1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-24 10:56:23 +01:00

Merge branch 'key_generator_rework'

This commit is contained in:
Paul Schaub 2021-09-20 14:50:02 +02:00
commit 1aa6541766
28 changed files with 489 additions and 779 deletions

View file

@ -75,26 +75,19 @@ There are some predefined key archetypes, but it is possible to fully customize
// Customized key // Customized key
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing() PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
.withSubKey( .setPrimaryKey(KeySpec.getBuilder(
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256)) RSA.withLength(RsaLength._8192),
.withKeyFlags(KeyFlag.SIGN_DATA) KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.withDetailedConfiguration() .addSubkey(
.withDefaultSymmetricAlgorithms() KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256), KeyFlag.SIGN_DATA)
.withDefaultHashAlgorithms() .overrideCompressionAlgorithms(CompressionAlgorithm.ZLIB)
.withPreferredCompressionAlgorithms(CompressionAlgorithm.ZLIB) ).addSubkey(
.withFeature(Feature.MODIFICATION_DETECTION) KeySpec.getBuilder(
.done() ECDH.fromCurve(EllipticCurve._P256),
).withSubKey( KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
KeySpec.getBuilder(ECDH.fromCurve(EllipticCurve._P256)) ).addUserId("Juliet <juliet@montague.lit>")
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) .addUserId("xmpp:juliet@capulet.lit")
.withDefaultAlgorithms() .setPassphrase("romeo_oh_Romeo<3")
).withMasterKey(
KeySpec.getBuilder(RSA.withLength(RsaLength._8192))
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER)
.withDefaultAlgorithms()
).withPrimaryUserId("Juliet <juliet@montague.lit>")
.withAdditionalUserId("xmpp:juliet@capulet.lit")
.withPassphrase("romeo_oh_Romeo<3")
.build(); .build();
``` ```

View file

@ -15,7 +15,6 @@
*/ */
package org.pgpainless.algorithm; package org.pgpainless.algorithm;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
@ -45,9 +44,9 @@ public class AlgorithmSuite {
CompressionAlgorithm.UNCOMPRESSED) CompressionAlgorithm.UNCOMPRESSED)
); );
private Set<SymmetricKeyAlgorithm> symmetricKeyAlgorithms; private final Set<SymmetricKeyAlgorithm> symmetricKeyAlgorithms;
private Set<HashAlgorithm> hashAlgorithms; private final Set<HashAlgorithm> hashAlgorithms;
private Set<CompressionAlgorithm> compressionAlgorithms; private final Set<CompressionAlgorithm> compressionAlgorithms;
public AlgorithmSuite(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms, public AlgorithmSuite(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms,
List<HashAlgorithm> hashAlgorithms, List<HashAlgorithm> hashAlgorithms,
@ -57,57 +56,18 @@ public class AlgorithmSuite {
this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms)); this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms));
} }
public void setSymmetricKeyAlgorithms(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms) {
this.symmetricKeyAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(symmetricKeyAlgorithms));
}
public Set<SymmetricKeyAlgorithm> getSymmetricKeyAlgorithms() { public Set<SymmetricKeyAlgorithm> getSymmetricKeyAlgorithms() {
return new LinkedHashSet<>(symmetricKeyAlgorithms); return new LinkedHashSet<>(symmetricKeyAlgorithms);
} }
public int[] getSymmetricKeyAlgorithmIds() {
int[] array = new int[symmetricKeyAlgorithms.size()];
List<SymmetricKeyAlgorithm> list = new ArrayList<>(getSymmetricKeyAlgorithms());
for (int i = 0; i < array.length; i++) {
array[i] = list.get(i).getAlgorithmId();
}
return array;
}
public void setHashAlgorithms(List<HashAlgorithm> hashAlgorithms) {
this.hashAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(hashAlgorithms));
}
public Set<HashAlgorithm> getHashAlgorithms() { public Set<HashAlgorithm> getHashAlgorithms() {
return new LinkedHashSet<>(hashAlgorithms); return new LinkedHashSet<>(hashAlgorithms);
} }
public int[] getHashAlgorithmIds() {
int[] array = new int[hashAlgorithms.size()];
List<HashAlgorithm> list = new ArrayList<>(getHashAlgorithms());
for (int i = 0; i < array.length; i++) {
array[i] = list.get(i).getAlgorithmId();
}
return array;
}
public void setCompressionAlgorithms(List<CompressionAlgorithm> compressionAlgorithms) {
this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms));
}
public Set<CompressionAlgorithm> getCompressionAlgorithms() { public Set<CompressionAlgorithm> getCompressionAlgorithms() {
return new LinkedHashSet<>(compressionAlgorithms); return new LinkedHashSet<>(compressionAlgorithms);
} }
public int[] getCompressionAlgorithmIds() {
int[] array = new int[compressionAlgorithms.size()];
List<CompressionAlgorithm> list = new ArrayList<>(getCompressionAlgorithms());
for (int i = 0; i < array.length; i++) {
array[i] = list.get(i).getAlgorithmId();
}
return array;
}
public static AlgorithmSuite getDefaultAlgorithmSuite() { public static AlgorithmSuite getDefaultAlgorithmSuite() {
return defaultAlgorithmSuite; return defaultAlgorithmSuite;
} }

View file

@ -466,7 +466,7 @@ public final class DecryptionStreamFactory {
} }
private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm algorithm) throws UnacceptableAlgorithmException { private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm algorithm) throws UnacceptableAlgorithmException {
if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(algorithm)) { if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(algorithm)) {
throw new UnacceptableAlgorithmException("Data is " throw new UnacceptableAlgorithmException("Data is "
+ (algorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + algorithm) + " which is not acceptable as per PGPainless' policy.\n" + + (algorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + algorithm) + " which is not acceptable as per PGPainless' policy.\n" +
"To mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy()."); "To mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy().");

View file

@ -61,14 +61,18 @@ import org.pgpainless.provider.ProviderFactory;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil; import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil;
public class KeyRingBuilder implements KeyRingBuilderInterface { public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
private final Charset UTF8 = Charset.forName("UTF-8"); private final Charset UTF8 = Charset.forName("UTF-8");
