array<byte> deriveMediaEncryptionKey(Array<byte> mediaId) Derives the composite encryption key for re-encrypting media with the given ID.
      Array<byte> deriveThumbnailTransitEncryptionKey(Array<byte> mediaId) Derives the composite encryption key for uploading thumbnails with the given ID to the "transit tier" CDN.

      • Methods inherited from class org.signal.libsignal.zkgroup.internal.ByteArray

        constantTimeEqual, equals, getInternalContentsForJNI, hashCode, serialize

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • BackupKey

        BackupKey(Array<byte> contents)

    • Method Detail

      • generateRandom

         static BackupKey generateRandom()

        Generates a random backup key.

        Useful for tests and for the media root backup key, which is not derived from anything else.

      • deriveBackupId

         Array<byte> deriveBackupId(ServiceId.Aci aci)

        Derives the backup ID to use given the current device's ACI.

        Used for both messages and media backups.

      • deriveLocalBackupMetadataKey

         Array<byte> deriveLocalBackupMetadataKey()

        Derives the AES key used for encrypted fields in local backup metadata.

        Only relevant for message backup keys.

      • deriveMediaId

         Array<byte> deriveMediaId(String mediaName)

        Derives the ID for uploading media with the name mediaName.

        Only relevant for media backup keys.

      • deriveMediaEncryptionKey

         Array<byte> deriveMediaEncryptionKey(Array<byte> mediaId)

        Derives the composite encryption key for re-encrypting media with the given ID.

        This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).

        Only relevant for media backup keys.

        Throws IllegalArgumentException if the media ID is invalid.

      • deriveThumbnailTransitEncryptionKey

         Array<byte> deriveThumbnailTransitEncryptionKey(Array<byte> mediaId)

        Derives the composite encryption key for uploading thumbnails with the given ID to the "transit tier" CDN.

        This is a concatenation of an HMAC key (32 bytes) and an AES-CBC key (also 32 bytes).

        Only relevant for media backup keys.

        Throws IllegalArgumentException if the media ID is invalid.