Separate key generation from scratch and from templates in to buildKeyRing() and generateKeyRing()

2021-11-02 12:23:05 +01:00 · 2021-11-02 12:23:05 +01:00 · 03a350d279
parent 59c9ec341e
commit 03a350d279
17 changed files with 220 additions and 186 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/PGPainless.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/PGPainless.java
@ -16,6 +16,7 @@ import org.pgpainless.decryption_verification.DecryptionStream;
 import org.pgpainless.encryption_signing.EncryptionBuilder;
 import org.pgpainless.encryption_signing.EncryptionStream;
 import org.pgpainless.key.generation.KeyRingBuilder;
+import org.pgpainless.key.generation.KeyRingTemplates;
 import org.pgpainless.key.info.KeyRingInfo;
 import org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor;
 import org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface;
@ -31,10 +32,19 @@ public final class PGPainless {
    }

    /**
-     * Generate a new OpenPGP key ring.
+     * Generate a fresh OpenPGP key ring from predefined templates.
+     * @return templates
+     */
+    public static KeyRingTemplates generateKeyRing() {
+        return new KeyRingTemplates();
+    }
+
+    /**
+     * Build a custom OpenPGP key ring.
+     *
     * @return builder
     */
-    public static KeyRingBuilder generateKeyRing() {
+    public static KeyRingBuilder buildKeyRing() {
        return new KeyRingBuilder();
    }

--- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java
@ -41,14 +41,10 @@ import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.generation.type.KeyType;
-import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
-import org.pgpainless.key.generation.type.rsa.RsaLength;
-import org.pgpainless.key.generation.type.xdh.XDHSpec;
 import org.pgpainless.key.protection.UnlockSecretKey;
-import org.pgpainless.key.util.UserId;
 import org.pgpainless.provider.ProviderFactory;
-import org.pgpainless.util.Passphrase;
 import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil;
+import org.pgpainless.util.Passphrase;

 public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {

@ -64,158 +60,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
    private Passphrase passphrase = null;
    private Date expirationDate = null;

