mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-24 10:56:23 +01:00
Merge branch 'key_generator_rework'
This commit is contained in:
commit
1aa6541766
28 changed files with 489 additions and 779 deletions
33
README.md
33
README.md
|
@ -75,26 +75,19 @@ There are some predefined key archetypes, but it is possible to fully customize
|
||||||
|
|
||||||
// Customized key
|
// Customized key
|
||||||
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
|
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
|
||||||
.withSubKey(
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256))
|
RSA.withLength(RsaLength._8192),
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA)
|
KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
|
||||||
.withDetailedConfiguration()
|
.addSubkey(
|
||||||
.withDefaultSymmetricAlgorithms()
|
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256), KeyFlag.SIGN_DATA)
|
||||||
.withDefaultHashAlgorithms()
|
.overrideCompressionAlgorithms(CompressionAlgorithm.ZLIB)
|
||||||
.withPreferredCompressionAlgorithms(CompressionAlgorithm.ZLIB)
|
).addSubkey(
|
||||||
.withFeature(Feature.MODIFICATION_DETECTION)
|
KeySpec.getBuilder(
|
||||||
.done()
|
ECDH.fromCurve(EllipticCurve._P256),
|
||||||
).withSubKey(
|
KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
|
||||||
KeySpec.getBuilder(ECDH.fromCurve(EllipticCurve._P256))
|
).addUserId("Juliet <juliet@montague.lit>")
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
|
.addUserId("xmpp:juliet@capulet.lit")
|
||||||
.withDefaultAlgorithms()
|
.setPassphrase("romeo_oh_Romeo<3")
|
||||||
).withMasterKey(
|
|
||||||
KeySpec.getBuilder(RSA.withLength(RsaLength._8192))
|
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER)
|
|
||||||
.withDefaultAlgorithms()
|
|
||||||
).withPrimaryUserId("Juliet <juliet@montague.lit>")
|
|
||||||
.withAdditionalUserId("xmpp:juliet@capulet.lit")
|
|
||||||
.withPassphrase("romeo_oh_Romeo<3")
|
|
||||||
.build();
|
.build();
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,6 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.algorithm;
|
package org.pgpainless.algorithm;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.LinkedHashSet;
|
import java.util.LinkedHashSet;
|
||||||
|
@ -45,9 +44,9 @@ public class AlgorithmSuite {
|
||||||
CompressionAlgorithm.UNCOMPRESSED)
|
CompressionAlgorithm.UNCOMPRESSED)
|
||||||
);
|
);
|
||||||
|
|
||||||
private Set<SymmetricKeyAlgorithm> symmetricKeyAlgorithms;
|
private final Set<SymmetricKeyAlgorithm> symmetricKeyAlgorithms;
|
||||||
private Set<HashAlgorithm> hashAlgorithms;
|
private final Set<HashAlgorithm> hashAlgorithms;
|
||||||
private Set<CompressionAlgorithm> compressionAlgorithms;
|
private final Set<CompressionAlgorithm> compressionAlgorithms;
|
||||||
|
|
||||||
public AlgorithmSuite(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms,
|
public AlgorithmSuite(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms,
|
||||||
List<HashAlgorithm> hashAlgorithms,
|
List<HashAlgorithm> hashAlgorithms,
|
||||||
|
@ -57,57 +56,18 @@ public class AlgorithmSuite {
|
||||||
this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms));
|
this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setSymmetricKeyAlgorithms(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms) {
|
|
||||||
this.symmetricKeyAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(symmetricKeyAlgorithms));
|
|
||||||
}
|
|
||||||
|
|
||||||
public Set<SymmetricKeyAlgorithm> getSymmetricKeyAlgorithms() {
|
public Set<SymmetricKeyAlgorithm> getSymmetricKeyAlgorithms() {
|
||||||
return new LinkedHashSet<>(symmetricKeyAlgorithms);
|
return new LinkedHashSet<>(symmetricKeyAlgorithms);
|
||||||
}
|
}
|
||||||
|
|
||||||
public int[] getSymmetricKeyAlgorithmIds() {
|
|
||||||
int[] array = new int[symmetricKeyAlgorithms.size()];
|
|
||||||
List<SymmetricKeyAlgorithm> list = new ArrayList<>(getSymmetricKeyAlgorithms());
|
|
||||||
for (int i = 0; i < array.length; i++) {
|
|
||||||
array[i] = list.get(i).getAlgorithmId();
|
|
||||||
}
|
|
||||||
return array;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setHashAlgorithms(List<HashAlgorithm> hashAlgorithms) {
|
|
||||||
this.hashAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(hashAlgorithms));
|
|
||||||
}
|
|
||||||
|
|
||||||
public Set<HashAlgorithm> getHashAlgorithms() {
|
public Set<HashAlgorithm> getHashAlgorithms() {
|
||||||
return new LinkedHashSet<>(hashAlgorithms);
|
return new LinkedHashSet<>(hashAlgorithms);
|
||||||
}
|
}
|
||||||
|
|
||||||
public int[] getHashAlgorithmIds() {
|
|
||||||
int[] array = new int[hashAlgorithms.size()];
|
|
||||||
List<HashAlgorithm> list = new ArrayList<>(getHashAlgorithms());
|
|
||||||
for (int i = 0; i < array.length; i++) {
|
|
||||||
array[i] = list.get(i).getAlgorithmId();
|
|
||||||
}
|
|
||||||
return array;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setCompressionAlgorithms(List<CompressionAlgorithm> compressionAlgorithms) {
|
|
||||||
this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms));
|
|
||||||
}
|
|
||||||
|
|
||||||
public Set<CompressionAlgorithm> getCompressionAlgorithms() {
|
public Set<CompressionAlgorithm> getCompressionAlgorithms() {
|
||||||
return new LinkedHashSet<>(compressionAlgorithms);
|
return new LinkedHashSet<>(compressionAlgorithms);
|
||||||
}
|
}
|
||||||
|
|
||||||
public int[] getCompressionAlgorithmIds() {
|
|
||||||
int[] array = new int[compressionAlgorithms.size()];
|
|
||||||
List<CompressionAlgorithm> list = new ArrayList<>(getCompressionAlgorithms());
|
|
||||||
for (int i = 0; i < array.length; i++) {
|
|
||||||
array[i] = list.get(i).getAlgorithmId();
|
|
||||||
}
|
|
||||||
return array;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static AlgorithmSuite getDefaultAlgorithmSuite() {
|
public static AlgorithmSuite getDefaultAlgorithmSuite() {
|
||||||
return defaultAlgorithmSuite;
|
return defaultAlgorithmSuite;
|
||||||
}
|
}
|
||||||
|
|
|
@ -466,7 +466,7 @@ public final class DecryptionStreamFactory {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm algorithm) throws UnacceptableAlgorithmException {
|
private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm algorithm) throws UnacceptableAlgorithmException {
|
||||||
if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(algorithm)) {
|
if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(algorithm)) {
|
||||||
throw new UnacceptableAlgorithmException("Data is "
|
throw new UnacceptableAlgorithmException("Data is "
|
||||||
+ (algorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + algorithm) + " which is not acceptable as per PGPainless' policy.\n" +
|
+ (algorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + algorithm) + " which is not acceptable as per PGPainless' policy.\n" +
|
||||||
"To mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy().");
|
"To mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy().");
|
||||||
|
|
|
@ -61,14 +61,18 @@ import org.pgpainless.provider.ProviderFactory;
|
||||||
import org.pgpainless.util.Passphrase;
|
import org.pgpainless.util.Passphrase;
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil;
|
import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil;
|
||||||
|
|
||||||
public class KeyRingBuilder implements KeyRingBuilderInterface {
|
public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
|
||||||
|
|
||||||
private final Charset UTF8 = Charset.forName("UTF-8");
|
private final Charset UTF8 = Charset.forName("UTF-8");
|
||||||
|
|
||||||
private final List<KeySpec> keySpecs = new ArrayList<>();
|
private PGPSignatureGenerator signatureGenerator;
|
||||||
private String userId;
|
private PGPDigestCalculator digestCalculator;
|
||||||
private final Set<String> additionalUserIds = new LinkedHashSet<>();
|
private PBESecretKeyEncryptor secretKeyEncryptor;
|
||||||
private Passphrase passphrase;
|
|
||||||
|
private KeySpec primaryKeySpec;
|
||||||
|
private final List<KeySpec> subkeySpecs = new ArrayList<>();
|
||||||
|
private final Set<String> userIds = new LinkedHashSet<>();
|
||||||
|
private Passphrase passphrase = null;
|
||||||
private Date expirationDate = null;
|
private Date expirationDate = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -126,18 +130,14 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
*/
|
*/
|
||||||
public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password)
|
public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password)
|
||||||
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
|
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
|
||||||
WithAdditionalUserIdOrPassphrase builder = this
|
KeyRingBuilder builder = new KeyRingBuilder()
|
||||||
.withPrimaryKey(
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
|
||||||
KeySpec.getBuilder(KeyType.RSA(length))
|
.addUserId(userId);
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS)
|
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryUserId(userId);
|
|
