2021-10-07 15:48:52 +02:00
|
|
|
// Copyright 2021 Paul Schaub.
|
|
|
|
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2021-05-14 13:18:34 +02:00
|
|
|
package org.pgpainless.key.protection;
|
|
|
|
|
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
|
|
|
import org.bouncycastle.openpgp.PGPPrivateKey;
|
|
|
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
|
|
|
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
|
2021-11-24 18:46:29 +01:00
|
|
|
import org.pgpainless.exception.KeyIntegrityException;
|
2021-05-14 13:18:34 +02:00
|
|
|
import org.pgpainless.exception.WrongPassphraseException;
|
2021-05-31 15:38:47 +02:00
|
|
|
import org.pgpainless.key.info.KeyInfo;
|
2021-12-09 13:25:23 +01:00
|
|
|
import org.pgpainless.key.util.PublicKeyParameterValidationUtil;
|
2021-05-14 13:18:34 +02:00
|
|
|
import org.pgpainless.util.Passphrase;
|
|
|
|
|
2021-08-15 15:24:19 +02:00
|
|
|
public final class UnlockSecretKey {
|
|
|
|
|
|
|
|
private UnlockSecretKey() {
|
|
|
|
|
|
|
|
}
|
2021-05-14 13:18:34 +02:00
|
|
|
|
|
|
|
public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector)
|
2021-12-06 15:01:37 +01:00
|
|
|
throws PGPException, KeyIntegrityException {
|
2021-12-06 15:01:37 +01:00
|
|
|
|
|
|
|
PBESecretKeyDecryptor decryptor = null;
|
|
|
|
if (KeyInfo.isEncrypted(secretKey)) {
|
|
|
|
decryptor = protector.getDecryptor(secretKey.getKeyID());
|
2021-05-14 13:18:34 +02:00
|
|
|
}
|
2021-12-06 15:01:37 +01:00
|
|
|
PGPPrivateKey privateKey = unlockSecretKey(secretKey, decryptor);
|
|
|
|
return privateKey;
|
2021-05-14 13:18:34 +02:00
|
|
|
}
|
|
|
|
|
2021-12-06 15:01:37 +01:00
|
|
|
public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, PBESecretKeyDecryptor decryptor)
|
|
|
|
throws PGPException {
|
|
|
|
PGPPrivateKey privateKey;
|
2021-05-14 13:18:34 +02:00
|
|
|
try {
|
2021-12-06 15:01:37 +01:00
|
|
|
privateKey = secretKey.extractPrivateKey(decryptor);
|
2021-05-14 13:18:34 +02:00
|
|
|
} catch (PGPException e) {
|
|
|
|
throw new WrongPassphraseException(secretKey.getKeyID(), e);
|
|
|
|
}
|
2021-12-06 15:01:37 +01:00
|
|
|
|
|
|
|
if (privateKey == null) {
|
|
|
|
int s2kType = secretKey.getS2K().getType();
|
|
|
|
if (s2kType >= 100 && s2kType <= 110) {
|
|
|
|
throw new PGPException("Cannot decrypt secret key" + Long.toHexString(secretKey.getKeyID()) + ": " +
|
|
|
|
"Unsupported private S2K usage type " + s2kType);
|
|
|
|
}
|
|
|
|
|
|
|
|
throw new PGPException("Cannot decrypt secret key.");
|
|
|
|
}
|
|
|
|
|
2021-12-09 13:25:23 +01:00
|
|
|
PublicKeyParameterValidationUtil.verifyPublicKeyParameterIntegrity(privateKey, secretKey.getPublicKey());
|
|
|
|
|
2021-12-06 15:01:37 +01:00
|
|
|
return privateKey;
|
2021-05-14 13:18:34 +02:00
|
|
|
}
|
|
|
|
|
2021-12-06 15:01:37 +01:00
|
|
|
public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, Passphrase passphrase)
|
2021-12-07 19:08:03 +01:00
|
|
|
throws PGPException, KeyIntegrityException {
|
2021-05-14 13:18:34 +02:00
|
|
|
return unlockSecretKey(secretKey, SecretKeyRingProtector.unlockSingleKeyWith(passphrase, secretKey));
|
|
|
|
}
|
|
|
|
}
|