private final List<KeySpec> keySpecs = new ArrayList<>(); private PGPSignatureGenerator signatureGenerator;
private String userId; private PGPDigestCalculator digestCalculator;
private final Set<String> additionalUserIds = new LinkedHashSet<>(); private PBESecretKeyEncryptor secretKeyEncryptor;
private Passphrase passphrase;
private KeySpec primaryKeySpec;
private final List<KeySpec> subkeySpecs = new ArrayList<>();
private final Set<String> userIds = new LinkedHashSet<>();
private Passphrase passphrase = null;
private Date expirationDate = null; private Date expirationDate = null;
/** /**
@ -126,18 +130,14 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
*/ */
public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password) public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password)
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
WithAdditionalUserIdOrPassphrase builder = this KeyRingBuilder builder = new KeyRingBuilder()
.withPrimaryKey( .setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
KeySpec.getBuilder(KeyType.RSA(length)) .addUserId(userId);
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS)
.withDefaultAlgorithms())
.withPrimaryUserId(userId);
if (password == null) { if (!isNullOrEmpty(password)) {
return builder.withoutPassphrase().build(); builder.setPassphrase(Passphrase.fromPassword(password));
} else {
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
} }
return builder.build();
} }
/** /**
@ -195,22 +195,15 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
*/ */
public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password) public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password)
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
WithAdditionalUserIdOrPassphrase builder = this KeyRingBuilder builder = new KeyRingBuilder()
.withSubKey( .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) .addUserId(userId);
.withDefaultAlgorithms())
.withPrimaryKey(
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
.withDefaultAlgorithms())
.withPrimaryUserId(userId);
if (password == null) { if (!isNullOrEmpty(password)) {
return builder.withoutPassphrase().build(); builder.setPassphrase(Passphrase.fromPassword(password));
} else {
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
} }
return builder.build();
} }
/** /**
@ -223,40 +216,59 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
*/ */
public PGPSecretKeyRing modernKeyRing(String userId, String password) public PGPSecretKeyRing modernKeyRing(String userId, String password)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
WithAdditionalUserIdOrPassphrase builder = this KeyRingBuilder builder = new KeyRingBuilder()
.withSubKey( .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
.withDefaultAlgorithms()) .addUserId(userId);
.withSubKey( if (!isNullOrEmpty(password)) {
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) builder.setPassphrase(Passphrase.fromPassword(password));
.withKeyFlags(KeyFlag.SIGN_DATA)
.withDefaultAlgorithms())
.withPrimaryKey(
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
.withDefaultAlgorithms())
.withPrimaryUserId(userId);
if (password == null) {
return builder.withoutPassphrase().build();
} else {
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
} }
return builder.build();
} }
@Override @Override
public KeyRingBuilderInterface withSubKey(@Nonnull KeySpec type) { public KeyRingBuilder setPrimaryKey(@Nonnull KeySpec keySpec) {
KeyRingBuilder.this.keySpecs.add(type); verifyMasterKeyCanCertify(keySpec);
this.primaryKeySpec = keySpec;
return this; return this;
} }
@Override @Override
public WithPrimaryUserId withPrimaryKey(@Nonnull KeySpec spec) { public KeyRingBuilder addSubkey(@Nonnull KeySpec keySpec) {
verifyMasterKeyCanCertify(spec); this.subkeySpecs.add(keySpec);
return this;
}
KeyRingBuilder.this.keySpecs.add(0, spec); @Override
return new WithPrimaryUserIdImpl(); public KeyRingBuilder addUserId(@Nonnull String userId) {
this.userIds.add(userId.trim());
return this;
}
@Override
public KeyRingBuilder addUserId(@Nonnull byte[] userId) {
return addUserId(new String(userId, UTF8));
}
@Override
public KeyRingBuilder setExpirationDate(@Nonnull Date expirationDate) {
Date now = new Date();
if (now.after(expirationDate)) {
throw new IllegalArgumentException("Expiration date must be in the future.");
}
this.expirationDate = expirationDate;
return this;
}
@Override
public KeyRingBuilder setPassphrase(@Nonnull Passphrase passphrase) {
this.passphrase = passphrase;
return this;
}
private static boolean isNullOrEmpty(String password) {
return password == null || password.trim().isEmpty();
} }
private void verifyMasterKeyCanCertify(KeySpec spec) { private void verifyMasterKeyCanCertify(KeySpec spec) {
@ -276,68 +288,12 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
return keySpec.getKeyType().canCertify(); return keySpec.getKeyType().canCertify();
} }
class WithPrimaryUserIdImpl implements WithPrimaryUserId {
@Override
public WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull String userId) {
KeyRingBuilder.this.userId = userId.trim();
return new WithAdditionalUserIdOrPassphraseImpl();
}
@Override
public WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull byte[] userId) {
return withPrimaryUserId(new String(userId, UTF8));
}
}
class WithAdditionalUserIdOrPassphraseImpl implements WithAdditionalUserIdOrPassphrase {
@Override
public WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate) {
Date now = new Date();
if (now.after(expirationDate)) {
throw new IllegalArgumentException("Expiration date must be in the future.");
}
KeyRingBuilder.this.expirationDate = expirationDate;
return this;
}
@Override
public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId) {
String trimmed = userId.trim();
if (KeyRingBuilder.this.userId.equals(trimmed)) {
throw new IllegalArgumentException("Additional user-id MUST NOT be equal to primary user-id.");
}
KeyRingBuilder.this.additionalUserIds.add(trimmed);
return this;
}
@Override
public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId) {
return withAdditionalUserId(new String(userId, UTF8));
}
@Override
public Build withPassphrase(@Nonnull Passphrase passphrase) {
KeyRingBuilder.this.passphrase = passphrase;
return new BuildImpl();
}
@Override
public Build withoutPassphrase() {
