1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-10 20:27:58 +01:00

Remove usage of deprecated decryption/verification API in tests

This commit is contained in:
Paul Schaub 2021-06-16 15:38:02 +02:00
parent 715d055b41
commit 88891e1337
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
24 changed files with 342 additions and 390 deletions

View file

@ -15,19 +15,31 @@
*/ */
package org.pgpainless.decryption_verification; package org.pgpainless.decryption_verification;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import javax.annotation.Nullable; import javax.annotation.Nullable;
import org.bouncycastle.bcpg.MarkerPacket;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
@ -105,6 +117,48 @@ public class ConsumerOptions {
return this; return this;
} }
public ConsumerOptions addVerificationOfDetachedSignatures(InputStream signatureInputStream) throws IOException, PGPException {
List<PGPSignature> signatures = new ArrayList<>();
InputStream pgpIn = PGPUtil.getDecoderStream(signatureInputStream);
PGPObjectFactory objectFactory = new PGPObjectFactory(
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
Object nextObject = objectFactory.nextObject();
while (nextObject != null) {
if (nextObject instanceof MarkerPacket) {
nextObject = objectFactory.nextObject();
continue;
}
if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
nextObject = objectFactory.nextObject();
continue;
}
if (nextObject instanceof PGPSignatureList) {
PGPSignatureList signatureList = (PGPSignatureList) nextObject;
for (PGPSignature s : signatureList) {
signatures.add(s);
}
}
if (nextObject instanceof PGPSignature) {
signatures.add((PGPSignature) nextObject);
}
nextObject = objectFactory.nextObject();
}
pgpIn.close();
return addVerificationOfDetachedSignatures(signatures);
}
public ConsumerOptions addVerificationOfDetachedSignatures(List<PGPSignature> detachedSignatures) {
for (PGPSignature signature : detachedSignatures) {
addVerificationOfDetachedSignature(signature);
}
return this;
}
/** /**
* Add a detached signature for the signature verification process. * Add a detached signature for the signature verification process.
* *
@ -183,6 +237,20 @@ public class ConsumerOptions {
return this; return this;
} }
/**
* Add the keys in the provided key collection for message decryption.
*
* @param keys key collection
* @param keyRingProtector protector for encrypted secret keys
* @return options
*/
public ConsumerOptions addDecryptionKeys(@Nonnull PGPSecretKeyRingCollection keys, @Nonnull SecretKeyRingProtector keyRingProtector) {
for (PGPSecretKeyRing key : keys) {
addDecryptionKey(key, keyRingProtector);
}
return this;
}
/** /**
* Add a passphrase for message decryption. * Add a passphrase for message decryption.
* *

View file

@ -15,22 +15,27 @@
*/ */
package org.pgpainless.signature; package org.pgpainless.signature;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
import org.bouncycastle.bcpg.MarkerPacket;
import org.bouncycastle.bcpg.sig.KeyExpirationTime; import org.bouncycastle.bcpg.sig.KeyExpirationTime;
import org.bouncycastle.bcpg.sig.RevocationReason; import org.bouncycastle.bcpg.sig.RevocationReason;
import org.bouncycastle.bcpg.sig.SignatureExpirationTime; import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
import org.bouncycastle.openpgp.PGPMarker; import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator; import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList; import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder; import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.encoders.Hex;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
@ -41,7 +46,6 @@ import org.pgpainless.key.util.OpenPgpKeyAttributeUtil;
import org.pgpainless.key.util.RevocationAttributes; import org.pgpainless.key.util.RevocationAttributes;
import org.pgpainless.policy.Policy; import org.pgpainless.policy.Policy;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
import org.pgpainless.util.BCUtil;
/** /**
* Utility methods related to signatures. * Utility methods related to signatures.
@ -183,18 +187,44 @@ public class SignatureUtils {
* @return signature list * @return signature list
* @throws IOException if the signatures cannot be read * @throws IOException if the signatures cannot be read
*/ */
public static PGPSignatureList readSignatures(String encodedSignatures) throws IOException { public static List<PGPSignature> readSignatures(String encodedSignatures) throws IOException, PGPException {
InputStream inputStream = BCUtil.getPgpDecoderInputStream(encodedSignatures.getBytes(Charset.forName("UTF8"))); InputStream inputStream = new ByteArrayInputStream(encodedSignatures.getBytes(Charset.forName("UTF8")));
PGPObjectFactory objectFactory = new PGPObjectFactory(inputStream, ImplementationFactory.getInstance().getKeyFingerprintCalculator()); return readSignatures(inputStream);
Object next = objectFactory.nextObject(); }
while (next != null) {
if (next instanceof PGPMarker) { public static List<PGPSignature> readSignatures(InputStream inputStream) throws IOException, PGPException {
next = objectFactory.nextObject(); List<PGPSignature> signatures = new ArrayList<>();
InputStream pgpIn = PGPUtil.getDecoderStream(inputStream);
PGPObjectFactory objectFactory = new PGPObjectFactory(
pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
Object nextObject = objectFactory.nextObject();
while (nextObject != null) {
if (nextObject instanceof MarkerPacket) {
nextObject = objectFactory.nextObject();
continue; continue;
} }
return (PGPSignatureList) next; if (nextObject instanceof PGPCompressedData) {
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
objectFactory = new PGPObjectFactory(compressedData.getDataStream(),
ImplementationFactory.getInstance().getKeyFingerprintCalculator());
nextObject = objectFactory.nextObject();
continue;
}
if (nextObject instanceof PGPSignatureList) {
PGPSignatureList signatureList = (PGPSignatureList) nextObject;
for (PGPSignature s : signatureList) {
signatures.add(s);
}
}
if (nextObject instanceof PGPSignature) {
signatures.add((PGPSignature) nextObject);
}
nextObject = objectFactory.nextObject();
} }
return null; pgpIn.close();
return signatures;
} }
public static String getSignatureDigestPrefix(PGPSignature signature) { public static String getSignatureDigestPrefix(PGPSignature signature) {