||||||
|
|
||||||
if (password == null) {
|
if (!isNullOrEmpty(password)) {
|
||||||
return builder.withoutPassphrase().build();
|
builder.setPassphrase(Passphrase.fromPassword(password));
|
||||||
} else {
|
|
||||||
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
|
|
||||||
}
|
}
|
||||||
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -195,22 +195,15 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
*/
|
*/
|
||||||
public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password)
|
public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password)
|
||||||
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
|
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
|
||||||
WithAdditionalUserIdOrPassphrase builder = this
|
KeyRingBuilder builder = new KeyRingBuilder()
|
||||||
.withSubKey(
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
|
||||||
KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
|
.addUserId(userId);
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryKey(
|
|
||||||
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryUserId(userId);
|
|
||||||
|
|
||||||
if (password == null) {
|
if (!isNullOrEmpty(password)) {
|
||||||
return builder.withoutPassphrase().build();
|
builder.setPassphrase(Passphrase.fromPassword(password));
|
||||||
} else {
|
|
||||||
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
|
|
||||||
}
|
}
|
||||||
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -223,40 +216,59 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
*/
|
*/
|
||||||
public PGPSecretKeyRing modernKeyRing(String userId, String password)
|
public PGPSecretKeyRing modernKeyRing(String userId, String password)
|
||||||
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
||||||
WithAdditionalUserIdOrPassphrase builder = this
|
KeyRingBuilder builder = new KeyRingBuilder()
|
||||||
.withSubKey(
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
|
||||||
KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
|
.addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
|
||||||
.withDefaultAlgorithms())
|
.addUserId(userId);
|
||||||
.withSubKey(
|
if (!isNullOrEmpty(password)) {
|
||||||
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
builder.setPassphrase(Passphrase.fromPassword(password));
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA)
|
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryKey(
|
|
||||||
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
|
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryUserId(userId);
|
|
||||||
|
|
||||||
if (password == null) {
|
|
||||||
return builder.withoutPassphrase().build();
|
|
||||||
} else {
|
|
||||||
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
|
|
||||||
}
|
}
|
||||||
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public KeyRingBuilderInterface withSubKey(@Nonnull KeySpec type) {
|
public KeyRingBuilder setPrimaryKey(@Nonnull KeySpec keySpec) {
|
||||||
KeyRingBuilder.this.keySpecs.add(type);
|
verifyMasterKeyCanCertify(keySpec);
|
||||||
|
this.primaryKeySpec = keySpec;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public WithPrimaryUserId withPrimaryKey(@Nonnull KeySpec spec) {
|
public KeyRingBuilder addSubkey(@Nonnull KeySpec keySpec) {
|
||||||
verifyMasterKeyCanCertify(spec);
|
this.subkeySpecs.add(keySpec);
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
KeyRingBuilder.this.keySpecs.add(0, spec);
|
@Override
|
||||||
return new WithPrimaryUserIdImpl();
|
public KeyRingBuilder addUserId(@Nonnull String userId) {
|
||||||
|
this.userIds.add(userId.trim());
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public KeyRingBuilder addUserId(@Nonnull byte[] userId) {
|
||||||
|
return addUserId(new String(userId, UTF8));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public KeyRingBuilder setExpirationDate(@Nonnull Date expirationDate) {
|
||||||
|
Date now = new Date();
|
||||||
|
if (now.after(expirationDate)) {
|
||||||
|
throw new IllegalArgumentException("Expiration date must be in the future.");
|
||||||
|
}
|
||||||
|
this.expirationDate = expirationDate;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public KeyRingBuilder setPassphrase(@Nonnull Passphrase passphrase) {
|
||||||
|
this.passphrase = passphrase;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static boolean isNullOrEmpty(String password) {
|
||||||
|
return password == null || password.trim().isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void verifyMasterKeyCanCertify(KeySpec spec) {
|
private void verifyMasterKeyCanCertify(KeySpec spec) {
|
||||||
|
@ -276,68 +288,12 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
return keySpec.getKeyType().canCertify();
|
return keySpec.getKeyType().canCertify();
|
||||||
}
|
}
|
||||||
|
|
||||||
class WithPrimaryUserIdImpl implements WithPrimaryUserId {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull String userId) {
|
|
||||||
KeyRingBuilder.this.userId = userId.trim();
|
|
||||||
return new WithAdditionalUserIdOrPassphraseImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull byte[] userId) {
|
|
||||||
return withPrimaryUserId(new String(userId, UTF8));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class WithAdditionalUserIdOrPassphraseImpl implements WithAdditionalUserIdOrPassphrase {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate) {
|
|
||||||
Date now = new Date();
|
|
||||||
if (now.after(expirationDate)) {
|
|
||||||
throw new IllegalArgumentException("Expiration date must be in the future.");
|
|
||||||
}
|
|
||||||
KeyRingBuilder.this.expirationDate = expirationDate;
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId) {
|
|
||||||
String trimmed = userId.trim();
|
|
||||||
if (KeyRingBuilder.this.userId.equals(trimmed)) {
|
|
||||||
throw new IllegalArgumentException("Additional user-id MUST NOT be equal to primary user-id.");
|
|
||||||
}
|
|
||||||
KeyRingBuilder.this.additionalUserIds.add(trimmed);
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId) {
|
|
||||||
return withAdditionalUserId(new String(userId, UTF8));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Build withPassphrase(@Nonnull Passphrase passphrase) {
|
|
||||||
KeyRingBuilder.this.passphrase = passphrase;
|
|
||||||
return new BuildImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Build withoutPassphrase() {
|
|
||||||
KeyRingBuilder.this.passphrase = null;
|
|
||||||
return new BuildImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
class BuildImpl implements Build {
|
|
||||||
|
|
||||||
private PGPSignatureGenerator signatureGenerator;
|
|
||||||
private PGPDigestCalculator digestCalculator;
|
|
||||||
private PBESecretKeyEncryptor secretKeyEncryptor;
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
|
public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
|
||||||
InvalidAlgorithmParameterException {
|
InvalidAlgorithmParameterException {
|
||||||
|
if (userIds.isEmpty()) {
|
||||||
|
throw new IllegalStateException("At least one user-id is required.");
|
||||||
|
}
|
||||||
digestCalculator = buildDigestCalculator();
|
digestCalculator = buildDigestCalculator();
|
||||||
secretKeyEncryptor = buildSecretKeyEncryptor();
|
secretKeyEncryptor = buildSecretKeyEncryptor();
|
||||||
PBESecretKeyDecryptor secretKeyDecryptor = buildSecretKeyDecryptor();
|
PBESecretKeyDecryptor secretKeyDecryptor = buildSecretKeyDecryptor();
|
||||||
|
@ -346,14 +302,11 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
passphrase.clear();
|
passphrase.clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
// First key is the Master Key
|
// Generate Primary Key
|
||||||
KeySpec certKeySpec = keySpecs.remove(0);
|
PGPKeyPair certKey = generateKeyPair(primaryKeySpec);
|
||||||
|
|
||||||
// Generate Master Key
|
|
||||||
PGPKeyPair certKey = generateKeyPair(certKeySpec);
|
|
||||||
PGPContentSignerBuilder signer = buildContentSigner(certKey);
|
PGPContentSignerBuilder signer = buildContentSigner(certKey);
|
||||||
signatureGenerator = new PGPSignatureGenerator(signer);
|
signatureGenerator = new PGPSignatureGenerator(signer);
|
||||||
PGPSignatureSubpacketGenerator hashedSubPacketGenerator = certKeySpec.getSubpacketGenerator();
|
PGPSignatureSubpacketGenerator hashedSubPacketGenerator = primaryKeySpec.getSubpacketGenerator();
|
||||||
hashedSubPacketGenerator.setPrimaryUserID(false, true);
|
hashedSubPacketGenerator.setPrimaryUserID(false, true);
|
||||||
if (expirationDate != null) {
|
if (expirationDate != null) {
|
||||||
SignatureSubpacketGeneratorUtil.setExpirationDateInSubpacketGenerator(
|
SignatureSubpacketGeneratorUtil.setExpirationDateInSubpacketGenerator(
|
||||||
|
@ -374,7 +327,10 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
// Attempt to add additional user-ids to the primary public key
|
// Attempt to add additional user-ids to the primary public key
|
||||||
PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey();
|
PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey();
|
||||||