KeyRingBuilder.this.passphrase = null;
return new BuildImpl();
}
class BuildImpl implements Build {
private PGPSignatureGenerator signatureGenerator;
private PGPDigestCalculator digestCalculator;
private PBESecretKeyEncryptor secretKeyEncryptor;
@Override @Override
public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException, public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException { InvalidAlgorithmParameterException {
if (userIds.isEmpty()) {
throw new IllegalStateException("At least one user-id is required.");
}
digestCalculator = buildDigestCalculator(); digestCalculator = buildDigestCalculator();
secretKeyEncryptor = buildSecretKeyEncryptor(); secretKeyEncryptor = buildSecretKeyEncryptor();
PBESecretKeyDecryptor secretKeyDecryptor = buildSecretKeyDecryptor(); PBESecretKeyDecryptor secretKeyDecryptor = buildSecretKeyDecryptor();
@ -346,14 +302,11 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
passphrase.clear(); passphrase.clear();
} }
// First key is the Master Key // Generate Primary Key
KeySpec certKeySpec = keySpecs.remove(0); PGPKeyPair certKey = generateKeyPair(primaryKeySpec);
// Generate Master Key
PGPKeyPair certKey = generateKeyPair(certKeySpec);
PGPContentSignerBuilder signer = buildContentSigner(certKey); PGPContentSignerBuilder signer = buildContentSigner(certKey);
signatureGenerator = new PGPSignatureGenerator(signer); signatureGenerator = new PGPSignatureGenerator(signer);
PGPSignatureSubpacketGenerator hashedSubPacketGenerator = certKeySpec.getSubpacketGenerator(); PGPSignatureSubpacketGenerator hashedSubPacketGenerator = primaryKeySpec.getSubpacketGenerator();
hashedSubPacketGenerator.setPrimaryUserID(false, true); hashedSubPacketGenerator.setPrimaryUserID(false, true);
if (expirationDate != null) { if (expirationDate != null) {
SignatureSubpacketGeneratorUtil.setExpirationDateInSubpacketGenerator( SignatureSubpacketGeneratorUtil.setExpirationDateInSubpacketGenerator(
@ -374,7 +327,10 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
// Attempt to add additional user-ids to the primary public key // Attempt to add additional user-ids to the primary public key
PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey(); PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey();
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKeyRing.getSecretKey(), secretKeyDecryptor); PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKeyRing.getSecretKey(), secretKeyDecryptor);
for (String additionalUserId : additionalUserIds) { Iterator<String> additionalUserIds = userIds.iterator();
additionalUserIds.next(); // Skip primary user id
while (additionalUserIds.hasNext()) {
String additionalUserId = additionalUserIds.next();
signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey); signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey);
PGPSignature additionalUserIdSignature = PGPSignature additionalUserIdSignature =
signatureGenerator.generateCertification(additionalUserId, primaryPubKey); signatureGenerator.generateCertification(additionalUserId, primaryPubKey);
@ -400,15 +356,16 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
PGPContentSignerBuilder signer, PGPContentSignerBuilder signer,
PGPSignatureSubpacketVector hashedSubPackets) PGPSignatureSubpacketVector hashedSubPackets)
throws PGPException { throws PGPException {
String primaryUserId = userIds.iterator().next();
return new PGPKeyRingGenerator( return new PGPKeyRingGenerator(
SignatureType.POSITIVE_CERTIFICATION.getCode(), certKey, SignatureType.POSITIVE_CERTIFICATION.getCode(), certKey,
userId, digestCalculator, primaryUserId, digestCalculator,
hashedSubPackets, null, signer, secretKeyEncryptor); hashedSubPackets, null, signer, secretKeyEncryptor);
} }
private void addSubKeys(PGPKeyPair primaryKey, PGPKeyRingGenerator ringGenerator) private void addSubKeys(PGPKeyPair primaryKey, PGPKeyRingGenerator ringGenerator)
throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException { throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
for (KeySpec subKeySpec : keySpecs) { for (KeySpec subKeySpec : subkeySpecs) {
PGPKeyPair subKey = generateKeyPair(subKeySpec); PGPKeyPair subKey = generateKeyPair(subKeySpec);
if (subKeySpec.isInheritedSubPackets()) { if (subKeySpec.isInheritedSubPackets()) {
ringGenerator.addSubKey(subKey); ringGenerator.addSubKey(subKey);
@ -465,8 +422,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
private PGPDigestCalculator buildDigestCalculator() throws PGPException { private PGPDigestCalculator buildDigestCalculator() throws PGPException {
return ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1); return ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1);
} }
}
}
public static PGPKeyPair generateKeyPair(KeySpec spec) public static PGPKeyPair generateKeyPair(KeySpec spec)
throws NoSuchAlgorithmException, PGPException, throws NoSuchAlgorithmException, PGPException,

View file

@ -25,50 +25,32 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.pgpainless.key.util.UserId; import org.pgpainless.key.util.UserId;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
public interface KeyRingBuilderInterface { public interface KeyRingBuilderInterface<B extends KeyRingBuilderInterface<B>> {
KeyRingBuilderInterface withSubKey(@Nonnull KeySpec keySpec); B setPrimaryKey(@Nonnull KeySpec keySpec);
WithPrimaryUserId withPrimaryKey(@Nonnull KeySpec keySpec); default B setPrimaryKey(@Nonnull KeySpecBuilder builder) {
return setPrimaryKey(builder.build());
interface WithPrimaryUserId {
default WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull UserId userId) {
return withPrimaryUserId(userId.toString());
} }
WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull String userId); B addSubkey(@Nonnull KeySpec keySpec);
WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull byte[] userId);
default B addSubkey(@Nonnull KeySpecBuilder builder) {
return addSubkey(builder.build());
} }
interface WithAdditionalUserIdOrPassphrase { default B addUserId(UserId userId) {
return addUserId(userId.toString());
default WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull UserId userId) {
return withAdditionalUserId(userId.toString());
} }
/** B addUserId(@Nonnull String userId);
* Set an expiration date for the key.
*
* @param expirationDate date on which the key will expire.