View file

@ -23,12 +23,9 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.Collections;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
@ -38,7 +35,7 @@ import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.TestKeys; import org.pgpainless.key.TestKeys;
import org.pgpainless.key.protection.UnprotectedKeysProtector; import org.pgpainless.key.util.KeyRingUtils;
public class DecryptAndVerifyMessageTest { public class DecryptAndVerifyMessageTest {
@ -60,12 +57,13 @@ public class DecryptAndVerifyMessageTest {
ImplementationFactory.setFactoryImplementation(implementationFactory); ImplementationFactory.setFactoryImplementation(implementationFactory);
String encryptedMessage = TestKeys.MSG_SIGN_CRYPT_JULIET_JULIET; String encryptedMessage = TestKeys.MSG_SIGN_CRYPT_JULIET_JULIET;
ConsumerOptions options = new ConsumerOptions()
.addDecryptionKey(juliet)
.addVerificationCert(KeyRingUtils.publicKeyRingFrom(juliet));
DecryptionStream decryptor = PGPainless.decryptAndOrVerify() DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
.onInputStream(new ByteArrayInputStream(encryptedMessage.getBytes())) .onInputStream(new ByteArrayInputStream(encryptedMessage.getBytes()))
.decryptWith(new UnprotectedKeysProtector(), new PGPSecretKeyRingCollection(Collections.singleton(juliet))) .withOptions(options);
.verifyWith(Collections.singleton(new PGPPublicKeyRing(Collections.singletonList(juliet.getPublicKey()))))
.ignoreMissingPublicKeys()
.build();
ByteArrayOutputStream toPlain = new ByteArrayOutputStream(); ByteArrayOutputStream toPlain = new ByteArrayOutputStream();
Streams.pipeAll(decryptor, toPlain); Streams.pipeAll(decryptor, toPlain);

View file

@ -21,13 +21,11 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Set; import java.util.Set;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
@ -35,7 +33,6 @@ import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.util.KeyRingUtils; import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.util.selection.key.impl.EncryptionKeySelectionStrategy; import org.pgpainless.util.selection.key.impl.EncryptionKeySelectionStrategy;
@ -144,11 +141,12 @@ public class DecryptHiddenRecipientMessage {
"=1knQ\n" + "=1knQ\n" +
"-----END PGP MESSAGE-----\n"; "-----END PGP MESSAGE-----\n";
ByteArrayInputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); ByteArrayInputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
ConsumerOptions options = new ConsumerOptions()
.addDecryptionKey(secretKeys);
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(messageIn) DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), new PGPSecretKeyRingCollection(Collections.singletonList(secretKeys))) .onInputStream(messageIn)
.doNotVerify() .withOptions(options);
.build();
ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.pipeAll(decryptionStream, out); Streams.pipeAll(decryptionStream, out);

