2018-06-13 17:26:48 +02:00
|
|
|
/*
|
|
|
|
* Copyright 2018 Paul Schaub.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
2018-07-18 18:23:06 +02:00
|
|
|
package org.pgpainless.encryption_signing;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2018-06-05 01:30:58 +02:00
|
|
|
import java.io.IOException;
|
2018-06-04 19:45:18 +02:00
|
|
|
import java.io.OutputStream;
|
2021-04-25 00:28:48 +02:00
|
|
|
import java.util.Date;
|
2021-04-26 13:38:12 +02:00
|
|
|
import javax.annotation.Nonnull;
|
2018-06-28 18:25:11 +02:00
|
|
|
|
2018-06-05 01:30:58 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
2018-06-04 19:45:18 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
|
|
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
2021-04-30 10:23:12 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
2018-07-18 18:23:06 +02:00
|
|
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
|
|
|
import org.pgpainless.algorithm.HashAlgorithm;
|
2021-04-25 00:28:48 +02:00
|
|
|
import org.pgpainless.algorithm.StreamEncoding;
|
2018-07-18 18:23:06 +02:00
|
|
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
2020-08-24 16:00:23 +02:00
|
|
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
2018-07-18 18:23:06 +02:00
|
|
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
2020-12-26 19:04:27 +01:00
|
|
|
import org.pgpainless.util.Passphrase;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
|
|
|
public interface EncryptionBuilderInterface {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Create a {@link EncryptionStream} on an {@link OutputStream} that contains the plain data that
|
|
|
|
* shall be encrypted and or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream output stream of the plain data.
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2021-04-07 21:30:51 +02:00
|
|
|
default ToRecipients onOutputStream(@Nonnull OutputStream outputStream) {
|
2021-04-25 00:28:48 +02:00
|
|
|
return onOutputStream(outputStream, OpenPgpMetadata.FileInfo.binaryStream());
|
2021-04-07 21:30:51 +02:00
|
|
|
}
|
|
|
|
/**
|
|
|
|
* Create a {@link EncryptionStream} on an {@link OutputStream} that contains the plain data which shall
|
|
|
|
* be encrypted and/or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream outputStream
|
|
|
|
* @param forYourEyesOnly flag indicating that the data is intended for the recipients eyes only
|
|
|
|
* @return api handle
|
2021-04-25 00:28:48 +02:00
|
|
|
*
|
|
|
|
* @deprecated use {@link #onOutputStream(OutputStream, OpenPgpMetadata.FileInfo)} instead.
|
2021-04-07 21:30:51 +02:00
|
|
|
*/
|
|
|
|
default ToRecipients onOutputStream(@Nonnull OutputStream outputStream, boolean forYourEyesOnly) {
|
2021-04-25 00:28:48 +02:00
|
|
|
return onOutputStream(outputStream, forYourEyesOnly ? OpenPgpMetadata.FileInfo.forYourEyesOnly() : OpenPgpMetadata.FileInfo.binaryStream());
|
2021-04-07 21:30:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Creates a {@link EncryptionStream} on an {@link OutputStream} that contains the plain data which shall
|
|
|
|
* be encrypted and/or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream outputStream
|
|
|
|
* @param fileName name of the file (or "" if the encrypted data is not a file)
|
|
|
|
* @param forYourEyesOnly flag indicating that the data is intended for the recipients eyes only
|
|
|
|
* @return api handle
|
2021-04-25 00:28:48 +02:00
|
|
|
*
|
|
|
|
* @deprecated use {@link #onOutputStream(OutputStream, OpenPgpMetadata.FileInfo)} instead.
|
|
|
|
*/
|
|
|
|
default ToRecipients onOutputStream(@Nonnull OutputStream outputStream, String fileName, boolean forYourEyesOnly) {
|
|
|
|
return onOutputStream(outputStream, new OpenPgpMetadata.FileInfo(forYourEyesOnly ? "_CONSOLE" : fileName, new Date(), StreamEncoding.BINARY));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an {@link EncryptionStream} on an {@link OutputStream} that contains the plain data which shall
|
|
|
|
* be encrypted and/or signed.
|
|
|
|
*
|
|
|
|
* @param outputStream outputStream
|
|
|
|
* @param fileInfo file information
|
|
|
|
* @return api handle
|
2021-04-07 21:30:51 +02:00
|
|
|
*/
|
2021-04-25 00:28:48 +02:00
|
|
|
ToRecipients onOutputStream(@Nonnull OutputStream outputStream, OpenPgpMetadata.FileInfo fileInfo);
|
2018-06-04 19:45:18 +02:00
|
|
|
|
|
|
|
interface ToRecipients {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Pass in a list of trusted public key rings of the recipients.
|
|
|
|
*
|
|
|
|
* @param keys recipient keys for which the message will be encrypted.
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2018-07-31 20:09:16 +02:00
|
|
|
WithAlgorithms toRecipients(@Nonnull PGPPublicKeyRing... keys);
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Pass in a list of trusted public key ring collections of the recipients.
|
|
|
|
*
|
|
|
|
* @param keys recipient keys for which the message will be encrypted.