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKeyRing.getSecretKey(), secretKeyDecryptor);
|
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKeyRing.getSecretKey(), secretKeyDecryptor);
|
||||||
for (String additionalUserId : additionalUserIds) {
|
Iterator<String> additionalUserIds = userIds.iterator();
|
||||||
|
additionalUserIds.next(); // Skip primary user id
|
||||||
|
while (additionalUserIds.hasNext()) {
|
||||||
|
String additionalUserId = additionalUserIds.next();
|
||||||
signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey);
|
signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey);
|
||||||
PGPSignature additionalUserIdSignature =
|
PGPSignature additionalUserIdSignature =
|
||||||
signatureGenerator.generateCertification(additionalUserId, primaryPubKey);
|
signatureGenerator.generateCertification(additionalUserId, primaryPubKey);
|
||||||
|
@ -400,15 +356,16 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
PGPContentSignerBuilder signer,
|
PGPContentSignerBuilder signer,
|
||||||
PGPSignatureSubpacketVector hashedSubPackets)
|
PGPSignatureSubpacketVector hashedSubPackets)
|
||||||
throws PGPException {
|
throws PGPException {
|
||||||
|
String primaryUserId = userIds.iterator().next();
|
||||||
return new PGPKeyRingGenerator(
|
return new PGPKeyRingGenerator(
|
||||||
SignatureType.POSITIVE_CERTIFICATION.getCode(), certKey,
|
SignatureType.POSITIVE_CERTIFICATION.getCode(), certKey,
|
||||||
userId, digestCalculator,
|
primaryUserId, digestCalculator,
|
||||||
hashedSubPackets, null, signer, secretKeyEncryptor);
|
hashedSubPackets, null, signer, secretKeyEncryptor);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addSubKeys(PGPKeyPair primaryKey, PGPKeyRingGenerator ringGenerator)
|
private void addSubKeys(PGPKeyPair primaryKey, PGPKeyRingGenerator ringGenerator)
|
||||||
throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
|
throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
|
||||||
for (KeySpec subKeySpec : keySpecs) {
|
for (KeySpec subKeySpec : subkeySpecs) {
|
||||||
PGPKeyPair subKey = generateKeyPair(subKeySpec);
|
PGPKeyPair subKey = generateKeyPair(subKeySpec);
|
||||||
if (subKeySpec.isInheritedSubPackets()) {
|
if (subKeySpec.isInheritedSubPackets()) {
|
||||||
ringGenerator.addSubKey(subKey);
|
ringGenerator.addSubKey(subKey);
|
||||||
|
@ -465,8 +422,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
private PGPDigestCalculator buildDigestCalculator() throws PGPException {
|
private PGPDigestCalculator buildDigestCalculator() throws PGPException {
|
||||||
return ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1);
|
return ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static PGPKeyPair generateKeyPair(KeySpec spec)
|
public static PGPKeyPair generateKeyPair(KeySpec spec)
|
||||||
throws NoSuchAlgorithmException, PGPException,
|
throws NoSuchAlgorithmException, PGPException,
|
||||||
|
|
|
@ -25,50 +25,32 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.pgpainless.key.util.UserId;
|
import org.pgpainless.key.util.UserId;
|
||||||
import org.pgpainless.util.Passphrase;
|
import org.pgpainless.util.Passphrase;
|
||||||
|
|
||||||
public interface KeyRingBuilderInterface {
|
public interface KeyRingBuilderInterface<B extends KeyRingBuilderInterface<B>> {
|
||||||
|
|
||||||
KeyRingBuilderInterface withSubKey(@Nonnull KeySpec keySpec);
|
B setPrimaryKey(@Nonnull KeySpec keySpec);
|
||||||
|
|
||||||
WithPrimaryUserId withPrimaryKey(@Nonnull KeySpec keySpec);
|
default B setPrimaryKey(@Nonnull KeySpecBuilder builder) {
|
||||||
|
return setPrimaryKey(builder.build());
|
||||||
interface WithPrimaryUserId {
|
|
||||||
|
|
||||||
default WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull UserId userId) {
|
|
||||||
return withPrimaryUserId(userId.toString());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull String userId);
|
B addSubkey(@Nonnull KeySpec keySpec);
|
||||||
|
|
||||||
WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull byte[] userId);
|
|
||||||
|
|
||||||
|
default B addSubkey(@Nonnull KeySpecBuilder builder) {
|
||||||
|
return addSubkey(builder.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
interface WithAdditionalUserIdOrPassphrase {
|
default B addUserId(UserId userId) {
|
||||||
|
return addUserId(userId.toString());
|
||||||
default WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull UserId userId) {
|
|
||||||
return withAdditionalUserId(userId.toString());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
B addUserId(@Nonnull String userId);
|
||||||
* Set an expiration date for the key.
|
|
||||||
*
|
|
||||||
* @param expirationDate date on which the key will expire.
|
|
||||||
* @return builder
|
|
||||||
*/
|
|
||||||
WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate);
|
|
||||||
|
|
||||||
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId);
|
B addUserId(@Nonnull byte[] userId);
|
||||||
|
|
||||||
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId);
|
B setExpirationDate(@Nonnull Date expirationDate);
|
||||||
|
|
||||||
Build withPassphrase(@Nonnull Passphrase passphrase);
|
B setPassphrase(@Nonnull Passphrase passphrase);
|
||||||
|
|
||||||
Build withoutPassphrase();
|
|
||||||
}
|
|
||||||
|
|
||||||
interface Build {
|
|
||||||
|
|
||||||
PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
|
PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
|
||||||
InvalidAlgorithmParameterException;
|
InvalidAlgorithmParameterException;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import javax.annotation.Nullable;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
|
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
|
||||||
public class KeySpec {
|
public class KeySpec {
|
||||||
|
@ -54,7 +55,7 @@ public class KeySpec {
|
||||||
return inheritedSubPackets;
|
return inheritedSubPackets;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static KeySpecBuilder getBuilder(KeyType type) {
|
public static KeySpecBuilder getBuilder(KeyType type, KeyFlag flag, KeyFlag... flags) {
|
||||||
return new KeySpecBuilder(type);
|
return new KeySpecBuilder(type, flag, flags);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,10 +15,14 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.key.generation;
|
package org.pgpainless.key.generation;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.LinkedHashSet;
|
||||||
|
import java.util.Set;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.sig.Features;
|
|
||||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.AlgorithmSuite;
|
import org.pgpainless.algorithm.AlgorithmSuite;
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.Feature;
|
import org.pgpainless.algorithm.Feature;
|
||||||
|
@ -26,24 +30,89 @@ import org.pgpainless.algorithm.HashAlgorithm;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
import org.pgpainless.util.CollectionUtils;
|
||||||
|
|
||||||
public class KeySpecBuilder implements KeySpecBuilderInterface {
|
public class KeySpecBuilder implements KeySpecBuilderInterface {
|
||||||
|
|
||||||
private final KeyType type;
|
private final KeyType type;
|
||||||
|
private final KeyFlag[] keyFlags;
|
||||||
private final PGPSignatureSubpacketGenerator hashedSubPackets = new PGPSignatureSubpacketGenerator();
|
private final PGPSignatureSubpacketGenerator hashedSubPackets = new PGPSignatureSubpacketGenerator();
|
||||||
|
private final AlgorithmSuite algorithmSuite = PGPainless.getPolicy().getKeyGenerationAlgorithmSuite();
|
||||||
|
private Set<CompressionAlgorithm> preferredCompressionAlgorithms = algorithmSuite.getCompressionAlgorithms();
|
||||||
|
private Set<HashAlgorithm> preferredHashAlgorithms = algorithmSuite.getHashAlgorithms();
|
||||||
|
private Set<SymmetricKeyAlgorithm> preferredSymmetricAlgorithms = algorithmSuite.getSymmetricKeyAlgorithms();
|
||||||
|
|
||||||
KeySpecBuilder(@Nonnull KeyType type) {
|
KeySpecBuilder(@Nonnull KeyType type, KeyFlag flag, KeyFlag... flags) {
|
||||||
|
if (flag == null) {
|
||||||
|
throw new IllegalArgumentException("Key MUST carry at least one key flag");
|
||||||
|
}
|
||||||
|
if (flags == null) {
|
||||||
|
throw new IllegalArgumentException("List of additional flags MUST NOT be null.");
|
||||||
|
}
|
||||||
|
flags = CollectionUtils.concat(flag, flags);
|
||||||
|
assureKeyCanCarryFlags(type, flags);
|
||||||
this.type = type;
|
this.type = type;
|
||||||
|
this.keyFlags = flags;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags) {
|
public KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms) {
|
||||||
assureKeyCanCarryFlags(flags);
|
this.preferredCompressionAlgorithms = new LinkedHashSet<>(Arrays.asList(compressionAlgorithms));
|
||||||
this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(flags));
|
return this;
|
||||||
return new WithDetailedConfigurationImpl();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assureKeyCanCarryFlags(KeyFlag... flags) {
|
@Override
|
||||||
|
public KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms) {
