diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java index 1a6c27a3..b5d2000d 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java @@ -384,7 +384,7 @@ public final class DecryptionStreamFactory { } private void throwIfAlgorithmIsRejected(SymmetricKeyAlgorithm algorithm) throws UnacceptableAlgorithmException { - if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(algorithm)) { + if (!PGPainless.getPolicy().getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(algorithm)) { throw new UnacceptableAlgorithmException("Data is " + (algorithm == SymmetricKeyAlgorithm.NULL ? "unencrypted" : "encrypted with symmetric algorithm " + algorithm) + " which is not acceptable as per PGPainless' policy.\n" + "To mark this algorithm as acceptable, use PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy()."); diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java index 33ee155d..230a0a9a 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java @@ -127,10 +127,9 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull String userId, @Nonnull RsaLength length, String password) throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { WithAdditionalUserIdOrPassphrase builder = this - .withPrimaryKey( - KeySpec.getBuilder(KeyType.RSA(length)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) + .withPrimaryKey(KeySpec + .getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) + .build()) .withPrimaryUserId(userId); if (password == null) { @@ -197,13 +196,11 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { WithAdditionalUserIdOrPassphrase builder = this .withSubKey( - KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) + KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) + .build()) .withPrimaryKey( - KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) - .withDefaultAlgorithms()) + KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) + .build()) .withPrimaryUserId(userId); if (password == null) { @@ -225,17 +222,14 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { WithAdditionalUserIdOrPassphrase builder = this .withSubKey( - KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) + KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) + .build()) .withSubKey( - KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.SIGN_DATA) - .withDefaultAlgorithms()) + KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA) + .build()) .withPrimaryKey( - KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER) - .withDefaultAlgorithms()) + KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER) + .build()) .withPrimaryUserId(userId); if (password == null) { diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpec.java b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpec.java index 4ecce7be..5572f449 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpec.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpec.java @@ -20,6 +20,7 @@ import javax.annotation.Nullable; import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; import org.bouncycastle.openpgp.PGPSignatureSubpacketVector; +import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.key.generation.type.KeyType; public class KeySpec { @@ -54,7 +55,7 @@ public class KeySpec { return inheritedSubPackets; } - public static KeySpecBuilder getBuilder(KeyType type) { - return new KeySpecBuilder(type); + public static KeySpecBuilder getBuilder(KeyType type, KeyFlag... flags) { + return new KeySpecBuilder(type, flags); } } diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java index 17f4c55f..38e82e4e 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilder.java @@ -15,10 +15,14 @@ */ package org.pgpainless.key.generation; +import java.util.Arrays; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.Set; import javax.annotation.Nonnull; -import org.bouncycastle.bcpg.sig.Features; import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; +import org.pgpainless.PGPainless; import org.pgpainless.algorithm.AlgorithmSuite; import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.Feature; @@ -30,20 +34,83 @@ import org.pgpainless.key.generation.type.KeyType; public class KeySpecBuilder implements KeySpecBuilderInterface { private final KeyType type; + private final KeyFlag[] keyFlags; private final PGPSignatureSubpacketGenerator hashedSubPackets = new PGPSignatureSubpacketGenerator(); + private final AlgorithmSuite algorithmSuite = PGPainless.getPolicy().getKeyGenerationAlgorithmSuite(); + private Set preferredCompressionAlgorithms = algorithmSuite.getCompressionAlgorithms(); + private Set preferredHashAlgorithms = algorithmSuite.getHashAlgorithms(); + private Set preferredSymmetricAlgorithms = algorithmSuite.getSymmetricKeyAlgorithms(); - KeySpecBuilder(@Nonnull KeyType type) { + KeySpecBuilder(@Nonnull KeyType type, KeyFlag... flags) { + if (flags == null || flags.length == 0) { + throw new IllegalArgumentException("KeyFlags