PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'key_generator_rework'

This commit is contained in:
Paul Schaub 2021-09-20 14:50:02 +02:00
parent 1a4052afb0 708282ba0a
commit 1aa6541766
28 changed files with 489 additions and 779 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
README.md
View File

@ -75,26 +75,19 @@ There are some predefined key archetypes, but it is possible to fully customize
// Customized key // Customized key
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing() PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
.withSubKey( .setPrimaryKey(KeySpec.getBuilder(
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256)) RSA.withLength(RsaLength._8192),
.withKeyFlags(KeyFlag.SIGN_DATA) KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.withDetailedConfiguration() .addSubkey(
.withDefaultSymmetricAlgorithms() KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256), KeyFlag.SIGN_DATA)
.withDefaultHashAlgorithms() .overrideCompressionAlgorithms(CompressionAlgorithm.ZLIB)
.withPreferredCompressionAlgorithms(CompressionAlgorithm.ZLIB) ).addSubkey(
.withFeature(Feature.MODIFICATION_DETECTION) KeySpec.getBuilder(
.done() ECDH.fromCurve(EllipticCurve._P256),
).withSubKey( KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
KeySpec.getBuilder(ECDH.fromCurve(EllipticCurve._P256)) ).addUserId("Juliet <juliet@montague.lit>")
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) .addUserId("xmpp:juliet@capulet.lit")
.withDefaultAlgorithms() .setPassphrase("romeo_oh_Romeo<3")
).withMasterKey(
KeySpec.getBuilder(RSA.withLength(RsaLength._8192))
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER)
.withDefaultAlgorithms()
).withPrimaryUserId("Juliet <juliet@montague.lit>")
.withAdditionalUserId("xmpp:juliet@capulet.lit")
.withPassphrase("romeo_oh_Romeo<3")
.build(); .build();
``` ```

46
pgpainless-core/src/main/java/org/pgpainless/algorithm/AlgorithmSuite.java
View File

@ -15,7 +15,6 @@
*/ */
package org.pgpainless.algorithm; package org.pgpainless.algorithm;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
@ -45,9 +44,9 @@ public class AlgorithmSuite {
CompressionAlgorithm.UNCOMPRESSED) CompressionAlgorithm.UNCOMPRESSED)
); );
private Set<SymmetricKeyAlgorithm> symmetricKeyAlgorithms; private final Set<SymmetricKeyAlgorithm> symmetricKeyAlgorithms;
private Set<HashAlgorithm> hashAlgorithms; private final Set<HashAlgorithm> hashAlgorithms;
private Set<CompressionAlgorithm> compressionAlgorithms; private final Set<CompressionAlgorithm> compressionAlgorithms;
public AlgorithmSuite(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms, public AlgorithmSuite(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms,
List<HashAlgorithm> hashAlgorithms, List<HashAlgorithm> hashAlgorithms,
@ -57,57 +56,18 @@ public class AlgorithmSuite {
this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms)); this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms));
} }
public void setSymmetricKeyAlgorithms(List<SymmetricKeyAlgorithm> symmetricKeyAlgorithms) {
this.symmetricKeyAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(symmetricKeyAlgorithms));
}
public Set<SymmetricKeyAlgorithm> getSymmetricKeyAlgorithms() { public Set<SymmetricKeyAlgorithm> getSymmetricKeyAlgorithms() {
return new LinkedHashSet<>(symmetricKeyAlgorithms); return new LinkedHashSet<>(symmetricKeyAlgorithms);
} }
public int[] getSymmetricKeyAlgorithmIds() {
int[] array = new int[symmetricKeyAlgorithms.size()];
List<SymmetricKeyAlgorithm> list = new ArrayList<>(getSymmetricKeyAlgorithms());
for (int i = 0; i < array.length; i++) {
array[i] = list.get(i).getAlgorithmId();
}
return array;
}
public void setHashAlgorithms(List<HashAlgorithm> hashAlgorithms) {
this.hashAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(hashAlgorithms));
}
public Set<HashAlgorithm> getHashAlgorithms() { public Set<HashAlgorithm> getHashAlgorithms() {
return new LinkedHashSet<>(hashAlgorithms); return new LinkedHashSet<>(hashAlgorithms);
} }
public int[] getHashAlgorithmIds() {
int[] array = new int[hashAlgorithms.size()];
List<HashAlgorithm> list = new ArrayList<>(getHashAlgorithms());
for (int i = 0; i < array.length; i++) {
array[i] = list.get(i).getAlgorithmId();
}
return array;
}
public void setCompressionAlgorithms(List<CompressionAlgorithm> compressionAlgorithms) {
this.compressionAlgorithms = Collections.unmodifiableSet(new LinkedHashSet<>(compressionAlgorithms));
}
public Set<CompressionAlgorithm> getCompressionAlgorithms() { public Set<CompressionAlgorithm> getCompressionAlgorithms() {
return new LinkedHashSet<>(compressionAlgorithms); return new LinkedHashSet<>(compressionAlgorithms);
} }
public int[] getCompressionAlgorithmIds() {
int[] array = new int[compressionAlgorithms.size()];
List<CompressionAlgorithm> list = new ArrayList<>(getCompressionAlgorithms());
for (int i = 0; i < array.length; i++) {
array[i] = list.get(i).getAlgorithmId();
}
return array;
}
public static AlgorithmSuite getDefaultAlgorithmSuite() { public static AlgorithmSuite getDefaultAlgorithmSuite() {
return defaultAlgorithmSuite; return defaultAlgorithmSuite;
} }

2
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
View File

@ -466,7 +466,7 @@ public final class DecryptionStreamFactory {
} }
private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm algorithm) throws UnacceptableAlgorithmException { private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm algorithm) throws UnacceptableAlgorithmException {
if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(algorithm)) { if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(algorithm)) {
throw new UnacceptableAlgorithmException("Data is " throw new UnacceptableAlgorithmException("Data is "
+ (algorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + algorithm) + " which is not acceptable as per PGPainless' policy.\n" + + (algorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + algorithm) + " which is not acceptable as per PGPainless' policy.\n" +
"To mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy()."); "To mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy().");

419
pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java
View File

@ -61,14 +61,18 @@ import org.pgpainless.provider.ProviderFactory;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil; import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil;
public class KeyRingBuilder implements KeyRingBuilderInterface { public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
private final Charset UTF8 = Charset.forName("UTF-8"); private final Charset UTF8 = Charset.forName("UTF-8");
private final List<KeySpec> keySpecs = new ArrayList<>(); private PGPSignatureGenerator signatureGenerator;
private String userId; private PGPDigestCalculator digestCalculator;
private final Set<String> additionalUserIds = new LinkedHashSet<>(); private PBESecretKeyEncryptor secretKeyEncryptor;
private Passphrase passphrase;
private KeySpec primaryKeySpec;
private final List<KeySpec> subkeySpecs = new ArrayList<>();
private final Set<String> userIds = new LinkedHashSet<>();
private Passphrase passphrase = null;
private Date expirationDate = null; private Date expirationDate = null;
/** /**
@ -126,18 +130,14 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
*/ */
public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password) public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password)
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
WithAdditionalUserIdOrPassphrase builder = this KeyRingBuilder builder = new KeyRingBuilder()
.withPrimaryKey( .setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
KeySpec.getBuilder(KeyType.RSA(length)) .addUserId(userId);
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS)
.withDefaultAlgorithms())
.withPrimaryUserId(userId);
if (password == null) { if (!isNullOrEmpty(password)) {
return builder.withoutPassphrase().build(); builder.setPassphrase(Passphrase.fromPassword(password));
} else {
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
} }
return builder.build();
} }
/** /**
@ -195,22 +195,15 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
*/ */
public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password) public PGPSecretKeyRing simpleEcKeyRing(@Nonnull String userId, String password)
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
WithAdditionalUserIdOrPassphrase builder = this KeyRingBuilder builder = new KeyRingBuilder()
.withSubKey( .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) .addUserId(userId);
.withDefaultAlgorithms())
.withPrimaryKey(
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
.withDefaultAlgorithms())
.withPrimaryUserId(userId);
if (password == null) { if (!isNullOrEmpty(password)) {
return builder.withoutPassphrase().build(); builder.setPassphrase(Passphrase.fromPassword(password));
} else {
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
} }
return builder.build();
} }
/** /**