-    /**
-     * Creates a simple, unencrypted RSA KeyPair of length {@code length} with user-id {@code userId}.
-     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
-     *
-     * @param userId user id.
-     * @param length length in bits.
-     *
-     * @return {@link PGPSecretKeyRing} containing the KeyPair.
-     */
-    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength length)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        return simpleRsaKeyRing(userId.toString(), length);
-    }
-
-    /**
-     * Creates a simple, unencrypted RSA KeyPair of length {@code length} with user-id {@code userId}.
-     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
-     *
-     * @param userId user id.
-     * @param length length in bits.
-     *
-     * @return {@link PGPSecretKeyRing} containing the KeyPair.
-     */
-    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        return simpleRsaKeyRing(userId, length, null);
-    }
-
-    /**
-     * Creates a simple RSA KeyPair of length {@code length} with user-id {@code userId}.
-     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
-     *
-     * @param userId user id.
-     * @param length length in bits.
-     * @param password Password of the key. Can be null for unencrypted keys.
-     *
-     * @return {@link PGPSecretKeyRing} containing the KeyPair.
-     */
-    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength length, String password)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        return simpleRsaKeyRing(userId.toString(), length, password);
-    }
-
-    /**
-     * Creates a simple RSA KeyPair of length {@code length} with user-id {@code userId}.
-     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
-     *
-     * @param userId user id.
-     * @param length length in bits.
-     * @param password Password of the key. Can be null for unencrypted keys.
-     *
-     * @return {@link PGPSecretKeyRing} containing the KeyPair.
-     */
-    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password)
-            throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-        KeyRingBuilder builder = new KeyRingBuilder()
-                .setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
-                .addUserId(userId);
-
-        if (!isNullOrEmpty(password)) {
-            builder.setPassphrase(Passphrase.fromPassword(password));
-        }
-        return builder.build();
-    }
-
-    /**
-     * Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
-     * The EdDSA primary key is used for signing messages and certifying the sub key.
-     * The XDH subkey is used for encryption and decryption of messages.
-     *
-     * @param userId user-id
-     *
-     * @return {@link PGPSecretKeyRing} containing the key pairs.
-     */
-    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        return simpleEcKeyRing(userId.toString());
-    }
-
-    /**
-     * Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
-     * The EdDSA primary key is used for signing messages and certifying the sub key.
-     * The XDH subkey is used for encryption and decryption of messages.
-     *
-     * @param userId user-id
-     *
-     * @return {@link PGPSecretKeyRing} containing the key pairs.
-     */
-    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        return simpleEcKeyRing(userId, null);
-    }
-
-    /**
-     * Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
-     * The EdDSA primary key is used for signing messages and certifying the sub key.
-     * The XDH subkey is used for encryption and decryption of messages.
-     *
-     * @param userId user-id
-     * @param password Password of the private key. Can be null for an unencrypted key.
-     *
-     * @return {@link PGPSecretKeyRing} containing the key pairs.
-     */
-    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId, String password)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        return simpleEcKeyRing(userId.toString(), password);
-    }
-
-    /**
-     * Creates a key ring consisting of an ed25519 EdDSA primary key and a X25519 XDH subkey.
-     * The EdDSA primary key is used for signing messages and certifying the sub key.
-     * The XDH subkey is used for encryption and decryption of messages.
-     *
-     * @param userId user-id
-     * @param password Password of the private key. Can be null for an unencrypted key.
-     *
-     * @return {@link PGPSecretKeyRing} containing the key pairs.
-     */
-    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password)
-            throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-        KeyRingBuilder builder = new KeyRingBuilder()
-                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
-                .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
-                .addUserId(userId);
-
-        if (!isNullOrEmpty(password)) {
-            builder.setPassphrase(Passphrase.fromPassword(password));
-        }
-        return builder.build();
-    }
-
-    /**
-     * Generate a modern PGP key ring consisting of an ed25519 EdDSA primary key which is used to certify
-     * an X25519 XDH encryption subkey and an ed25519 EdDSA signing key.
-     *
-     * @param userId primary user id
-     * @param password passphrase or null if the key should be unprotected.
-     * @return key ring
-     */
-    public PGPSecretKeyRing modernKeyRing(String userId, String password)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        KeyRingBuilder builder = new KeyRingBuilder()
-                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
-                .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
-                .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
-                .addUserId(userId);
-        if (!isNullOrEmpty(password)) {
-            builder.setPassphrase(Passphrase.fromPassword(password));
-        }
-        return builder.build();
-    }
-
    @Override
    public KeyRingBuilder setPrimaryKey(@Nonnull KeySpec keySpec) {
        verifyMasterKeyCanCertify(keySpec);
@ -256,10 +100,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
        return this;
    }

