PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Update README

This commit is contained in:
Paul Schaub 2021-07-01 17:15:33 +02:00
parent 77fbd8763e
commit 034f531357
Signed by: vanitasvitae
GPG Key ID: 62BEE9264BF17311
1 changed files with 34 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -35,6 +35,31 @@ If you want to get started, this class is your friend :)
For further details you should check out the [javadoc](https://pgpainless.org/releases/latest/javadoc/)!
### Handle Keys
Reading keys from ASCII armored strings or from binary files is easy:
```java
String key = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"...
PGPSecretKeyRing secretKey = PGPainless.readKeyRing()
.secretKeyRing(key);
```
Similarly, keys can quickly be exported::
```java
PGPSecretKeyRing secretKey = ...;
String armored = PGPainless.asciiArmor(secretKey);
ByteArrayOutputStream binary = new ByteArrayOutputStream();
secretKey.encode(binary);
```
Extract a public key certificate from a secret key:
```java
PGPSecretKeyRing secretKey = ...;
PGPPublicKeyRing certificate = PGPainless.extractCertificate(secretKey);
```
### Easily Generate Keys
PGPainless comes with a simple to use `KeyRingBuilder` class that helps you to quickly generate modern OpenPGP keys.
There are some predefined key archetypes, but it is possible to fully customize key generation to your needs.
@ -108,19 +133,19 @@ Still it allows you to manually specify which algorithms to use of course.
### Decrypt and Verify Signatures
Decrypting data and verifying signatures is being done in a similar fashion.
Decrypting data and verifying signatures is being done similarly.
PGPainless will not only verify *correctness* of signatures, but also if the signing key was allowed to create the signature.
A key might not be allowed to create signatures if, for example, it expired or was revoked, or was not properly bound to the key ring.
Furthermore PGPainless will reject signatures made using weak algorithms like SHA-1.
Furthermore, PGPainless will reject signatures made using weak algorithms like SHA-1.
This behaviour can be modified though using the `Policy` class.
```java
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.onInputStream(encryptedInputStream)
.decryptWith(secretKeyProtector, bobSecKeys)
.verifyWith(alicePubKeys)
.ignoreMissingPublicKeys()
.build();
.withOptions(new ConsumerOptions()
.addDecryptionKey(bobSecKeys, secretKeyProtector)
.addVerificationCert(alicePubKeys)
);
Streams.pipeAll(decryptionStream, outputStream);
decryptionStream.close();
@ -132,6 +157,8 @@ This behaviour can be modified though using the `Policy` class.
*After* the `DecryptionStream` was closed, you can get metadata about the processed data by retrieving the `OpenPgpMetadata`.
Again, this object will contain information about how the message was encrypted, who signed it and so on.
#### Many more examples can be found in the [examples package](pgpainless-core/src/test/java/org/pgpainless/example)!!!
## Include PGPainless in your Project
PGPainless is available on maven central. In order to include it in your project, just add the
@ -143,7 +170,7 @@ repositories {
}
dependencies {
implementation 'org.pgpainless:pgpainless-core:0.2.0'
implementation 'org.pgpainless:pgpainless-core:0.2.3'
}
```