@ -223,40 +216,59 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
*/ */
public PGPSecretKeyRing modernKeyRing(String userId, String password) public PGPSecretKeyRing modernKeyRing(String userId, String password)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
WithAdditionalUserIdOrPassphrase builder = this KeyRingBuilder builder = new KeyRingBuilder()
.withSubKey( .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
.withDefaultAlgorithms()) .addUserId(userId);
.withSubKey( if (!isNullOrEmpty(password)) {
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) builder.setPassphrase(Passphrase.fromPassword(password));
.withKeyFlags(KeyFlag.SIGN_DATA)
.withDefaultAlgorithms())
.withPrimaryKey(
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
.withDefaultAlgorithms())
.withPrimaryUserId(userId);
if (password == null) {
return builder.withoutPassphrase().build();
} else {
return builder.withPassphrase(new Passphrase(password.toCharArray())).build();
} }
return builder.build();
} }
@Override @Override
public KeyRingBuilderInterface withSubKey(@Nonnull KeySpec type) { public KeyRingBuilder setPrimaryKey(@Nonnull KeySpec keySpec) {
KeyRingBuilder.this.keySpecs.add(type); verifyMasterKeyCanCertify(keySpec);
this.primaryKeySpec = keySpec;
return this; return this;
} }
@Override @Override
public WithPrimaryUserId withPrimaryKey(@Nonnull KeySpec spec) { public KeyRingBuilder addSubkey(@Nonnull KeySpec keySpec) {
verifyMasterKeyCanCertify(spec); this.subkeySpecs.add(keySpec);
return this;
}
KeyRingBuilder.this.keySpecs.add(0, spec); @Override
return new WithPrimaryUserIdImpl(); public KeyRingBuilder addUserId(@Nonnull String userId) {
this.userIds.add(userId.trim());
return this;
}
@Override
public KeyRingBuilder addUserId(@Nonnull byte[] userId) {
return addUserId(new String(userId, UTF8));
}
@Override
public KeyRingBuilder setExpirationDate(@Nonnull Date expirationDate) {
Date now = new Date();
if (now.after(expirationDate)) {
throw new IllegalArgumentException("Expiration date must be in the future.");
}
this.expirationDate = expirationDate;
return this;
}
@Override
public KeyRingBuilder setPassphrase(@Nonnull Passphrase passphrase) {
this.passphrase = passphrase;
return this;
}
private static boolean isNullOrEmpty(String password) {
return password == null || password.trim().isEmpty();
} }
private void verifyMasterKeyCanCertify(KeySpec spec) { private void verifyMasterKeyCanCertify(KeySpec spec) {
@ -276,196 +288,139 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
return keySpec.getKeyType().canCertify(); return keySpec.getKeyType().canCertify();
} }
class WithPrimaryUserIdImpl implements WithPrimaryUserId { @Override
public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException {
if (userIds.isEmpty()) {
throw new IllegalStateException("At least one user-id is required.");
}
digestCalculator = buildDigestCalculator();
secretKeyEncryptor = buildSecretKeyEncryptor();
PBESecretKeyDecryptor secretKeyDecryptor = buildSecretKeyDecryptor();
@Override if (passphrase != null) {
public WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull String userId) { passphrase.clear();
KeyRingBuilder.this.userId = userId.trim();
return new WithAdditionalUserIdOrPassphraseImpl();
} }
@Override // Generate Primary Key
public WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull byte[] userId) { PGPKeyPair certKey = generateKeyPair(primaryKeySpec);
return withPrimaryUserId(new String(userId, UTF8)); PGPContentSignerBuilder signer = buildContentSigner(certKey);
signatureGenerator = new PGPSignatureGenerator(signer);
PGPSignatureSubpacketGenerator hashedSubPacketGenerator = primaryKeySpec.getSubpacketGenerator();
hashedSubPacketGenerator.setPrimaryUserID(false, true);
if (expirationDate != null) {
SignatureSubpacketGeneratorUtil.setExpirationDateInSubpacketGenerator(
expirationDate, new Date(), hashedSubPacketGenerator);
}
PGPSignatureSubpacketVector hashedSubPackets = hashedSubPacketGenerator.generate();
// Generator which the user can get the key pair from
PGPKeyRingGenerator ringGenerator = buildRingGenerator(certKey, signer, hashedSubPackets);
addSubKeys(certKey, ringGenerator);
// Generate secret key ring with only primary user id
PGPSecretKeyRing secretKeyRing = ringGenerator.generateSecretKeyRing();
Iterator<PGPSecretKey> secretKeys = secretKeyRing.getSecretKeys();
// Attempt to add additional user-ids to the primary public key
PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey();
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKeyRing.getSecretKey(), secretKeyDecryptor);
Iterator<String> additionalUserIds = userIds.iterator();
additionalUserIds.next(); // Skip primary user id
while (additionalUserIds.hasNext()) {
String additionalUserId = additionalUserIds.next();
signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey);
PGPSignature additionalUserIdSignature =
signatureGenerator.generateCertification(additionalUserId, primaryPubKey);
primaryPubKey = PGPPublicKey.addCertification(primaryPubKey,
additionalUserId, additionalUserIdSignature);
}
// "reassemble" secret key ring with modified primary key
PGPSecretKey primarySecKey = new PGPSecretKey(
privateKey,
primaryPubKey, digestCalculator, true, secretKeyEncryptor);
List<PGPSecretKey> secretKeyList = new ArrayList<>();
secretKeyList.add(primarySecKey);
while (secretKeys.hasNext()) {
secretKeyList.add(secretKeys.next());
}
secretKeyRing = new PGPSecretKeyRing(secretKeyList);
return secretKeyRing;
}
private PGPKeyRingGenerator buildRingGenerator(PGPKeyPair certKey,
PGPContentSignerBuilder signer,
PGPSignatureSubpacketVector hashedSubPackets)
throws PGPException {
String primaryUserId = userIds.iterator().next();
return new PGPKeyRingGenerator(
SignatureType.POSITIVE_CERTIFICATION.getCode(), certKey,
primaryUserId, digestCalculator,
hashedSubPackets, null, signer, secretKeyEncryptor);
}
private void addSubKeys(PGPKeyPair primaryKey, PGPKeyRingGenerator ringGenerator)
throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
for (KeySpec subKeySpec : subkeySpecs) {
PGPKeyPair subKey = generateKeyPair(subKeySpec);
if (subKeySpec.isInheritedSubPackets()) {
ringGenerator.addSubKey(subKey);
} else {
PGPSignatureSubpacketVector hashedSubpackets = subKeySpec.getSubpackets();
try {
hashedSubpackets = addPrimaryKeyBindingSignatureIfNecessary(primaryKey, subKey, hashedSubpackets);
} catch (IOException e) {
throw new PGPException("Exception while adding primary key binding signature to signing subkey", e);
}
ringGenerator.addSubKey(subKey, hashedSubpackets, null);
}
} }
} }
class WithAdditionalUserIdOrPassphraseImpl implements WithAdditionalUserIdOrPassphrase { private PGPSignatureSubpacketVector addPrimaryKeyBindingSignatureIfNecessary(PGPKeyPair primaryKey, PGPKeyPair subKey, PGPSignatureSubpacketVector hashedSubpackets) throws PGPException, IOException {
int keyFlagMask = hashedSubpackets.getKeyFlags();
@Override if (!KeyFlag.hasKeyFlag(keyFlagMask, KeyFlag.SIGN_DATA) && !KeyFlag.hasKeyFlag(keyFlagMask, KeyFlag.CERTIFY_OTHER)) {
public WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate) { return hashedSubpackets;
Date now = new Date();
if (now.after(expirationDate)) {
throw new IllegalArgumentException("Expiration date must be in the future.");
}
KeyRingBuilder.this.expirationDate = expirationDate;
return this;
} }
@Override PGPSignatureGenerator bindingSignatureGenerator = new PGPSignatureGenerator(buildContentSigner(subKey));
public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId) { bindingSignatureGenerator.init(SignatureType.PRIMARYKEY_BINDING.getCode(), subKey.getPrivateKey());
String trimmed = userId.trim(); PGPSignature primaryKeyBindingSig = bindingSignatureGenerator.generateCertification(primaryKey.getPublicKey(), subKey.getPublicKey());
if (KeyRingBuilder.this.userId.equals(trimmed)) { PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator(hashedSubpackets);
throw new IllegalArgumentException("Additional user-id MUST NOT be equal to primary user-id."); subpacketGenerator.addEmbeddedSignature(false, primaryKeyBindingSig);
} return subpacketGenerator.generate();
KeyRingBuilder.this.additionalUserIds.add(trimmed); }
return this;
}
@Override private PGPContentSignerBuilder buildContentSigner(PGPKeyPair certKey) {
public WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId) { HashAlgorithm hashAlgorithm = PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm();
return withAdditionalUserId(new String(userId, UTF8)); return ImplementationFactory.getInstance().getPGPContentSignerBuilder(
} certKey.getPublicKey().getAlgorithm(),
hashAlgorithm.getAlgorithmId());
}
@Override private PBESecretKeyEncryptor buildSecretKeyEncryptor() {
public Build withPassphrase(@Nonnull Passphrase passphrase) { SymmetricKeyAlgorithm keyEncryptionAlgorithm = PGPainless.getPolicy().getSymmetricKeyEncryptionAlgorithmPolicy()
KeyRingBuilder.this.passphrase = passphrase; .getDefaultSymmetricKeyAlgorithm();
return new BuildImpl(); PBESecretKeyEncryptor encryptor = passphrase == null || passphrase.isEmpty() ?