* @return builder
*/
WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate);
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId); B addUserId(@Nonnull byte[] userId);
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId); B setExpirationDate(@Nonnull Date expirationDate);
Build withPassphrase(@Nonnull Passphrase passphrase); B setPassphrase(@Nonnull Passphrase passphrase);
Build withoutPassphrase();
}
interface Build {
PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException, PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException; InvalidAlgorithmParameterException;
} }
}

View file

@ -20,6 +20,7 @@ import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector; import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
public class KeySpec { public class KeySpec {
@ -54,7 +55,7 @@ public class KeySpec {
return inheritedSubPackets; return inheritedSubPackets;
} }
public static KeySpecBuilder getBuilder(KeyType type) { public static KeySpecBuilder getBuilder(KeyType type, KeyFlag flag, KeyFlag... flags) {
return new KeySpecBuilder(type); return new KeySpecBuilder(type, flag, flags);
} }
} }

View file

@ -15,10 +15,14 @@
*/ */
package org.pgpainless.key.generation; package org.pgpainless.key.generation;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import org.bouncycastle.bcpg.sig.Features;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.AlgorithmSuite; import org.pgpainless.algorithm.AlgorithmSuite;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.Feature; import org.pgpainless.algorithm.Feature;
@ -26,24 +30,89 @@ import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.util.CollectionUtils;
public class KeySpecBuilder implements KeySpecBuilderInterface { public class KeySpecBuilder implements KeySpecBuilderInterface {
private final KeyType type; private final KeyType type;
private final KeyFlag[] keyFlags;
private final PGPSignatureSubpacketGenerator hashedSubPackets = new PGPSignatureSubpacketGenerator(); private final PGPSignatureSubpacketGenerator hashedSubPackets = new PGPSignatureSubpacketGenerator();
private final AlgorithmSuite algorithmSuite = PGPainless.getPolicy().getKeyGenerationAlgorithmSuite();
private Set<CompressionAlgorithm> preferredCompressionAlgorithms = algorithmSuite.getCompressionAlgorithms();
private Set<HashAlgorithm> preferredHashAlgorithms = algorithmSuite.getHashAlgorithms();
private Set<SymmetricKeyAlgorithm> preferredSymmetricAlgorithms = algorithmSuite.getSymmetricKeyAlgorithms();
KeySpecBuilder(@Nonnull KeyType type) { KeySpecBuilder(@Nonnull KeyType type, KeyFlag flag, KeyFlag... flags) {
if (flag == null) {
throw new IllegalArgumentException("Key MUST carry at least one key flag");
}
if (flags == null) {
throw new IllegalArgumentException("List of additional flags MUST NOT be null.");
}
flags = CollectionUtils.concat(flag, flags);
assureKeyCanCarryFlags(type, flags);
this.type = type; this.type = type;
this.keyFlags = flags;
} }
@Override @Override
public WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags) { public KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms) {
assureKeyCanCarryFlags(flags); this.preferredCompressionAlgorithms = new LinkedHashSet<>(Arrays.asList(compressionAlgorithms));
this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(flags)); return this;
return new WithDetailedConfigurationImpl();
} }
private void assureKeyCanCarryFlags(KeyFlag... flags) { @Override
public KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms) {
this.preferredHashAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredHashAlgorithms));
return this;
}
@Override
public KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms) {
this.preferredSymmetricAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredSymmetricKeyAlgorithms));
return this;
}
@Override
public KeySpec build() {
this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(keyFlags));
this.hashedSubPackets.setPreferredCompressionAlgorithms(false, getPreferredCompressionAlgorithmIDs());
this.hashedSubPackets.setPreferredHashAlgorithms(false, getPreferredHashAlgorithmIDs());
this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, getPreferredSymmetricKeyAlgorithmIDs());
this.hashedSubPackets.setFeature(false, Feature.MODIFICATION_DETECTION.getFeatureId());
return new KeySpec(type, hashedSubPackets, false);
}
private int[] getPreferredCompressionAlgorithmIDs() {
int[] ids = new int[preferredCompressionAlgorithms.size()];
Iterator<CompressionAlgorithm> iterator = preferredCompressionAlgorithms.iterator();
for (int i = 0; i < ids.length; i++) {
ids[i] = iterator.next().getAlgorithmId();
}
return ids;
}
private int[] getPreferredHashAlgorithmIDs() {
int[] ids = new int[preferredHashAlgorithms.size()];
Iterator<HashAlgorithm> iterator = preferredHashAlgorithms.iterator();
for (int i = 0; i < ids.length; i++) {
ids[i] = iterator.next().getAlgorithmId();
}
return ids;
}
private int[] getPreferredSymmetricKeyAlgorithmIDs() {
int[] ids = new int[preferredSymmetricAlgorithms.size()];
Iterator<SymmetricKeyAlgorithm> iterator = preferredSymmetricAlgorithms.iterator();
for (int i = 0; i < ids.length; i++) {
ids[i] = iterator.next().getAlgorithmId();
}
return ids;
}
private static void assureKeyCanCarryFlags(KeyType type, KeyFlag... flags) {
final int mask = KeyFlag.toBitmask(flags); final int mask = KeyFlag.toBitmask(flags);
if (!type.canCertify() && KeyFlag.hasKeyFlag(mask, KeyFlag.CERTIFY_OTHER)) { if (!type.canCertify() && KeyFlag.hasKeyFlag(mask, KeyFlag.CERTIFY_OTHER)) {
@ -66,120 +135,4 @@ public class KeySpecBuilder implements KeySpecBuilderInterface {
throw new IllegalArgumentException("KeyType " + type.getName() + " cannot carry key flag AUTHENTIACTION."); throw new IllegalArgumentException("KeyType " + type.getName() + " cannot carry key flag AUTHENTIACTION.");
} }
} }
@Override
public KeySpec withInheritedSubPackets() {
return new KeySpec(type, null, true);
}
class WithDetailedConfigurationImpl implements WithDetailedConfiguration {
@Deprecated
@Override
public WithPreferredSymmetricAlgorithms withDetailedConfiguration() {
return new WithPreferredSymmetricAlgorithmsImpl();
}
@Override
public KeySpec withDefaultAlgorithms() {
AlgorithmSuite defaultSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
hashedSubPackets.setPreferredCompressionAlgorithms(false, defaultSuite.getCompressionAlgorithmIds());
hashedSubPackets.setPreferredSymmetricAlgorithms(false, defaultSuite.getSymmetricKeyAlgorithmIds());
hashedSubPackets.setPreferredHashAlgorithms(false, defaultSuite.getHashAlgorithmIds());
hashedSubPackets.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);
return new KeySpec(
KeySpecBuilder.this.type,
KeySpecBuilder.this.hashedSubPackets,
false);
}
}
class WithPreferredSymmetricAlgorithmsImpl implements WithPreferredSymmetricAlgorithms {
@Override
public WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms) {
int[] ids = new int[algorithms.length];
for (int i = 0; i < ids.length; i++) {
ids[i] = algorithms[i].getAlgorithmId();
}
KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, ids);
return new WithPreferredHashAlgorithmsImpl();
}
@Override
public WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms() {
KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds());
return new WithPreferredHashAlgorithmsImpl();
}
@Override
public WithFeatures withDefaultAlgorithms() {
hashedSubPackets.setPreferredSymmetricAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds());
hashedSubPackets.setPreferredCompressionAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds());
hashedSubPackets.setPreferredHashAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds());
return new WithFeaturesImpl();
}
}
class WithPreferredHashAlgorithmsImpl implements WithPreferredHashAlgorithms {
@Override
public WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms) {
int[] ids = new int[algorithms.length];
for (int i = 0; i < ids.length; i++) {
ids[i] = algorithms[i].getAlgorithmId();
}
KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false, ids);
return new WithPreferredCompressionAlgorithmsImpl();
}
@Override
public WithPreferredCompressionAlgorithms withDefaultHashAlgorithms() {
KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds());
return new WithPreferredCompressionAlgorithmsImpl();
}
}
class WithPreferredCompressionAlgorithmsImpl implements WithPreferredCompressionAlgorithms {
@Override
public WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms) {
int[] ids = new int[algorithms.length];
for (int i = 0; i < ids.length; i++) {
ids[i] = algorithms[i].getAlgorithmId();
}
KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false, ids);
