| .idea | ||
| bc-sop-api | ||
| bc-sop-cli | ||
| .gitignore | ||
| pom.xml | ||
| README.md | ||
Stateless OpenPGP Protocol Implementation using Bouncy Castle
This repository contains an implementation of the Stateless OpenPGP Protocol using sop-java and Bouncy Castle.
Note: THIS IS STILL EXPERIMENTAL SOFTWARE NOT SUITABLE FOR PRODUCTION USE!!!
There are two modules in this repository:
- [bc-sop-api] contains a high-level JAVA API of the SOP protocol using Bouncy Castle
- [bc-sop-cli] contains a CLI app implementing the SOP protocol following the spec.
Build
Currently, this build depends on an open development branch of Bouncy Castle, which can be found in an external repository here. To make this code available to bcsop, you need to clone the repository and locally install the custom BC build:
git clone git@github.com:pgpainless/bc-java.git
cd bc-java
git checkout valiadateAPI
gradle publishToMavenLocal
Furthermode, you need a custom build of sop-java which can similarly be build like this:
git clone git@github.com:pgpainless/sop-java.git
gradle publishToMavenLocal
In order to build the GraalVM native-image of the CLI app, you need to have graalvm 21.0.5 installed
and GRAALVM_HOME pointing to it.
The easiest way to accomplish this is using sdkman.
Afterwards, you can navigate to your clone of this repository and build the CLI app as a GraalVM native-image using this command:
mvn clean install -Dmaven.test.skip
The CLI binary can then be found as bc-sop-cli/target/bcsop.
$ ./bcsop help
Stateless OpenPGP Protocol
Usage: bcsop [--stacktrace] [COMMAND]
Options:
--stacktrace Print stacktrace
Commands:
version Display version information about the tool
list-profiles Emit a list of profiles supported by the identified
subcommand
generate-key Generate a secret key
change-key-password Update the password of a key
revoke-key Generate revocation certificates
extract-cert Extract a public key certificate from a secret key
sign Create a detached message signature
verify Verify a detached signature
encrypt Encrypt a message from standard input
decrypt Decrypt a message
inline-detach Split signatures from a clearsigned message
inline-sign Create an inline-signed message
inline-verify Verify an inline-signed message
armor Add ASCII Armor to standard input
dearmor Remove ASCII Armor from standard input
help Stateless OpenPGP Protocol
Exit Codes:
0 Successful program execution
1 Generic program error
3 Verification requested but no verifiable signature found
13 Unsupported asymmetric algorithm
17 Certificate is not encryption capable
19 Usage error: Missing argument
23 Incomplete verification instructions
29 Unable to decrypt
31 Password is not human-readable
37 Unsupported Option
41 Invalid data or data of wrong type encountered
53 Non-text input received where text was expected
59 Output file already exists
61 Input file does not exist
67 Cannot unlock password protected secret key
69 Unsupported subcommand
71 Unsupported special prefix (e.g. "@ENV/@FD") of indirect parameter
73 Ambiguous input (a filename matching the designator already exists)
79 Key is not signing capable
83 Options were supplied that are incompatible with each other
89 The requested profile is unsupported, or the indicated subcommand does
not accept profiles
97 The implementation supports some form of hardware-backed secret keys,
but could not identify the hardware device
101 The implementation tried to use a hardware-backed secret key, but the
cryptographic hardware refused the operation for some reason other
than a bad PIN or password
Powered by picocli