mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Remove usage of deprecated decryption/verification API in tests
This commit is contained in:
parent
715d055b41
commit
88891e1337
24 changed files with 342 additions and 390 deletions
|
@ -15,19 +15,31 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.decryption_verification;
|
package org.pgpainless.decryption_verification;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
import javax.annotation.Nullable;
|
import javax.annotation.Nullable;
|
||||||
|
|
||||||
|
import org.bouncycastle.bcpg.MarkerPacket;
|
||||||
|
import org.bouncycastle.openpgp.PGPCompressedData;
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
|
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
|
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||||
|
import org.bouncycastle.openpgp.PGPUtil;
|
||||||
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
import org.pgpainless.util.Passphrase;
|
import org.pgpainless.util.Passphrase;
|
||||||
|
|
||||||
|
@ -105,6 +117,48 @@ public class ConsumerOptions {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ConsumerOptions addVerificationOfDetachedSignatures(InputStream signatureInputStream) throws IOException, PGPException {
|
||||||
|
List<PGPSignature> signatures = new ArrayList<>();
|
||||||
|
InputStream pgpIn = PGPUtil.getDecoderStream(signatureInputStream);
|
||||||
|
PGPObjectFactory objectFactory = new PGPObjectFactory(
|
||||||
|
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
|
||||||
|
|
||||||
|
Object nextObject = objectFactory.nextObject();
|
||||||
|
while (nextObject != null) {
|
||||||
|
if (nextObject instanceof MarkerPacket) {
|
||||||
|
nextObject = objectFactory.nextObject();
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (nextObject instanceof PGPCompressedData) {
|
||||||
|
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
|
||||||
|
objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
|
||||||
|
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
|
||||||
|
nextObject = objectFactory.nextObject();
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (nextObject instanceof PGPSignatureList) {
|
||||||
|
PGPSignatureList signatureList = (PGPSignatureList) nextObject;
|
||||||
|
for (PGPSignature s : signatureList) {
|
||||||
|
signatures.add(s);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (nextObject instanceof PGPSignature) {
|
||||||
|
signatures.add((PGPSignature) nextObject);
|
||||||
|
}
|
||||||
|
nextObject = objectFactory.nextObject();
|
||||||
|
}
|
||||||
|
pgpIn.close();
|
||||||
|
|
||||||
|
return addVerificationOfDetachedSignatures(signatures);
|
||||||
|
}
|
||||||
|
|
||||||
|
public ConsumerOptions addVerificationOfDetachedSignatures(List<PGPSignature> detachedSignatures) {
|
||||||
|
for (PGPSignature signature : detachedSignatures) {
|
||||||
|
addVerificationOfDetachedSignature(signature);
|
||||||
|
}
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add a detached signature for the signature verification process.
|
* Add a detached signature for the signature verification process.
|
||||||
*
|
*
|
||||||
|
@ -183,6 +237,20 @@ public class ConsumerOptions {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add the keys in the provided key collection for message decryption.
|
||||||
|
*
|
||||||
|
* @param keys key collection
|
||||||
|
* @param keyRingProtector protector for encrypted secret keys
|
||||||
|
* @return options
|
||||||
|
*/
|
||||||
|
public ConsumerOptions addDecryptionKeys(@Nonnull PGPSecretKeyRingCollection keys, @Nonnull SecretKeyRingProtector keyRingProtector) {
|
||||||
|
for (PGPSecretKeyRing key : keys) {
|
||||||
|
addDecryptionKey(key, keyRingProtector);
|
||||||
|
}
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add a passphrase for message decryption.
|
* Add a passphrase for message decryption.
|
||||||
*
|
*
|
||||||
|
|
|
@ -15,22 +15,27 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.signature;
|
package org.pgpainless.signature;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.nio.charset.Charset;
|
import java.nio.charset.Charset;
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
import org.bouncycastle.bcpg.MarkerPacket;
|
||||||
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
|
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
|
||||||
import org.bouncycastle.bcpg.sig.RevocationReason;
|
import org.bouncycastle.bcpg.sig.RevocationReason;
|
||||||
import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
|
import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
|
||||||
import org.bouncycastle.openpgp.PGPMarker;
|
import org.bouncycastle.openpgp.PGPCompressedData;
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||||
|
import org.bouncycastle.openpgp.PGPUtil;
|
||||||
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
|
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
|
||||||
import org.bouncycastle.util.encoders.Hex;
|
import org.bouncycastle.util.encoders.Hex;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
@ -41,7 +46,6 @@ import org.pgpainless.key.util.OpenPgpKeyAttributeUtil;
|
||||||
import org.pgpainless.key.util.RevocationAttributes;
|
import org.pgpainless.key.util.RevocationAttributes;
|
||||||
import org.pgpainless.policy.Policy;
|
import org.pgpainless.policy.Policy;
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
||||||
import org.pgpainless.util.BCUtil;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Utility methods related to signatures.
|
* Utility methods related to signatures.
|
||||||
|
@ -183,18 +187,44 @@ public class SignatureUtils {
|
||||||
* @return signature list
|
* @return signature list
|
||||||
* @throws IOException if the signatures cannot be read
|
* @throws IOException if the signatures cannot be read
|
||||||
*/
|
*/
|
||||||
public static PGPSignatureList readSignatures(String encodedSignatures) throws IOException {
|
public static List<PGPSignature> readSignatures(String encodedSignatures) throws IOException, PGPException {
|
||||||
InputStream inputStream = BCUtil.getPgpDecoderInputStream(encodedSignatures.getBytes(Charset.forName("UTF8")));
|
InputStream inputStream = new ByteArrayInputStream(encodedSignatures.getBytes(Charset.forName("UTF8")));
|
||||||
PGPObjectFactory objectFactory = new PGPObjectFactory(inputStream, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
|
return readSignatures(inputStream);
|
||||||
Object next = objectFactory.nextObject();
|
}
|
||||||
while (next != null) {
|
|
||||||
if (next instanceof PGPMarker) {
|
public static List<PGPSignature> readSignatures(InputStream inputStream) throws IOException, PGPException {
|
||||||
next = objectFactory.nextObject();
|
List<PGPSignature> signatures = new ArrayList<>();
|
||||||
|
InputStream pgpIn = PGPUtil.getDecoderStream(inputStream);
|
||||||
|
PGPObjectFactory objectFactory = new PGPObjectFactory(
|
||||||
|
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
|
||||||
|
|
||||||
|
Object nextObject = objectFactory.nextObject();
|
||||||
|
while (nextObject != null) {
|
||||||
|
if (nextObject instanceof MarkerPacket) {
|
||||||
|
nextObject = objectFactory.nextObject();
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
return (PGPSignatureList) next;
|
if (nextObject instanceof PGPCompressedData) {
|
||||||
|
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
|
||||||
|
objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
|
||||||
|
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
|
||||||
|
nextObject = objectFactory.nextObject();
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
return null;
|
if (nextObject instanceof PGPSignatureList) {
|
||||||
|
PGPSignatureList signatureList = (PGPSignatureList) nextObject;
|
||||||
|
for (PGPSignature s : signatureList) {
|
||||||
|
signatures.add(s);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (nextObject instanceof PGPSignature) {
|
||||||
|
signatures.add((PGPSignature) nextObject);
|
||||||
|
}
|
||||||
|
nextObject = objectFactory.nextObject();
|
||||||
|
}
|
||||||
|
pgpIn.close();
|
||||||
|
|
||||||
|