return new WithFeaturesImpl();
}
@Override
public WithFeatures withDefaultCompressionAlgorithms() {
KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds());
return new WithFeaturesImpl();
}
}
class WithFeaturesImpl implements WithFeatures {
@Override
public WithFeatures withFeature(@Nonnull Feature feature) {
KeySpecBuilder.this.hashedSubPackets.setFeature(false, feature.getFeatureId());
return this;
}
@Override
public KeySpec done() {
return new KeySpec(
KeySpecBuilder.this.type,
hashedSubPackets,
false);
}
}
} }

View file

@ -18,55 +18,16 @@ package org.pgpainless.key.generation;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.Feature;
import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
public interface KeySpecBuilderInterface { public interface KeySpecBuilderInterface {
WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags); KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms);
KeySpec withInheritedSubPackets(); KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms);
interface WithDetailedConfiguration { KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms);
WithPreferredSymmetricAlgorithms withDetailedConfiguration();
KeySpec withDefaultAlgorithms();
}
interface WithPreferredSymmetricAlgorithms {
WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms);
WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms();
WithFeatures withDefaultAlgorithms();
}
interface WithPreferredHashAlgorithms {
WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms);
WithPreferredCompressionAlgorithms withDefaultHashAlgorithms();
}
interface WithPreferredCompressionAlgorithms {
WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms);
WithFeatures withDefaultCompressionAlgorithms();
}
interface WithFeatures {
WithFeatures withFeature(@Nonnull Feature feature);
KeySpec done();
}
KeySpec build();
} }

View file

@ -21,6 +21,9 @@ import java.util.EnumMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import javax.annotation.Nonnull;
import org.pgpainless.algorithm.AlgorithmSuite;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.PublicKeyAlgorithm; import org.pgpainless.algorithm.PublicKeyAlgorithm;
@ -48,6 +51,8 @@ public final class Policy {
PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy(); PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy();
private final NotationRegistry notationRegistry = new NotationRegistry(); private final NotationRegistry notationRegistry = new NotationRegistry();
private AlgorithmSuite keyGenerationAlgorithmSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
Policy() { Policy() {
} }
@ -122,7 +127,7 @@ public final class Policy {
* *
* @return symmetric algorithm policy for decryption * @return symmetric algorithm policy for decryption
*/ */
public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgoritmPolicy() { public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgorithmPolicy() {
return symmetricKeyDecryptionAlgorithmPolicy; return symmetricKeyDecryptionAlgorithmPolicy;
} }
@ -459,4 +464,21 @@ public final class Policy {
public NotationRegistry getNotationRegistry() { public NotationRegistry getNotationRegistry() {
return notationRegistry; return notationRegistry;
} }
/**
* Return the current {@link AlgorithmSuite} which defines preferred algorithms used during key generation.
* @return current algorithm suite
*/
public @Nonnull AlgorithmSuite getKeyGenerationAlgorithmSuite() {
return keyGenerationAlgorithmSuite;
}
/**
* Set a custom {@link AlgorithmSuite} which defines preferred algorithms used during key generation.
*
* @param algorithmSuite custom algorithm suite
*/
public void setKeyGenerationAlgorithmSuite(@Nonnull AlgorithmSuite algorithmSuite) {
this.keyGenerationAlgorithmSuite = algorithmSuite;
}
} }

View file

@ -15,6 +15,7 @@
*/ */
package org.pgpainless.util; package org.pgpainless.util;
import java.lang.reflect.Array;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -33,4 +34,11 @@ public final class CollectionUtils {
} }
return items; return items;
} }
public static <T> T[] concat(T t, T[] ts) {
T[] concat = (T[]) Array.newInstance(t.getClass(), ts.length + 1);
concat[0] = t;
System.arraycopy(ts, 0, concat, 1, ts.length);
return concat;
}
} }

View file

@ -1,73 +0,0 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.algorithm;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
public class AlgorithmSuiteTest {
private AlgorithmSuite suite;
@BeforeEach
public void resetEmptyAlgorithmSuite() {
suite = new AlgorithmSuite(
Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList()
);
}
@Test
public void setSymmetricAlgorithmsTest() {
List<SymmetricKeyAlgorithm> algorithmList = Arrays.asList(
SymmetricKeyAlgorithm.AES_128, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_256
);
suite.setSymmetricKeyAlgorithms(algorithmList);
assertEquals(algorithmList, new ArrayList<>(suite.getSymmetricKeyAlgorithms()));
}
@Test
public void setHashAlgorithmsTest() {
List<HashAlgorithm> algorithmList = Arrays.asList(
HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512
);
suite.setHashAlgorithms(algorithmList);
assertEquals(algorithmList, new ArrayList<>(suite.getHashAlgorithms()));
}
@Test
public void setCompressionAlgorithmsTest() {
List<CompressionAlgorithm> algorithmList = Arrays.asList(
CompressionAlgorithm.ZLIB, CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2
);
suite.setCompressionAlgorithms(algorithmList);
assertEquals(algorithmList, new ArrayList<>(suite.getCompressionAlgorithms()));
}
}

View file

@ -88,9 +88,13 @@ public class EncryptDecryptTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072); PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072);
PGPSecretKeyRing recipient = PGPainless.generateKeyRing() PGPSecretKeyRing recipient = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(ElGamal.withLength(ElGamalLength._3072)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()) .setPrimaryKey(KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096)).withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms()) KeyType.RSA(RsaLength._4096),
.withPrimaryUserId("juliet@capulet.lit").withoutPassphrase().build(); KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.addSubkey(KeySpec.getBuilder(
ElGamal.withLength(ElGamalLength._3072),
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
.addUserId("juliet@capulet.lit").build();
encryptDecryptForSecretKeyRings(sender, recipient); encryptDecryptForSecretKeyRings(sender, recipient);
} }

View file

@ -59,15 +59,13 @@ public class EncryptionOptionsTest {
@BeforeAll @BeforeAll
public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
secretKeys = PGPainless.generateKeyRing() secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER)
.withKeyFlags(KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()) .build())
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS)
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms()) .build())
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE)
.withKeyFlags(KeyFlag.CERTIFY_OTHER) .build())
.withDefaultAlgorithms()) .addUserId("test@pgpainless.org")
.withPrimaryUserId("test@pgpainless.org")
.withoutPassphrase()
.build(); .build();
publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
@ -140,10 +138,9 @@ public class EncryptionOptionsTest {
public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
EncryptionOptions options = new EncryptionOptions(); EncryptionOptions options = new EncryptionOptions();
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).withDefaultAlgorithms()) .addUserId("test@pgpainless.org")
.withPrimaryUserId("test@pgpainless.org") .build();
.withoutPassphrase().build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
assertThrows(IllegalArgumentException.class, () -> options.addRecipient(publicKeys)); assertThrows(IllegalArgumentException.class, () -> options.addRecipient(publicKeys));

View file

@ -21,22 +21,21 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Date;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.AlgorithmSuite;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.EncryptionPurpose; import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.Feature;
import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm; import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.KeySpecBuilderInterface; import org.pgpainless.key.generation.KeySpecBuilder;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.ecc.EllipticCurve; import org.pgpainless.key.generation.type.ecc.EllipticCurve;
import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
@ -159,35 +158,34 @@ public class GenerateKeys {
* algorithm preferences. * algorithm preferences.