cannot be empty."); + } + assureKeyCanCarryFlags(type, flags); this.type = type; + this.keyFlags = flags; } @Override - public WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags) { - assureKeyCanCarryFlags(flags); - this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(flags)); - return new WithDetailedConfigurationImpl(); + public KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms) { + this.preferredCompressionAlgorithms = new LinkedHashSet<>(Arrays.asList(compressionAlgorithms)); + return this; } - private void assureKeyCanCarryFlags(KeyFlag... flags) { + @Override + public KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms) { + this.preferredHashAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredHashAlgorithms)); + return this; + } + + @Override + public KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms) { + this.preferredSymmetricAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredSymmetricKeyAlgorithms)); + return this; + } + + + @Override + public KeySpec build() { + this.hashedSubPackets.setKeyFlags(false, KeyFlag.toBitmask(keyFlags)); + this.hashedSubPackets.setPreferredCompressionAlgorithms(false, getPreferredCompressionAlgorithmIDs()); + this.hashedSubPackets.setPreferredHashAlgorithms(false, getPreferredHashAlgorithmIDs()); + this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, getPreferredSymmetricKeyAlgorithmIDs()); + this.hashedSubPackets.setFeature(false, Feature.MODIFICATION_DETECTION.getFeatureId()); + + return new KeySpec( + KeySpecBuilder.this.type, + hashedSubPackets, + false); + } + + private int[] getPreferredCompressionAlgorithmIDs() { + int[] ids = new int[preferredCompressionAlgorithms.size()]; + Iterator iterator = preferredCompressionAlgorithms.iterator(); + for (int i = 0; i < ids.length; i++) { + ids[i] = iterator.next().getAlgorithmId(); + } + return ids; + } + + private int[] getPreferredHashAlgorithmIDs() { + int[] ids = new int[preferredHashAlgorithms.size()]; + Iterator iterator = preferredHashAlgorithms.iterator(); + for (int i = 0; i < ids.length; i++) { + ids[i] = iterator.next().getAlgorithmId(); + } + return ids; + } + + private int[] getPreferredSymmetricKeyAlgorithmIDs() { + int[] ids = new int[preferredSymmetricAlgorithms.size()]; + Iterator iterator = preferredSymmetricAlgorithms.iterator(); + for (int i = 0; i < ids.length; i++) { + ids[i] = iterator.next().getAlgorithmId(); + } + return ids; + } + + private static void assureKeyCanCarryFlags(KeyType type, KeyFlag... flags) { final int mask = KeyFlag.toBitmask(flags); if (!type.canCertify() && KeyFlag.hasKeyFlag(mask, KeyFlag.CERTIFY_OTHER)) { @@ -66,120 +133,4 @@ public class KeySpecBuilder implements KeySpecBuilderInterface { throw new IllegalArgumentException("KeyType " + type.getName() + " cannot carry key flag AUTHENTIACTION."); } } - - @Override - public KeySpec withInheritedSubPackets() { - return new KeySpec(type, null, true); - } - - class WithDetailedConfigurationImpl implements WithDetailedConfiguration { - - @Deprecated - @Override - public WithPreferredSymmetricAlgorithms withDetailedConfiguration() { - return new WithPreferredSymmetricAlgorithmsImpl(); - } - - @Override - public KeySpec withDefaultAlgorithms() { - AlgorithmSuite defaultSuite = AlgorithmSuite.getDefaultAlgorithmSuite(); - hashedSubPackets.setPreferredCompressionAlgorithms(false, defaultSuite.getCompressionAlgorithmIds()); - hashedSubPackets.setPreferredSymmetricAlgorithms(false, defaultSuite.getSymmetricKeyAlgorithmIds()); - hashedSubPackets.setPreferredHashAlgorithms(false, defaultSuite.getHashAlgorithmIds()); - hashedSubPackets.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); - - return new KeySpec( - KeySpecBuilder.this.type, - KeySpecBuilder.this.hashedSubPackets, - false); - } - } - - class WithPreferredSymmetricAlgorithmsImpl implements WithPreferredSymmetricAlgorithms { - - @Override - public WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms) { - int[] ids = new int[algorithms.length]; - for (int i = 0; i < ids.length; i++) { - ids[i] = algorithms[i].getAlgorithmId(); - } - KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, ids); - return new WithPreferredHashAlgorithmsImpl(); - } - - @Override - public WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms() { - KeySpecBuilder.this.hashedSubPackets.setPreferredSymmetricAlgorithms(false, - AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds()); - return new WithPreferredHashAlgorithmsImpl(); - } - - @Override - public WithFeatures withDefaultAlgorithms() { - hashedSubPackets.setPreferredSymmetricAlgorithms(false, - AlgorithmSuite.getDefaultAlgorithmSuite().getSymmetricKeyAlgorithmIds()); - hashedSubPackets.setPreferredCompressionAlgorithms(false, - AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds()); - hashedSubPackets.setPreferredHashAlgorithms(false, - AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds()); - return