} null : // unencrypted key pair, otherwise AES-256 encrypted
ImplementationFactory.getInstance().getPBESecretKeyEncryptor(
keyEncryptionAlgorithm, digestCalculator, passphrase);
return encryptor;
}
@Override private PBESecretKeyDecryptor buildSecretKeyDecryptor() throws PGPException {
public Build withoutPassphrase() { PBESecretKeyDecryptor decryptor = passphrase == null || passphrase.isEmpty() ?
KeyRingBuilder.this.passphrase = null; null :
return new BuildImpl(); ImplementationFactory.getInstance().getPBESecretKeyDecryptor(passphrase);
} return decryptor;
}
class BuildImpl implements Build { private PGPDigestCalculator buildDigestCalculator() throws PGPException {
return ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1);
private PGPSignatureGenerator signatureGenerator;
private PGPDigestCalculator digestCalculator;
private PBESecretKeyEncryptor secretKeyEncryptor;
@Override
public PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException {
digestCalculator = buildDigestCalculator();
secretKeyEncryptor = buildSecretKeyEncryptor();
PBESecretKeyDecryptor secretKeyDecryptor = buildSecretKeyDecryptor();
if (passphrase != null) {
passphrase.clear();
}
// First key is the Master Key
KeySpec certKeySpec = keySpecs.remove(0);
// Generate Master Key
PGPKeyPair certKey = generateKeyPair(certKeySpec);
PGPContentSignerBuilder signer = buildContentSigner(certKey);
signatureGenerator = new PGPSignatureGenerator(signer);
PGPSignatureSubpacketGenerator hashedSubPacketGenerator = certKeySpec.getSubpacketGenerator();
hashedSubPacketGenerator.setPrimaryUserID(false, true);
if (expirationDate != null) {
SignatureSubpacketGeneratorUtil.setExpirationDateInSubpacketGenerator(
expirationDate, new Date(), hashedSubPacketGenerator);
}
PGPSignatureSubpacketVector hashedSubPackets = hashedSubPacketGenerator.generate();
// Generator which the user can get the key pair from
PGPKeyRingGenerator ringGenerator = buildRingGenerator(certKey, signer, hashedSubPackets);
addSubKeys(certKey, ringGenerator);
// Generate secret key ring with only primary user id
PGPSecretKeyRing secretKeyRing = ringGenerator.generateSecretKeyRing();
Iterator<PGPSecretKey> secretKeys = secretKeyRing.getSecretKeys();
// Attempt to add additional user-ids to the primary public key
PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey();
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKeyRing.getSecretKey(), secretKeyDecryptor);
for (String additionalUserId : additionalUserIds) {
signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey);
PGPSignature additionalUserIdSignature =
signatureGenerator.generateCertification(additionalUserId, primaryPubKey);
primaryPubKey = PGPPublicKey.addCertification(primaryPubKey,
additionalUserId, additionalUserIdSignature);
}
// "reassemble" secret key ring with modified primary key
PGPSecretKey primarySecKey = new PGPSecretKey(
privateKey,
primaryPubKey, digestCalculator, true, secretKeyEncryptor);
List<PGPSecretKey> secretKeyList = new ArrayList<>();
secretKeyList.add(primarySecKey);
while (secretKeys.hasNext()) {
secretKeyList.add(secretKeys.next());
}
secretKeyRing = new PGPSecretKeyRing(secretKeyList);
return secretKeyRing;
}
private PGPKeyRingGenerator buildRingGenerator(PGPKeyPair certKey,
PGPContentSignerBuilder signer,
PGPSignatureSubpacketVector hashedSubPackets)
throws PGPException {
return new PGPKeyRingGenerator(
SignatureType.POSITIVE_CERTIFICATION.getCode(), certKey,
userId, digestCalculator,
hashedSubPackets, null, signer, secretKeyEncryptor);
}
private void addSubKeys(PGPKeyPair primaryKey, PGPKeyRingGenerator ringGenerator)
throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException {
for (KeySpec subKeySpec : keySpecs) {
PGPKeyPair subKey = generateKeyPair(subKeySpec);
if (subKeySpec.isInheritedSubPackets()) {
ringGenerator.addSubKey(subKey);
} else {
PGPSignatureSubpacketVector hashedSubpackets = subKeySpec.getSubpackets();
try {
hashedSubpackets = addPrimaryKeyBindingSignatureIfNecessary(primaryKey, subKey, hashedSubpackets);
} catch (IOException e) {
throw new PGPException("Exception while adding primary key binding signature to signing subkey", e);
}
ringGenerator.addSubKey(subKey, hashedSubpackets, null);
}
}
}
private PGPSignatureSubpacketVector addPrimaryKeyBindingSignatureIfNecessary(PGPKeyPair primaryKey, PGPKeyPair subKey, PGPSignatureSubpacketVector hashedSubpackets) throws PGPException, IOException {
int keyFlagMask = hashedSubpackets.getKeyFlags();
if (!KeyFlag.hasKeyFlag(keyFlagMask, KeyFlag.SIGN_DATA) && !KeyFlag.hasKeyFlag(keyFlagMask, KeyFlag.CERTIFY_OTHER)) {
return hashedSubpackets;
}
PGPSignatureGenerator bindingSignatureGenerator = new PGPSignatureGenerator(buildContentSigner(subKey));
bindingSignatureGenerator.init(SignatureType.PRIMARYKEY_BINDING.getCode(), subKey.getPrivateKey());
PGPSignature primaryKeyBindingSig = bindingSignatureGenerator.generateCertification(primaryKey.getPublicKey(), subKey.getPublicKey());
PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator(hashedSubpackets);
subpacketGenerator.addEmbeddedSignature(false, primaryKeyBindingSig);
return subpacketGenerator.generate();
}
private PGPContentSignerBuilder buildContentSigner(PGPKeyPair certKey) {
HashAlgorithm hashAlgorithm = PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm();
return ImplementationFactory.getInstance().getPGPContentSignerBuilder(
certKey.getPublicKey().getAlgorithm(),
hashAlgorithm.getAlgorithmId());
}
private PBESecretKeyEncryptor buildSecretKeyEncryptor() {
SymmetricKeyAlgorithm keyEncryptionAlgorithm = PGPainless.getPolicy().getSymmetricKeyEncryptionAlgorithmPolicy()
.getDefaultSymmetricKeyAlgorithm();
PBESecretKeyEncryptor encryptor = passphrase == null || passphrase.isEmpty() ?