return signatures;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String getSignatureDigestPrefix(PGPSignature signature) {
|
public static String getSignatureDigestPrefix(PGPSignature signature) {
|
||||||
|
|
|
@ -23,12 +23,9 @@ import java.io.ByteArrayInputStream;
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.charset.Charset;
|
import java.nio.charset.Charset;
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
|
@ -38,7 +35,7 @@ import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.TestKeys;
|
import org.pgpainless.key.TestKeys;
|
||||||
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
import org.pgpainless.key.util.KeyRingUtils;
|
||||||
|
|
||||||
public class DecryptAndVerifyMessageTest {
|
public class DecryptAndVerifyMessageTest {
|
||||||
|
|
||||||
|
@ -60,12 +57,13 @@ public class DecryptAndVerifyMessageTest {
|
||||||
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
ImplementationFactory.setFactoryImplementation(implementationFactory);
|
||||||
String encryptedMessage = TestKeys.MSG_SIGN_CRYPT_JULIET_JULIET;
|
String encryptedMessage = TestKeys.MSG_SIGN_CRYPT_JULIET_JULIET;
|
||||||
|
|
||||||
|
ConsumerOptions options = new ConsumerOptions()
|
||||||
|
.addDecryptionKey(juliet)
|
||||||
|
.addVerificationCert(KeyRingUtils.publicKeyRingFrom(juliet));
|
||||||
|
|
||||||
DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(new ByteArrayInputStream(encryptedMessage.getBytes()))
|
.onInputStream(new ByteArrayInputStream(encryptedMessage.getBytes()))
|
||||||
.decryptWith(new UnprotectedKeysProtector(), new PGPSecretKeyRingCollection(Collections.singleton(juliet)))
|
.withOptions(options);
|
||||||
.verifyWith(Collections.singleton(new PGPPublicKeyRing(Collections.singletonList(juliet.getPublicKey()))))
|
|
||||||
.ignoreMissingPublicKeys()
|
|
||||||
.build();
|
|
||||||
|
|
||||||
ByteArrayOutputStream toPlain = new ByteArrayOutputStream();
|
ByteArrayOutputStream toPlain = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(decryptor, toPlain);
|
Streams.pipeAll(decryptor, toPlain);
|
||||||
|
|
|
@ -21,13 +21,11 @@ import java.io.ByteArrayInputStream;
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
|
@ -35,7 +33,6 @@ import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
||||||
import org.pgpainless.key.util.KeyRingUtils;
|
import org.pgpainless.key.util.KeyRingUtils;
|
||||||
import org.pgpainless.util.selection.key.impl.EncryptionKeySelectionStrategy;
|
import org.pgpainless.util.selection.key.impl.EncryptionKeySelectionStrategy;
|
||||||
|
|
||||||
|
@ -144,11 +141,12 @@ public class DecryptHiddenRecipientMessage {
|
||||||
"=1knQ\n" +
|
"=1knQ\n" +
|
||||||
"-----END PGP MESSAGE-----\n";
|
"-----END PGP MESSAGE-----\n";
|
||||||
ByteArrayInputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
ByteArrayInputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
|
ConsumerOptions options = new ConsumerOptions()
|
||||||
|
.addDecryptionKey(secretKeys);
|
||||||
|
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(messageIn)
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), new PGPSecretKeyRingCollection(Collections.singletonList(secretKeys)))
|
.onInputStream(messageIn)
|
||||||
.doNotVerify()
|
.withOptions(options);
|
||||||
.build();
|
|
||||||
|
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(decryptionStream, out);
|
Streams.pipeAll(decryptionStream, out);
|
||||||
|
|
|
@ -154,9 +154,9 @@ public class ModificationDetectionTests {
|
||||||
InputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
InputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(in)
|
.onInputStream(in)
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeyRings)
|
.withOptions(new ConsumerOptions()
|
||||||
.doNotVerify()
|
.addDecryptionKeys(secretKeyRings, SecretKeyRingProtector.unprotectedKeys())
|
||||||
.build();
|
);
|
||||||
|
|
||||||
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||||
assertThrows(EOFException.class, () -> {
|
assertThrows(EOFException.class, () -> {
|
||||||
|
@ -187,9 +187,9 @@ public class ModificationDetectionTests {
|
||||||
ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(in)
|
.onInputStream(in)
|
||||||
.decryptWith(getDecryptionKey())
|
.withOptions(new ConsumerOptions()
|
||||||
.doNotVerify()
|
.addDecryptionKeys(getDecryptionKey(), SecretKeyRingProtector.unprotectedKeys())
|
||||||
.build();
|
);
|
||||||
|
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(decryptionStream, out);
|
Streams.pipeAll(decryptionStream, out);
|
||||||
|
@ -218,9 +218,9 @@ public class ModificationDetectionTests {
|
||||||
ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(in)
|
.onInputStream(in)
|
||||||
.decryptWith(getDecryptionKey())
|
.withOptions(new ConsumerOptions()
|
||||||
.doNotVerify()
|
.addDecryptionKeys(getDecryptionKey(), SecretKeyRingProtector.unprotectedKeys())
|
||||||
.build();
|
);
|
||||||
|
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(decryptionStream, out);
|
Streams.pipeAll(decryptionStream, out);
|
||||||
|
@ -387,9 +387,9 @@ public class ModificationDetectionTests {
|
||||||
|
|
||||||
assertThrows(MessageNotIntegrityProtectedException.class, () -> PGPainless.decryptAndOrVerify()
|
assertThrows(MessageNotIntegrityProtectedException.class, () -> PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(new ByteArrayInputStream(ciphertext.getBytes(StandardCharsets.UTF_8)))
|
.onInputStream(new ByteArrayInputStream(ciphertext.getBytes(StandardCharsets.UTF_8)))
|
||||||
.decryptWith(SecretKeyRingProtector.unlockAllKeysWith(passphrase, secretKeyRing), new PGPSecretKeyRingCollection(Collections.singleton(secretKeyRing)))
|
.withOptions(new ConsumerOptions().addDecryptionKey(secretKeyRing,
|
||||||
.doNotVerify()
|
SecretKeyRingProtector.unlockAllKeysWith(passphrase, secretKeyRing)))
|
||||||
.build());
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
private PGPSecretKeyRingCollection getDecryptionKey() throws IOException, PGPException {
|
private PGPSecretKeyRingCollection getDecryptionKey() throws IOException, PGPException {
|
||||||
|
|
|
@ -21,17 +21,14 @@ import java.io.ByteArrayInputStream;
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
||||||
|
|
||||||
public class RecursionDepthTest {
|
public class RecursionDepthTest {
|
||||||
|
|
||||||
|
@ -127,7 +124,6 @@ public class RecursionDepthTest {
|
||||||
"=miES\n" +
|
"=miES\n" +
|
||||||
"-----END PGP PRIVATE KEY BLOCK-----\n";
|
"-----END PGP PRIVATE KEY BLOCK-----\n";
|
||||||
PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(key);
|
PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(key);
|
||||||
PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Collections.singletonList(secretKey));
|
|
||||||
|
|
||||||
// message contains compressed data that contains compressed data that contains... 64 times.
|
// message contains compressed data that contains compressed data that contains... 64 times.
|
||||||
String msg = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String msg = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
|
@ -161,9 +157,7 @@ public class RecursionDepthTest {
|
||||||
assertThrows(PGPException.class, () -> {
|
assertThrows(PGPException.class, () -> {
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8)))
|
.onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8)))
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys)
|
.withOptions(new ConsumerOptions().addDecryptionKey(secretKey));
|
||||||
.doNotVerify()
|
|
||||||
.build();
|
|
||||||
|
|
||||||
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(decryptionStream, outputStream);
|
Streams.pipeAll(decryptionStream, outputStream);
|
||||||
|
|
|
@ -20,6 +20,7 @@ import static org.junit.jupiter.api.Assertions.fail;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
@ -27,7 +28,6 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.exception.UnacceptableAlgorithmException;
|
import org.pgpainless.exception.UnacceptableAlgorithmException;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test PGPainless' default symmetric key algorithm policy for decryption of messages.
|
* Test PGPainless' default symmetric key algorithm policy for decryption of messages.
