From 7272027ef1fc0888dc0cf011ff7137544f7c4ecf Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 12 Jul 2018 23:21:09 +0200 Subject: [PATCH] Use passphrase in PGP key generation --- .../key/generation/KeyRingBuilder.java | 16 ++++++++-------- .../key/generation/KeyRingBuilderInterface.java | 5 ++--- .../pgpainless/pgpainless/util/Passphrase.java | 4 +++- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilder.java b/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilder.java index 65796f67..85f1e914 100644 --- a/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilder.java +++ b/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilder.java @@ -52,6 +52,7 @@ import org.pgpainless.pgpainless.key.generation.type.KeyType; import org.pgpainless.pgpainless.key.generation.type.RSA_GENERAL; import org.pgpainless.pgpainless.key.generation.type.curve.EllipticCurve; import org.pgpainless.pgpainless.key.generation.type.length.RsaLength; +import org.pgpainless.pgpainless.util.Passphrase; public class KeyRingBuilder implements KeyRingBuilderInterface { @@ -59,7 +60,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { private List keySpecs = new ArrayList<>(); private String userId; - private char[] passphrase; + private Passphrase passphrase; /** * Creates a simple RSA KeyPair of length {@code length} with user-id {@code userId}. @@ -143,12 +144,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { class WithPassphraseImpl implements WithPassphrase { @Override - public Build withPassphrase(String passphrase) { - return withPassphrase(passphrase.toCharArray()); - } - - @Override - public Build withPassphrase(char[] passphrase) { + public Build withPassphrase(Passphrase passphrase) { KeyRingBuilder.this.passphrase = passphrase; return new BuildImpl(); } @@ -176,7 +172,11 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { null : // unencrypted key pair, otherwise AES-256 encrypted new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calculator) .setProvider(BouncyCastleProvider.PROVIDER_NAME) - .build(passphrase); + .build(passphrase != null ? passphrase.getChars() : null); + + if (passphrase != null) { + passphrase.clear(); + } // First key is the Master Key KeySpec certKeySpec = keySpecs.get(0); diff --git a/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilderInterface.java b/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilderInterface.java index 64c803c0..f344be47 100644 --- a/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilderInterface.java +++ b/src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilderInterface.java @@ -21,6 +21,7 @@ import java.security.NoSuchProviderException; import org.bouncycastle.openpgp.PGPException; import org.pgpainless.pgpainless.key.collection.PGPKeyRing; +import org.pgpainless.pgpainless.util.Passphrase; public interface KeyRingBuilderInterface { @@ -38,9 +39,7 @@ public interface KeyRingBuilderInterface { interface WithPassphrase { - Build withPassphrase(String passphrase); - - Build withPassphrase(char[] passphrase); + Build withPassphrase(Passphrase passphrase); Build withoutPassphrase(); } diff --git a/src/main/java/org/pgpainless/pgpainless/util/Passphrase.java b/src/main/java/org/pgpainless/pgpainless/util/Passphrase.java index 9be26738..0938108a 100644 --- a/src/main/java/org/pgpainless/pgpainless/util/Passphrase.java +++ b/src/main/java/org/pgpainless/pgpainless/util/Passphrase.java @@ -39,6 +39,8 @@ public class Passphrase { } public char[] getChars() { - return chars; + char[] copy = new char[chars.length]; + System.arraycopy(chars, 0, copy, 0, chars.length); + return copy; } }