View file

@ -154,9 +154,9 @@ public class ModificationDetectionTests {
InputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); InputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.onInputStream(in) .onInputStream(in)
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeyRings) .withOptions(new ConsumerOptions()
.doNotVerify() .addDecryptionKeys(secretKeyRings, SecretKeyRingProtector.unprotectedKeys())
.build(); );
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
assertThrows(EOFException.class, () -> { assertThrows(EOFException.class, () -> {
@ -187,9 +187,9 @@ public class ModificationDetectionTests {
ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.onInputStream(in) .onInputStream(in)
.decryptWith(getDecryptionKey()) .withOptions(new ConsumerOptions()
.doNotVerify() .addDecryptionKeys(getDecryptionKey(), SecretKeyRingProtector.unprotectedKeys())
.build(); );
ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.pipeAll(decryptionStream, out); Streams.pipeAll(decryptionStream, out);
@ -218,9 +218,9 @@ public class ModificationDetectionTests {
ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.onInputStream(in) .onInputStream(in)
.decryptWith(getDecryptionKey()) .withOptions(new ConsumerOptions()
.doNotVerify() .addDecryptionKeys(getDecryptionKey(), SecretKeyRingProtector.unprotectedKeys())
.build(); );
ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.pipeAll(decryptionStream, out); Streams.pipeAll(decryptionStream, out);
@ -387,9 +387,9 @@ public class ModificationDetectionTests {
assertThrows(MessageNotIntegrityProtectedException.class, () -> PGPainless.decryptAndOrVerify() assertThrows(MessageNotIntegrityProtectedException.class, () -> PGPainless.decryptAndOrVerify()
.onInputStream(new ByteArrayInputStream(ciphertext.getBytes(StandardCharsets.UTF_8))) .onInputStream(new ByteArrayInputStream(ciphertext.getBytes(StandardCharsets.UTF_8)))
.decryptWith(SecretKeyRingProtector.unlockAllKeysWith(passphrase, secretKeyRing), new PGPSecretKeyRingCollection(Collections.singleton(secretKeyRing))) .withOptions(new ConsumerOptions().addDecryptionKey(secretKeyRing,
.doNotVerify() SecretKeyRingProtector.unlockAllKeysWith(passphrase, secretKeyRing)))
.build()); );
} }
private PGPSecretKeyRingCollection getDecryptionKey() throws IOException, PGPException { private PGPSecretKeyRingCollection getDecryptionKey() throws IOException, PGPException {

View file

@ -21,17 +21,14 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Collections;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.protection.SecretKeyRingProtector;
public class RecursionDepthTest { public class RecursionDepthTest {
@ -127,7 +124,6 @@ public class RecursionDepthTest {
"=miES\n" + "=miES\n" +
"-----END PGP PRIVATE KEY BLOCK-----\n"; "-----END PGP PRIVATE KEY BLOCK-----\n";
PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(key); PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(key);
PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Collections.singletonList(secretKey));
// message contains compressed data that contains compressed data that contains... 64 times. // message contains compressed data that contains compressed data that contains... 64 times.
String msg = "-----BEGIN PGP ARMORED FILE-----\n" + String msg = "-----BEGIN PGP ARMORED FILE-----\n" +
@ -161,9 +157,7 @@ public class RecursionDepthTest {
assertThrows(PGPException.class, () -> { assertThrows(PGPException.class, () -> {
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8))) .onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8)))
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) .withOptions(new ConsumerOptions().addDecryptionKey(secretKey));
.doNotVerify()
.build();
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
Streams.pipeAll(decryptionStream, outputStream); Streams.pipeAll(decryptionStream, outputStream);