|
||||||
|
@ -146,11 +146,13 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
|
||||||
"=w0KS\n" +
|
"=w0KS\n" +
|
||||||
"-----END PGP MESSAGE-----\n";
|
"-----END PGP MESSAGE-----\n";
|
||||||
|
|
||||||
|
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
|
|
||||||
assertThrows(UnacceptableAlgorithmException.class, () ->
|
assertThrows(UnacceptableAlgorithmException.class, () ->
|
||||||
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)))
|
PGPainless.decryptAndOrVerify()
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys)
|
.onInputStream(messageIn)
|
||||||
.doNotVerify()
|
.withOptions(new ConsumerOptions().addDecryptionKey(secretKeys))
|
||||||
.build());
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -171,11 +173,14 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
|
||||||
"WLlG7ee7fRqQPTSP+OLh4Cm8zDIaCNowj0Ua4KwcWZDYERzg\n" +
|
"WLlG7ee7fRqQPTSP+OLh4Cm8zDIaCNowj0Ua4KwcWZDYERzg\n" +
|
||||||
"=j71X\n" +
|
"=j71X\n" +
|
||||||
"-----END PGP ARMORED FILE-----\n";
|
"-----END PGP ARMORED FILE-----\n";
|
||||||
|
|
||||||
|
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
|
|
||||||
assertThrows(UnacceptableAlgorithmException.class, () ->
|
assertThrows(UnacceptableAlgorithmException.class, () ->
|
||||||
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)))
|
PGPainless.decryptAndOrVerify()
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys)
|
.onInputStream(messageIn)
|
||||||
.doNotVerify()
|
.withOptions(new ConsumerOptions().addDecryptionKey(secretKeys))
|
||||||
.build());
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -197,11 +202,11 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
|
||||||
"=qNxx\n" +
|
"=qNxx\n" +
|
||||||
"-----END PGP ARMORED FILE-----\n";
|
"-----END PGP ARMORED FILE-----\n";
|
||||||
|
|
||||||
|
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
assertThrows(UnacceptableAlgorithmException.class, () ->
|
assertThrows(UnacceptableAlgorithmException.class, () ->
|
||||||
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)))
|
PGPainless.decryptAndOrVerify().onInputStream(messageIn)
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys)
|
.withOptions(new ConsumerOptions().addDecryptionKey(secretKeys))
|
||||||
.doNotVerify()
|
);
|
||||||
.build());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Control: In contrast, AES256 is acceptable
|
// Control: In contrast, AES256 is acceptable
|
||||||
|
@ -222,11 +227,10 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
|
||||||
"4yjtOxfmmp9Fac50SS5i9dzBdnVNllLs+ADQt+LksJnzTW1IINGnIw8=\n" +
|
"4yjtOxfmmp9Fac50SS5i9dzBdnVNllLs+ADQt+LksJnzTW1IINGnIw8=\n" +
|
||||||
"=kLfl\n" +
|
"=kLfl\n" +
|
||||||
"-----END PGP ARMORED FILE-----\n";
|
"-----END PGP ARMORED FILE-----\n";
|
||||||
|
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
|
|
||||||
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)))
|
PGPainless.decryptAndOrVerify().onInputStream(messageIn)
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys)
|
.withOptions(new ConsumerOptions().addDecryptionKey(secretKeys));
|
||||||
.doNotVerify()
|
|
||||||
.build();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -72,18 +72,17 @@ public class VerifyWithMissingPublicKeyCallback {
|
||||||
|
|
||||||
DecryptionStream verificationStream = PGPainless.decryptAndOrVerify()
|
DecryptionStream verificationStream = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(new ByteArrayInputStream(signOut.toByteArray()))
|
.onInputStream(new ByteArrayInputStream(signOut.toByteArray()))
|
||||||
.doNotDecrypt()
|
.withOptions(new ConsumerOptions()
|
||||||
.verifyWith(unrelatedKeys)
|
.addVerificationCert(unrelatedKeys)
|
||||||
.handleMissingPublicKeysWith(
|
.setMissingCertificateCallback(new MissingPublicKeyCallback() {
|
||||||
new MissingPublicKeyCallback() {
|
|
||||||
@Nullable
|
@Nullable
|
||||||
@Override
|
@Override
|
||||||
public PGPPublicKeyRing onMissingPublicKeyEncountered(@Nonnull Long keyId) {
|
public PGPPublicKeyRing onMissingPublicKeyEncountered(@Nonnull Long keyId) {
|
||||||
assertEquals(signingKey.getKeyID(), keyId, "Signing key-ID mismatch.");
|
assertEquals(signingKey.getKeyID(), keyId, "Signing key-ID mismatch.");
|
||||||
return signingPubKeys;
|
return signingPubKeys;
|
||||||
}
|
}
|
||||||
}
|
}));
|
||||||
).build();
|
|
||||||
ByteArrayOutputStream plainOut = new ByteArrayOutputStream();
|
ByteArrayOutputStream plainOut = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(verificationStream, plainOut);
|
Streams.pipeAll(verificationStream, plainOut);
|
||||||
verificationStream.close();
|
verificationStream.close();
|
||||||
|
|
|
@ -27,9 +27,7 @@ import java.io.IOException;
|
||||||
import java.nio.charset.Charset;
|
import java.nio.charset.Charset;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.logging.Logger;
|
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
@ -44,6 +42,7 @@ import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.DocumentSignatureType;
|
import org.pgpainless.algorithm.DocumentSignatureType;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
|
@ -61,7 +60,6 @@ import org.pgpainless.util.ArmoredOutputStreamFactory;
|
||||||
|
|
||||||
public class EncryptDecryptTest {
|
public class EncryptDecryptTest {
|
||||||
|
|
||||||
private static final Logger LOGGER = Logger.getLogger(EncryptDecryptTest.class.getName());
|
|
||||||
// Don't use StandardCharsets.UTF_8 because of Android API level.
|
// Don't use StandardCharsets.UTF_8 because of Android API level.
|
||||||
private static final Charset UTF8 = Charset.forName("UTF-8");
|
private static final Charset UTF8 = Charset.forName("UTF-8");
|
||||||
|
|
||||||
|
@ -178,10 +176,10 @@ public class EncryptDecryptTest {
|
||||||
ByteArrayInputStream envelopeIn = new ByteArrayInputStream(encryptedSecretMessage);
|
ByteArrayInputStream envelopeIn = new ByteArrayInputStream(encryptedSecretMessage);
|
||||||
DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(envelopeIn)
|
.onInputStream(envelopeIn)
|
||||||
.decryptWith(keyDecryptor, KeyRingUtils.keyRingsToKeyRingCollection(recipientSec))
|
.withOptions(new ConsumerOptions()
|
||||||
.verifyWith(KeyRingUtils.keyRingsToKeyRingCollection(senderPub))
|
.addDecryptionKey(recipientSec, keyDecryptor)
|
||||||
.ignoreMissingPublicKeys()
|
.addVerificationCert(senderPub)
|
||||||
.build();
|
);
|
||||||
|
|
||||||
ByteArrayOutputStream decryptedSecretMessage = new ByteArrayOutputStream();
|
ByteArrayOutputStream decryptedSecretMessage = new ByteArrayOutputStream();
|
||||||
|
|
||||||
|
@ -227,12 +225,13 @@ public class EncryptDecryptTest {
|
||||||
// CHECKSTYLE:ON
|
// CHECKSTYLE:ON
|
||||||
|
|
||||||
inputStream = new ByteArrayInputStream(testMessage.getBytes());
|
inputStream = new ByteArrayInputStream(testMessage.getBytes());
|
||||||
DecryptionStream verifier = PGPainless.decryptAndOrVerify().onInputStream(inputStream)
|
DecryptionStream verifier = PGPainless.decryptAndOrVerify()
|
||||||
.doNotDecrypt()
|
.onInputStream(inputStream)
|
||||||
.verifyDetachedSignature(new ByteArrayInputStream(armorSig.getBytes()))
|
.withOptions(new ConsumerOptions()
|
||||||
.verifyWith(Collections.singleton(KeyRingUtils.publicKeyRingFrom(signingKeys)))
|
.addVerificationOfDetachedSignatures(new ByteArrayInputStream(armorSig.getBytes()))
|
||||||
.ignoreMissingPublicKeys()
|
.addVerificationCert(KeyRingUtils.publicKeyRingFrom(signingKeys))
|
||||||
.build();
|
);
|
||||||
|
|
||||||
dummyOut = new ByteArrayOutputStream();
|
dummyOut = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(verifier, dummyOut);
|
Streams.pipeAll(verifier, dummyOut);
|
||||||
verifier.close();
|
verifier.close();
|
||||||
|
@ -257,16 +256,12 @@ public class EncryptDecryptTest {
|
||||||
Streams.pipeAll(inputStream, signer);
|
Streams.pipeAll(inputStream, signer);
|
||||||
signer.close();
|
signer.close();
|
||||||
|
|
||||||
// CHECKSTYLE:OFF
|
|
||||||
System.out.println(signOut.toString());
|
|
||||||
// CHECKSTYLE:ON
|
|
||||||
|
|
||||||
inputStream = new ByteArrayInputStream(signOut.toByteArray());
|
inputStream = new ByteArrayInputStream(signOut.toByteArray());
|
||||||
DecryptionStream verifier = PGPainless.decryptAndOrVerify().onInputStream(inputStream)
|
DecryptionStream verifier = PGPainless.decryptAndOrVerify()
|
||||||
.doNotDecrypt()
|
.onInputStream(inputStream)
|
||||||
.verifyWith(Collections.singleton(KeyRingUtils.publicKeyRingFrom(signingKeys)))
|
.withOptions(new ConsumerOptions()
|
||||||
.ignoreMissingPublicKeys()
|
.addVerificationCert(KeyRingUtils.publicKeyRingFrom(signingKeys))
|
||||||
.build();
|
);
|
||||||
signOut = new ByteArrayOutputStream();
|
signOut = new ByteArrayOutputStream();
|
||||||
Streams.pipeAll(verifier, signOut);
|
Streams.pipeAll(verifier, signOut);
|
||||||
verifier.close();
|
verifier.close();
|
||||||
|
|
|
@ -23,20 +23,18 @@ import java.io.IOException;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.StreamEncoding;
|
import org.pgpainless.algorithm.StreamEncoding;
|
||||||
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
||||||
import org.pgpainless.key.util.KeyRingUtils;
|
import org.pgpainless.key.util.KeyRingUtils;
|
||||||
|
|
||||||
public class FileInfoTest {
|
public class FileInfoTest {
|
||||||