new WithFeaturesImpl(); - } - } - - class WithPreferredHashAlgorithmsImpl implements WithPreferredHashAlgorithms { - - @Override - public WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms) { - int[] ids = new int[algorithms.length]; - for (int i = 0; i < ids.length; i++) { - ids[i] = algorithms[i].getAlgorithmId(); - } - KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false, ids); - return new WithPreferredCompressionAlgorithmsImpl(); - } - - @Override - public WithPreferredCompressionAlgorithms withDefaultHashAlgorithms() { - KeySpecBuilder.this.hashedSubPackets.setPreferredHashAlgorithms(false, - AlgorithmSuite.getDefaultAlgorithmSuite().getHashAlgorithmIds()); - return new WithPreferredCompressionAlgorithmsImpl(); - } - } - - class WithPreferredCompressionAlgorithmsImpl implements WithPreferredCompressionAlgorithms { - - @Override - public WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms) { - int[] ids = new int[algorithms.length]; - for (int i = 0; i < ids.length; i++) { - ids[i] = algorithms[i].getAlgorithmId(); - } - KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false, ids); - return new WithFeaturesImpl(); - } - - @Override - public WithFeatures withDefaultCompressionAlgorithms() { - KeySpecBuilder.this.hashedSubPackets.setPreferredCompressionAlgorithms(false, - AlgorithmSuite.getDefaultAlgorithmSuite().getCompressionAlgorithmIds()); - return new WithFeaturesImpl(); - } - } - - class WithFeaturesImpl implements WithFeatures { - - @Override - public WithFeatures withFeature(@Nonnull Feature feature) { - KeySpecBuilder.this.hashedSubPackets.setFeature(false, feature.getFeatureId()); - return this; - } - - @Override - public KeySpec done() { - return new KeySpec( - KeySpecBuilder.this.type, - hashedSubPackets, - false); - } - } } diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilderInterface.java b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilderInterface.java index f16959fd..2f366531 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilderInterface.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeySpecBuilderInterface.java @@ -18,55 +18,16 @@ package org.pgpainless.key.generation; import javax.annotation.Nonnull; import org.pgpainless.algorithm.CompressionAlgorithm; -import org.pgpainless.algorithm.Feature; import org.pgpainless.algorithm.HashAlgorithm; -import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.SymmetricKeyAlgorithm; public interface KeySpecBuilderInterface { - WithDetailedConfiguration withKeyFlags(@Nonnull KeyFlag... flags); + KeySpecBuilder overridePreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... compressionAlgorithms); - KeySpec withInheritedSubPackets(); + KeySpecBuilder overridePreferredHashAlgorithms(@Nonnull HashAlgorithm... preferredHashAlgorithms); - interface WithDetailedConfiguration { - - WithPreferredSymmetricAlgorithms withDetailedConfiguration(); - - KeySpec withDefaultAlgorithms(); - } - - interface WithPreferredSymmetricAlgorithms { - - WithPreferredHashAlgorithms withPreferredSymmetricAlgorithms(@Nonnull SymmetricKeyAlgorithm... algorithms); - - WithPreferredHashAlgorithms withDefaultSymmetricAlgorithms(); - - WithFeatures withDefaultAlgorithms(); - - } - - interface WithPreferredHashAlgorithms { - - WithPreferredCompressionAlgorithms withPreferredHashAlgorithms(@Nonnull HashAlgorithm... algorithms); - - WithPreferredCompressionAlgorithms withDefaultHashAlgorithms(); - - } - - interface WithPreferredCompressionAlgorithms { - - WithFeatures withPreferredCompressionAlgorithms(@Nonnull CompressionAlgorithm... algorithms); - - WithFeatures withDefaultCompressionAlgorithms(); - - } - - interface WithFeatures { - - WithFeatures withFeature(@Nonnull Feature feature); - - KeySpec done(); - } + KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms); + KeySpec build(); } diff --git a/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java b/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java index f2e3280a..44dd55b4 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java +++ b/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java @@ -21,6 +21,9 @@ import java.util.EnumMap; import java.util.List; import java.util.Map; +import javax.annotation.Nonnull; + +import org.pgpainless.algorithm.AlgorithmSuite; import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.PublicKeyAlgorithm; @@ -48,6 +51,8 @@ public final class Policy { PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy(); private final NotationRegistry notationRegistry = new NotationRegistry(); + private AlgorithmSuite keyGenerationAlgorithmSuite = AlgorithmSuite.getDefaultAlgorithmSuite(); + Policy() { } @@ -122,7 +127,7 @@ public final class Policy { * * @return symmetric algorithm policy for decryption */ - public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgoritmPolicy() { + public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgorithmPolicy() { return