|
||||||
|
this.preferredHashAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredHashAlgorithms));
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms) {
|
||||||
|
this.preferredSymmetricAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredSymmetricKeyAlgorithms));
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public KeySpec build() {
|
||||||
|
this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(keyFlags));
|
||||||
|
this.hashedSubPackets.setPreferredCompressionAlgorithms(false, getPreferredCompressionAlgorithmIDs());
|
||||||
|
this.hashedSubPackets.setPreferredHashAlgorithms(false, getPreferredHashAlgorithmIDs());
|
||||||
|
this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, getPreferredSymmetricKeyAlgorithmIDs());
|
||||||
|
this.hashedSubPackets.setFeature(false, Feature.MODIFICATION_DETECTION.getFeatureId());
|
||||||
|
|
||||||
|
return new KeySpec(type, hashedSubPackets, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
private int[] getPreferredCompressionAlgorithmIDs() {
|
||||||
|
int[] ids = new int[preferredCompressionAlgorithms.size()];
|
||||||
|
Iterator<CompressionAlgorithm> iterator = preferredCompressionAlgorithms.iterator();
|
||||||
|
for (int i = 0; i < ids.length; i++) {
|
||||||
|
ids[i] = iterator.next().getAlgorithmId();
|
||||||
|
}
|
||||||
|
return ids;
|
||||||
|
}
|
||||||
|
|
||||||
|
private int[] getPreferredHashAlgorithmIDs() {
|
||||||
|
int[] ids = new int[preferredHashAlgorithms.size()];
|
||||||
|
Iterator<HashAlgorithm> iterator = preferredHashAlgorithms.iterator();
|
||||||
|
for (int i = 0; i < ids.length; i++) {
|
||||||
|
ids[i] = iterator.next().getAlgorithmId();
|
||||||
|
}
|
||||||
|
return ids;
|
||||||
|
}
|
||||||
|
|
||||||
|
private int[] getPreferredSymmetricKeyAlgorithmIDs() {
|
||||||
|
int[] ids = new int[preferredSymmetricAlgorithms.size()];
|
||||||
|
Iterator<SymmetricKeyAlgorithm> iterator = preferredSymmetricAlgorithms.iterator();
|
||||||
|
for (int i = 0; i < ids.length; i++) {
|
||||||
|
ids[i] = iterator.next().getAlgorithmId();
|
||||||
|
}
|
||||||
|
return ids;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void assureKeyCanCarryFlags(KeyType type, KeyFlag... flags) {
|
||||||
final int mask = KeyFlag.toBitmask(flags);
|
final int mask = KeyFlag.toBitmask(flags);
|
||||||
|
|
||||||
if (!type.canCertify() && KeyFlag.hasKeyFlag(mask, KeyFlag.CERTIFY_OTHER)) {
|
if (!type.canCertify() && KeyFlag.hasKeyFlag(mask, KeyFlag.CERTIFY_OTHER)) {
|
||||||
|
@ -66,120 +135,4 @@ public class KeySpecBuilder implements KeySpecBuilderInterface {
|
||||||
throw new IllegalArgumentException("KeyType " + type.getName() + " cannot carry key flag AUTHENTIACTION.");
|
throw new IllegalArgumentException("KeyType " + type.getName() + " cannot carry key flag AUTHENTIACTION.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public KeySpec withInheritedSubPackets() {
|
|
||||||
return new KeySpec(type, null, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
class WithDetailedConfigurationImpl implements WithDetailedConfiguration {
|
|
||||||
|
|
||||||
@Deprecated
|
|
||||||
@Override
|
|
||||||
public WithPreferredSymmetricAlgorithms withDetailedConfiguration() {
|
|
||||||
return new WithPreferredSymmetricAlgorithmsImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public KeySpec withDefaultAlgorithms() {
|
|
||||||
AlgorithmSuite defaultSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
|
|
||||||
hashedSubPackets.setPreferredCompressionAlgorithms(false, defaultSuite.getCompressionAlgorithmIds());
|
|
||||||
hashedSubPackets.setPreferredSymmetricAlgorithms(false, defaultSuite.getSymmetricKeyAlgorithmIds());
|
|
||||||
hashedSubPackets.setPreferredHashAlgorithms(false, defaultSuite.getHashAlgorithmIds());
|
|
||||||
hashedSubPackets.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);
|
|
||||||
|
|
||||||
return new KeySpec(
|
|
||||||
KeySpecBuilder.this.type,
|
|
||||||
KeySpecBuilder.this.hashedSubPackets,
|
|
||||||
false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class WithPreferredSymmetricAlgorithmsImpl implements WithPreferredSymmetricAlgorithms {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms) {
|
|
||||||
int[] ids = new int[algorithms.length];
|
|
||||||
for (int i = 0; i < ids.length; i++) {
|
|
||||||
ids[i] = algorithms[i].getAlgorithmId();
|
|
||||||
}
|
|
||||||
KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, ids);
|
|
||||||
return new WithPreferredHashAlgorithmsImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms() {
|
|
||||||
KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false,
|
|
||||||
AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds());
|
|
||||||
return new WithPreferredHashAlgorithmsImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithFeatures withDefaultAlgorithms() {
|
|
||||||
hashedSubPackets.setPreferredSymmetricAlgorithms(false,
|
|
||||||
AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds());
|
|
||||||
hashedSubPackets.setPreferredCompressionAlgorithms(false,
|
|
||||||
AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds());
|
|
||||||
hashedSubPackets.setPreferredHashAlgorithms(false,
|
|
||||||
AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds());
|
|
||||||
return new WithFeaturesImpl();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class WithPreferredHashAlgorithmsImpl implements WithPreferredHashAlgorithms {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms) {
|
|
||||||
int[] ids = new int[algorithms.length];
|
|
||||||
for (int i = 0; i < ids.length; i++) {
|
|
||||||
ids[i] = algorithms[i].getAlgorithmId();
|
|
||||||
}
|
|
||||||
KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false, ids);
|
|
||||||
return new WithPreferredCompressionAlgorithmsImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithPreferredCompressionAlgorithms withDefaultHashAlgorithms() {
|
|
||||||
KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false,
|
|
||||||
AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds());
|
|
||||||
return new WithPreferredCompressionAlgorithmsImpl();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class WithPreferredCompressionAlgorithmsImpl implements WithPreferredCompressionAlgorithms {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms) {
|
|
||||||
int[] ids = new int[algorithms.length];
|
|
||||||
for (int i = 0; i < ids.length; i++) {
|
|
||||||
ids[i] = algorithms[i].getAlgorithmId();
|
|
||||||
}
|
|
||||||
KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false, ids);
|
|
||||||
return new WithFeaturesImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithFeatures withDefaultCompressionAlgorithms() {
|
|
||||||
KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false,
|
|
||||||
AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds());
|
|
||||||
return new WithFeaturesImpl();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class WithFeaturesImpl implements WithFeatures {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public WithFeatures withFeature(@Nonnull Feature feature) {
|
|
||||||
KeySpecBuilder.this.hashedSubPackets.setFeature(false, feature.getFeatureId());
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public KeySpec done() {
|
|
||||||
return new KeySpec(
|
|
||||||
KeySpecBuilder.this.type,
|
|
||||||
hashedSubPackets,
|
|
||||||
false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,55 +18,16 @@ package org.pgpainless.key.generation;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
|
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.Feature;
|
|
||||||
import org.pgpainless.algorithm.HashAlgorithm;
|
import org.pgpainless.algorithm.HashAlgorithm;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
|
|
||||||
public interface KeySpecBuilderInterface {
|
public interface KeySpecBuilderInterface {
|
||||||
|
|
||||||
WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags);
|
KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms);
|
||||||
|
|
||||||
KeySpec withInheritedSubPackets();
|
KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms);
|
||||||
|
|
||||||
interface WithDetailedConfiguration {
|
KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms);
|
||||||
|
|
||||||
WithPreferredSymmetricAlgorithms withDetailedConfiguration();
|
|
||||||
|
|
||||||
KeySpec withDefaultAlgorithms();
|
|
||||||
}
|
|
||||||
|
|
||||||
interface WithPreferredSymmetricAlgorithms {
|
|
||||||
|
|
||||||
WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms);
|
|
||||||
|
|
||||||
WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms();
|
|
||||||
|
|
||||||
WithFeatures withDefaultAlgorithms();
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
interface WithPreferredHashAlgorithms {
|
|
||||||
|
|
||||||
WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms);
|
|
||||||
|
|
||||||
WithPreferredCompressionAlgorithms withDefaultHashAlgorithms();
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