|
@ -85,9 +83,8 @@ public class FileInfoTest {
|
||||||
|
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(cryptIn)
|
.onInputStream(cryptIn)
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), new PGPSecretKeyRingCollection(Collections.singleton(secretKeys)))
|
.withOptions(new ConsumerOptions()
|
||||||
.doNotVerify()
|
.addDecryptionKey(secretKeys));
|
||||||
.build();
|
|
||||||
Streams.pipeAll(decryptionStream, plainOut);
|
Streams.pipeAll(decryptionStream, plainOut);
|
||||||
|
|
||||||
decryptionStream.close();
|
decryptionStream.close();
|
||||||
|
|
|
@ -1,127 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2018 Paul Schaub.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.pgpainless.encryption_signing;
|
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.ByteArrayOutputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.OutputStream;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.security.NoSuchProviderException;
|
|
||||||
import java.util.Random;
|
|
||||||
import java.util.logging.Level;
|
|
||||||
import java.util.logging.Logger;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.algorithm.DocumentSignatureType;
|
|
||||||
import org.pgpainless.key.TestKeys;
|
|
||||||
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
||||||
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
|
||||||
import org.pgpainless.key.util.KeyRingUtils;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Class used to determine the length of cipher-text depending on used algorithms.
|
|
||||||
*/
|
|
||||||
public class LengthTest {
|
|
||||||
|
|
||||||
private static final Logger LOGGER = Logger.getLogger(LengthTest.class.getName());
|
|
||||||
|
|
||||||
// @Test
|
|
||||||
public void ecEc()
|
|
||||||
throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
|
|
||||||
IOException {
|
|
||||||
LOGGER.log(Level.FINER, "\nEC -> EC");
|
|
||||||
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleEcKeyRing("simplejid@server.tld");
|
|
||||||
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleEcKeyRing("otherjid@other.srv");
|
|
||||||
encryptDecryptForSecretKeyRings(sender, recipient);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// @Test
|
|
||||||
public void RsaRsa()
|
|
||||||
throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
|
|
||||||
IOException {
|
|
||||||
LOGGER.log(Level.FINER, "\nRSA-2048 -> RSA-2048");
|
|
||||||
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("simplejid@server.tld", RsaLength._2048);
|
|
||||||
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleRsaKeyRing("otherjid@other.srv", RsaLength._2048);
|
|
||||||
encryptDecryptForSecretKeyRings(sender, recipient);
|
|
||||||
}
|
|
||||||
|
|
||||||
// @Test
|
|
||||||
public void RsaRsa4096()
|
|
||||||
throws PGPException,
|
|
||||||
IOException {
|
|
||||||
LOGGER.log(Level.FINER, "\nRSA-4096 -> RSA-4096");
|
|
||||||
PGPSecretKeyRing sender = PGPainless.readKeyRing().secretKeyRing(TestKeys.JULIET_SEC);
|
|
||||||
PGPSecretKeyRing recipient = PGPainless.readKeyRing().secretKeyRing(TestKeys.ROMEO_SEC);
|
|
||||||
encryptDecryptForSecretKeyRings(sender, recipient);
|
|
||||||
}
|
|
||||||
|
|
||||||
// @Test
|
|
||||||
public void rsaEc() throws PGPException, IOException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
|
|
||||||
NoSuchProviderException {
|
|
||||||
LOGGER.log(Level.FINER, "\nRSA-2048 -> EC");
|
|
||||||
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("simplejid@server.tld", RsaLength._2048);
|
|
||||||
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleEcKeyRing("otherjid@other.srv");
|
|
||||||
encryptDecryptForSecretKeyRings(sender, recipient);
|
|
||||||
}
|
|
||||||
|
|
||||||
// @Test
|
|
||||||
public void ecRsa()
|
|
||||||
throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
|
|
||||||
IOException {
|
|
||||||
LOGGER.log(Level.FINER, "\nEC -> RSA-2048");
|
|
||||||
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleEcKeyRing("simplejid@server.tld");
|
|
||||||
@SuppressWarnings("deprecation")
|
|
||||||
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleRsaKeyRing("otherjid@other.srv", RsaLength._2048);
|
|
||||||
encryptDecryptForSecretKeyRings(sender, recipient);
|
|
||||||
}
|
|
||||||
|
|
||||||
private void encryptDecryptForSecretKeyRings(PGPSecretKeyRing senderSec, PGPSecretKeyRing recipientSec)
|
|
||||||
throws PGPException,
|
|
||||||
IOException {
|
|
||||||
PGPPublicKeyRing recipientPub = KeyRingUtils.publicKeyRingFrom(recipientSec);
|
|
||||||
PGPPublicKeyRing senderPub = KeyRingUtils.publicKeyRingFrom(senderSec);
|
|
||||||
|
|
||||||
SecretKeyRingProtector keyDecryptor = new UnprotectedKeysProtector();
|
|
||||||
|
|
||||||
for (int i = 1; i <= 100; i++) {
|
|
||||||
byte[] secretMessage = new byte[i * 20];
|
|
||||||
new Random().nextBytes(secretMessage);
|
|
||||||
|
|
||||||
ByteArrayOutputStream envelope = new ByteArrayOutputStream();
|
|
||||||
|
|
||||||
OutputStream encryptor = PGPainless.encryptAndOrSign()
|
|
||||||
.onOutputStream(envelope)
|
|
||||||
.toRecipient(recipientPub)
|
|
||||||
.and()
|
|
||||||
.signInlineWith(keyDecryptor, senderSec, "simplejid@server.tld", DocumentSignatureType.BINARY_DOCUMENT)
|
|
||||||
.noArmor();
|
|
||||||
|
|
||||||
Streams.pipeAll(new ByteArrayInputStream(secretMessage), encryptor);
|
|
||||||
encryptor.close();
|
|
||||||
byte[] encryptedSecretMessage = envelope.toByteArray();
|
|
||||||
|
|
||||||
LOGGER.log(Level.FINER,"\n" + encryptedSecretMessage.length);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -89,8 +89,7 @@ public class RespectPreferredSymmetricAlgorithmDuringEncryptionTest {
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||||
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign().onOutputStream(out)
|
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign().onOutputStream(out)
|
||||||
.withOptions(
|
.withOptions(
|
||||||
ProducerOptions.encrypt(
|
ProducerOptions.encrypt(new EncryptionOptions()
|
||||||
new EncryptionOptions()
|
|
||||||
.addRecipient(publicKeys)
|
.addRecipient(publicKeys)
|
||||||
));
|
));
|
||||||
|
|
||||||
|
|
|
@ -26,8 +26,6 @@ import java.nio.charset.StandardCharsets;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
|
@ -41,12 +39,11 @@ import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.DocumentSignatureType;
|
import org.pgpainless.algorithm.DocumentSignatureType;
|
||||||
import org.pgpainless.algorithm.EncryptionPurpose;
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
import org.pgpainless.exception.KeyValidationException;
|
import org.pgpainless.exception.KeyValidationException;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
|
||||||
import org.pgpainless.key.TestKeys;
|
import org.pgpainless.key.TestKeys;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
import org.pgpainless.key.util.KeyRingUtils;
|
import org.pgpainless.key.util.KeyRingUtils;
|
||||||
|
@ -71,15 +68,16 @@ public class SigningTest {
|
||||||
PGPPublicKeyRingCollection keys = new PGPPublicKeyRingCollection(Arrays.asList(julietKeys, romeoKeys));
|
PGPPublicKeyRingCollection keys = new PGPPublicKeyRingCollection(Arrays.asList(julietKeys, romeoKeys));
|
||||||
|
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||||
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign(EncryptionPurpose.STORAGE)
|
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
|
||||||
.onOutputStream(out)
|
.onOutputStream(out)
|
||||||
.toRecipients(keys)
|
.withOptions(ProducerOptions.signAndEncrypt(
|
||||||
.and()
|
EncryptionOptions.encryptDataAtRest()
|
||||||
.toRecipient(KeyRingUtils.publicKeyRingFrom(cryptieKeys))
|
.addRecipients(keys)
|
||||||
.and()
|
.addRecipient(KeyRingUtils.publicKeyRingFrom(cryptieKeys)),
|
||||||
.signInlineWith(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, cryptieSigningKey),
|
new SigningOptions()
|
||||||
|
.addInlineSignature(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, cryptieSigningKey),
|
||||||
cryptieKeys, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)
|
cryptieKeys, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)
|
||||||
.asciiArmor();
|
).setAsciiArmor(true));
|
||||||
|
|
||||||
byte[] messageBytes = "This message is signed and encrypted to Romeo and Juliet.".getBytes(StandardCharsets.UTF_8);
|
byte[] messageBytes = "This message is signed and encrypted to Romeo and Juliet.".getBytes(StandardCharsets.UTF_8);
|
||||||
ByteArrayInputStream message = new ByteArrayInputStream(messageBytes);
|
ByteArrayInputStream message = new ByteArrayInputStream(messageBytes);
|
||||||
|
@ -94,16 +92,14 @@ public class SigningTest {
|
||||||
PGPSecretKeyRing julietSecret = TestKeys.getJulietSecretKeyRing();
|
PGPSecretKeyRing julietSecret = TestKeys.getJulietSecretKeyRing();
|
||||||
|
|
||||||
PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Arrays.asList(romeoSecret, julietSecret));
|
PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Arrays.asList(romeoSecret, julietSecret));
|
||||||
Set<OpenPgpV4Fingerprint> trustedFingerprints = new HashSet<>();
|
|
||||||
trustedFingerprints.add(new OpenPgpV4Fingerprint(cryptieKeys));
|
|
||||||
trustedFingerprints.add(new OpenPgpV4Fingerprint(julietKeys));
|
|
||||||