symmetricKeyDecryptionAlgorithmPolicy; } @@ -459,4 +464,21 @@ public final class Policy { public NotationRegistry getNotationRegistry() { return notationRegistry; } + + /** + * Return the current {@link AlgorithmSuite} which defines preferred algorithms used during key generation. + * @return current algorithm suite + */ + public @Nonnull AlgorithmSuite getKeyGenerationAlgorithmSuite() { + return keyGenerationAlgorithmSuite; + } + + /** + * Set a custom {@link AlgorithmSuite} which defines preferred algorithms used during key generation. + * + * @param algorithmSuite custom algorithm suite + */ + public void setKeyGenerationAlgorithmSuite(@Nonnull AlgorithmSuite algorithmSuite) { + this.keyGenerationAlgorithmSuite = algorithmSuite; + } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java index 1fd80e02..c7bd68dc 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java @@ -88,8 +88,13 @@ public class EncryptDecryptTest { ImplementationFactory.setFactoryImplementation(implementationFactory); PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("romeo@montague.lit", RsaLength._3072); PGPSecretKeyRing recipient = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(ElGamal.withLength(ElGamalLength._3072)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096)).withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder( + ElGamal.withLength(ElGamalLength._3072), + KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) + .build()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.RSA(RsaLength._4096), + KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER).build()) .withPrimaryUserId("juliet@capulet.lit").withoutPassphrase().build(); encryptDecryptForSecretKeyRings(sender, recipient); @@ -262,7 +267,7 @@ public class EncryptDecryptTest { EncryptionStream signer = PGPainless.encryptAndOrSign().onOutputStream(signOut) .withOptions(ProducerOptions.sign( SigningOptions.get() - .addInlineSignature(keyRingProtector, signingKeys, DocumentSignatureType.BINARY_DOCUMENT) + .addInlineSignature(keyRingProtector, signingKeys, DocumentSignatureType.BINARY_DOCUMENT) ).setAsciiArmor(true)); Streams.pipeAll(inputStream, signer); signer.close(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java index 78617349..f0aef576 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java @@ -59,13 +59,12 @@ public class EncryptionOptionsTest { @BeforeAll public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { secretKeys = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS).withDefaultAlgorithms()) - .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER) - .withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS) + .build()) + .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE) + .build()) + .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER) + .build()) .withPrimaryUserId("test@pgpainless.org") .withoutPassphrase() .build(); @@ -140,8 +139,8 @@ public class EncryptionOptionsTest { public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { EncryptionOptions options = new EncryptionOptions(); PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).withDefaultAlgorithms()) + .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) + .build()) .withPrimaryUserId("test@pgpainless.org") .withoutPassphrase().build(); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); diff --git a/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java b/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java index e9e65a0f..75e847f5 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java +++ b/pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java @@ -27,16 +27,13 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; -import org.pgpainless.algorithm.AlgorithmSuite; import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.EncryptionPurpose; -import org.pgpainless.algorithm.Feature; import org.pgpainless.algorithm.HashAlgorithm; import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.PublicKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.key.generation.KeySpec; -import org.pgpainless.key.generation.KeySpecBuilderInterface; import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.ecc.EllipticCurve; import org.pgpainless.key.generation.type.eddsa.EdDSACurve; @@ -162,24 +159,20 @@ public class GenerateKeys { * the specifications for the subkeys first (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withSubKey(KeySpec)}) * and add the primary key specification last (in {@link org.pgpainless.key.generation.KeyRingBuilderInterface#withPrimaryKey(KeySpec)}. * - * {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType)} method and providing a {@link KeyType}. + * {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag...)