Fix NPE when attempting to decrypt GNU_DUMMY_S2K keys

pgpainless-core/src/main/java/org/pgpainless/key/protection/UnlockSecretKey.java

@@ -20,27 +20,40 @@ public final class UnlockSecretKey {
     }
 
     public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
+
+        PBESecretKeyDecryptor decryptor = null;
+        if (KeyInfo.isEncrypted(secretKey)) {
+            decryptor = protector.getDecryptor(secretKey.getKeyID());
+        }
+        PGPPrivateKey privateKey = unlockSecretKey(secretKey, decryptor);
+        return privateKey;
+    }
+
+    public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, PBESecretKeyDecryptor decryptor)
+            throws PGPException {
+        PGPPrivateKey privateKey;
         try {
-            PBESecretKeyDecryptor decryptor = null;
+            privateKey = secretKey.extractPrivateKey(decryptor);
-            if (KeyInfo.isEncrypted(secretKey)) {
+        } catch (PGPException e) {
-                decryptor = protector.getDecryptor(secretKey.getKeyID());
+            throw new WrongPassphraseException(secretKey.getKeyID(), e);
+        }
+
+        if (privateKey == null) {
+            int s2kType = secretKey.getS2K().getType();
+            if (s2kType >= 100 && s2kType <= 110) {
+                throw new PGPException("Cannot decrypt secret key" + Long.toHexString(secretKey.getKeyID()) + ": " +
+                        "Unsupported private S2K usage type " + s2kType);
             }
-            return secretKey.extractPrivateKey(decryptor);
+
-        } catch (PGPException e) {
+            throw new PGPException("Cannot decrypt secret key.");
-            throw new WrongPassphraseException(secretKey.getKeyID(), e);
         }
+
+        return privateKey;
     }
 
-    public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, PBESecretKeyDecryptor decryptor) throws WrongPassphraseException {
+    public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, Passphrase passphrase)
-        try {
+            throws PGPException {
-            return secretKey.extractPrivateKey(decryptor);
-        } catch (PGPException e) {
-            throw new WrongPassphraseException(secretKey.getKeyID(), e);
-        }
-    }
-
-    public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, Passphrase passphrase) throws WrongPassphraseException {
         return unlockSecretKey(secretKey, SecretKeyRingProtector.unlockSingleKeyWith(passphrase, secretKey));
     }
 }

pgpainless-core/src/main/java/org/pgpainless/signature/builder/AbstractSignatureBuilder.java

@@ -5,6 +5,7 @@
 package org.pgpainless.signature.builder;
 
 import java.util.Set;
+import javax.annotation.Nonnull;
 
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPrivateKey;
@@ -16,7 +17,6 @@ import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.key.protection.UnlockSecretKey;
@@ -24,8 +24,6 @@ import org.pgpainless.key.util.OpenPgpKeyAttributeUtil;
 import org.pgpainless.signature.subpackets.SignatureSubpackets;
 import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper;
 
-import javax.annotation.Nonnull;
-
 public abstract class AbstractSignatureBuilder<B extends AbstractSignatureBuilder<B>> {
     protected final PGPPrivateKey privateSigningKey;
     protected final PGPPublicKey publicSigningKey;
@@ -42,7 +40,7 @@ public abstract class AbstractSignatureBuilder<B extends AbstractSignatureBuilde
                                        HashAlgorithm hashAlgorithm,
                                        SignatureSubpackets hashedSubpackets,
                                        SignatureSubpackets unhashedSubpackets)
-            throws WrongPassphraseException {
+            throws PGPException {
         if (!isValidSignatureType(signatureType)) {
             throw new IllegalArgumentException("Invalid signature type.");
         }
@@ -55,7 +53,7 @@ public abstract class AbstractSignatureBuilder<B extends AbstractSignatureBuilde
     }
 
     public AbstractSignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
         this(
                 signatureType,
                 signingKey,
@@ -67,7 +65,7 @@ public abstract class AbstractSignatureBuilder<B extends AbstractSignatureBuilde
     }
 
     public AbstractSignatureBuilder(PGPSecretKey certificationKey, SecretKeyRingProtector protector, PGPSignature archetypeSignature)
-            throws WrongPassphraseException {
+            throws PGPException {
         this(
                 SignatureType.valueOf(archetypeSignature.getSignatureType()),
                 certificationKey,

pgpainless-core/src/main/java/org/pgpainless/signature/builder/DirectKeySignatureBuilder.java

@@ -11,17 +11,17 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.pgpainless.algorithm.SignatureType;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
 
 public class DirectKeySignatureBuilder extends AbstractSignatureBuilder<DirectKeySignatureBuilder> {
 
-    public DirectKeySignatureBuilder(PGPSecretKey certificationKey, SecretKeyRingProtector protector, PGPSignature archetypeSignature) throws WrongPassphraseException {
+    public DirectKeySignatureBuilder(PGPSecretKey certificationKey, SecretKeyRingProtector protector, PGPSignature archetypeSignature)
+            throws PGPException {
         super(certificationKey, protector, archetypeSignature);
     }
 
-    public DirectKeySignatureBuilder(PGPSecretKey signingKey, SecretKeyRingProtector protector) throws WrongPassphraseException {
+    public DirectKeySignatureBuilder(PGPSecretKey signingKey, SecretKeyRingProtector protector) throws PGPException {
         super(SignatureType.DIRECT_KEY, signingKey, protector);
     }
 

pgpainless-core/src/main/java/org/pgpainless/signature/builder/PrimaryKeyBindingSignatureBuilder.java