PGPPublicKeyRingCollection verificationKeys = new PGPPublicKeyRingCollection(Arrays.asList(KeyRingUtils.publicKeyRingFrom(cryptieKeys), romeoKeys));
|
PGPPublicKeyRingCollection verificationKeys = new PGPPublicKeyRingCollection(Arrays.asList(KeyRingUtils.publicKeyRingFrom(cryptieKeys), romeoKeys));
|
||||||
|
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(cryptIn)
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.decryptWith(secretKeys)
|
.onInputStream(cryptIn)
|
||||||
.verifyWith(trustedFingerprints, verificationKeys)
|
.withOptions(new ConsumerOptions()
|
||||||
.ignoreMissingPublicKeys()
|
.addDecryptionKeys(secretKeys, SecretKeyRingProtector.unprotectedKeys())
|
||||||
.build();
|
.addVerificationCerts(verificationKeys)
|
||||||
|
);
|
||||||
|
|
||||||
ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
|
ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,7 @@ import java.io.InputStream;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
@ -59,7 +60,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
private Policy policy = PGPainless.getPolicy();
|
private Policy policy = PGPainless.getPolicy();
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void baseCase() throws IOException {
|
public void baseCase() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -118,7 +119,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingIssuerFpOnly() throws IOException {
|
public void subkeyBindingIssuerFpOnly() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -177,7 +178,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingIssuerV6IssuerFp() throws IOException {
|
public void subkeyBindingIssuerV6IssuerFp() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -236,7 +237,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingIssuerFakeIssuer() throws IOException {
|
public void subkeyBindingIssuerFakeIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -295,7 +296,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingFakeIssuerIssuer() throws IOException {
|
public void subkeyBindingFakeIssuerIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -354,7 +355,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingFakeIssuer() throws IOException {
|
public void subkeyBindingFakeIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -413,7 +414,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingNoIssuer() throws IOException {
|
public void subkeyBindingNoIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -471,7 +472,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void unknownSubpacketHashed() throws IOException {
|
public void unknownSubpacketHashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -530,7 +531,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingUnknownCriticalSubpacket() throws IOException {
|
public void subkeyBindingUnknownCriticalSubpacket() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -589,7 +590,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingUnknownSubpacketUnhashed() throws IOException {
|
public void subkeyBindingUnknownSubpacketUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -648,7 +649,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingUnknownCriticalSubpacketUnhashed() throws IOException {
|
public void subkeyBindingUnknownCriticalSubpacketUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -707,7 +708,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingUnknownNotationHashed() throws IOException {
|
public void subkeyBindingUnknownNotationHashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -767,7 +768,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingCriticalUnknownNotationHashed() throws IOException {
|
public void subkeyBindingCriticalUnknownNotationHashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -827,7 +828,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingUnknownNotationUnhashed() throws IOException {
|
public void subkeyBindingUnknownNotationUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -887,7 +888,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingCriticalUnknownNotationUnhashed() throws IOException {
|
public void subkeyBindingCriticalUnknownNotationUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -947,7 +948,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingBackSigFakeBackSig() throws IOException {
|
public void subkeyBindingBackSigFakeBackSig() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1017,7 +1018,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeyBindingFakeBackSigBackSig() throws IOException {
|
public void subkeyBindingFakeBackSigBackSig() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1087,7 +1088,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingIssuerFpOnly() throws IOException {
|
public void primaryBindingIssuerFpOnly() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1146,7 +1147,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingIssuerV6IssuerFp() throws IOException {
|
public void primaryBindingIssuerV6IssuerFp() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1205,7 +1206,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingIssuerFakeIssuer() throws IOException {
|
public void primaryBindingIssuerFakeIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1264,7 +1265,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingFakeIssuerIssuer() throws IOException {
|
public void primaryBindingFakeIssuerIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1323,7 +1324,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingFakeIssuer() throws IOException {
|
public void primaryBindingFakeIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1382,7 +1383,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingNoIssuer() throws IOException {
|
public void primaryBindingNoIssuer() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1440,7 +1441,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingUnknownSubpacketHashed() throws IOException {
|
public void primaryBindingUnknownSubpacketHashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1499,7 +1500,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingCriticalUnknownSubpacketHashed() throws IOException {
|
public void primaryBindingCriticalUnknownSubpacketHashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1558,7 +1559,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingUnknownSubpacketUnhashed() throws IOException {
|
public void primaryBindingUnknownSubpacketUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1617,7 +1618,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingCriticalUnknownSubpacketUnhashed() throws IOException {
|
public void primaryBindingCriticalUnknownSubpacketUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1676,7 +1677,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingUnknownNotationHashed() throws IOException {
|
public void primaryBindingUnknownNotationHashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1736,7 +1737,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingCriticalUnknownNotationHashed() throws IOException {
|
public void primaryBindingCriticalUnknownNotationHashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1796,7 +1797,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingUnknownNotationUnhashed() throws IOException {
|
public void primaryBindingUnknownNotationUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1856,7 +1857,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void primaryBindingCriticalUnknownNotationUnhashed() throws IOException {
|
public void primaryBindingCriticalUnknownNotationUnhashed() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
|
||||||
|
@ -1915,7 +1916,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
expectSignatureValidationSucceeds(key, "Critical unknown notation is acceptable in unhashed area of primary key binding sig.");
|
expectSignatureValidationSucceeds(key, "Critical unknown notation is acceptable in unhashed area of primary key binding sig.");
|
||||||
}
|
}
|
||||||
|
|
||||||
private void expectSignatureValidationSucceeds(String key, String message) throws IOException {
|
private void expectSignatureValidationSucceeds(String key, String message) throws IOException, PGPException {
|
||||||
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
|
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
|
||||||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||||
|
|
||||||
|
@ -1929,7 +1930,7 @@ public class BindingSignatureSubpacketsTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void expectSignatureValidationFails(String key, String message) throws IOException {
|
private void expectSignatureValidationFails(String key, String message) throws IOException, PGPException {
|
||||||
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
|
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
|
||||||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
@ -32,10 +33,10 @@ import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
||||||
import org.pgpainless.key.util.KeyRingUtils;
|
import org.pgpainless.key.util.KeyRingUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -151,12 +152,13 @@ public class IgnoreMarkerPackets {
|
||||||
String data = "Marker + Detached signature";
|