* *
* If the target key amalgamation (key ring) should consist of more than just a single (sub-)key, start by providing * If the target key amalgamation (key ring) should consist of more than just a single (sub-)key, start by providing
* the specifications for the subkeys first (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withSubKey(KeySpec)}) * the primary key specification using {@link org.pgpainless.key.generation.KeyRingBuilder#setPrimaryKey(KeySpec)}.
* and add the primary key specification last (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withPrimaryKey(KeySpec)}. * Any additional subkeys can be then added using {@link org.pgpainless.key.generation.KeyRingBuilder#addSubkey(KeySpec)}.
* *
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType)} method and providing a {@link KeyType}. * {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag, KeyFlag...)}
* method and providing a {@link KeyType}.
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself * There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
* (such as {@link KeyType#ECDH(EllipticCurve)}. * (such as {@link KeyType#ECDH(EllipticCurve)}. {@link KeyFlag KeyFlags} determine
*
* After that, the {@link org.pgpainless.key.generation.KeySpecBuilder} needs to be further configured.
* First of all, the keys {@link KeyFlag KeyFlags} need to be specified. {@link KeyFlag KeyFlags} determine
* the use of the key, like encryption, signing data or certifying subkeys. * the use of the key, like encryption, signing data or certifying subkeys.
* KeyFlags can be set with {@link org.pgpainless.key.generation.KeySpecBuilder#withKeyFlags(KeyFlag...)}.
* *
* Next is algorithm setup. You can either trust PGPainless' defaults (see {@link AlgorithmSuite#getDefaultAlgorithmSuite()}), * If you so desire, you can now specify your own algorithm preferences.
* or specify your own algorithm preferences. * For that, see {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredCompressionAlgorithms(CompressionAlgorithm...)},
* To go with the defaults, call {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDefaultAlgorithms()}, * {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredHashAlgorithms(HashAlgorithm...)} or
* otherwise start detailed config with {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDetailedConfiguration()}. * {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm...)}.
* *
* Note, that if you set preferred algorithms, the preference lists are sorted from high priority to low priority. * Note, that if you set preferred algorithms, the preference lists are sorted from high priority to low priority.
* *
* When setting the primary key spec ({@link org.pgpainless.key.generation.KeyRingBuilder#withPrimaryKey(KeySpec)}), * When setting the primary key spec ({@link org.pgpainless.key.generation.KeyRingBuilder#setPrimaryKey(KeySpecBuilder)}),
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is an requirement * make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement
* for primary keys. * for primary keys.
* *
* Furthermore you have to set at least the primary user-id via * Furthermore you have to set at least the primary user-id via
* {@link org.pgpainless.key.generation.KeyRingBuilderInterface.WithPrimaryUserId#withPrimaryUserId(String)}, * {@link org.pgpainless.key.generation.KeyRingBuilder#addUserId(String)},
* but you can also add additional user-ids via * but you can also add additional user-ids.
* {@link org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase#withAdditionalUserId(String)}.
* *
* Lastly you can decide whether or not to set a passphrase to protect the secret key. * If you want the key to expire at a certain point in time, call
* {@link org.pgpainless.key.generation.KeyRingBuilder#setExpirationDate(Date)}.
* Lastly you can decide whether to set a passphrase to protect the secret key using
* {@link org.pgpainless.key.generation.KeyRingBuilder#setPassphrase(Passphrase)}.
* *
* @throws PGPException * @throws PGPException
* @throws InvalidAlgorithmParameterException * @throws InvalidAlgorithmParameterException
@ -208,48 +206,35 @@ public class GenerateKeys {
Passphrase passphrase = Passphrase.fromPassword("1nters3x"); Passphrase passphrase = Passphrase.fromPassword("1nters3x");
PGPSecretKeyRing secretKey = PGPainless.generateKeyRing() PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
// The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags
KeyFlag.CERTIFY_OTHER))
// Add the first subkey (in this case encryption) // Add the first subkey (in this case encryption)
.withSubKey( .addSubkey(KeySpec.getBuilder(
KeySpec.getBuilder(
// We choose an ECDH key over the brainpoolp256r1 curve // We choose an ECDH key over the brainpoolp256r1 curve
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1) KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1),
)
// Our key can encrypt both communication data, as well as data at rest // Our key can encrypt both communication data, as well as data at rest
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS
)
// Optionally: Configure the subkey with custom algorithm preferences // Optionally: Configure the subkey with custom algorithm preferences
// Is is recommended though to go with PGPainless' defaults which can be found in the // Is is recommended though to go with PGPainless' defaults which can be found in the
// AlgorithmSuite class. // AlgorithmSuite class.
.withDetailedConfiguration() .overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
.withPreferredSymmetricAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128) .overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
.withPreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256) .overridePreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB)
.withPreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB) .build())
// Modification Detection is highly recommended
.withFeature(Feature.MODIFICATION_DETECTION)
.done()
)
// Add the second subkey (signing) // Add the second subkey (signing)
.withSubKey( .addSubkey(KeySpec.getBuilder(
KeySpec.getBuilder( KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1),
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)
)
// This key is used for creating signatures only // This key is used for creating signatures only
.withKeyFlags(KeyFlag.SIGN_DATA) KeyFlag.SIGN_DATA
// Instead of manually specifying algorithm preferences, we can simply use PGPainless' sane defaults ))
.withDefaultAlgorithms()
)
// Lastly we add the primary key (certification only in our case)
.withPrimaryKey(
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
// The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
.withDefaultAlgorithms()
)
// Set primary user-id // Set primary user-id
.withPrimaryUserId(userId) .addUserId(userId)
// Add an additional user id. This step can be repeated // Add an additional user id. This step can be repeated
.withAdditionalUserId(additionalUserId) .addUserId(additionalUserId)
// Set passphrase. Alternatively use .withoutPassphrase() to leave key unprotected. // Set passphrase. Alternatively use .withoutPassphrase() to leave key unprotected.