interface WithPreferredCompressionAlgorithms {
|
|
||||||
|
|
||||||
WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms);
|
|
||||||
|
|
||||||
WithFeatures withDefaultCompressionAlgorithms();
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
interface WithFeatures {
|
|
||||||
|
|
||||||
WithFeatures withFeature(@Nonnull Feature feature);
|
|
||||||
|
|
||||||
KeySpec done();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
KeySpec build();
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,9 @@ import java.util.EnumMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.annotation.Nonnull;
|
||||||
|
|
||||||
|
import org.pgpainless.algorithm.AlgorithmSuite;
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.HashAlgorithm;
|
import org.pgpainless.algorithm.HashAlgorithm;
|
||||||
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
||||||
|
@ -48,6 +51,8 @@ public final class Policy {
|
||||||
PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy();
|
PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy();
|
||||||
private final NotationRegistry notationRegistry = new NotationRegistry();
|
private final NotationRegistry notationRegistry = new NotationRegistry();
|
||||||
|
|
||||||
|
private AlgorithmSuite keyGenerationAlgorithmSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
|
||||||
|
|
||||||
Policy() {
|
Policy() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -122,7 +127,7 @@ public final class Policy {
|
||||||
*
|
*
|
||||||
* @return symmetric algorithm policy for decryption
|
* @return symmetric algorithm policy for decryption
|
||||||
*/
|
*/
|
||||||
public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgoritmPolicy() {
|
public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgorithmPolicy() {
|
||||||
return symmetricKeyDecryptionAlgorithmPolicy;
|
return symmetricKeyDecryptionAlgorithmPolicy;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -459,4 +464,21 @@ public final class Policy {
|
||||||
public NotationRegistry getNotationRegistry() {
|
public NotationRegistry getNotationRegistry() {
|
||||||
return notationRegistry;
|
return notationRegistry;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the current {@link AlgorithmSuite} which defines preferred algorithms used during key generation.
|
||||||
|
* @return current algorithm suite
|
||||||
|
*/
|
||||||
|
public @Nonnull AlgorithmSuite getKeyGenerationAlgorithmSuite() {
|
||||||
|
return keyGenerationAlgorithmSuite;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set a custom {@link AlgorithmSuite} which defines preferred algorithms used during key generation.
|
||||||
|
*
|
||||||
|
* @param algorithmSuite custom algorithm suite
|
||||||
|
*/
|
||||||
|
public void setKeyGenerationAlgorithmSuite(@Nonnull AlgorithmSuite algorithmSuite) {
|
||||||
|
this.keyGenerationAlgorithmSuite = algorithmSuite;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.util;
|
package org.pgpainless.util;
|
||||||
|
|
||||||
|
import java.lang.reflect.Array;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -33,4 +34,11 @@ public final class CollectionUtils {
|
||||||
}
|
}
|
||||||
return items;
|
return items;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static <T> T[] concat(T t, T[] ts) {
|
||||||
|
T[] concat = (T[]) Array.newInstance(t.getClass(), ts.length + 1);
|
||||||
|
concat[0] = t;
|
||||||
|
System.arraycopy(ts, 0, concat, 1, ts.length);
|
||||||
|
return concat;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2021 Paul Schaub.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.pgpainless.algorithm;
|
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
|
||||||
import org.junit.jupiter.api.Test;
|
|
||||||
|
|
||||||
public class AlgorithmSuiteTest {
|
|
||||||
|
|
||||||
private AlgorithmSuite suite;
|
|
||||||
|
|
||||||
@BeforeEach
|
|
||||||
public void resetEmptyAlgorithmSuite() {
|
|
||||||
suite = new AlgorithmSuite(
|
|
||||||
Collections.emptyList(),
|
|
||||||
Collections.emptyList(),
|
|
||||||
Collections.emptyList()
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void setSymmetricAlgorithmsTest() {
|
|
||||||
List<SymmetricKeyAlgorithm> algorithmList = Arrays.asList(
|
|
||||||
SymmetricKeyAlgorithm.AES_128, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_256
|
|
||||||
);
|
|
||||||
|
|
||||||
suite.setSymmetricKeyAlgorithms(algorithmList);
|
|
||||||
|
|
||||||
assertEquals(algorithmList, new ArrayList<>(suite.getSymmetricKeyAlgorithms()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void setHashAlgorithmsTest() {
|
|
||||||
List<HashAlgorithm> algorithmList = Arrays.asList(
|
|
||||||
HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512
|
|
||||||
);
|
|
||||||
|
|
||||||
suite.setHashAlgorithms(algorithmList);
|
|
||||||
|
|
||||||
assertEquals(algorithmList, new ArrayList<>(suite.getHashAlgorithms()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void setCompressionAlgorithmsTest() {
|
|
||||||
List<CompressionAlgorithm> algorithmList = Arrays.asList(
|
|
||||||
CompressionAlgorithm.ZLIB, CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2
|
|
||||||
);
|
|
||||||
|
|
||||||
suite.setCompressionAlgorithms(algorithmList);
|
|
||||||
|
|
||||||
assertEquals(algorithmList, new ArrayList<>(suite.getCompressionAlgorithms()));
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -88,9 +88,13 @@ public class EncryptDecryptTest {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072);
|
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072);
|
||||||
PGPSecretKeyRing recipient = PGPainless.generateKeyRing()
|
PGPSecretKeyRing recipient = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(ElGamal.withLength(ElGamalLength._3072)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms())
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096)).withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms())
|
KeyType.RSA(RsaLength._4096),
|
||||||
.withPrimaryUserId("juliet@capulet.lit").withoutPassphrase().build();
|
KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
|
||||||
|
.addSubkey(KeySpec.getBuilder(
|
||||||
|
ElGamal.withLength(ElGamalLength._3072),
|
||||||
|
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
|
||||||
|
.addUserId("juliet@capulet.lit").build();
|
||||||
|
|
||||||
encryptDecryptForSecretKeyRings(sender, recipient);
|
encryptDecryptForSecretKeyRings(sender, recipient);
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,15 +59,13 @@ public class EncryptionOptionsTest {
|
||||||
@BeforeAll
|
@BeforeAll
|
||||||
public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
secretKeys = PGPainless.generateKeyRing()
|
secretKeys = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER)
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms())
|
.build())
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS)
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms())
|
.build())
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE)
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
|
.build())
|
||||||
.withDefaultAlgorithms())
|
.addUserId("test@pgpainless.org")
|
||||||
.withPrimaryUserId("test@pgpainless.org")
|
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
||||||
|
@ -140,10 +138,9 @@ public class EncryptionOptionsTest {
|
||||||
public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
EncryptionOptions options = new EncryptionOptions();
|
EncryptionOptions options = new EncryptionOptions();
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).withDefaultAlgorithms())
|
.addUserId("test@pgpainless.org")
|
||||||
.withPrimaryUserId("test@pgpainless.org")
|
.build();
|
||||||
.withoutPassphrase().build();
|
|
||||||
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
||||||
|
|
||||||
assertThrows(IllegalArgumentException.class, () -> options.addRecipient(publicKeys));
|
assertThrows(IllegalArgumentException.class, () -> options.addRecipient(publicKeys));
|
||||||
|
|
|
@ -21,22 +21,21 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.AlgorithmSuite;
|
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.EncryptionPurpose;
|
import org.pgpainless.algorithm.EncryptionPurpose;
|
||||||
import org.pgpainless.algorithm.Feature;
|
|
||||||
import org.pgpainless.algorithm.HashAlgorithm;
|
import org.pgpainless.algorithm.HashAlgorithm;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
import org.pgpainless.key.generation.KeySpec;
|
import org.pgpainless.key.generation.KeySpec;
|
||||||
import org.pgpainless.key.generation.KeySpecBuilderInterface;
|
import org.pgpainless.key.generation.KeySpecBuilder;
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
import org.pgpainless.key.generation.type.ecc.EllipticCurve;
|
import org.pgpainless.key.generation.type.ecc.EllipticCurve;
|
||||||
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
|
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
|
||||||
|
@ -159,35 +158,34 @@ public class GenerateKeys {
|
||||||
* algorithm preferences.