-    private static boolean isNullOrEmpty(String password) {
-        return password == null || password.trim().isEmpty();
-    }
-
    private void verifyMasterKeyCanCertify(KeySpec spec) {
        if (!hasCertifyOthersFlag(spec)) {
            throw new IllegalArgumentException("Certification Key MUST have KeyFlag CERTIFY_OTHER");
--- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingTemplates.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingTemplates.java
@ -0,0 +1,184 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.key.generation;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import javax.annotation.Nonnull;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.pgpainless.PGPainless;
+import org.pgpainless.algorithm.KeyFlag;
+import org.pgpainless.key.generation.type.KeyType;
+import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
+import org.pgpainless.key.generation.type.rsa.RsaLength;
+import org.pgpainless.key.generation.type.xdh.XDHSpec;
+import org.pgpainless.key.util.UserId;
+import org.pgpainless.util.Passphrase;
+
+public final class KeyRingTemplates {
+
+    public KeyRingTemplates() {
+
+    }
+
+    /**
+     * Creates a simple, unencrypted RSA KeyPair of length {@code length} with user-id {@code userId}.
+     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
+     *
+     * @param userId user id.
+     * @param length length in bits.
+     *
+     * @return {@link PGPSecretKeyRing} containing the KeyPair.
+     */
+    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength length)
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        return simpleRsaKeyRing(userId.toString(), length);
+    }
+
+    /**
+     * Creates a simple, unencrypted RSA KeyPair of length {@code length} with user-id {@code userId}.
+     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
+     *
+     * @param userId user id.
+     * @param length length in bits.
+     *
+     * @return {@link PGPSecretKeyRing} containing the KeyPair.
+     */
+    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length)
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        return simpleRsaKeyRing(userId, length, null);
+    }
+
+    /**
+     * Creates a simple RSA KeyPair of length {@code length} with user-id {@code userId}.
+     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
+     *
+     * @param userId user id.
+     * @param length length in bits.
+     * @param password Password of the key. Can be null for unencrypted keys.
+     *
+     * @return {@link PGPSecretKeyRing} containing the KeyPair.
+     */
+    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength length, String password)
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        return simpleRsaKeyRing(userId.toString(), length, password);
+    }
+
+    /**
+     * Creates a simple RSA KeyPair of length {@code length} with user-id {@code userId}.
+     * The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
+     *
+     * @param userId user id.
+     * @param length length in bits.
+     * @param password Password of the key. Can be null for unencrypted keys.
+     *
+     * @return {@link PGPSecretKeyRing} containing the KeyPair.
+     */
+    public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password)
+            throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        KeyRingBuilder builder = PGPainless.buildKeyRing()
+                .setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
+                .addUserId(userId);
+
+        if (!isNullOrEmpty(password)) {
+            builder.setPassphrase(Passphrase.fromPassword(password));
+        }
+        return builder.build();
+    }
+
+    /**
+     * Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
+     * The EdDSA primary key is used for signing messages and certifying the sub key.
+     * The XDH subkey is used for encryption and decryption of messages.
+     *
+     * @param userId user-id
+     *
+     * @return {@link PGPSecretKeyRing} containing the key pairs.
+     */
+    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId)
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        return simpleEcKeyRing(userId.toString());
+    }
+
+    /**
+     * Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
+     * The EdDSA primary key is used for signing messages and certifying the sub key.
+     * The XDH subkey is used for encryption and decryption of messages.
+     *
+     * @param userId user-id
+     *
+     * @return {@link PGPSecretKeyRing} containing the key pairs.
+     */
+    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId)
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        return simpleEcKeyRing(userId, null);
+    }
+
+    /**
+     * Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
+     * The EdDSA primary key is used for signing messages and certifying the sub key.
+     * The XDH subkey is used for encryption and decryption of messages.
+     *
+     * @param userId user-id
+     * @param password Password of the private key. Can be null for an unencrypted key.
+     *
+     * @return {@link PGPSecretKeyRing} containing the key pairs.
+     */
+    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId, String password)
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        return simpleEcKeyRing(userId.toString(), password);
+    }
+
+    /**
+     * Creates a key ring consisting of an ed25519 EdDSA primary key and a X25519 XDH subkey.
+     * The EdDSA primary key is used for signing messages and certifying the sub key.
+     * The XDH subkey is used for encryption and decryption of messages.
+     *
+     * @param userId user-id
+     * @param password Password of the private key. Can be null for an unencrypted key.
+     *
+     * @return {@link PGPSecretKeyRing} containing the key pairs.
+     */
+    public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password)
+            throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        KeyRingBuilder builder = PGPainless.buildKeyRing()
+                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
+                .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
+                .addUserId(userId);
+
+        if (!isNullOrEmpty(password)) {
+            builder.setPassphrase(Passphrase.fromPassword(password));
+        }
+        return builder.build();
+    }
+
+    /**
+     * Generate a modern PGP key ring consisting of an ed25519 EdDSA primary key which is used to certify
+     * an X25519 XDH encryption subkey and an ed25519 EdDSA signing key.
+     *
+     * @param userId primary user id
+     * @param password passphrase or null if the key should be unprotected.
+     * @return key ring
+     */
+    public PGPSecretKeyRing modernKeyRing(String userId, String password)
+            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        KeyRingBuilder builder = PGPainless.buildKeyRing()
+                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
+                .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
+                .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
+                .addUserId(userId);
+        if (!isNullOrEmpty(password)) {
+            builder.setPassphrase(Passphrase.fromPassword(password));
+        }
+        return builder.build();
+    }
+
+    private static boolean isNullOrEmpty(String password) {
+        return password == null || password.trim().isEmpty();
+    }
+
+}
--- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java
@ -76,7 +76,7 @@ public class EncryptDecryptTest {
            throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException {
        ImplementationFactory.setFactoryImplementation(implementationFactory);
        PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072);
-        PGPSecretKeyRing recipient = PGPainless.generateKeyRing()
+        PGPSecretKeyRing recipient = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.RSA(RsaLength._4096),
                        KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
--- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java
@ -47,7 +47,7 @@ public class EncryptionOptionsTest {