.withPassphrase(passphrase) .setPassphrase(passphrase)
.build(); .build();

View file

@ -187,9 +187,8 @@ public class ModifyKeys {
Passphrase subkeyPassphrase = Passphrase.fromPassword("subk3yP4ssphr4s3"); Passphrase subkeyPassphrase = Passphrase.fromPassword("subk3yP4ssphr4s3");
secretKey = PGPainless.modifyKeyRing(secretKey) secretKey = PGPainless.modifyKeyRing(secretKey)
.addSubKey( .addSubKey(
KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1)) KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1), KeyFlag.ENCRYPT_COMMS)
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) .build(),
.withDefaultAlgorithms(),
subkeyPassphrase, subkeyPassphrase,
protector) protector)
.done(); .done();

View file

@ -54,12 +54,10 @@ public class BrainpoolKeyGenerationTest {
for (EllipticCurve curve : EllipticCurve.values()) { for (EllipticCurve curve : EllipticCurve.values()) {
PGPSecretKeyRing secretKeys = generateKey( PGPSecretKeyRing secretKeys = generateKey(
KeySpec.getBuilder(KeyType.ECDSA(curve)) KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) KeyType.ECDSA(curve), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).build(),
.withDefaultAlgorithms(), KeySpec.getBuilder(
KeySpec.getBuilder(KeyType.ECDH(curve)) KeyType.ECDH(curve), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE).build(),
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
.withDefaultAlgorithms(),
"Elliptic Curve <elliptic@curve.key>"); "Elliptic Curve <elliptic@curve.key>");
assertEquals(PublicKeyAlgorithm.ECDSA, PublicKeyAlgorithm.fromId(secretKeys.getPublicKey().getAlgorithm())); assertEquals(PublicKeyAlgorithm.ECDSA, PublicKeyAlgorithm.fromId(secretKeys.getPublicKey().getAlgorithm()));
@ -85,20 +83,15 @@ public class BrainpoolKeyGenerationTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.SIGN_DATA) KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.CERTIFY_OTHER))
.withDefaultAlgorithms()) .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE))
.withDefaultAlgorithms()) .addSubkey(KeySpec.getBuilder(
.withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) KeyType.RSA(RsaLength._3072), KeyFlag.SIGN_DATA))
.withKeyFlags(KeyFlag.SIGN_DATA) .addUserId(UserId.nameAndEmail("Alice", "alice@pgpainless.org"))
.withDefaultAlgorithms()) .setPassphrase(Passphrase.fromPassword("passphrase"))
.withPrimaryKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1))
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
.withDefaultAlgorithms())
.withPrimaryUserId(UserId.nameAndEmail("Alice", "alice@pgpainless.org"))
.withPassphrase(Passphrase.fromPassword("passphrase"))
.build(); .build();
for (PGPSecretKey key : secretKeys) { for (PGPSecretKey key : secretKeys) {
@ -136,10 +129,9 @@ public class BrainpoolKeyGenerationTest {
public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(subKey) .setPrimaryKey(primaryKey)
.withPrimaryKey(primaryKey) .addSubkey(subKey)
.withPrimaryUserId(userId) .addUserId(userId)
.withoutPassphrase()
.build(); .build();
return secretKeys; return secretKeys;
} }

View file

@ -46,12 +46,9 @@ public class CertificationKeyMustBeAbleToCertifyTest {
for (KeyType type : typesIncapableOfCreatingVerifications) { for (KeyType type : typesIncapableOfCreatingVerifications) {
assertThrows(IllegalArgumentException.class, () -> PGPainless assertThrows(IllegalArgumentException.class, () -> PGPainless
.generateKeyRing() .generateKeyRing()
.withPrimaryKey(KeySpec .setPrimaryKey(KeySpec.getBuilder(type, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.getBuilder(type) .addUserId("should@throw.ex")
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) .build());
.withDefaultAlgorithms())
.withPrimaryUserId("should@throw.ex")
.withoutPassphrase().build());
} }
} }
} }

View file

@ -41,14 +41,11 @@ public class GenerateEllipticCurveKeyTest {
public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing() PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.EDDSA(EdDSACurve._Ed25519),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) .addUserId(UserId.onlyEmail("alice@wonderland.lit").toString())
.withDefaultAlgorithms())
.withPrimaryUserId(UserId.onlyEmail("alice@wonderland.lit").toString())
.withoutPassphrase()
.build(); .build();
assertEquals(PublicKeyAlgorithm.EDDSA.getAlgorithmId(), keyRing.getPublicKey().getAlgorithm()); assertEquals(PublicKeyAlgorithm.EDDSA.getAlgorithmId(), keyRing.getPublicKey().getAlgorithm());

View file

@ -47,15 +47,14 @@ public class GenerateKeyWithAdditionalUserIdTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000); Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000);
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) KeyType.RSA(RsaLength._3072),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
.withPrimaryUserId(UserId.onlyEmail("primary@user.id")) .addUserId(UserId.onlyEmail("primary@user.id"))
.withAdditionalUserId(UserId.onlyEmail("additional@user.id")) .addUserId(UserId.onlyEmail("additional@user.id"))
.withAdditionalUserId(UserId.onlyEmail("additional2@user.id")) .addUserId(UserId.onlyEmail("additional2@user.id"))
.withAdditionalUserId("\ttrimThis@user.id ") .addUserId("\ttrimThis@user.id ")
.setExpirationDate(expiration) .setExpirationDate(expiration)
.withoutPassphrase()
.build(); .build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);

View file

@ -38,7 +38,7 @@ import org.pgpainless.util.Passphrase;
* The issue is that the implementation of {@link Passphrase#emptyPassphrase()} would set the underlying * The issue is that the implementation of {@link Passphrase#emptyPassphrase()} would set the underlying
* char array to null, which caused an NPE later on. * char array to null, which caused an NPE later on.