|
* algorithm preferences.
|
||||||
*
|
*
|
||||||
* If the target key amalgamation (key ring) should consist of more than just a single (sub-)key, start by providing
|
* If the target key amalgamation (key ring) should consist of more than just a single (sub-)key, start by providing
|
||||||
* the specifications for the subkeys first (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withSubKey(KeySpec)})
|
* the primary key specification using {@link org.pgpainless.key.generation.KeyRingBuilder#setPrimaryKey(KeySpec)}.
|
||||||
* and add the primary key specification last (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withPrimaryKey(KeySpec)}.
|
* Any additional subkeys can be then added using {@link org.pgpainless.key.generation.KeyRingBuilder#addSubkey(KeySpec)}.
|
||||||
*
|
*
|
||||||
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType)} method and providing a {@link KeyType}.
|
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag, KeyFlag...)}
|
||||||
|
* method and providing a {@link KeyType}.
|
||||||
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
|
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
|
||||||
* (such as {@link KeyType#ECDH(EllipticCurve)}.
|
* (such as {@link KeyType#ECDH(EllipticCurve)}. {@link KeyFlag KeyFlags} determine
|
||||||
*
|
|
||||||
* After that, the {@link org.pgpainless.key.generation.KeySpecBuilder} needs to be further configured.
|
|
||||||
* First of all, the keys {@link KeyFlag KeyFlags} need to be specified. {@link KeyFlag KeyFlags} determine
|
|
||||||
* the use of the key, like encryption, signing data or certifying subkeys.
|
* the use of the key, like encryption, signing data or certifying subkeys.
|
||||||
* KeyFlags can be set with {@link org.pgpainless.key.generation.KeySpecBuilder#withKeyFlags(KeyFlag...)}.
|
|
||||||
*
|
*
|
||||||
* Next is algorithm setup. You can either trust PGPainless' defaults (see {@link AlgorithmSuite#getDefaultAlgorithmSuite()}),
|
* If you so desire, you can now specify your own algorithm preferences.
|
||||||
* or specify your own algorithm preferences.
|
* For that, see {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredCompressionAlgorithms(CompressionAlgorithm...)},
|
||||||
* To go with the defaults, call {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDefaultAlgorithms()},
|
* {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredHashAlgorithms(HashAlgorithm...)} or
|
||||||
* otherwise start detailed config with {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDetailedConfiguration()}.
|
* {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm...)}.
|
||||||
*
|
*
|
||||||
* Note, that if you set preferred algorithms, the preference lists are sorted from high priority to low priority.
|
* Note, that if you set preferred algorithms, the preference lists are sorted from high priority to low priority.
|
||||||
*
|
*
|
||||||
* When setting the primary key spec ({@link org.pgpainless.key.generation.KeyRingBuilder#withPrimaryKey(KeySpec)}),
|
* When setting the primary key spec ({@link org.pgpainless.key.generation.KeyRingBuilder#setPrimaryKey(KeySpecBuilder)}),
|
||||||
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is an requirement
|
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement
|
||||||
* for primary keys.
|
* for primary keys.
|
||||||
*
|
*
|
||||||
* Furthermore you have to set at least the primary user-id via
|
* Furthermore you have to set at least the primary user-id via
|
||||||
* {@link org.pgpainless.key.generation.KeyRingBuilderInterface.WithPrimaryUserId#withPrimaryUserId(String)},
|
* {@link org.pgpainless.key.generation.KeyRingBuilder#addUserId(String)},
|
||||||
* but you can also add additional user-ids via
|
* but you can also add additional user-ids.
|
||||||
* {@link org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase#withAdditionalUserId(String)}.
|
|
||||||
*
|
*
|
||||||
* Lastly you can decide whether or not to set a passphrase to protect the secret key.
|
* If you want the key to expire at a certain point in time, call
|
||||||
|
* {@link org.pgpainless.key.generation.KeyRingBuilder#setExpirationDate(Date)}.
|
||||||
|
* Lastly you can decide whether to set a passphrase to protect the secret key using
|
||||||
|
* {@link org.pgpainless.key.generation.KeyRingBuilder#setPassphrase(Passphrase)}.
|
||||||
*
|
*
|
||||||
* @throws PGPException
|
* @throws PGPException
|
||||||
* @throws InvalidAlgorithmParameterException
|
* @throws InvalidAlgorithmParameterException
|
||||||
|
@ -208,48 +206,35 @@ public class GenerateKeys {
|
||||||
Passphrase passphrase = Passphrase.fromPassword("1nters3x");
|
Passphrase passphrase = Passphrase.fromPassword("1nters3x");
|
||||||
|
|
||||||
PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
|
||||||
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
|
||||||
|
// The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags
|
||||||
|
KeyFlag.CERTIFY_OTHER))
|
||||||
// Add the first subkey (in this case encryption)
|
// Add the first subkey (in this case encryption)
|
||||||
.withSubKey(
|
.addSubkey(KeySpec.getBuilder(
|
||||||
KeySpec.getBuilder(
|
|
||||||
// We choose an ECDH key over the brainpoolp256r1 curve
|
// We choose an ECDH key over the brainpoolp256r1 curve
|
||||||
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1)
|
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1),
|
||||||
)
|
|
||||||
// Our key can encrypt both communication data, as well as data at rest
|
// Our key can encrypt both communication data, as well as data at rest
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
|
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS
|
||||||
|
)
|
||||||
// Optionally: Configure the subkey with custom algorithm preferences
|
// Optionally: Configure the subkey with custom algorithm preferences
|
||||||
// Is is recommended though to go with PGPainless' defaults which can be found in the
|
// Is is recommended though to go with PGPainless' defaults which can be found in the
|
||||||
// AlgorithmSuite class.
|
// AlgorithmSuite class.