String data = "Marker + Detached signature";
|
||||||
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
|
||||||
|
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)))
|
InputStream messageIn = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
|
||||||
.doNotDecrypt()
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.verifyDetachedSignature(signature)
|
.onInputStream(messageIn)
|
||||||
.verifyWith(publicKeys)
|
.withOptions(new ConsumerOptions()
|
||||||
.ignoreMissingPublicKeys()
|
.addVerificationCert(publicKeys)
|
||||||
.build();
|
.addVerificationOfDetachedSignature(signature)
|
||||||
|
);
|
||||||
|
|
||||||
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||||
|
|
||||||
|
@ -199,11 +201,13 @@ public class IgnoreMarkerPackets {
|
||||||
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
||||||
String data = "Marker + Encrypted Message";
|
String data = "Marker + Encrypted Message";
|
||||||
|
|
||||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8)))
|
InputStream messageIn = new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8));
|
||||||
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys)
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
.verifyWith(publicKeys)
|
.onInputStream(messageIn)
|
||||||
.ignoreMissingPublicKeys()
|
.withOptions(new ConsumerOptions()
|
||||||
.build();
|
.addDecryptionKey(secretKeys)
|
||||||
|
.addVerificationCert(publicKeys)
|
||||||
|
);
|
||||||
|
|
||||||
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ import java.io.IOException;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
@ -33,7 +34,7 @@ public class KeyRevocationTest {
|
||||||
private static final String data = "Hello, World";
|
private static final String data = "Hello, World";
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void subkeySignsPrimaryKeyRevokedNoReason() throws IOException, SignatureValidationException {
|
public void subkeySignsPrimaryKeyRevokedNoReason() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
@ -178,7 +179,7 @@ public class KeyRevocationTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_not_revoked__base_case_">Sequoia Test-Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_not_revoked__base_case_">Sequoia Test-Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void subkeySignsPrimaryKeyNotRevoked() throws IOException, SignatureValidationException {
|
public void subkeySignsPrimaryKeyNotRevoked() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
|
|
@ -24,6 +24,7 @@ import java.io.InputStream;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
@ -39,7 +40,7 @@ public class SignatureChainValidatorTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__unknown">Sequoia Test Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__unknown">Sequoia Test Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testPrimaryKeySignsAndIsHardRevokedUnknown() throws IOException {
|
public void testPrimaryKeySignsAndIsHardRevokedUnknown() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
@ -188,7 +189,7 @@ public class SignatureChainValidatorTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__unknown">Sequoia Test Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__unknown">Sequoia Test Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testSubkeySignsPrimaryKeyIsHardRevokedUnknown() throws IOException {
|
public void testSubkeySignsPrimaryKeyIsHardRevokedUnknown() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
@ -338,7 +339,7 @@ public class SignatureChainValidatorTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__subkey_is_revoked__revoked__unknown">Sequoia Test Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__subkey_is_revoked__revoked__unknown">Sequoia Test Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testSubkeySignsAndIsHardRevokedUnknown() throws IOException {
|
public void testSubkeySignsAndIsHardRevokedUnknown() throws IOException, PGPException {
|
||||||
String keyWithHardRev = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String keyWithHardRev = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
@ -488,7 +489,7 @@ public class SignatureChainValidatorTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__superseded">Sequoia Test Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__superseded">Sequoia Test Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testPrimaryKeySignsAndIsSoftRevokedSuperseded() throws IOException {
|
public void testPrimaryKeySignsAndIsSoftRevokedSuperseded() throws IOException, PGPException {
|
||||||
String keyWithSoftRev = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String keyWithSoftRev = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
@ -643,7 +644,7 @@ public class SignatureChainValidatorTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__superseded">Sequoia Test Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__superseded">Sequoia Test Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testSubkeySignsPrimaryKeyIsSoftRevokedSuperseded() throws IOException {
|
public void testSubkeySignsPrimaryKeyIsSoftRevokedSuperseded() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
@ -794,7 +795,7 @@ public class SignatureChainValidatorTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__key_retired">Sequoia Test Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__key_retired">Sequoia Test Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testPrimaryKeySignsAndIsSoftRevokedRetired() throws IOException {
|
public void testPrimaryKeySignsAndIsSoftRevokedRetired() throws IOException, PGPException {
|
||||||
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
String key = "-----BEGIN PGP ARMORED FILE-----\n" +
|
||||||
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
@ -945,7 +946,7 @@ public class SignatureChainValidatorTest {
|
||||||
* @see <a href="https://tests.sequoia-pgp.org/#Temporary_validity">Sequoia Test Suite</a>
|
* @see <a href="https://tests.sequoia-pgp.org/#Temporary_validity">Sequoia Test Suite</a>
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testTemporaryValidity() throws IOException {
|
public void testTemporaryValidity() throws IOException, PGPException {
|
||||||
String keyA = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
String keyA = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
"Comment: D1A6 6E1A 23B1 82C9 980F 788C FBFC C82A 015E 7330\n" +
|
"Comment: D1A6 6E1A 23B1 82C9 980F 788C FBFC C82A 015E 7330\n" +
|
||||||
"Comment: Bob Babbage <bob@openpgp.example>\n" +
|
"Comment: Bob Babbage <bob@openpgp.example>\n" +
|
||||||
|
|
|
@ -21,6 +21,7 @@ import java.io.IOException;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.sig.NotationData;
|
import org.bouncycastle.bcpg.sig.NotationData;
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.util.encoders.Hex;
|
import org.bouncycastle.util.encoders.Hex;
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
|
@ -38,7 +39,7 @@ public class SignatureStructureTest {
|
||||||
private static PGPSignature signature;
|
private static PGPSignature signature;
|
||||||
|
|
||||||
@BeforeAll
|
@BeforeAll
|
||||||
public static void parseSignature() throws IOException {
|
public static void parseSignature() throws IOException, PGPException {
|
||||||
// see https://tests.sequoia-pgp.org/#Detached_signature_with_Subpackets (base case)
|
// see https://tests.sequoia-pgp.org/#Detached_signature_with_Subpackets (base case)
|
||||||
signature = SignatureUtils.readSignatures("-----BEGIN PGP SIGNATURE-----\n" +
|
signature = SignatureUtils.readSignatures("-----BEGIN PGP SIGNATURE-----\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
|
|
@ -26,8 +26,11 @@ import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
|
import org.pgpainless.encryption_signing.EncryptionOptions;
|
||||||
import org.pgpainless.encryption_signing.EncryptionStream;
|
import org.pgpainless.encryption_signing.EncryptionStream;
|
||||||
|
import org.pgpainless.encryption_signing.ProducerOptions;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.util.Passphrase;
|
import org.pgpainless.util.Passphrase;
|
||||||
|
|
||||||
|
@ -44,12 +47,11 @@ public class MultiPassphraseSymmetricEncryptionTest {
|
||||||
ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
|
ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
|
||||||
EncryptionStream encryptor = PGPainless.encryptAndOrSign()
|
EncryptionStream encryptor = PGPainless.encryptAndOrSign()
|
||||||
.onOutputStream(ciphertextOut)
|
.onOutputStream(ciphertextOut)
|
||||||
.forPassphrase(Passphrase.fromPassword("p1"))
|
.withOptions(ProducerOptions.encrypt(
|
||||||
.and()
|
EncryptionOptions.encryptCommunications()
|
||||||
.forPassphrase(Passphrase.fromPassword("p2"))
|
.addPassphrase(Passphrase.fromPassword("p1"))
|
||||||
.and()
|
.addPassphrase(Passphrase.fromPassword("p2"))
|
||||||
.doNotSign()
|
).setAsciiArmor(false));
|
||||||
.noArmor();
|
|
||||||
|
|
||||||
Streams.pipeAll(plaintextIn, encryptor);
|
Streams.pipeAll(plaintextIn, encryptor);
|
||||||
encryptor.close();
|
encryptor.close();
|
||||||
|
@ -58,10 +60,10 @@ public class MultiPassphraseSymmetricEncryptionTest {
|
||||||
|
|
||||||
// decrypting the p1 package with p2 first will not work. Test if it is handled correctly.