View file

@ -20,6 +20,7 @@ import static org.junit.jupiter.api.Assertions.fail;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
@ -27,7 +28,6 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.exception.UnacceptableAlgorithmException; import org.pgpainless.exception.UnacceptableAlgorithmException;
import org.pgpainless.key.protection.SecretKeyRingProtector;
/** /**
* Test PGPainless' default symmetric key algorithm policy for decryption of messages. * Test PGPainless' default symmetric key algorithm policy for decryption of messages.
@ -146,11 +146,13 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
"=w0KS\n" + "=w0KS\n" +
"-----END PGP MESSAGE-----\n"; "-----END PGP MESSAGE-----\n";
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
assertThrows(UnacceptableAlgorithmException.class, () -> assertThrows(UnacceptableAlgorithmException.class, () ->
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) PGPainless.decryptAndOrVerify()
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) .onInputStream(messageIn)
.doNotVerify() .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys))
.build()); );
} }
@Test @Test
@ -171,11 +173,14 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
"WLlG7ee7fRqQPTSP+OLh4Cm8zDIaCNowj0Ua4KwcWZDYERzg\n" + "WLlG7ee7fRqQPTSP+OLh4Cm8zDIaCNowj0Ua4KwcWZDYERzg\n" +
"=j71X\n" + "=j71X\n" +
"-----END PGP ARMORED FILE-----\n"; "-----END PGP ARMORED FILE-----\n";
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
assertThrows(UnacceptableAlgorithmException.class, () -> assertThrows(UnacceptableAlgorithmException.class, () ->
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) PGPainless.decryptAndOrVerify()
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) .onInputStream(messageIn)
.doNotVerify() .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys))
.build()); );
} }
@Test @Test
@ -197,11 +202,11 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
"=qNxx\n" + "=qNxx\n" +
"-----END PGP ARMORED FILE-----\n"; "-----END PGP ARMORED FILE-----\n";
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
assertThrows(UnacceptableAlgorithmException.class, () -> assertThrows(UnacceptableAlgorithmException.class, () ->
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) PGPainless.decryptAndOrVerify().onInputStream(messageIn)
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys))
.doNotVerify() );
.build());
} }
// Control: In contrast, AES256 is acceptable // Control: In contrast, AES256 is acceptable
@ -222,11 +227,10 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption {
"4yjtOxfmmp9Fac50SS5i9dzBdnVNllLs+ADQt+LksJnzTW1IINGnIw8=\n" + "4yjtOxfmmp9Fac50SS5i9dzBdnVNllLs+ADQt+LksJnzTW1IINGnIw8=\n" +
"=kLfl\n" + "=kLfl\n" +
"-----END PGP ARMORED FILE-----\n"; "-----END PGP ARMORED FILE-----\n";
InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) PGPainless.decryptAndOrVerify().onInputStream(messageIn)
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys));
.doNotVerify()
.build();
} }
} }

View file

@ -72,18 +72,17 @@ public class VerifyWithMissingPublicKeyCallback {
DecryptionStream verificationStream = PGPainless.decryptAndOrVerify() DecryptionStream verificationStream = PGPainless.decryptAndOrVerify()
.onInputStream(new ByteArrayInputStream(signOut.toByteArray())) .onInputStream(new ByteArrayInputStream(signOut.toByteArray()))
.doNotDecrypt() .withOptions(new ConsumerOptions()
.verifyWith(unrelatedKeys) .addVerificationCert(unrelatedKeys)
.handleMissingPublicKeysWith( .setMissingCertificateCallback(new MissingPublicKeyCallback() {
new MissingPublicKeyCallback() {
@Nullable @Nullable
@Override @Override
public PGPPublicKeyRing onMissingPublicKeyEncountered(@Nonnull Long keyId) { public PGPPublicKeyRing onMissingPublicKeyEncountered(@Nonnull Long keyId) {
assertEquals(signingKey.getKeyID(), keyId, "Signing key-ID mismatch."); assertEquals(signingKey.getKeyID(), keyId, "Signing key-ID mismatch.");
return signingPubKeys; return signingPubKeys;
} }
} }));
).build();
ByteArrayOutputStream plainOut = new ByteArrayOutputStream(); ByteArrayOutputStream plainOut = new ByteArrayOutputStream();
Streams.pipeAll(verificationStream, plainOut); Streams.pipeAll(verificationStream, plainOut);
verificationStream.close(); verificationStream.close();