|
||||||
.withDetailedConfiguration()
|
.overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
|
||||||
.withPreferredSymmetricAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
|
.overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
|
||||||
.withPreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
|
.overridePreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB)
|
||||||
.withPreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB)
|
.build())
|
||||||
// Modification Detection is highly recommended
|
|
||||||
.withFeature(Feature.MODIFICATION_DETECTION)
|
|
||||||
.done()
|
|
||||||
)
|
|
||||||
// Add the second subkey (signing)
|
// Add the second subkey (signing)
|
||||||
.withSubKey(
|
.addSubkey(KeySpec.getBuilder(
|
||||||
KeySpec.getBuilder(
|
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1),
|
||||||
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)
|
|
||||||
)
|
|
||||||
// This key is used for creating signatures only
|
// This key is used for creating signatures only
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA)
|
KeyFlag.SIGN_DATA
|
||||||
// Instead of manually specifying algorithm preferences, we can simply use PGPainless' sane defaults
|
))
|
||||||
.withDefaultAlgorithms()
|
|
||||||
)
|
|
||||||
// Lastly we add the primary key (certification only in our case)
|
|
||||||
.withPrimaryKey(
|
|
||||||
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
|
||||||
// The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags
|
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
|
|
||||||
.withDefaultAlgorithms()
|
|
||||||
)
|
|
||||||
// Set primary user-id
|
// Set primary user-id
|
||||||
.withPrimaryUserId(userId)
|
.addUserId(userId)
|
||||||
// Add an additional user id. This step can be repeated
|
// Add an additional user id. This step can be repeated
|
||||||
.withAdditionalUserId(additionalUserId)
|
.addUserId(additionalUserId)
|
||||||
// Set passphrase. Alternatively use .withoutPassphrase() to leave key unprotected.
|
// Set passphrase. Alternatively use .withoutPassphrase() to leave key unprotected.
|
||||||
.withPassphrase(passphrase)
|
.setPassphrase(passphrase)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -187,9 +187,8 @@ public class ModifyKeys {
|
||||||
Passphrase subkeyPassphrase = Passphrase.fromPassword("subk3yP4ssphr4s3");
|
Passphrase subkeyPassphrase = Passphrase.fromPassword("subk3yP4ssphr4s3");
|
||||||
secretKey = PGPainless.modifyKeyRing(secretKey)
|
secretKey = PGPainless.modifyKeyRing(secretKey)
|
||||||
.addSubKey(
|
.addSubKey(
|
||||||
KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1))
|
KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1), KeyFlag.ENCRYPT_COMMS)
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS)
|
.build(),
|
||||||
.withDefaultAlgorithms(),
|
|
||||||
subkeyPassphrase,
|
subkeyPassphrase,
|
||||||
protector)
|
protector)
|
||||||
.done();
|
.done();
|
||||||
|
|
|
@ -54,12 +54,10 @@ public class BrainpoolKeyGenerationTest {
|
||||||
|
|
||||||
for (EllipticCurve curve : EllipticCurve.values()) {
|
for (EllipticCurve curve : EllipticCurve.values()) {
|
||||||
PGPSecretKeyRing secretKeys = generateKey(
|
PGPSecretKeyRing secretKeys = generateKey(
|
||||||
KeySpec.getBuilder(KeyType.ECDSA(curve))
|
KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
KeyType.ECDSA(curve), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).build(),
|
||||||
.withDefaultAlgorithms(),
|
KeySpec.getBuilder(
|
||||||
KeySpec.getBuilder(KeyType.ECDH(curve))
|
KeyType.ECDH(curve), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE).build(),
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
|
|
||||||
.withDefaultAlgorithms(),
|
|
||||||
"Elliptic Curve <elliptic@curve.key>");
|
"Elliptic Curve <elliptic@curve.key>");
|
||||||
|
|
||||||
assertEquals(PublicKeyAlgorithm.ECDSA, PublicKeyAlgorithm.fromId(secretKeys.getPublicKey().getAlgorithm()));
|
assertEquals(PublicKeyAlgorithm.ECDSA, PublicKeyAlgorithm.fromId(secretKeys.getPublicKey().getAlgorithm()));
|
||||||
|
@ -85,20 +83,15 @@ public class BrainpoolKeyGenerationTest {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
|
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA)
|
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.CERTIFY_OTHER))
|
||||||
.withDefaultAlgorithms())
|
.addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.addSubkey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
|
KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE))
|
||||||
.withDefaultAlgorithms())
|
.addSubkey(KeySpec.getBuilder(
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072))
|
KeyType.RSA(RsaLength._3072), KeyFlag.SIGN_DATA))
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA)
|
.addUserId(UserId.nameAndEmail("Alice", "alice@pgpainless.org"))
|
||||||
.withDefaultAlgorithms())
|
.setPassphrase(Passphrase.fromPassword("passphrase"))
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1))
|
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
|
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryUserId(UserId.nameAndEmail("Alice", "alice@pgpainless.org"))
|
|
||||||
.withPassphrase(Passphrase.fromPassword("passphrase"))
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
for (PGPSecretKey key : secretKeys) {
|
for (PGPSecretKey key : secretKeys) {
|
||||||
|
@ -136,10 +129,9 @@ public class BrainpoolKeyGenerationTest {
|
||||||
|
|
||||||
public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withSubKey(subKey)
|
.setPrimaryKey(primaryKey)
|
||||||
.withPrimaryKey(primaryKey)
|
.addSubkey(subKey)
|
||||||
.withPrimaryUserId(userId)
|
.addUserId(userId)
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
return secretKeys;
|
return secretKeys;
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,12 +46,9 @@ public class CertificationKeyMustBeAbleToCertifyTest {
|
||||||
for (KeyType type : typesIncapableOfCreatingVerifications) {
|
for (KeyType type : typesIncapableOfCreatingVerifications) {
|
||||||
assertThrows(IllegalArgumentException.class, () -> PGPainless
|
assertThrows(IllegalArgumentException.class, () -> PGPainless
|
||||||
.generateKeyRing()
|
.generateKeyRing()
|
||||||
.withPrimaryKey(KeySpec
|
.setPrimaryKey(KeySpec.getBuilder(type, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
|
||||||
.getBuilder(type)
|
.addUserId("should@throw.ex")
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
.build());
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryUserId("should@throw.ex")
|
|
||||||
.withoutPassphrase().build());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,14 +41,11 @@ public class GenerateEllipticCurveKeyTest {
|
||||||
public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
|
public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
|
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS)
|
KeyType.EDDSA(EdDSACurve._Ed25519),
|
||||||
.withDefaultAlgorithms())
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
.addUserId(UserId.onlyEmail("alice@wonderland.lit").toString())
|
||||||
.withDefaultAlgorithms())
|
|
||||||
.withPrimaryUserId(UserId.onlyEmail("alice@wonderland.lit").toString())
|
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
assertEquals(PublicKeyAlgorithm.EDDSA.getAlgorithmId(), keyRing.getPublicKey().getAlgorithm());
|
assertEquals(PublicKeyAlgorithm.EDDSA.getAlgorithmId(), keyRing.getPublicKey().getAlgorithm());
|
||||||
|
|
|
@ -47,15 +47,14 @@ public class GenerateKeyWithAdditionalUserIdTest {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000);
|
Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000);
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS)
|
KeyType.RSA(RsaLength._3072),
|
||||||
.withDefaultAlgorithms())
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
|
||||||
.withPrimaryUserId(UserId.onlyEmail("primary@user.id"))
|
.addUserId(UserId.onlyEmail("primary@user.id"))
|
||||||
.withAdditionalUserId(UserId.onlyEmail("additional@user.id"))
|
.addUserId(UserId.onlyEmail("additional@user.id"))
|
||||||
.withAdditionalUserId(UserId.onlyEmail("additional2@user.id"))
|
.addUserId(UserId.onlyEmail("additional2@user.id"))
|
||||||
.withAdditionalUserId("\ttrimThis@user.id ")
|
.addUserId("\ttrimThis@user.id ")
|
||||||
.setExpirationDate(expiration)
|
.setExpirationDate(expiration)
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ import org.pgpainless.util.Passphrase;
|
||||||
* The issue is that the implementation of {@link Passphrase#emptyPassphrase()} would set the underlying
|
* The issue is that the implementation of {@link Passphrase#emptyPassphrase()} would set the underlying
|
||||||
* char array to null, which caused an NPE later on.
|
* char array to null, which caused an NPE later on.