|
// decrypting the p1 package with p2 first will not work. Test if it is handled correctly.
|
||||||
for (Passphrase passphrase : new Passphrase[] {Passphrase.fromPassword("p2"), Passphrase.fromPassword("p1")}) {
|
for (Passphrase passphrase : new Passphrase[] {Passphrase.fromPassword("p2"), Passphrase.fromPassword("p1")}) {
|
||||||
DecryptionStream decryptor = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(ciphertext))
|
DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
|
||||||
.decryptWith(passphrase)
|
.onInputStream(new ByteArrayInputStream(ciphertext))
|
||||||
.doNotVerify()
|
.withOptions(new ConsumerOptions()
|
||||||
.build();
|
.addDecryptionPassphrase(passphrase));
|
||||||
|
|
||||||
ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
|
ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
|
||||||
|
|
||||||
|
|
|
@ -31,8 +31,8 @@ import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.encryption_signing.EncryptionBuilderInterface;
|
|
||||||
import org.pgpainless.encryption_signing.EncryptionOptions;
|
import org.pgpainless.encryption_signing.EncryptionOptions;
|
||||||
import org.pgpainless.encryption_signing.EncryptionStream;
|
import org.pgpainless.encryption_signing.EncryptionStream;
|
||||||
import org.pgpainless.encryption_signing.ProducerOptions;
|
import org.pgpainless.encryption_signing.ProducerOptions;
|
||||||
|
@ -60,14 +60,13 @@ public class SymmetricEncryptionTest {
|
||||||
Passphrase encryptionPassphrase = Passphrase.fromPassword("greenBeans");
|
Passphrase encryptionPassphrase = Passphrase.fromPassword("greenBeans");
|
||||||
|
|
||||||
ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
|
ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
|
||||||
EncryptionBuilderInterface.Armor armor = PGPainless.encryptAndOrSign().onOutputStream(ciphertextOut)
|
EncryptionStream encryptor = PGPainless.encryptAndOrSign()
|
||||||
.forPassphrase(encryptionPassphrase)
|
.onOutputStream(ciphertextOut)
|
||||||
.and()
|
.withOptions(ProducerOptions.encrypt(
|
||||||
.toRecipient(encryptionKey)
|
EncryptionOptions.encryptCommunications()
|
||||||
.and()
|
.addPassphrase(encryptionPassphrase)
|
||||||
.doNotSign();
|
.addRecipient(encryptionKey)
|
||||||
EncryptionStream encryptor = armor
|
));
|
||||||
.noArmor();
|
|
||||||
|
|
||||||
Streams.pipeAll(plaintextIn, encryptor);
|
Streams.pipeAll(plaintextIn, encryptor);
|
||||||
encryptor.close();
|
encryptor.close();
|
||||||
|
@ -77,9 +76,8 @@ public class SymmetricEncryptionTest {
|
||||||
// Test symmetric decryption
|
// Test symmetric decryption
|
||||||
DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
|
DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(new ByteArrayInputStream(ciphertext))
|
.onInputStream(new ByteArrayInputStream(ciphertext))
|
||||||
.decryptWith(encryptionPassphrase)
|
.withOptions(new ConsumerOptions()
|
||||||
.doNotVerify()
|
.addDecryptionPassphrase(encryptionPassphrase));
|
||||||
.build();
|
|
||||||
|
|
||||||
ByteArrayOutputStream decrypted = new ByteArrayOutputStream();
|
ByteArrayOutputStream decrypted = new ByteArrayOutputStream();
|
||||||
|
|
||||||
|
@ -95,9 +93,8 @@ public class SymmetricEncryptionTest {
|
||||||
new SolitaryPassphraseProvider(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD)));
|
new SolitaryPassphraseProvider(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD)));
|
||||||
decryptor = PGPainless.decryptAndOrVerify()
|
decryptor = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(new ByteArrayInputStream(ciphertext))
|
.onInputStream(new ByteArrayInputStream(ciphertext))
|
||||||
.decryptWith(protector, decryptionKeys)
|
.withOptions(new ConsumerOptions()
|
||||||
.doNotVerify()
|
.addDecryptionKeys(decryptionKeys, protector));
|
||||||
.build();
|
|
||||||
|
|
||||||
decrypted = new ByteArrayOutputStream();
|
decrypted = new ByteArrayOutputStream();
|
||||||
|
|
||||||
|
@ -126,8 +123,7 @@ public class SymmetricEncryptionTest {
|
||||||
|
|
||||||
assertThrows(MissingDecryptionMethodException.class, () -> PGPainless.decryptAndOrVerify()
|
assertThrows(MissingDecryptionMethodException.class, () -> PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(new ByteArrayInputStream(ciphertextOut.toByteArray()))
|
.onInputStream(new ByteArrayInputStream(ciphertextOut.toByteArray()))
|
||||||
.decryptWith(Passphrase.fromPassword("meldir"))
|
.withOptions(new ConsumerOptions()
|
||||||
.doNotVerify()
|
.addDecryptionPassphrase(Passphrase.fromPassword("meldir"))));
|
||||||
.build());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,6 @@ package org.pgpainless.weird_keys;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
import java.io.ByteArrayOutputStream;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
@ -27,9 +26,8 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.EncryptionPurpose;
|
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.encryption_signing.EncryptionBuilderInterface;
|
import org.pgpainless.encryption_signing.EncryptionOptions;
|
||||||
import org.pgpainless.key.generation.KeySpec;
|
import org.pgpainless.key.generation.KeySpec;
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
||||||
|
@ -49,13 +47,10 @@ public class TestEncryptCommsStorageFlagsDifferentiated {
|
||||||
.withPrimaryUserId("cannot@encrypt.comms")
|
.withPrimaryUserId("cannot@encrypt.comms")
|
||||||
.withoutPassphrase()
|
.withoutPassphrase()
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
|
||||||
|
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
assertThrows(IllegalArgumentException.class, () -> EncryptionOptions.encryptCommunications()
|
||||||
EncryptionBuilderInterface.ToRecipients builder = PGPainless.encryptAndOrSign(EncryptionPurpose.COMMUNICATIONS)
|
.addRecipient(publicKeys));
|
||||||
.onOutputStream(out);
|
|
||||||
|
|
||||||
// since the key does not carry the flag ENCRYPT_COMMS, it cannot be used by the stream.