View file

@ -27,9 +27,7 @@ import java.io.IOException;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Set; import java.util.Set;
import java.util.logging.Logger;
import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
@ -44,6 +42,7 @@ import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType; import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
@ -61,17 +60,16 @@ import org.pgpainless.util.ArmoredOutputStreamFactory;
public class EncryptDecryptTest { public class EncryptDecryptTest {
private static final Logger LOGGER = Logger.getLogger(EncryptDecryptTest.class.getName());
// Don't use StandardCharsets.UTF_8 because of Android API level. // Don't use StandardCharsets.UTF_8 because of Android API level.
private static final Charset UTF8 = Charset.forName("UTF-8"); private static final Charset UTF8 = Charset.forName("UTF-8");
private static final String testMessage = private static final String testMessage =
"Ah, Juliet, if the measure of thy joy\n" + "Ah, Juliet, if the measure of thy joy\n" +
"Be heaped like mine, and that thy skill be more\n" + "Be heaped like mine, and that thy skill be more\n" +
"To blazon it, then sweeten with thy breath\n" + "To blazon it, then sweeten with thy breath\n" +
"This neighbor air, and let rich musics tongue\n" + "This neighbor air, and let rich musics tongue\n" +
"Unfold the imagined happiness that both\n" + "Unfold the imagined happiness that both\n" +
"Receive in either by this dear encounter."; "Receive in either by this dear encounter.";
@ParameterizedTest @ParameterizedTest
@MethodSource("org.pgpainless.util.TestUtil#provideImplementationFactories") @MethodSource("org.pgpainless.util.TestUtil#provideImplementationFactories")
@ -178,10 +176,10 @@ public class EncryptDecryptTest {
ByteArrayInputStream envelopeIn = new ByteArrayInputStream(encryptedSecretMessage); ByteArrayInputStream envelopeIn = new ByteArrayInputStream(encryptedSecretMessage);
DecryptionStream decryptor = PGPainless.decryptAndOrVerify() DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
.onInputStream(envelopeIn) .onInputStream(envelopeIn)
.decryptWith(keyDecryptor, KeyRingUtils.keyRingsToKeyRingCollection(recipientSec)) .withOptions(new ConsumerOptions()
.verifyWith(KeyRingUtils.keyRingsToKeyRingCollection(senderPub)) .addDecryptionKey(recipientSec, keyDecryptor)
.ignoreMissingPublicKeys() .addVerificationCert(senderPub)
.build(); );
ByteArrayOutputStream decryptedSecretMessage = new ByteArrayOutputStream(); ByteArrayOutputStream decryptedSecretMessage = new ByteArrayOutputStream();
@ -227,12 +225,13 @@ public class EncryptDecryptTest {
// CHECKSTYLE:ON // CHECKSTYLE:ON
inputStream = new ByteArrayInputStream(testMessage.getBytes()); inputStream = new ByteArrayInputStream(testMessage.getBytes());
DecryptionStream verifier = PGPainless.decryptAndOrVerify().onInputStream(inputStream) DecryptionStream verifier = PGPainless.decryptAndOrVerify()
.doNotDecrypt() .onInputStream(inputStream)
.verifyDetachedSignature(new ByteArrayInputStream(armorSig.getBytes())) .withOptions(new ConsumerOptions()
.verifyWith(Collections.singleton(KeyRingUtils.publicKeyRingFrom(signingKeys))) .addVerificationOfDetachedSignatures(new ByteArrayInputStream(armorSig.getBytes()))
.ignoreMissingPublicKeys() .addVerificationCert(KeyRingUtils.publicKeyRingFrom(signingKeys))
.build(); );
dummyOut = new ByteArrayOutputStream(); dummyOut = new ByteArrayOutputStream();
Streams.pipeAll(verifier, dummyOut); Streams.pipeAll(verifier, dummyOut);
verifier.close(); verifier.close();
@ -257,16 +256,12 @@ public class EncryptDecryptTest {
Streams.pipeAll(inputStream, signer); Streams.pipeAll(inputStream, signer);
signer.close(); signer.close();
// CHECKSTYLE:OFF
System.out.println(signOut.toString());
// CHECKSTYLE:ON
inputStream = new ByteArrayInputStream(signOut.toByteArray()); inputStream = new ByteArrayInputStream(signOut.toByteArray());
DecryptionStream verifier = PGPainless.decryptAndOrVerify().onInputStream(inputStream) DecryptionStream verifier = PGPainless.decryptAndOrVerify()
.doNotDecrypt() .onInputStream(inputStream)
.verifyWith(Collections.singleton(KeyRingUtils.publicKeyRingFrom(signingKeys))) .withOptions(new ConsumerOptions()
.ignoreMissingPublicKeys() .addVerificationCert(KeyRingUtils.publicKeyRingFrom(signingKeys))
.build(); );
signOut = new ByteArrayOutputStream(); signOut = new ByteArrayOutputStream();
Streams.pipeAll(verifier, signOut); Streams.pipeAll(verifier, signOut);
verifier.close(); verifier.close();
@ -335,7 +330,7 @@ public class EncryptDecryptTest {
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
PGPainless.encryptAndOrSign().onOutputStream(outputStream) PGPainless.encryptAndOrSign().onOutputStream(outputStream)
.toRecipient(publicKeys)); .toRecipient(publicKeys));
} }
} }