null : // unencrypted key pair, otherwise AES-256 encrypted
ImplementationFactory.getInstance().getPBESecretKeyEncryptor(
keyEncryptionAlgorithm, digestCalculator, passphrase);
return encryptor;
}
private PBESecretKeyDecryptor buildSecretKeyDecryptor() throws PGPException {
PBESecretKeyDecryptor decryptor = passphrase == null || passphrase.isEmpty() ?
null :
ImplementationFactory.getInstance().getPBESecretKeyDecryptor(passphrase);
return decryptor;
}
private PGPDigestCalculator buildDigestCalculator() throws PGPException {
return ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1);
}
}
} }
public static PGPKeyPair generateKeyPair(KeySpec spec) public static PGPKeyPair generateKeyPair(KeySpec spec)

56
pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilderInterface.java
View File

@ -25,50 +25,32 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.pgpainless.key.util.UserId; import org.pgpainless.key.util.UserId;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
public interface KeyRingBuilderInterface { public interface KeyRingBuilderInterface<B extends KeyRingBuilderInterface<B>> {
KeyRingBuilderInterface withSubKey(@Nonnull KeySpec keySpec); B setPrimaryKey(@Nonnull KeySpec keySpec);
WithPrimaryUserId withPrimaryKey(@Nonnull KeySpec keySpec);
interface WithPrimaryUserId {
default WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull UserId userId) {
return withPrimaryUserId(userId.toString());
}
WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull String userId);
WithAdditionalUserIdOrPassphrase withPrimaryUserId(@Nonnull byte[] userId);
default B setPrimaryKey(@Nonnull KeySpecBuilder builder) {
return setPrimaryKey(builder.build());
} }
interface WithAdditionalUserIdOrPassphrase { B addSubkey(@Nonnull KeySpec keySpec);
default WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull UserId userId) { default B addSubkey(@Nonnull KeySpecBuilder builder) {
return withAdditionalUserId(userId.toString()); return addSubkey(builder.build());
}
/**
* Set an expiration date for the key.
*
* @param expirationDate date on which the key will expire.
* @return builder
*/
WithAdditionalUserIdOrPassphrase setExpirationDate(@Nonnull Date expirationDate);
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull String userId);
WithAdditionalUserIdOrPassphrase withAdditionalUserId(@Nonnull byte[] userId);
Build withPassphrase(@Nonnull Passphrase passphrase);
Build withoutPassphrase();
} }
interface Build { default B addUserId(UserId userId) {
return addUserId(userId.toString());
}
PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException, B addUserId(@Nonnull String userId);
B addUserId(@Nonnull byte[] userId);
B setExpirationDate(@Nonnull Date expirationDate);
B setPassphrase(@Nonnull Passphrase passphrase);
PGPSecretKeyRing build() throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException; InvalidAlgorithmParameterException;
}
} }

5
pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpec.java
View File

@ -20,6 +20,7 @@ import javax.annotation.Nullable;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector; import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
public class KeySpec { public class KeySpec {
@ -54,7 +55,7 @@ public class KeySpec {
return inheritedSubPackets; return inheritedSubPackets;
} }
public static KeySpecBuilder getBuilder(KeyType type) { public static KeySpecBuilder getBuilder(KeyType type, KeyFlag flag, KeyFlag... flags) {
return new KeySpecBuilder(type); return new KeySpecBuilder(type, flag, flags);
} }
} }

199
pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java
View File

@ -15,10 +15,14 @@
*/ */
package org.pgpainless.key.generation; package org.pgpainless.key.generation;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import org.bouncycastle.bcpg.sig.Features;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.AlgorithmSuite; import org.pgpainless.algorithm.AlgorithmSuite;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.Feature; import org.pgpainless.algorithm.Feature;
@ -26,24 +30,89 @@ import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.util.CollectionUtils;
public class KeySpecBuilder implements KeySpecBuilderInterface { public class KeySpecBuilder implements KeySpecBuilderInterface {
private final KeyType type; private final KeyType type;
private final KeyFlag[] keyFlags;
private final PGPSignatureSubpacketGenerator hashedSubPackets = new PGPSignatureSubpacketGenerator(); private final PGPSignatureSubpacketGenerator hashedSubPackets = new PGPSignatureSubpacketGenerator();
private final AlgorithmSuite algorithmSuite = PGPainless.getPolicy().getKeyGenerationAlgorithmSuite();
private Set<CompressionAlgorithm> preferredCompressionAlgorithms = algorithmSuite.getCompressionAlgorithms();
private Set<HashAlgorithm> preferredHashAlgorithms = algorithmSuite.getHashAlgorithms();
private Set<SymmetricKeyAlgorithm> preferredSymmetricAlgorithms = algorithmSuite.getSymmetricKeyAlgorithms();
KeySpecBuilder(@Nonnull KeyType type) { KeySpecBuilder(@Nonnull KeyType type, KeyFlag flag, KeyFlag... flags) {
if (flag == null) {
throw new IllegalArgumentException("Key MUST carry at least one key flag");
}
if (flags == null) {
throw new IllegalArgumentException("List of additional flags MUST NOT be null.");
}
flags = CollectionUtils.concat(flag, flags);
assureKeyCanCarryFlags(type, flags);
this.type = type; this.type = type;
this.keyFlags = flags;
} }
@Override @Override
public WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags) { public KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms) {
assureKeyCanCarryFlags(flags); this.preferredCompressionAlgorithms = new LinkedHashSet<>(Arrays.asList(compressionAlgorithms));
this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(flags)); return this;
return new WithDetailedConfigurationImpl();
} }
private void assureKeyCanCarryFlags(KeyFlag... flags) { @Override
public KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms) {
this.preferredHashAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredHashAlgorithms));
return this;
}
@Override
public KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms) {
this.preferredSymmetricAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredSymmetricKeyAlgorithms));
return this;
}
@Override
public KeySpec build() {
this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(keyFlags));
this.hashedSubPackets.setPreferredCompressionAlgorithms(false, getPreferredCompressionAlgorithmIDs());
this.hashedSubPackets.setPreferredHashAlgorithms(false, getPreferredHashAlgorithmIDs());
this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, getPreferredSymmetricKeyAlgorithmIDs());
this.hashedSubPackets.setFeature(false, Feature.MODIFICATION_DETECTION.getFeatureId());
return new KeySpec(type, hashedSubPackets, false);
}
private int[] getPreferredCompressionAlgorithmIDs() {
int[] ids = new int[preferredCompressionAlgorithms.size()];
Iterator<CompressionAlgorithm> iterator = preferredCompressionAlgorithms.iterator();
for (int i = 0; i < ids.length; i++) {
ids[i] = iterator.next().getAlgorithmId();
}
return ids;
}
private int[] getPreferredHashAlgorithmIDs() {
int[] ids = new int[preferredHashAlgorithms.size()];
Iterator<HashAlgorithm> iterator = preferredHashAlgorithms.iterator();
for (int i = 0; i < ids.length; i++) {
ids[i] = iterator.next().getAlgorithmId();
}
return ids;
}
private int[] getPreferredSymmetricKeyAlgorithmIDs() {