@@ -11,14 +11,13 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.pgpainless.algorithm.SignatureType;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
 
 public class PrimaryKeyBindingSignatureBuilder extends AbstractSignatureBuilder<PrimaryKeyBindingSignatureBuilder> {
 
     public PrimaryKeyBindingSignatureBuilder(PGPSecretKey subkey, SecretKeyRingProtector subkeyProtector)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(SignatureType.PRIMARYKEY_BINDING, subkey, subkeyProtector);
     }
 

pgpainless-core/src/main/java/org/pgpainless/signature/builder/RevocationSignatureBuilder.java

@@ -12,13 +12,12 @@ import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.pgpainless.algorithm.SignatureType;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets;
 
 public class RevocationSignatureBuilder extends AbstractSignatureBuilder<RevocationSignatureBuilder> {
 
-    public RevocationSignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector) throws WrongPassphraseException {
+    public RevocationSignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector) throws PGPException {
         super(signatureType, signingKey, protector);
         getHashedSubpackets().setRevocable(true, false);
     }

pgpainless-core/src/main/java/org/pgpainless/signature/builder/SelfSignatureBuilder.java

@@ -12,18 +12,17 @@ import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
 import org.pgpainless.algorithm.SignatureType;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
 
 public class SelfSignatureBuilder extends AbstractSignatureBuilder<SelfSignatureBuilder> {
 
-    public SelfSignatureBuilder(PGPSecretKey signingKey, SecretKeyRingProtector protector) throws WrongPassphraseException {
+    public SelfSignatureBuilder(PGPSecretKey signingKey, SecretKeyRingProtector protector) throws PGPException {
         this(SignatureType.GENERIC_CERTIFICATION, signingKey, protector);
     }
 
     public SelfSignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(signatureType, signingKey, protector);
     }
 
@@ -31,7 +30,7 @@ public class SelfSignatureBuilder extends AbstractSignatureBuilder<SelfSignature
             PGPSecretKey primaryKey,
             SecretKeyRingProtector primaryKeyProtector,
             PGPSignature oldCertification)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(primaryKey, primaryKeyProtector, oldCertification);
     }
 

pgpainless-core/src/main/java/org/pgpainless/signature/builder/SubkeyBindingSignatureBuilder.java

@@ -11,14 +11,13 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.pgpainless.algorithm.SignatureType;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
 
 public class SubkeyBindingSignatureBuilder extends AbstractSignatureBuilder<SubkeyBindingSignatureBuilder> {
 
     public SubkeyBindingSignatureBuilder(PGPSecretKey signingKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(SignatureType.SUBKEY_BINDING, signingKey, protector);
     }
 

pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyCertificationSignatureBuilder.java

@@ -31,7 +31,7 @@ public class ThirdPartyCertificationSignatureBuilder extends AbstractSignatureBu
      * @throws WrongPassphraseException in case of a wrong passphrase
      */
     public ThirdPartyCertificationSignatureBuilder(PGPSecretKey signingKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
         this(SignatureType.GENERIC_CERTIFICATION, signingKey, protector);
     }
 
@@ -44,7 +44,7 @@ public class ThirdPartyCertificationSignatureBuilder extends AbstractSignatureBu
      * @throws WrongPassphraseException in case of a wrong passphrase
      */
     public ThirdPartyCertificationSignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(signatureType, signingKey, protector);
     }
 
@@ -60,7 +60,7 @@ public class ThirdPartyCertificationSignatureBuilder extends AbstractSignatureBu
             PGPSecretKey signingKey,
             SecretKeyRingProtector protector,
             PGPSignature archetypeSignature)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(signingKey, protector, archetypeSignature);
     }
 

pgpainless-core/src/main/java/org/pgpainless/signature/builder/UniversalSignatureBuilder.java

@@ -11,7 +11,6 @@ import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.pgpainless.algorithm.SignatureType;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.signature.subpackets.BaseSignatureSubpackets;
 import org.pgpainless.signature.subpackets.SignatureSubpackets;
@@ -22,12 +21,12 @@ import org.pgpainless.signature.subpackets.SignatureSubpackets;
 public class UniversalSignatureBuilder extends AbstractSignatureBuilder<UniversalSignatureBuilder> {
 
     public UniversalSignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(signatureType, signingKey, protector);
     }
 
     public UniversalSignatureBuilder(PGPSecretKey certificationKey, SecretKeyRingProtector protector, PGPSignature archetypeSignature)
-            throws WrongPassphraseException {
+            throws PGPException {
         super(certificationKey, protector, archetypeSignature);
     }
 

pgpainless-core/src/test/java/org/pgpainless/example/UnlockSecretKeys.java

@@ -11,7 +11,6 @@ import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
-import org.pgpainless.exception.WrongPassphraseException;
 import org.pgpainless.key.OpenPgpV4Fingerprint;
 import org.pgpainless.key.TestKeys;
 import org.pgpainless.key.protection.CachingSecretKeyRingProtector;
@@ -120,7 +119,7 @@ public class UnlockSecretKeys {
     }
 
     private void assertProtectorUnlocksAllSecretKeys(PGPSecretKeyRing secretKey, SecretKeyRingProtector protector)
-            throws WrongPassphraseException {
+            throws PGPException {
         for (PGPSecretKey key : secretKey) {
             UnlockSecretKey.unlockSecretKey(key, protector);
         }