View file

@ -23,20 +23,18 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Date; import java.util.Date;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.StreamEncoding; import org.pgpainless.algorithm.StreamEncoding;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.util.KeyRingUtils; import org.pgpainless.key.util.KeyRingUtils;
public class FileInfoTest { public class FileInfoTest {
@ -85,9 +83,8 @@ public class FileInfoTest {
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.onInputStream(cryptIn) .onInputStream(cryptIn)
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), new PGPSecretKeyRingCollection(Collections.singleton(secretKeys))) .withOptions(new ConsumerOptions()
.doNotVerify() .addDecryptionKey(secretKeys));
.build();
Streams.pipeAll(decryptionStream, plainOut); Streams.pipeAll(decryptionStream, plainOut);
decryptionStream.close(); decryptionStream.close();

View file

@ -1,127 +0,0 @@
/*
* Copyright 2018 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.encryption_signing;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.key.TestKeys;
import org.pgpainless.key.generation.type.rsa.RsaLength;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnprotectedKeysProtector;
import org.pgpainless.key.util.KeyRingUtils;
/**
* Class used to determine the length of cipher-text depending on used algorithms.
*/
public class LengthTest {
private static final Logger LOGGER = Logger.getLogger(LengthTest.class.getName());
// @Test
public void ecEc()
throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
IOException {
LOGGER.log(Level.FINER, "\nEC -> EC");
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleEcKeyRing("simplejid@server.tld");
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleEcKeyRing("otherjid@other.srv");
encryptDecryptForSecretKeyRings(sender, recipient);
}
// @Test
public void RsaRsa()
throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
IOException {
LOGGER.log(Level.FINER, "\nRSA-2048 -> RSA-2048");
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("simplejid@server.tld", RsaLength._2048);
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleRsaKeyRing("otherjid@other.srv", RsaLength._2048);
encryptDecryptForSecretKeyRings(sender, recipient);
}
// @Test
public void RsaRsa4096()
throws PGPException,
IOException {
LOGGER.log(Level.FINER, "\nRSA-4096 -> RSA-4096");
PGPSecretKeyRing sender = PGPainless.readKeyRing().secretKeyRing(TestKeys.JULIET_SEC);
PGPSecretKeyRing recipient = PGPainless.readKeyRing().secretKeyRing(TestKeys.ROMEO_SEC);
encryptDecryptForSecretKeyRings(sender, recipient);
}
// @Test
public void rsaEc() throws PGPException, IOException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
NoSuchProviderException {
LOGGER.log(Level.FINER, "\nRSA-2048 -> EC");
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("simplejid@server.tld", RsaLength._2048);
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleEcKeyRing("otherjid@other.srv");
encryptDecryptForSecretKeyRings(sender, recipient);
}
// @Test
public void ecRsa()
throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
IOException {
LOGGER.log(Level.FINER, "\nEC -> RSA-2048");
PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleEcKeyRing("simplejid@server.tld");
@SuppressWarnings("deprecation")
PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleRsaKeyRing("otherjid@other.srv", RsaLength._2048);
encryptDecryptForSecretKeyRings(sender, recipient);
}
private void encryptDecryptForSecretKeyRings(PGPSecretKeyRing senderSec, PGPSecretKeyRing recipientSec)
throws PGPException,
IOException {
PGPPublicKeyRing recipientPub = KeyRingUtils.publicKeyRingFrom(recipientSec);
PGPPublicKeyRing senderPub = KeyRingUtils.publicKeyRingFrom(senderSec);
SecretKeyRingProtector keyDecryptor = new UnprotectedKeysProtector();
for (int i = 1; i <= 100; i++) {
byte[] secretMessage = new byte[i * 20];
new Random().nextBytes(secretMessage);
ByteArrayOutputStream envelope = new ByteArrayOutputStream();
OutputStream encryptor = PGPainless.encryptAndOrSign()
.onOutputStream(envelope)
.toRecipient(recipientPub)
.and()
.signInlineWith(keyDecryptor, senderSec, "simplejid@server.tld", DocumentSignatureType.BINARY_DOCUMENT)
.noArmor();
Streams.pipeAll(new ByteArrayInputStream(secretMessage), encryptor);
encryptor.close();
byte[] encryptedSecretMessage = envelope.toByteArray();
LOGGER.log(Level.FINER,"\n" + encryptedSecretMessage.length);
}
}
}