int[] ids = new int[preferredSymmetricAlgorithms.size()];
Iterator<SymmetricKeyAlgorithm> iterator = preferredSymmetricAlgorithms.iterator();
for (int i = 0; i < ids.length; i++) {
ids[i] = iterator.next().getAlgorithmId();
}
return ids;
}
private static void assureKeyCanCarryFlags(KeyType type, KeyFlag... flags) {
final int mask = KeyFlag.toBitmask(flags); final int mask = KeyFlag.toBitmask(flags);
if (!type.canCertify() && KeyFlag.hasKeyFlag(mask, KeyFlag.CERTIFY_OTHER)) { if (!type.canCertify() && KeyFlag.hasKeyFlag(mask, KeyFlag.CERTIFY_OTHER)) {
@ -66,120 +135,4 @@ public class KeySpecBuilder implements KeySpecBuilderInterface {
throw new IllegalArgumentException("KeyType " + type.getName() + " cannot carry key flag AUTHENTIACTION."); throw new IllegalArgumentException("KeyType " + type.getName() + " cannot carry key flag AUTHENTIACTION.");
} }
} }
@Override
public KeySpec withInheritedSubPackets() {
return new KeySpec(type, null, true);
}
class WithDetailedConfigurationImpl implements WithDetailedConfiguration {
@Deprecated
@Override
public WithPreferredSymmetricAlgorithms withDetailedConfiguration() {
return new WithPreferredSymmetricAlgorithmsImpl();
}
@Override
public KeySpec withDefaultAlgorithms() {
AlgorithmSuite defaultSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
hashedSubPackets.setPreferredCompressionAlgorithms(false, defaultSuite.getCompressionAlgorithmIds());
hashedSubPackets.setPreferredSymmetricAlgorithms(false, defaultSuite.getSymmetricKeyAlgorithmIds());
hashedSubPackets.setPreferredHashAlgorithms(false, defaultSuite.getHashAlgorithmIds());
hashedSubPackets.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);
return new KeySpec(
KeySpecBuilder.this.type,
KeySpecBuilder.this.hashedSubPackets,
false);
}
}
class WithPreferredSymmetricAlgorithmsImpl implements WithPreferredSymmetricAlgorithms {
@Override
public WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms) {
int[] ids = new int[algorithms.length];
for (int i = 0; i < ids.length; i++) {
ids[i] = algorithms[i].getAlgorithmId();
}
KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, ids);
return new WithPreferredHashAlgorithmsImpl();
}
@Override
public WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms() {
KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds());
return new WithPreferredHashAlgorithmsImpl();
}
@Override
public WithFeatures withDefaultAlgorithms() {
hashedSubPackets.setPreferredSymmetricAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds());
hashedSubPackets.setPreferredCompressionAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds());
hashedSubPackets.setPreferredHashAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds());
return new WithFeaturesImpl();
}
}
class WithPreferredHashAlgorithmsImpl implements WithPreferredHashAlgorithms {
@Override
public WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms) {
int[] ids = new int[algorithms.length];
for (int i = 0; i < ids.length; i++) {
ids[i] = algorithms[i].getAlgorithmId();
}
KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false, ids);
return new WithPreferredCompressionAlgorithmsImpl();
}
@Override
public WithPreferredCompressionAlgorithms withDefaultHashAlgorithms() {
KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds());
return new WithPreferredCompressionAlgorithmsImpl();
}
}
class WithPreferredCompressionAlgorithmsImpl implements WithPreferredCompressionAlgorithms {
@Override
public WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms) {
int[] ids = new int[algorithms.length];
for (int i = 0; i < ids.length; i++) {
ids[i] = algorithms[i].getAlgorithmId();
}
KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false, ids);
return new WithFeaturesImpl();
}
@Override
public WithFeatures withDefaultCompressionAlgorithms() {
KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false,
AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds());
return new WithFeaturesImpl();
}
}
class WithFeaturesImpl implements WithFeatures {
@Override
public WithFeatures withFeature(@Nonnull Feature feature) {
KeySpecBuilder.this.hashedSubPackets.setFeature(false, feature.getFeatureId());
return this;
}
@Override
public KeySpec done() {
return new KeySpec(
KeySpecBuilder.this.type,
hashedSubPackets,
false);
}
}
} }

47
pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilderInterface.java
View File

@ -18,55 +18,16 @@ package org.pgpainless.key.generation;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.Feature;
import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
public interface KeySpecBuilderInterface { public interface KeySpecBuilderInterface {
WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags); KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms);
KeySpec withInheritedSubPackets(); KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms);
interface WithDetailedConfiguration { KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms);
WithPreferredSymmetricAlgorithms withDetailedConfiguration();
KeySpec withDefaultAlgorithms();
}
interface WithPreferredSymmetricAlgorithms {
WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms);
WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms();
WithFeatures withDefaultAlgorithms();
}
interface WithPreferredHashAlgorithms {
WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms);
WithPreferredCompressionAlgorithms withDefaultHashAlgorithms();
}
interface WithPreferredCompressionAlgorithms {
WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms);
WithFeatures withDefaultCompressionAlgorithms();
}
interface WithFeatures {
WithFeatures withFeature(@Nonnull Feature feature);
KeySpec done();
}
KeySpec build();
} }

24
pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java
View File

@ -21,6 +21,9 @@ import java.util.EnumMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import javax.annotation.Nonnull;
import org.pgpainless.algorithm.AlgorithmSuite;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.PublicKeyAlgorithm; import org.pgpainless.algorithm.PublicKeyAlgorithm;
@ -48,6 +51,8 @@ public final class Policy {
PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy(); PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy();
private final NotationRegistry notationRegistry = new NotationRegistry(); private final NotationRegistry notationRegistry = new NotationRegistry();
private AlgorithmSuite keyGenerationAlgorithmSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
Policy() { Policy() {
} }
@ -122,7 +127,7 @@ public final class Policy {
* *
* @return symmetric algorithm policy for decryption * @return symmetric algorithm policy for decryption
*/ */
public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgoritmPolicy() { public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgorithmPolicy() {
return symmetricKeyDecryptionAlgorithmPolicy; return symmetricKeyDecryptionAlgorithmPolicy;
} }
@ -459,4 +464,21 @@ public final class Policy {
public NotationRegistry getNotationRegistry() { public NotationRegistry getNotationRegistry() {
return notationRegistry; return notationRegistry;
} }
/**
* Return the current {@link AlgorithmSuite} which defines preferred algorithms used during key generation.
* @return current algorithm suite
*/
public @Nonnull AlgorithmSuite getKeyGenerationAlgorithmSuite() {
return keyGenerationAlgorithmSuite;
}
/**
* Set a custom {@link AlgorithmSuite} which defines preferred algorithms used during key generation.