} method and providing a {@link KeyType}. * There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself - * (such as {@link KeyType#ECDH(EllipticCurve)}. - * - * After that, the {@link org.pgpainless.key.generation.KeySpecBuilder} needs to be further configured. - * First of all, the keys {@link KeyFlag KeyFlags} need to be specified. {@link KeyFlag KeyFlags} determine + * (such as {@link KeyType#ECDH(EllipticCurve)}. {@link KeyFlag KeyFlags} determine * the use of the key, like encryption, signing data or certifying subkeys. - * KeyFlags can be set with {@link org.pgpainless.key.generation.KeySpecBuilder#withKeyFlags(KeyFlag...)}. * - * Next is algorithm setup. You can either trust PGPainless' defaults (see {@link AlgorithmSuite#getDefaultAlgorithmSuite()}), - * or specify your own algorithm preferences. - * To go with the defaults, call {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDefaultAlgorithms()}, - * otherwise start detailed config with {@link KeySpecBuilderInterface.WithDetailedConfiguration#withDetailedConfiguration()}. + * If you so desire, you can now specify your own algorithm preferences. + * For that, see {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredCompressionAlgorithms(CompressionAlgorithm...)}, + * {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredHashAlgorithms(HashAlgorithm...)} or + * {@link org.pgpainless.key.generation.KeySpecBuilder#overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm...)}. * * Note, that if you set preferred algorithms, the preference lists are sorted from high priority to low priority. * * When setting the primary key spec ({@link org.pgpainless.key.generation.KeyRingBuilder#withPrimaryKey(KeySpec)}), - * make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is an requirement + * make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement * for primary keys. * * Furthermore you have to set at least the primary user-id via @@ -187,7 +180,7 @@ public class GenerateKeys { * but you can also add additional user-ids via * {@link org.pgpainless.key.generation.KeyRingBuilderInterface.WithAdditionalUserIdOrPassphrase#withAdditionalUserId(String)}. * - * Lastly you can decide whether or not to set a passphrase to protect the secret key. + * Lastly you can decide whether to set a passphrase to protect the secret key. * * @throws PGPException * @throws InvalidAlgorithmParameterException @@ -211,38 +204,33 @@ public class GenerateKeys { // Add the first subkey (in this case encryption) .withSubKey( KeySpec.getBuilder( - // We choose an ECDH key over the brainpoolp256r1 curve - KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1) - ) - // Our key can encrypt both communication data, as well as data at rest - .withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) + // We choose an ECDH key over the brainpoolp256r1 curve + KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1), + // Our key can encrypt both communication data, as well as data at rest + KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS + ) // Optionally: Configure the subkey with custom algorithm preferences // Is is recommended though to go with PGPainless' defaults which can be found in the // AlgorithmSuite class. - .withDetailedConfiguration() - .withPreferredSymmetricAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128) - .withPreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256) - .withPreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB) - // Modification Detection is highly recommended - .withFeature(Feature.MODIFICATION_DETECTION) - .done() + .overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128) + .overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256) + .overridePreferredCompressionAlgorithms(CompressionAlgorithm.ZIP, CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZLIB) + .build() ) // Add the second subkey (signing) .withSubKey( KeySpec.getBuilder( - KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1) - ) - // This key is used for creating signatures only - .withKeyFlags(KeyFlag.SIGN_DATA) - // Instead of manually specifying algorithm preferences, we can simply use PGPainless' sane defaults - .withDefaultAlgorithms() + KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), + // This key is used for creating signatures only + KeyFlag.SIGN_DATA + ).build() ) // Lastly we add the primary key (certification only in our case) .withPrimaryKey( - KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - // The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags - .withKeyFlags(KeyFlag.CERTIFY_OTHER) - .withDefaultAlgorithms() + KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), + // The primary key MUST carry the CERTIFY_OTHER flag, but CAN carry additional flags + KeyFlag.CERTIFY_OTHER) + .build() ) // Set primary user-id .withPrimaryUserId(userId) diff --git a/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java b/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java index 64c6814a..f8be9714 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java +++ b/pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java @@ -187,9 +187,8 @@ public class ModifyKeys { Passphrase subkeyPassphrase = Passphrase.fromPassword("subk3yP4ssphr4s3"); secretKey = PGPainless.modifyKeyRing(secretKey) .addSubKey( - KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms(), + KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP512R1), KeyFlag.ENCRYPT_COMMS) + .build(), subkeyPassphrase, protector) .done(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java index 8949726a..aeafaf59 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java @@ -54,12 +54,10 @@ public class BrainpoolKeyGenerationTest { for (EllipticCurve curve : EllipticCurve.values()) { PGPSecretKeyRing secretKeys = generateKey( - KeySpec.getBuilder(KeyType.ECDSA(curve)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) - .withDefaultAlgorithms(), - KeySpec.getBuilder(KeyType.ECDH(curve)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) - .withDefaultAlgorithms(), + KeySpec.getBuilder( + KeyType.ECDSA(curve), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA).build(), + KeySpec.getBuilder( + KeyType.ECDH(curve), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE).build(), "Elliptic Curve "); assertEquals(PublicKeyAlgorithm.ECDSA, PublicKeyAlgorithm.fromId(secretKeys.getPublicKey().getAlgorithm())); @@ -85,18 +83,15 @@ public class BrainpoolKeyGenerationTest { ImplementationFactory.setFactoryImplementation(implementationFactory); PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.SIGN_DATA) - .withDefaultAlgorithms()) - .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) - .withDefaultAlgorithms()) - .withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) - .withKeyFlags(KeyFlag.SIGN_DATA) - .withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER) - .withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA).build()) + .withSubKey(KeySpec.getBuilder( + KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) + .build()) + .withSubKey(KeySpec.getBuilder( + KeyType.RSA(RsaLength._3072), KeyFlag.SIGN_DATA) + .build()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.CERTIFY_OTHER).build()) .withPrimaryUserId(UserId.nameAndEmail("Alice", "alice@pgpainless.org")) .withPassphrase(Passphrase.fromPassword("passphrase")) .build(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/CertificationKeyMustBeAbleToCertifyTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/CertificationKeyMustBeAbleToCertifyTest.java index 9a631e15..65b7a71f 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/CertificationKeyMustBeAbleToCertifyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/CertificationKeyMustBeAbleToCertifyTest.java @@ -47,9 +47,8 @@ public class CertificationKeyMustBeAbleToCertifyTest { assertThrows(IllegalArgumentException.class, () -> PGPainless .generateKeyRing() .withPrimaryKey(KeySpec - .getBuilder(type) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) - .withDefaultAlgorithms()) + .getBuilder(type, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) + .build()) .withPrimaryUserId("should@throw.ex") .withoutPassphrase().build()); } diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateEllipticCurveKeyTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateEllipticCurveKeyTest.java index 01dc2fcb..9e60eca6 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateEllipticCurveKeyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateEllipticCurveKeyTest.java @@ -41,12 +41,11 @@ public class GenerateEllipticCurveKeyTest { public void generateEllipticCurveKeys(ImplementationFactory implementationFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { ImplementationFactory.setFactoryImplementation(implementationFactory); PGPSecretKeyRing keyRing = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) - .withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS).build()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.EDDSA(EdDSACurve._Ed25519), + KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) + .build()) .withPrimaryUserId(UserId.onlyEmail("alice@wonderland.lit").toString()) .withoutPassphrase() .build(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithAdditionalUserIdTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithAdditionalUserIdTest.java index 46a3a652..33db6fc5 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithAdditionalUserIdTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithAdditionalUserIdTest.java @@ -47,9 +47,10 @@ public class GenerateKeyWithAdditionalUserIdTest { ImplementationFactory.setFactoryImplementation(implementationFactory); Date expiration = new Date(DateUtil.now().getTime() + 60 * 1000); PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.RSA(RsaLength._3072), + KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) + .build()) .withPrimaryUserId(UserId.onlyEmail("primary@user.id")) .withAdditionalUserId(UserId.onlyEmail("additional@user.id")) .withAdditionalUserId(UserId.onlyEmail("additional2@user.id")) diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphrase.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphrase.java index 0cc02f86..60e7c131 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphrase.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateWithEmptyPassphrase.java @@ -46,9 +46,10 @@ public class GenerateWithEmptyPassphrase { ImplementationFactory.setFactoryImplementation(implementationFactory); assertNotNull(PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.RSA(RsaLength._3072), + KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS) + .build()) .withPrimaryUserId("primary@user.id") .withPassphrase(Passphrase.emptyPassphrase()) .build()); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/IllegalKeyFlagsTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/IllegalKeyFlagsTest.java index 5803f6ef..0a861518 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/IllegalKeyFlagsTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/IllegalKeyFlagsTest.java @@ -19,7 +19,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; -import org.pgpainless.PGPainless; import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.key.generation.type.KeyType; @@ -32,29 +31,19 @@ public class IllegalKeyFlagsTest { @MethodSource("org.pgpainless.util.TestImplementationFactoryProvider#provideImplementationFactories") public void testKeyCannotCarryFlagsTest(ImplementationFactory implementationFactory) { ImplementationFactory.setFactoryImplementation(implementationFactory); - assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.SIGN_DATA) // <- should throw - .withDefaultAlgorithms())); + assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder( + KeyType.XDH(XDHSpec._X25519), KeyFlag.SIGN_DATA)); - assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER) // <- should throw - .withDefaultAlgorithms())); + assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder( + KeyType.XDH(XDHSpec._X25519), KeyFlag.CERTIFY_OTHER)); - assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.AUTHENTICATION) // <- should throw - .withDefaultAlgorithms())); + assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder( + KeyType.XDH(XDHSpec._X25519), KeyFlag.AUTHENTICATION)); - assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS) // <- should throw - .withDefaultAlgorithms())); + assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder( + KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_COMMS)); - assertThrows(IllegalArgumentException.class, () -> PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.ENCRYPT_STORAGE) // <- should throw as well - .withDefaultAlgorithms())); + assertThrows(IllegalArgumentException.class, () -> KeySpec.getBuilder( + KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.ENCRYPT_STORAGE)); } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java index fefc1cf6..f1413a97 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/info/KeyRingInfoTest.java @@ -221,9 +221,14 @@ public class KeyRingInfoTest { ImplementationFactory.setFactoryImplementation(implementationFactory); PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.ENCRYPT_STORAGE).withDefaultAlgorithms()) - .withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1)).withKeyFlags(KeyFlag.SIGN_DATA).withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)).withKeyFlags(KeyFlag.CERTIFY_OTHER).withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder( + KeyType.ECDH(EllipticCurve._BRAINPOOLP384R1), + KeyFlag.ENCRYPT_STORAGE).build()) + .withSubKey(KeySpec.getBuilder( + KeyType.ECDSA(EllipticCurve._BRAINPOOLP384R1), KeyFlag.SIGN_DATA) + .build()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER).build()) .withPrimaryUserId(UserId.newBuilder().withName("Alice").withEmail("alice@pgpainless.org").build()) .withoutPassphrase() .build(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java index caaf6ac0..fce78fcd 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java @@ -51,12 +51,13 @@ public class UserIdRevocationTest { @Test public void testRevocationWithoutRevocationAttributes() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) - .withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder( + KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS) + .build()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.EDDSA(EdDSACurve._Ed25519), + KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) + .build()) .withPrimaryUserId("primary@key.id") .withAdditionalUserId("secondary@key.id") .withoutPassphrase() @@ -91,12 +92,12 @@ public class UserIdRevocationTest { @Test public void testRevocationWithRevocationReason() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) - .withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS) + .build()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.EDDSA(EdDSACurve._Ed25519), + KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER) + .build()) .withPrimaryUserId("primary@key.id") .withAdditionalUserId("secondary@key.id") .withoutPassphrase() diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubKeyTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubKeyTest.java