    @BeforeAll
    public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
-        secretKeys = PGPainless.generateKeyRing()
+        secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER)
                        .build())
                .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS)
@ -126,7 +126,7 @@ public class EncryptionOptionsTest {
    @Test
    public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        EncryptionOptions options = new EncryptionOptions();
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
                .addUserId("test@pgpainless.org")
                .build();
--- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java
@ -175,7 +175,7 @@ public class SigningTest {

    @Test
    public void negotiateHashAlgorithmChoseFallbackIfEmptyPreferences() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).overridePreferredHashAlgorithms())
                .addUserId("Alice")
                .build();
@ -199,7 +199,7 @@ public class SigningTest {

    @Test
    public void negotiateHashAlgorithmChoseFallbackIfUnacceptablePreferences() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
                        .overridePreferredHashAlgorithms(HashAlgorithm.MD5))
                .addUserId("Alice")
@ -224,7 +224,7 @@ public class SigningTest {

    @Test
    public void signingWithNonCapableKeyThrowsKeyCannotSignException() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
                .addUserId("Alice")
                .build();
@ -236,7 +236,7 @@ public class SigningTest {

    @Test
    public void signWithInvalidUserIdThrowsKeyValidationError() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
                .addUserId("Alice")
                .build();
--- a/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java
@ -38,8 +38,8 @@ import org.pgpainless.util.Passphrase;
 * This class demonstrates how to use PGPainless to generate secret keys.
 * In general the starting point for generating secret keys using PGPainless is {@link PGPainless#generateKeyRing()}.
 * The result ({@link org.pgpainless.key.generation.KeyRingBuilder}) provides some factory methods for key archetypes
- * such as {@link org.pgpainless.key.generation.KeyRingBuilder#modernKeyRing(String, String)} or
- * {@link org.pgpainless.key.generation.KeyRingBuilder#simpleRsaKeyRing(String, RsaLength)}.
+ * such as {@link org.pgpainless.key.generation.KeyRingTemplates#modernKeyRing(String, String)} or
+ * {@link org.pgpainless.key.generation.KeyRingTemplates#simpleRsaKeyRing(String, RsaLength)}.
 *
 * Those methods always take a user-id which is used as primary user-id, as well as a passphrase which is used to encrypt
 * the secret key.
@ -193,7 +193,7 @@ public class GenerateKeys {
        // It is recommended to use the Passphrase class, as it can be used to safely invalidate passwords from memory
        Passphrase passphrase = Passphrase.fromPassword("1nters3x");