*
* @param algorithmSuite custom algorithm suite
*/
public void setKeyGenerationAlgorithmSuite(@Nonnull AlgorithmSuite algorithmSuite) {
this.keyGenerationAlgorithmSuite = algorithmSuite;
}
} }

8
pgpainless-core/src/main/java/org/pgpainless/util/CollectionUtils.java
View File

@ -15,6 +15,7 @@
*/ */
package org.pgpainless.util; package org.pgpainless.util;
import java.lang.reflect.Array;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -33,4 +34,11 @@ public final class CollectionUtils {
} }
return items; return items;
} }
public static <T> T[] concat(T t, T[] ts) {
T[] concat = (T[]) Array.newInstance(t.getClass(), ts.length + 1);
concat[0] = t;
System.arraycopy(ts, 0, concat, 1, ts.length);
return concat;
}
} }

73
pgpainless-core/src/test/java/org/pgpainless/algorithm/AlgorithmSuiteTest.java
View File

@ -1,73 +0,0 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.algorithm;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
public class AlgorithmSuiteTest {
private AlgorithmSuite suite;
@BeforeEach
public void resetEmptyAlgorithmSuite() {
suite = new AlgorithmSuite(
Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList()
);
}
@Test
public void setSymmetricAlgorithmsTest() {
List<SymmetricKeyAlgorithm> algorithmList = Arrays.asList(
SymmetricKeyAlgorithm.AES_128, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_256
);
suite.setSymmetricKeyAlgorithms(algorithmList);
assertEquals(algorithmList, new ArrayList<>(suite.getSymmetricKeyAlgorithms()));
}
@Test
public void setHashAlgorithmsTest() {
List<HashAlgorithm> algorithmList = Arrays.asList(
HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512
);
suite.setHashAlgorithms(algorithmList);
assertEquals(algorithmList, new ArrayList<>(suite.getHashAlgorithms()));
}
@Test
public void setCompressionAlgorithmsTest() {
List<CompressionAlgorithm> algorithmList = Arrays.asList(
CompressionAlgorithm.ZLIB, CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2
);
suite.setCompressionAlgorithms(algorithmList);
assertEquals(algorithmList, new ArrayList<>(suite.getCompressionAlgorithms()));
}
}

12
pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java
View File

@ -88,9 +88,13 @@ public class EncryptDecryptTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072); PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072);
PGPSecretKeyRing recipient = PGPainless.generateKeyRing() PGPSecretKeyRing recipient = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(ElGamal.withLength(ElGamalLength._3072)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()) .setPrimaryKey(KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096)).withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms()) KeyType.RSA(RsaLength._4096),
.withPrimaryUserId("juliet@capulet.lit").withoutPassphrase().build(); KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.addSubkey(KeySpec.getBuilder(
ElGamal.withLength(ElGamalLength._3072),
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
.addUserId("juliet@capulet.lit").build();
encryptDecryptForSecretKeyRings(sender, recipient); encryptDecryptForSecretKeyRings(sender, recipient);
} }
@ -262,7 +266,7 @@ public class EncryptDecryptTest {
EncryptionStream signer = PGPainless.encryptAndOrSign().onOutputStream(signOut) EncryptionStream signer = PGPainless.encryptAndOrSign().onOutputStream(signOut)
.withOptions(ProducerOptions.sign( .withOptions(ProducerOptions.sign(
SigningOptions.get() SigningOptions.get()
.addInlineSignature(keyRingProtector, signingKeys, DocumentSignatureType.BINARY_DOCUMENT) .addInlineSignature(keyRingProtector, signingKeys, DocumentSignatureType.BINARY_DOCUMENT)
).setAsciiArmor(true)); ).setAsciiArmor(true));
Streams.pipeAll(inputStream, signer); Streams.pipeAll(inputStream, signer);
signer.close(); signer.close();

23
pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java
View File

@ -59,15 +59,13 @@ public class EncryptionOptionsTest {
@BeforeAll @BeforeAll
public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
secretKeys = PGPainless.generateKeyRing() secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER)
.withKeyFlags(KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()) .build())
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS)
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms()) .build())
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE)
.withKeyFlags(KeyFlag.CERTIFY_OTHER) .build())
.withDefaultAlgorithms()) .addUserId("test@pgpainless.org")
.withPrimaryUserId("test@pgpainless.org")
.withoutPassphrase()
.build(); .build();
publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
@ -140,10 +138,9 @@ public class EncryptionOptionsTest {
public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
EncryptionOptions options = new EncryptionOptions(); EncryptionOptions options = new EncryptionOptions();
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).withDefaultAlgorithms()) .addUserId("test@pgpainless.org")
.withPrimaryUserId("test@pgpainless.org") .build();
.withoutPassphrase().build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
assertThrows(IllegalArgumentException.class, () -> options.addRecipient(publicKeys)); assertThrows(IllegalArgumentException.class, () -> options.addRecipient(publicKeys));

97
pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java
View File

@ -21,22 +21,21 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Date;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.AlgorithmSuite;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.EncryptionPurpose; import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.Feature;
import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm; import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.KeySpecBuilderInterface; import org.pgpainless.key.generation.KeySpecBuilder;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.ecc.EllipticCurve; import org.pgpainless.key.generation.type.ecc.EllipticCurve;
import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
@ -159,35 +158,34 @@ public class GenerateKeys {
* algorithm preferences. * algorithm preferences.
* *
* If the target key amalgamation (key ring) should consist of more than just a single (sub-)key, start by providing * If the target key amalgamation (key ring) should consist of more than just a single (sub-)key, start by providing
* the specifications for the subkeys first (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withSubKey(KeySpec)}) * the primary key specification using {@link org.pgpainless.key.generation.KeyRingBuilder#setPrimaryKey(KeySpec)}.
* and add the primary key specification last (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withPrimaryKey(KeySpec)}. * Any additional subkeys can be then added using {@link org.pgpainless.key.generation.KeyRingBuilder#addSubkey(KeySpec)}.
* *
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType)} method and providing a {@link KeyType}. * {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag, KeyFlag...)}
* method and providing a {@link KeyType}.
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself * There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
* (such as {@link KeyType#ECDH(EllipticCurve)}. * (such as {@link KeyType#ECDH(EllipticCurve)}. {@link KeyFlag KeyFlags} determine
*
* After that, the {@link org.pgpainless.key.generation.KeySpecBuilder} needs to be further configured.
* First of all, the keys {@link KeyFlag KeyFlags} need to be specified. {@link KeyFlag KeyFlags} determine
* the use of the key, like encryption, signing data or certifying subkeys. * the use of the key, like encryption, signing data or certifying subkeys.
* KeyFlags can be set with {@link org.pgpainless.key.generation.KeySpecBuilder#withKeyFlags(KeyFlag...)}.
* *
* Next is algorithm setup. You can either trust PGPainless' defaults (see {@link AlgorithmSuite#getDefaultAlgorithmSuite()}), * If you so desire, you can now specify your own algorithm preferences.
* or specify your own algorithm preferences. * For that, see {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredCompressionAlgorithms(CompressionAlgorithm...)},
* To go with the defaults, call {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDefaultAlgorithms()}, * {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredHashAlgorithms(HashAlgorithm...)} or
* otherwise start detailed config with {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDetailedConfiguration()}. * {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm...)}.
* *
* Note, that if you set preferred algorithms, the preference lists are sorted from high priority to low priority. * Note, that if you set preferred algorithms, the preference lists are sorted from high priority to low priority.
* *
* When setting the primary key spec ({@link org.pgpainless.key.generation.KeyRingBuilder#withPrimaryKey(KeySpec)}), * When setting the primary key spec ({@link org.pgpainless.key.generation.KeyRingBuilder#setPrimaryKey(KeySpecBuilder)}),
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is an requirement * make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement
* for primary keys. * for primary keys.
* *
* Furthermore you have to set at least the primary user-id via * Furthermore you have to set at least the primary user-id via
* {@link org.pgpainless.key.generation.KeyRingBuilderInterface.WithPrimaryUserId#withPrimaryUserId(String)}, * {@link org.pgpainless.key.generation.KeyRingBuilder#addUserId(String)},
* but you can also add additional user-ids via * but you can also add additional user-ids.
* {@link org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase#withAdditionalUserId(String)}.
* *
* Lastly you can decide whether or not to set a passphrase to protect the secret key. * If you want the key to expire at a certain point in time, call
* {@link org.pgpainless.key.generation.KeyRingBuilder#setExpirationDate(Date)}.
* Lastly you can decide whether to set a passphrase to protect the secret key using
* {@link org.pgpainless.key.generation.KeyRingBuilder#setPassphrase(Passphrase)}.
* *
* @throws PGPException * @throws PGPException
* @throws InvalidAlgorithmParameterException * @throws InvalidAlgorithmParameterException
@ -208,48 +206,35 @@ public class GenerateKeys {
Passphrase passphrase = Passphrase.fromPassword("1nters3x"); Passphrase passphrase = Passphrase.fromPassword("1nters3x");
PGPSecretKeyRing secretKey = PGPainless.generateKeyRing() PGPSecretKeyRing secretKey = PGPainless.generateKeyRing()
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
// The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags
KeyFlag.CERTIFY_OTHER))
// Add the first subkey (in this case encryption) // Add the first subkey (in this case encryption)
.withSubKey( .addSubkey(KeySpec.getBuilder(
KeySpec.getBuilder(
// We choose an ECDH key over the brainpoolp256r1 curve // We choose an ECDH key over the brainpoolp256r1 curve
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1) KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1),
)
// Our key can encrypt both communication data, as well as data at rest // Our key can encrypt both communication data, as well as data at rest
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS
// Optionally: Configure the subkey with custom algorithm preferences
// Is is recommended though to go with PGPainless' defaults which can be found in the
// AlgorithmSuite class.