*/ */
public class GenerateWithEmptyPassphrase { public class GenerateWithEmptyPassphraseTest {
@ParameterizedTest @ParameterizedTest
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories") @MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
@ -46,11 +46,11 @@ public class GenerateWithEmptyPassphrase {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
assertNotNull(PGPainless.generateKeyRing() assertNotNull(PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) KeyType.RSA(RsaLength._3072),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
.withPrimaryUserId("primary@user.id") .addUserId("primary@user.id")
.withPassphrase(Passphrase.emptyPassphrase()) .setPassphrase(Passphrase.emptyPassphrase())
.build()); .build());
} }
} }

View file

@ -19,7 +19,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
@ -32,29 +31,19 @@ public class IllegalKeyFlagsTest {
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories") @MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
public void testKeyCannotCarryFlagsTest(ImplementationFactory implementationFactory) { public void testKeyCannotCarryFlagsTest(ImplementationFactory implementationFactory) {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) KeyType.XDH(XDHSpec._X25519), KeyFlag.SIGN_DATA));
.withKeyFlags(KeyFlag.SIGN_DATA) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) KeyType.XDH(XDHSpec._X25519), KeyFlag.CERTIFY_OTHER));
.withKeyFlags(KeyFlag.CERTIFY_OTHER) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) KeyType.XDH(XDHSpec._X25519), KeyFlag.AUTHENTICATION));
.withKeyFlags(KeyFlag.AUTHENTICATION) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_COMMS));
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_STORAGE));
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE) // <- should throw as well
.withDefaultAlgorithms()));
} }
} }

View file

@ -221,11 +221,14 @@ public class KeyRingInfoTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms()) .setPrimaryKey(KeySpec.getBuilder(
.withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.SIGN_DATA).withDefaultAlgorithms()) KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)).withKeyFlags(KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms()) .addSubkey(KeySpec.getBuilder(
.withPrimaryUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build()) KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1),
.withoutPassphrase() KeyFlag.ENCRYPT_STORAGE))
.addSubkey(KeySpec.getBuilder(
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.SIGN_DATA))
.addUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build())
.build(); .build();
Iterator<PGPSecretKey> keys = secretKeys.iterator(); Iterator<PGPSecretKey> keys = secretKeys.iterator();

View file

@ -51,15 +51,13 @@ public class UserIdRevocationTest {
@Test @Test
public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.EDDSA(EdDSACurve._Ed25519),
.withDefaultAlgorithms()) KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
.withDefaultAlgorithms()) .addUserId("primary@key.id")
.withPrimaryUserId("primary@key.id") .addUserId("secondary@key.id")
.withAdditionalUserId("secondary@key.id")
.withoutPassphrase()
.build(); .build();
// make a copy with revoked subkey // make a copy with revoked subkey
@ -91,15 +89,12 @@ public class UserIdRevocationTest {
@Test @Test
public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.EDDSA(EdDSACurve._Ed25519),
.withDefaultAlgorithms()) KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) .addUserId("primary@key.id")
.withDefaultAlgorithms()) .addUserId("secondary@key.id")
.withPrimaryUserId("primary@key.id")
.withAdditionalUserId("secondary@key.id")
.withoutPassphrase()
.build(); .build();
secretKeys = PGPainless.modifyKeyRing(secretKeys) secretKeys = PGPainless.modifyKeyRing(secretKeys)

View file

@ -61,9 +61,7 @@ public class AddSubKeyTest {
secretKeys = PGPainless.modifyKeyRing(secretKeys) secretKeys = PGPainless.modifyKeyRing(secretKeys)
.addSubKey( .addSubKey(
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256)) KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256), KeyFlag.SIGN_DATA).build(),
.withKeyFlags(KeyFlag.SIGN_DATA)
.withDefaultAlgorithms(),
Passphrase.fromPassword("subKeyPassphrase"), Passphrase.fromPassword("subKeyPassphrase"),
PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("password123"))) PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("password123")))
.done(); .done();

View file

@ -89,14 +89,14 @@ public class PolicyTest {
@Test @Test
public void testAcceptableSymmetricKeyDecryptionAlgorithm() { public void testAcceptableSymmetricKeyDecryptionAlgorithm() {
assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH)); assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH));
assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId())); assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId()));
} }
@Test @Test
public void testUnAcceptableSymmetricKeyDecryptionAlgorithm() { public void testUnAcceptableSymmetricKeyDecryptionAlgorithm() {
assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128)); assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128));
assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId())); assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId()));
} }
@Test @Test

View file

@ -47,13 +47,12 @@ public class BCUtilTest {
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
IOException { IOException {
PGPSecretKeyRing sec = PGPainless.generateKeyRing() PGPSecretKeyRing sec = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.RSA(RsaLength._3072),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072), KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) .addUserId("donald@duck.tails")
.withDefaultAlgorithms()) .build();
.withPrimaryUserId("donald@duck.tails").withoutPassphrase().build();
PGPPublicKeyRing pub = KeyRingUtils.publicKeyRingFrom(sec); PGPPublicKeyRing pub = KeyRingUtils.publicKeyRingFrom(sec);

View file

@ -41,17 +41,12 @@ public class GuessPreferredHashAlgorithmTest {
@Test @Test
public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
.withDetailedConfiguration() .overridePreferredHashAlgorithms(new HashAlgorithm[] {})
// Do not specify preferred algorithms .overridePreferredSymmetricKeyAlgorithms(new SymmetricKeyAlgorithm[] {})
.withPreferredSymmetricAlgorithms(new SymmetricKeyAlgorithm[] {}) .overridePreferredCompressionAlgorithms(new CompressionAlgorithm[] {}))
.withPreferredHashAlgorithms(new HashAlgorithm[] {}) .addUserId("test@test.test")
.withPreferredCompressionAlgorithms(new CompressionAlgorithm[] {})
.done())
.withPrimaryUserId("test@test.test")
.withoutPassphrase()
.build(); .build();
PGPPublicKey publicKey = secretKeys.getPublicKey(); PGPPublicKey publicKey = secretKeys.getPublicKey();

View file

@ -38,14 +38,13 @@ public class TestEncryptCommsStorageFlagsDifferentiated {
@Test @Test
public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyType.RSA(RsaLength._3072),
KeyFlag.CERTIFY_OTHER,
KeyFlag.SIGN_DATA, KeyFlag.SIGN_DATA,
KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS
) ))
.withDefaultAlgorithms()) .addUserId("cannot@encrypt.comms")
.withPrimaryUserId("cannot@encrypt.comms")
.withoutPassphrase()
.build(); .build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);