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2018-07-31 20:09:16 +02:00
|
|
|
WithAlgorithms toRecipients(@Nonnull PGPPublicKeyRingCollection... keys);
|
2018-07-08 17:22:29 +02:00
|
|
|
|
2020-12-26 19:04:27 +01:00
|
|
|
/**
|
|
|
|
* Encrypt to one or more symmetric passphrases.
|
|
|
|
* Note that the passphrases MUST NOT be empty.
|
|
|
|
*
|
|
|
|
* @param passphrases passphrase
|
|
|
|
* @return api handle
|
|
|
|
*/
|
|
|
|
WithAlgorithms forPassphrases(Passphrase... passphrases);
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Instruct the {@link EncryptionStream} to not encrypt any data.
|
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2020-08-24 14:55:06 +02:00
|
|
|
DetachedSign doNotEncrypt();
|
2018-06-04 19:45:18 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
interface WithAlgorithms {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Add our own public key to the list of recipient keys.
|
|
|
|
*
|
|
|
|
* @param keys own public keys
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2018-07-31 20:09:16 +02:00
|
|
|
WithAlgorithms andToSelf(@Nonnull PGPPublicKeyRing... keys);
|
2018-06-11 01:33:49 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Add our own public keys to the list of recipient keys.
|
|
|
|
*
|
|
|
|
* @param keys own public keys
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2018-07-31 20:09:16 +02:00
|
|
|
WithAlgorithms andToSelf(@Nonnull PGPPublicKeyRingCollection keys);
|
2018-07-08 18:05:55 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Specify which algorithms should be used for the encryption.
|
|
|
|
*
|
|
|
|
* @param symmetricKeyAlgorithm symmetric algorithm for the session key
|
|
|
|
* @param hashAlgorithm hash algorithm
|
|
|
|
* @param compressionAlgorithm compression algorithm
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2020-08-24 14:55:06 +02:00
|
|
|
DetachedSign usingAlgorithms(@Nonnull SymmetricKeyAlgorithm symmetricKeyAlgorithm,
|
2018-07-31 20:09:16 +02:00
|
|
|
@Nonnull HashAlgorithm hashAlgorithm,
|
|
|
|
@Nonnull CompressionAlgorithm compressionAlgorithm);
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Use a suite of algorithms that are considered secure.
|
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2020-08-24 14:55:06 +02:00
|
|
|
DetachedSign usingSecureAlgorithms();
|
|
|
|
|
2020-12-26 19:04:27 +01:00
|
|
|
ToRecipients and();
|
|
|
|
|
2020-08-24 14:55:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
interface DetachedSign extends SignWith {
|
2020-08-24 16:00:23 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Instruct the {@link EncryptionStream} to generate detached signatures instead of One-Pass-Signatures.
|
|
|
|
* Those can be retrieved later via {@link OpenPgpMetadata#getSignatures()}.
|
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2020-08-24 14:55:06 +02:00
|
|
|
SignWith createDetachedSignature();
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Do not sign the plain data at all.
|
|
|
|
*
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2020-08-24 14:55:06 +02:00
|
|
|
Armor doNotSign();
|
2018-06-07 18:12:13 +02:00
|
|
|
|
2018-06-04 19:45:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
interface SignWith {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Pass in a list of secret keys used for signing, along with a {@link SecretKeyRingProtector} used to unlock
|
|
|
|
* the secret keys.
|
|
|
|
*
|
|
|
|
* @param decryptor {@link SecretKeyRingProtector} used to unlock the secret keys
|
|
|
|
* @param keyRings secret keys used for signing
|
|
|
|
* @return api handle
|
|
|
|
*/
|
2020-12-16 16:33:14 +01:00
|
|
|
DocumentType signWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRing... keyRings);
|
2020-08-24 16:00:23 +02:00
|
|
|
|
2021-04-30 10:23:12 +02:00
|
|
|
DocumentType signWith(@Nonnull SecretKeyRingProtector decryptor, @Nonnull PGPSecretKeyRingCollection keyRings);
|
|
|
|
|
2018-06-04 19:45:18 +02:00
|
|
|
}
|
|
|
|
|
2020-12-16 16:33:14 +01:00
|
|
|
interface DocumentType {
|
|
|
|
|
|
|
|
Armor signBinaryDocument();
|
|
|
|
|
|
|
|
Armor signCanonicalText();
|
|
|
|
}
|
|
|
|
|
2018-06-04 19:45:18 +02:00
|
|
|
interface Armor {
|
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Wrap the encrypted/signed output in an ASCII armor.
|
|
|
|
* This can come in handy for sending the encrypted message via eg. email.
|
|
|
|
*
|
|
|
|
* @return encryption stream
|
|
|
|
* @throws IOException in case some I/O error occurs
|
|
|
|
* @throws PGPException in case of some malformed pgp data
|
|
|
|
*/
|
2018-06-27 15:09:39 +02:00
|
|
|
EncryptionStream asciiArmor() throws IOException, PGPException;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
2020-08-24 16:00:23 +02:00
|
|
|
/**
|
|
|
|
* Do not wrap the output in an ASCII armor.
|
|
|
|
*
|
|
|
|
* @return encryption stream
|
|
|
|
* @throws IOException in case some I/O error occurs
|
|
|
|
* @throws PGPException in case of some malformed pgp data
|
|
|
|
*/
|
2018-06-27 15:09:39 +02:00
|
|
|
EncryptionStream noArmor() throws IOException, PGPException;
|
2018-06-04 19:45:18 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|