.withDetailedConfiguration()
.withPreferredSymmetricAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
.withPreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
.withPreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB)
// Modification Detection is highly recommended
.withFeature(Feature.MODIFICATION_DETECTION)
.done()
)
// Add the second subkey (signing)
.withSubKey(
KeySpec.getBuilder(
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)
) )
// This key is used for creating signatures only // Optionally: Configure the subkey with custom algorithm preferences
.withKeyFlags(KeyFlag.SIGN_DATA) // Is is recommended though to go with PGPainless' defaults which can be found in the
// Instead of manually specifying algorithm preferences, we can simply use PGPainless' sane defaults // AlgorithmSuite class.
.withDefaultAlgorithms() .overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
) .overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
// Lastly we add the primary key (certification only in our case) .overridePreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB)
.withPrimaryKey( .build())
KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) // Add the second subkey (signing)
// The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags .addSubkey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER) KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1),
.withDefaultAlgorithms() // This key is used for creating signatures only
) KeyFlag.SIGN_DATA
))
// Set primary user-id // Set primary user-id
.withPrimaryUserId(userId) .addUserId(userId)
// Add an additional user id. This step can be repeated // Add an additional user id. This step can be repeated
.withAdditionalUserId(additionalUserId) .addUserId(additionalUserId)
// Set passphrase. Alternatively use .withoutPassphrase() to leave key unprotected. // Set passphrase. Alternatively use .withoutPassphrase() to leave key unprotected.
.withPassphrase(passphrase) .setPassphrase(passphrase)
.build(); .build();

5
pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java
View File

@ -187,9 +187,8 @@ public class ModifyKeys {
Passphrase subkeyPassphrase = Passphrase.fromPassword("subk3yP4ssphr4s3"); Passphrase subkeyPassphrase = Passphrase.fromPassword("subk3yP4ssphr4s3");
secretKey = PGPainless.modifyKeyRing(secretKey) secretKey = PGPainless.modifyKeyRing(secretKey)
.addSubKey( .addSubKey(
KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1)) KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1), KeyFlag.ENCRYPT_COMMS)
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) .build(),
.withDefaultAlgorithms(),
subkeyPassphrase, subkeyPassphrase,
protector) protector)
.done(); .done();

40
pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java
View File

@ -54,12 +54,10 @@ public class BrainpoolKeyGenerationTest {
for (EllipticCurve curve : EllipticCurve.values()) { for (EllipticCurve curve : EllipticCurve.values()) {
PGPSecretKeyRing secretKeys = generateKey( PGPSecretKeyRing secretKeys = generateKey(
KeySpec.getBuilder(KeyType.ECDSA(curve)) KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) KeyType.ECDSA(curve), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).build(),
.withDefaultAlgorithms(), KeySpec.getBuilder(
KeySpec.getBuilder(KeyType.ECDH(curve)) KeyType.ECDH(curve), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE).build(),
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
.withDefaultAlgorithms(),
"Elliptic Curve <elliptic@curve.key>"); "Elliptic Curve <elliptic@curve.key>");
assertEquals(PublicKeyAlgorithm.ECDSA, PublicKeyAlgorithm.fromId(secretKeys.getPublicKey().getAlgorithm())); assertEquals(PublicKeyAlgorithm.ECDSA, PublicKeyAlgorithm.fromId(secretKeys.getPublicKey().getAlgorithm()));
@ -85,20 +83,15 @@ public class BrainpoolKeyGenerationTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.SIGN_DATA) KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.CERTIFY_OTHER))
.withDefaultAlgorithms()) .addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA))
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .addSubkey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE))
.withDefaultAlgorithms()) .addSubkey(KeySpec.getBuilder(
.withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) KeyType.RSA(RsaLength._3072), KeyFlag.SIGN_DATA))
.withKeyFlags(KeyFlag.SIGN_DATA) .addUserId(UserId.nameAndEmail("Alice", "alice@pgpainless.org"))
.withDefaultAlgorithms()) .setPassphrase(Passphrase.fromPassword("passphrase"))
.withPrimaryKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1))
.withKeyFlags(KeyFlag.CERTIFY_OTHER)
.withDefaultAlgorithms())
.withPrimaryUserId(UserId.nameAndEmail("Alice", "alice@pgpainless.org"))
.withPassphrase(Passphrase.fromPassword("passphrase"))
.build(); .build();
for (PGPSecretKey key : secretKeys) { for (PGPSecretKey key : secretKeys) {
@ -136,10 +129,9 @@ public class BrainpoolKeyGenerationTest {
public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(subKey) .setPrimaryKey(primaryKey)
.withPrimaryKey(primaryKey) .addSubkey(subKey)
.withPrimaryUserId(userId) .addUserId(userId)
.withoutPassphrase()
.build(); .build();
return secretKeys; return secretKeys;
} }

9
pgpainless-core/src/test/java/org/pgpainless/key/generation/CertificationKeyMustBeAbleToCertifyTest.java
View File

@ -46,12 +46,9 @@ public class CertificationKeyMustBeAbleToCertifyTest {
for (KeyType type : typesIncapableOfCreatingVerifications) { for (KeyType type : typesIncapableOfCreatingVerifications) {
assertThrows(IllegalArgumentException.class, () -> PGPainless assertThrows(IllegalArgumentException.class, () -> PGPainless
.generateKeyRing() .generateKeyRing()
.withPrimaryKey(KeySpec .setPrimaryKey(KeySpec.getBuilder(type, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.getBuilder(type) .addUserId("should@throw.ex")
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) .build());
.withDefaultAlgorithms())
.withPrimaryUserId("should@throw.ex")
.withoutPassphrase().build());
} }
} }
} }

13
pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateEllipticCurveKeyTest.java
View File

@ -41,14 +41,11 @@ public class GenerateEllipticCurveKeyTest {
public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing keyRing = PGPainless.generateKeyRing() PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.EDDSA(EdDSACurve._Ed25519),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) .addUserId(UserId.onlyEmail("alice@wonderland.lit").toString())
.withDefaultAlgorithms())
.withPrimaryUserId(UserId.onlyEmail("alice@wonderland.lit").toString())
.withoutPassphrase()
.build(); .build();
assertEquals(PublicKeyAlgorithm.EDDSA.getAlgorithmId(), keyRing.getPublicKey().getAlgorithm()); assertEquals(PublicKeyAlgorithm.EDDSA.getAlgorithmId(), keyRing.getPublicKey().getAlgorithm());

15
pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithAdditionalUserIdTest.java
View File

@ -47,15 +47,14 @@ public class GenerateKeyWithAdditionalUserIdTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000); Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000);
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) KeyType.RSA(RsaLength._3072),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
.withPrimaryUserId(UserId.onlyEmail("primary@user.id")) .addUserId(UserId.onlyEmail("primary@user.id"))
.withAdditionalUserId(UserId.onlyEmail("additional@user.id")) .addUserId(UserId.onlyEmail("additional@user.id"))
.withAdditionalUserId(UserId.onlyEmail("additional2@user.id")) .addUserId(UserId.onlyEmail("additional2@user.id"))
.withAdditionalUserId("\ttrimThis@user.id ") .addUserId("\ttrimThis@user.id ")
.setExpirationDate(expiration) .setExpirationDate(expiration)
.withoutPassphrase()
.build(); .build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);

12
pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphrase.java → pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphraseTest.java
View File

@ -38,7 +38,7 @@ import org.pgpainless.util.Passphrase;
* The issue is that the implementation of {@link Passphrase#emptyPassphrase()} would set the underlying * The issue is that the implementation of {@link Passphrase#emptyPassphrase()} would set the underlying
* char array to null, which caused an NPE later on. * char array to null, which caused an NPE later on.