|
|
||||||
assertThrows(IllegalArgumentException.class, () -> builder.toRecipient(publicKeys));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,7 +59,7 @@ public class TestTwoSubkeysEncryption {
|
||||||
PGPSecretKeyRing twoSuitableSubkeysKeyRing = WeirdKeys.getTwoCryptSubkeysKey();
|
PGPSecretKeyRing twoSuitableSubkeysKeyRing = WeirdKeys.getTwoCryptSubkeysKey();
|
||||||
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(twoSuitableSubkeysKeyRing);
|
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(twoSuitableSubkeysKeyRing);
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||||
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign(EncryptionPurpose.STORAGE)
|
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
|
||||||
.onOutputStream(out)
|
.onOutputStream(out)
|
||||||
.withOptions(
|
.withOptions(
|
||||||
ProducerOptions.encrypt(new EncryptionOptions(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS)
|
ProducerOptions.encrypt(new EncryptionOptions(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS)
|
||||||
|
|
|
@ -24,17 +24,15 @@ import java.io.IOException;
|
||||||
import java.io.PrintStream;
|
import java.io.PrintStream;
|
||||||
import java.text.DateFormat;
|
import java.text.DateFormat;
|
||||||
import java.text.SimpleDateFormat;
|
import java.text.SimpleDateFormat;
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.decryption_verification.DecryptionBuilderInterface;
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
|
@ -108,34 +106,34 @@ public class Decrypt implements Runnable {
|
||||||
System.exit(1);
|
System.exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
PGPSecretKeyRingCollection secretKeys;
|
ConsumerOptions options = new ConsumerOptions();
|
||||||
List<PGPPublicKeyRing> verifyWith = null;
|
|
||||||
|
|
||||||
|
List<PGPPublicKeyRing> verifyWith = null;
|
||||||
try {
|
try {
|
||||||
|
|
||||||
List<PGPSecretKeyRing> secretKeyRings = loadKeysFromFiles(keys);
|
List<PGPSecretKeyRing> secretKeyRings = loadKeysFromFiles(keys);
|
||||||
secretKeys = new PGPSecretKeyRingCollection(secretKeyRings);
|
for (PGPSecretKeyRing secretKey : secretKeyRings) {
|
||||||
|
options.addDecryptionKey(secretKey);
|
||||||
|
}
|
||||||
|
|
||||||
if (certs != null) {
|
if (certs != null) {
|
||||||
verifyWith = SopKeyUtil.loadCertificatesFromFile(certs);
|
verifyWith = SopKeyUtil.loadCertificatesFromFile(certs);
|
||||||
|
for (PGPPublicKeyRing cert : verifyWith) {
|
||||||
|
options.addVerificationCert(cert);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
} catch (IOException | PGPException e) {
|
} catch (IOException | PGPException e) {
|
||||||
err_ln(e.getMessage());
|
err_ln(e.getMessage());
|
||||||
System.exit(1);
|
System.exit(1);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DecryptionStream decryptionStream;
|
||||||
DecryptionBuilderInterface.Verify builder = PGPainless.decryptAndOrVerify()
|
|
||||||
.onInputStream(System.in)
|
|
||||||
.decryptWith(secretKeys);
|
|
||||||
DecryptionStream decryptionStream = null;
|
|
||||||
try {
|
try {
|
||||||
if (verifyWith != null) {
|
decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
decryptionStream = builder.verifyWith(new HashSet<>(verifyWith))
|
.onInputStream(System.in)
|
||||||
.ignoreMissingPublicKeys().build();
|
.withOptions(options);
|
||||||
} else {
|
|
||||||
decryptionStream = builder.doNotVerify()
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
} catch (IOException | PGPException e) {
|
} catch (IOException | PGPException e) {
|
||||||
err_ln("Error constructing decryption stream: " + e.getMessage());
|
err_ln("Error constructing decryption stream: " + e.getMessage());
|
||||||
System.exit(1);
|
System.exit(1);
|
||||||
|
@ -169,14 +167,14 @@ public class Decrypt implements Runnable {
|
||||||
PGPSignature signature = metadata.getVerifiedSignatures().get(fingerprint);
|
PGPSignature signature = metadata.getVerifiedSignatures().get(fingerprint);
|
||||||
sb.append(df.format(signature.getCreationTime())).append(' ')
|
sb.append(df.format(signature.getCreationTime())).append(' ')
|
||||||
.append(fingerprint).append(' ')
|
.append(fingerprint).append(' ')
|
||||||
.append(new OpenPgpV4Fingerprint(verifier)).append('\n');
|
.append(verifier != null ? new OpenPgpV4Fingerprint(verifier) : "null").append('\n');
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
verifyOut.createNewFile();
|
verifyOut.createNewFile();
|
||||||
PrintStream verifyPrinter = new PrintStream(new FileOutputStream(verifyOut));
|
PrintStream verifyPrinter = new PrintStream(new FileOutputStream(verifyOut));
|
||||||
// CHECKSTYLE:OFF
|
// CHECKSTYLE:OFF
|
||||||
verifyPrinter.println(sb.toString());
|
verifyPrinter.println(sb);
|
||||||
// CHECKSTYLE:ON
|
// CHECKSTYLE:ON
|
||||||
verifyPrinter.close();
|
verifyPrinter.close();
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
|
|
@ -15,20 +15,11 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.sop.commands;
|
package org.pgpainless.sop.commands;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import static org.pgpainless.sop.Print.err_ln;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import static org.pgpainless.sop.Print.print_ln;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
|
||||||
import picocli.CommandLine;
|
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileNotFoundException;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.text.DateFormat;
|
import java.text.DateFormat;
|
||||||
|
@ -36,12 +27,20 @@ import java.text.ParseException;
|
||||||
import java.text.SimpleDateFormat;
|
import java.text.SimpleDateFormat;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.TimeZone;
|
import java.util.TimeZone;
|
||||||
|
|
||||||
import static org.pgpainless.sop.Print.err_ln;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import static org.pgpainless.sop.Print.print_ln;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||||
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
|
import org.bouncycastle.util.io.Streams;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
|
import picocli.CommandLine;
|
||||||
|
|
||||||
@CommandLine.Command(name = "verify",
|
@CommandLine.Command(name = "verify",
|
||||||
description = "Verify a detached signature over the data from standard input",
|
description = "Verify a detached signature over the data from standard input",
|
||||||
|
@ -89,32 +88,35 @@ public class Verify implements Runnable {
|
||||||
Date notBeforeDate = parseNotBefore();
|
Date notBeforeDate = parseNotBefore();
|
||||||
Date notAfterDate = parseNotAfter();
|
Date notAfterDate = parseNotAfter();
|
||||||
|
|
||||||
|
ConsumerOptions options = new ConsumerOptions();
|
||||||
|
try (FileInputStream sigIn = new FileInputStream(signature)) {
|
||||||
|
options.addVerificationOfDetachedSignatures(sigIn);
|
||||||
|
} catch (IOException | PGPException e) {
|
||||||
|
err_ln("Cannot read detached signature: " + e.getMessage());
|
||||||
|
System.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
Map<PGPPublicKeyRing, File> publicKeys = readCertificatesFromFiles();
|
Map<PGPPublicKeyRing, File> publicKeys = readCertificatesFromFiles();
|
||||||
if (publicKeys.isEmpty()) {
|
if (publicKeys.isEmpty()) {
|
||||||
err_ln("No certificates supplied.");
|
err_ln("No certificates supplied.");
|
||||||
System.exit(19);
|
System.exit(19);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for (PGPPublicKeyRing cert : publicKeys.keySet()) {
|
||||||
|
options.addVerificationCert(cert);
|
||||||
|
}
|
||||||
|
|
||||||
OpenPgpMetadata metadata;
|
OpenPgpMetadata metadata;
|
||||||
try (FileInputStream sigIn = new FileInputStream(signature)) {
|
try {
|
||||||
DecryptionStream verifier = PGPainless.decryptAndOrVerify()
|
DecryptionStream verifier = PGPainless.decryptAndOrVerify()
|
||||||
.onInputStream(System.in)
|
.onInputStream(System.in)
|
||||||
.doNotDecrypt()
|
.withOptions(options);
|
||||||
.verifyDetachedSignature(sigIn)
|
|
||||||
.verifyWith(new HashSet<>(publicKeys.keySet()))
|
|
||||||
.ignoreMissingPublicKeys()
|
|
||||||
.build();
|
|
||||||
|
|
||||||
OutputStream out = new NullOutputStream();
|
OutputStream out = new NullOutputStream();
|
||||||
Streams.pipeAll(verifier, out);
|
Streams.pipeAll(verifier, out);
|
||||||
verifier.close();
|
verifier.close();
|
||||||
|
|
||||||
metadata = verifier.getResult();
|
metadata = verifier.getResult();
|
||||||
} catch (FileNotFoundException e) {
|
|
||||||
err_ln("Signature file not found:");
|
|
||||||
err_ln(e.getMessage());
|
|
||||||
System.exit(1);
|
|
||||||
return;
|
|
||||||
} catch (IOException | PGPException e) {
|
} catch (IOException | PGPException e) {
|
||||||
err_ln("Signature validation failed.");
|
err_ln("Signature validation failed.");
|
||||||
err_ln(e.getMessage());
|
err_ln(e.getMessage());
|
||||||
|
|
Loading…
Reference in a new issue