index fb4b6b4b..c6a4dd8d 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubKeyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubKeyTest.java @@ -61,9 +61,7 @@ public class AddSubKeyTest { secretKeys = PGPainless.modifyKeyRing(secretKeys) .addSubKey( - KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256)) - .withKeyFlags(KeyFlag.SIGN_DATA) - .withDefaultAlgorithms(), + KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256), KeyFlag.SIGN_DATA).build(), Passphrase.fromPassword("subKeyPassphrase"), PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("password123"))) .done(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/policy/PolicyTest.java b/pgpainless-core/src/test/java/org/pgpainless/policy/PolicyTest.java index 732f1b47..c4819861 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/policy/PolicyTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/policy/PolicyTest.java @@ -89,14 +89,14 @@ public class PolicyTest { @Test public void testAcceptableSymmetricKeyDecryptionAlgorithm() { - assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH)); - assertTrue(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId())); + assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH)); + assertTrue(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.BLOWFISH.getAlgorithmId())); } @Test public void testUnAcceptableSymmetricKeyDecryptionAlgorithm() { - assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128)); - assertFalse(policy.getSymmetricKeyDecryptionAlgoritmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId())); + assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128)); + assertFalse(policy.getSymmetricKeyDecryptionAlgorithmPolicy().isAcceptable(SymmetricKeyAlgorithm.CAMELLIA_128.getAlgorithmId())); } @Test diff --git a/pgpainless-core/src/test/java/org/pgpainless/util/BCUtilTest.java b/pgpainless-core/src/test/java/org/pgpainless/util/BCUtilTest.java index eb707e34..7cee1a7c 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/util/BCUtilTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/util/BCUtilTest.java @@ -47,12 +47,11 @@ public class BCUtilTest { throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException { PGPSecretKeyRing sec = PGPainless.generateKeyRing() - .withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) - .withKeyFlags(KeyFlag.ENCRYPT_COMMS) - .withDefaultAlgorithms()) - .withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) - .withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072), KeyFlag.ENCRYPT_COMMS).build()) + .withPrimaryKey(KeySpec.getBuilder( + KeyType.RSA(RsaLength._3072), + KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) + .build()) .withPrimaryUserId("donald@duck.tails").withoutPassphrase().build(); PGPPublicKeyRing pub = KeyRingUtils.publicKeyRingFrom(sec); diff --git a/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java b/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java index ebc15725..05f676cf 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/util/GuessPreferredHashAlgorithmTest.java @@ -41,15 +41,12 @@ public class GuessPreferredHashAlgorithmTest { @Test public void guessPreferredHashAlgorithmsAssumesHashAlgoUsedBySelfSig() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) - .withDetailedConfiguration() - // Do not specify preferred algorithms - .withPreferredSymmetricAlgorithms(new SymmetricKeyAlgorithm[] {}) - .withPreferredHashAlgorithms(new HashAlgorithm[] {}) - .withPreferredCompressionAlgorithms(new CompressionAlgorithm[] {}) - - .done()) + .withPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), + KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) + .overridePreferredHashAlgorithms(new HashAlgorithm[] {}) + .overridePreferredSymmetricKeyAlgorithms(new SymmetricKeyAlgorithm[] {}) + .overridePreferredCompressionAlgorithms(new CompressionAlgorithm[] {}) + .build()) .withPrimaryUserId("test@test.test") .withoutPassphrase() .build(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java index 772995cb..4bf93212 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java +++ b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java @@ -38,12 +38,12 @@ public class TestEncryptCommsStorageFlagsDifferentiated { @Test public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() - .withPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) - .withKeyFlags(KeyFlag.CERTIFY_OTHER, + .withPrimaryKey(KeySpec.getBuilder( + KeyType.RSA(RsaLength._3072), + KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS - ) - .withDefaultAlgorithms()) + ).build()) .withPrimaryUserId("cannot@encrypt.comms") .withoutPassphrase() .build();