*/ */
public class GenerateWithEmptyPassphrase { public class GenerateWithEmptyPassphraseTest {
@ParameterizedTest @ParameterizedTest
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories") @MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
@ -46,11 +46,11 @@ public class GenerateWithEmptyPassphrase {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
assertNotNull(PGPainless.generateKeyRing() assertNotNull(PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) KeyType.RSA(RsaLength._3072),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS))
.withPrimaryUserId("primary@user.id") .addUserId("primary@user.id")
.withPassphrase(Passphrase.emptyPassphrase()) .setPassphrase(Passphrase.emptyPassphrase())
.build()); .build());
} }
} }

31
pgpainless-core/src/test/java/org/pgpainless/key/generation/IllegalKeyFlagsTest.java
View File

@ -19,7 +19,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
@ -32,29 +31,19 @@ public class IllegalKeyFlagsTest {
@MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories") @MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories")
public void testKeyCannotCarryFlagsTest(ImplementationFactory implementationFactory) { public void testKeyCannotCarryFlagsTest(ImplementationFactory implementationFactory) {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) KeyType.XDH(XDHSpec._X25519), KeyFlag.SIGN_DATA));
.withKeyFlags(KeyFlag.SIGN_DATA) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) KeyType.XDH(XDHSpec._X25519), KeyFlag.CERTIFY_OTHER));
.withKeyFlags(KeyFlag.CERTIFY_OTHER) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) KeyType.XDH(XDHSpec._X25519), KeyFlag.AUTHENTICATION));
.withKeyFlags(KeyFlag.AUTHENTICATION) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_COMMS));
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) // <- should throw
.withDefaultAlgorithms()));
assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder(
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_STORAGE));
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE) // <- should throw as well
.withDefaultAlgorithms()));
} }
} }

13
pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java
View File

@ -221,11 +221,14 @@ public class KeyRingInfoTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms()) .setPrimaryKey(KeySpec.getBuilder(
.withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.SIGN_DATA).withDefaultAlgorithms()) KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)).withKeyFlags(KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms()) .addSubkey(KeySpec.getBuilder(
.withPrimaryUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build()) KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1),
.withoutPassphrase() KeyFlag.ENCRYPT_STORAGE))
.addSubkey(KeySpec.getBuilder(
KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.SIGN_DATA))
.addUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build())
.build(); .build();
Iterator<PGPSecretKey> keys = secretKeys.iterator(); Iterator<PGPSecretKey> keys = secretKeys.iterator();

33
pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java
View File

@ -51,15 +51,13 @@ public class UserIdRevocationTest {
@Test @Test
public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.EDDSA(EdDSACurve._Ed25519),
.withDefaultAlgorithms()) KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
.withDefaultAlgorithms()) .addUserId("primary@key.id")
.withPrimaryUserId("primary@key.id") .addUserId("secondary@key.id")
.withAdditionalUserId("secondary@key.id")
.withoutPassphrase()
.build(); .build();
// make a copy with revoked subkey // make a copy with revoked subkey
@ -91,15 +89,12 @@ public class UserIdRevocationTest {
@Test @Test
public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.EDDSA(EdDSACurve._Ed25519),
.withDefaultAlgorithms()) KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER))
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) .addUserId("primary@key.id")
.withDefaultAlgorithms()) .addUserId("secondary@key.id")
.withPrimaryUserId("primary@key.id")
.withAdditionalUserId("secondary@key.id")
.withoutPassphrase()
.build(); .build();
secretKeys = PGPainless.modifyKeyRing(secretKeys) secretKeys = PGPainless.modifyKeyRing(secretKeys)
@ -146,6 +141,6 @@ public class UserIdRevocationTest {
assertThrows(IllegalArgumentException.class, () -> PGPainless.modifyKeyRing(secretKeys) assertThrows(IllegalArgumentException.class, () -> PGPainless.modifyKeyRing(secretKeys)
.revokeUserId("cryptie@encrypted.key", protector, .revokeUserId("cryptie@encrypted.key", protector,
RevocationAttributes.createKeyRevocation().withReason(RevocationAttributes.Reason.KEY_RETIRED) RevocationAttributes.createKeyRevocation().withReason(RevocationAttributes.Reason.KEY_RETIRED)
.withDescription("This is not a valid certification revocation reason."))); .withDescription("This is not a valid certification revocation reason.")));
} }
} }

4
pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubKeyTest.java
View File

@ -61,9 +61,7 @@ public class AddSubKeyTest {
secretKeys = PGPainless.modifyKeyRing(secretKeys) secretKeys = PGPainless.modifyKeyRing(secretKeys)
.addSubKey( .addSubKey(
KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256)) KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256), KeyFlag.SIGN_DATA).build(),
.withKeyFlags(KeyFlag.SIGN_DATA)
.withDefaultAlgorithms(),
Passphrase.fromPassword("subKeyPassphrase"), Passphrase.fromPassword("subKeyPassphrase"),
PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("password123"))) PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("password123")))
.done(); .done();

8
pgpainless-core/src/test/java/org/pgpainless/policy/PolicyTest.java
View File

@ -89,14 +89,14 @@ public class PolicyTest {
@Test @Test
public void testAcceptableSymmetricKeyDecryptionAlgorithm() { public void testAcceptableSymmetricKeyDecryptionAlgorithm() {
assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH)); assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH));
assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId())); assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId()));
} }
@Test @Test
public void testUnAcceptableSymmetricKeyDecryptionAlgorithm() { public void testUnAcceptableSymmetricKeyDecryptionAlgorithm() {
assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128)); assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128));
assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId())); assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId()));
} }
@Test @Test

13
pgpainless-core/src/test/java/org/pgpainless/util/BCUtilTest.java
View File

@ -47,13 +47,12 @@ public class BCUtilTest {
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
IOException { IOException {
PGPSecretKeyRing sec = PGPainless.generateKeyRing() PGPSecretKeyRing sec = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.ENCRYPT_COMMS) KeyType.RSA(RsaLength._3072),
.withDefaultAlgorithms()) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072), KeyFlag.ENCRYPT_COMMS))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) .addUserId("donald@duck.tails")
.withDefaultAlgorithms()) .build();
.withPrimaryUserId("donald@duck.tails").withoutPassphrase().build();
PGPPublicKeyRing pub = KeyRingUtils.publicKeyRingFrom(sec); PGPPublicKeyRing pub = KeyRingUtils.publicKeyRingFrom(sec);

17
pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java
View File

@ -41,17 +41,12 @@ public class GuessPreferredHashAlgorithmTest {
@Test @Test
public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519),
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
.withDetailedConfiguration() .overridePreferredHashAlgorithms(new HashAlgorithm[] {})
// Do not specify preferred algorithms .overridePreferredSymmetricKeyAlgorithms(new SymmetricKeyAlgorithm[] {})
.withPreferredSymmetricAlgorithms(new SymmetricKeyAlgorithm[] {}) .overridePreferredCompressionAlgorithms(new CompressionAlgorithm[] {}))
.withPreferredHashAlgorithms(new HashAlgorithm[] {}) .addUserId("test@test.test")
.withPreferredCompressionAlgorithms(new CompressionAlgorithm[] {})
.done())
.withPrimaryUserId("test@test.test")
.withoutPassphrase()
.build(); .build();
PGPPublicKey publicKey = secretKeys.getPublicKey(); PGPPublicKey publicKey = secretKeys.getPublicKey();

11
pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java
View File

@ -38,14 +38,13 @@ public class TestEncryptCommsStorageFlagsDifferentiated {
@Test @Test
public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) .setPrimaryKey(KeySpec.getBuilder(
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyType.RSA(RsaLength._3072),
KeyFlag.CERTIFY_OTHER,
KeyFlag.SIGN_DATA, KeyFlag.SIGN_DATA,
KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS
) ))
.withDefaultAlgorithms()) .addUserId("cannot@encrypt.comms")
.withPrimaryUserId("cannot@encrypt.comms")
.withoutPassphrase()
.build(); .build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);