|
||||||
*/
|
*/
|
||||||
public class GenerateWithEmptyPassphrase {
|
public class GenerateWithEmptyPassphraseTest {
|
||||||
|
|
||||||
@ParameterizedTest
|
@ParameterizedTest
|
||||||
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
|
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
|
||||||
|
@ -46,11 +46,11 @@ public class GenerateWithEmptyPassphrase {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
|
|
||||||
assertNotNull(PGPainless.generateKeyRing()
|
assertNotNull(PGPainless.generateKeyRing()
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS)
|
KeyType.RSA(RsaLength._3072),
|
||||||
.withDefaultAlgorithms())
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
|
||||||
.withPrimaryUserId("primary@user.id")
|
.addUserId("primary@user.id")
|
||||||
.withPassphrase(Passphrase.emptyPassphrase())
|
.setPassphrase(Passphrase.emptyPassphrase())
|
||||||
.build());
|
.build());
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -19,7 +19,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
@ -32,29 +31,19 @@ public class IllegalKeyFlagsTest {
|
||||||
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
|
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
|
||||||
public void testKeyCannotCarryFlagsTest(ImplementationFactory implementationFactory) {
|
public void testKeyCannotCarryFlagsTest(ImplementationFactory implementationFactory) {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing()
|
assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
KeyType.XDH(XDHSpec._X25519), KeyFlag.SIGN_DATA));
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA) // <- should throw
|
|
||||||
.withDefaultAlgorithms()));
|
|
||||||
|
|
||||||
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing()
|
assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
KeyType.XDH(XDHSpec._X25519), KeyFlag.CERTIFY_OTHER));
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER) // <- should throw
|
|
||||||
.withDefaultAlgorithms()));
|
|
||||||
|
|
||||||
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing()
|
assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
KeyType.XDH(XDHSpec._X25519), KeyFlag.AUTHENTICATION));
|
||||||
.withKeyFlags(KeyFlag.AUTHENTICATION) // <- should throw
|
|
||||||
.withDefaultAlgorithms()));
|
|
||||||
|
|
||||||
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing()
|
assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_COMMS));
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) // <- should throw
|
|
||||||
.withDefaultAlgorithms()));
|
|
||||||
|
|
||||||
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing()
|
assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_STORAGE));
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE) // <- should throw as well
|
|
||||||
.withDefaultAlgorithms()));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -221,11 +221,14 @@ public class KeyRingInfoTest {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
|
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms())
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.SIGN_DATA).withDefaultAlgorithms())
|
KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)).withKeyFlags(KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms())
|
.addSubkey(KeySpec.getBuilder(
|
||||||
.withPrimaryUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build())
|
KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1),
|
||||||
.withoutPassphrase()
|
KeyFlag.ENCRYPT_STORAGE))
|
||||||
|
.addSubkey(KeySpec.getBuilder(
|
||||||
|
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.SIGN_DATA))
|
||||||
|
.addUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build())
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
Iterator<PGPSecretKey> keys = secretKeys.iterator();
|
Iterator<PGPSecretKey> keys = secretKeys.iterator();
|
||||||
|
|
|
@ -51,15 +51,13 @@ public class UserIdRevocationTest {
|
||||||
@Test
|
@Test
|
||||||
public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS)
|
KeyType.EDDSA(EdDSACurve._Ed25519),
|
||||||
.withDefaultAlgorithms())
|
KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
.addSubkey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER)
|
KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
|
||||||
.withDefaultAlgorithms())
|
.addUserId("primary@key.id")
|
||||||
.withPrimaryUserId("primary@key.id")
|
.addUserId("secondary@key.id")
|
||||||
.withAdditionalUserId("secondary@key.id")
|
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
// make a copy with revoked subkey
|
// make a copy with revoked subkey
|
||||||
|
@ -91,15 +89,12 @@ public class UserIdRevocationTest {
|
||||||
@Test
|
@Test
|
||||||
public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS)
|
KeyType.EDDSA(EdDSACurve._Ed25519),
|
||||||
.withDefaultAlgorithms())
|
KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER)
|
.addUserId("primary@key.id")
|
||||||
.withDefaultAlgorithms())
|
.addUserId("secondary@key.id")
|
||||||
.withPrimaryUserId("primary@key.id")
|
|
||||||
.withAdditionalUserId("secondary@key.id")
|
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
||||||
|
|
|
@ -61,9 +61,7 @@ public class AddSubKeyTest {
|
||||||
|
|
||||||
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
secretKeys = PGPainless.modifyKeyRing(secretKeys)
|
||||||
.addSubKey(
|
.addSubKey(
|
||||||
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256))
|
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256), KeyFlag.SIGN_DATA).build(),
|
||||||
.withKeyFlags(KeyFlag.SIGN_DATA)
|
|
||||||
.withDefaultAlgorithms(),
|
|
||||||
Passphrase.fromPassword("subKeyPassphrase"),
|
Passphrase.fromPassword("subKeyPassphrase"),
|
||||||
PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("password123")))
|
PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("password123")))
|
||||||
.done();
|
.done();
|
||||||
|
|
|
@ -89,14 +89,14 @@ public class PolicyTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAcceptableSymmetricKeyDecryptionAlgorithm() {
|
public void testAcceptableSymmetricKeyDecryptionAlgorithm() {
|
||||||
assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH));
|
assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH));
|
||||||
assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId()));
|
assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testUnAcceptableSymmetricKeyDecryptionAlgorithm() {
|
public void testUnAcceptableSymmetricKeyDecryptionAlgorithm() {
|
||||||
assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128));
|
assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128));
|
||||||
assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId()));
|
assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -47,13 +47,12 @@ public class BCUtilTest {
|
||||||
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
|
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
|
||||||
IOException {
|
IOException {
|
||||||
PGPSecretKeyRing sec = PGPainless.generateKeyRing()
|
PGPSecretKeyRing sec = PGPainless.generateKeyRing()
|
||||||
.withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.ENCRYPT_COMMS)
|
KeyType.RSA(RsaLength._3072),
|
||||||
.withDefaultAlgorithms())
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072))
|
.addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072), KeyFlag.ENCRYPT_COMMS))
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
.addUserId("donald@duck.tails")
|
||||||
.withDefaultAlgorithms())
|
.build();
|
||||||
.withPrimaryUserId("donald@duck.tails").withoutPassphrase().build();
|
|
||||||
|
|
||||||
PGPPublicKeyRing pub = KeyRingUtils.publicKeyRingFrom(sec);
|
PGPPublicKeyRing pub = KeyRingUtils.publicKeyRingFrom(sec);
|
||||||
|
|
||||||
|
|
|
@ -41,17 +41,12 @@ public class GuessPreferredHashAlgorithmTest {
|
||||||
@Test
|
@Test
|
||||||
public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
|
public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
||||||
.withDetailedConfiguration()
|
.overridePreferredHashAlgorithms(new HashAlgorithm[] {})
|
||||||
// Do not specify preferred algorithms
|
.overridePreferredSymmetricKeyAlgorithms(new SymmetricKeyAlgorithm[] {})
|
||||||
.withPreferredSymmetricAlgorithms(new SymmetricKeyAlgorithm[] {})
|
.overridePreferredCompressionAlgorithms(new CompressionAlgorithm[] {}))
|
||||||
.withPreferredHashAlgorithms(new HashAlgorithm[] {})
|
.addUserId("test@test.test")
|
||||||
.withPreferredCompressionAlgorithms(new CompressionAlgorithm[] {})
|
|
||||||
|
|
||||||
.done())
|
|
||||||
.withPrimaryUserId("test@test.test")
|
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
PGPPublicKey publicKey = secretKeys.getPublicKey();
|
PGPPublicKey publicKey = secretKeys.getPublicKey();
|
||||||
|
|
|
@ -38,14 +38,13 @@ public class TestEncryptCommsStorageFlagsDifferentiated {
|
||||||
@Test
|
@Test
|
||||||
public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
|
public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072))
|
.setPrimaryKey(KeySpec.getBuilder(
|
||||||
.withKeyFlags(KeyFlag.CERTIFY_OTHER,
|
KeyType.RSA(RsaLength._3072),
|
||||||
|
KeyFlag.CERTIFY_OTHER,
|
||||||
KeyFlag.SIGN_DATA,
|
KeyFlag.SIGN_DATA,
|
||||||
KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS
|
KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS
|
||||||
)
|
))
|
||||||
.withDefaultAlgorithms())
|
.addUserId("cannot@encrypt.comms")
|
||||||
.withPrimaryUserId("cannot@encrypt.comms")
|
|
||||||
.withoutPassphrase()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
||||||
|
|
Loading…
Reference in a new issue