-        PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKey = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
                        // The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags
                        KeyFlag.CERTIFY_OTHER))
--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java
@ -71,7 +71,7 @@ public class BrainpoolKeyGenerationTest {
            throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        ImplementationFactory.setFactoryImplementation(implementationFactory);

-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.CERTIFY_OTHER))
                .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
@ -117,7 +117,7 @@ public class BrainpoolKeyGenerationTest {
    }

    public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(primaryKey)
                .addSubkey(subKey)
                .addUserId(userId)
--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/CertificationKeyMustBeAbleToCertifyTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/CertificationKeyMustBeAbleToCertifyTest.java
@ -34,7 +34,7 @@ public class CertificationKeyMustBeAbleToCertifyTest {
        };
        for (KeyType type : typesIncapableOfCreatingVerifications) {
            assertThrows(IllegalArgumentException.class, () -> PGPainless
-                    .generateKeyRing()
+                    .buildKeyRing()
                    .setPrimaryKey(KeySpec.getBuilder(type, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
                    .addUserId("should@throw.ex")
                    .build());
--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateEllipticCurveKeyTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateEllipticCurveKeyTest.java
@ -29,7 +29,7 @@ public class GenerateEllipticCurveKeyTest {
    @MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
    public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
        ImplementationFactory.setFactoryImplementation(implementationFactory);
-        PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
+        PGPSecretKeyRing keyRing = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.EDDSA(EdDSACurve._Ed25519),
                        KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithAdditionalUserIdTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithAdditionalUserIdTest.java
@ -35,7 +35,7 @@ public class GenerateKeyWithAdditionalUserIdTest {
    public void test(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
        ImplementationFactory.setFactoryImplementation(implementationFactory);
        Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000);
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.RSA(RsaLength._3072),
                                KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphraseTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphraseTest.java
@ -34,7 +34,7 @@ public class GenerateWithEmptyPassphraseTest {
    public void testGeneratingKeyWithEmptyPassphraseDoesNotThrow(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
        ImplementationFactory.setFactoryImplementation(implementationFactory);

-        assertNotNull(PGPainless.generateKeyRing()
+        assertNotNull(PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                                KeyType.RSA(RsaLength._3072),
                                KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
--- a/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java
@ -218,7 +218,7 @@ public class KeyRingInfoTest {
    public void testGetKeysWithFlagsAndExpiry(ImplementationFactory implementationFactory) throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        ImplementationFactory.setFactoryImplementation(implementationFactory);

-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
                .addSubkey(KeySpec.getBuilder(
@ -556,7 +556,7 @@ public class KeyRingInfoTest {

    @Test
    public void testGetExpirationDateForUse_NoSuchKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .addUserId("Alice")
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
                .build();
--- a/pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java
@ -39,7 +39,7 @@ public class UserIdRevocationTest {

    @Test
    public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.EDDSA(EdDSACurve._Ed25519),
                        KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
@ -77,7 +77,7 @@ public class UserIdRevocationTest {

    @Test
    public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.EDDSA(EdDSACurve._Ed25519),
                        KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
--- a/pgpainless-core/src/test/java/org/pgpainless/util/BCUtilTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/util/BCUtilTest.java
@ -35,7 +35,7 @@ public class BCUtilTest {
    public void keyRingToCollectionTest()
            throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
            IOException {
-        PGPSecretKeyRing sec = PGPainless.generateKeyRing()
+        PGPSecretKeyRing sec = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.RSA(RsaLength._3072),
                        KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
--- a/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java
@ -29,7 +29,7 @@ public class GuessPreferredHashAlgorithmTest {

    @Test
    public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
                                KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
                        .overridePreferredHashAlgorithms(new HashAlgorithm[] {})
--- a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java
@ -26,7 +26,7 @@ public class TestEncryptCommsStorageFlagsDifferentiated {

    @Test
    public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
-        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(
                        KeyType.RSA(RsaLength._3072),
                                KeyFlag.CERTIFY_OTHER,