View file

@ -89,8 +89,7 @@ public class RespectPreferredSymmetricAlgorithmDuringEncryptionTest {
ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream();
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign().onOutputStream(out) EncryptionStream encryptionStream = PGPainless.encryptAndOrSign().onOutputStream(out)
.withOptions( .withOptions(
ProducerOptions.encrypt( ProducerOptions.encrypt(new EncryptionOptions()
new EncryptionOptions()
.addRecipient(publicKeys) .addRecipient(publicKeys)
)); ));

View file

@ -26,8 +26,6 @@ import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
@ -41,12 +39,11 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType; import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.algorithm.EncryptionPurpose; import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.exception.KeyValidationException; import org.pgpainless.exception.KeyValidationException;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.TestKeys; import org.pgpainless.key.TestKeys;
import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.util.KeyRingUtils; import org.pgpainless.key.util.KeyRingUtils;
@ -71,15 +68,16 @@ public class SigningTest {
PGPPublicKeyRingCollection keys = new PGPPublicKeyRingCollection(Arrays.asList(julietKeys, romeoKeys)); PGPPublicKeyRingCollection keys = new PGPPublicKeyRingCollection(Arrays.asList(julietKeys, romeoKeys));
ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream();
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign(EncryptionPurpose.STORAGE) EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
.onOutputStream(out) .onOutputStream(out)
.toRecipients(keys) .withOptions(ProducerOptions.signAndEncrypt(
.and() EncryptionOptions.encryptDataAtRest()
.toRecipient(KeyRingUtils.publicKeyRingFrom(cryptieKeys)) .addRecipients(keys)
.and() .addRecipient(KeyRingUtils.publicKeyRingFrom(cryptieKeys)),
.signInlineWith(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, cryptieSigningKey), new SigningOptions()
cryptieKeys, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT) .addInlineSignature(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, cryptieSigningKey),
.asciiArmor(); cryptieKeys, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)
).setAsciiArmor(true));
byte[] messageBytes = "This message is signed and encrypted to Romeo and Juliet.".getBytes(StandardCharsets.UTF_8); byte[] messageBytes = "This message is signed and encrypted to Romeo and Juliet.".getBytes(StandardCharsets.UTF_8);
ByteArrayInputStream message = new ByteArrayInputStream(messageBytes); ByteArrayInputStream message = new ByteArrayInputStream(messageBytes);
@ -94,16 +92,14 @@ public class SigningTest {
PGPSecretKeyRing julietSecret = TestKeys.getJulietSecretKeyRing(); PGPSecretKeyRing julietSecret = TestKeys.getJulietSecretKeyRing();
PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Arrays.asList(romeoSecret, julietSecret)); PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Arrays.asList(romeoSecret, julietSecret));
Set<OpenPgpV4Fingerprint> trustedFingerprints = new HashSet<>();
trustedFingerprints.add(new OpenPgpV4Fingerprint(cryptieKeys));
trustedFingerprints.add(new OpenPgpV4Fingerprint(julietKeys));
PGPPublicKeyRingCollection verificationKeys = new PGPPublicKeyRingCollection(Arrays.asList(KeyRingUtils.publicKeyRingFrom(cryptieKeys), romeoKeys)); PGPPublicKeyRingCollection verificationKeys = new PGPPublicKeyRingCollection(Arrays.asList(KeyRingUtils.publicKeyRingFrom(cryptieKeys), romeoKeys));
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(cryptIn) DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.decryptWith(secretKeys) .onInputStream(cryptIn)
.verifyWith(trustedFingerprints, verificationKeys) .withOptions(new ConsumerOptions()
.ignoreMissingPublicKeys() .addDecryptionKeys(secretKeys, SecretKeyRingProtector.unprotectedKeys())
.build(); .addVerificationCerts(verificationKeys)
);
ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream(); ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();

View file

@ -24,6 +24,7 @@ import java.io.InputStream;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Date; import java.util.Date;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -59,7 +60,7 @@ public class BindingSignatureSubpacketsTest {
private Policy policy = PGPainless.getPolicy(); private Policy policy = PGPainless.getPolicy();
@Test @Test
public void baseCase() throws IOException { public void baseCase() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -118,7 +119,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingIssuerFpOnly() throws IOException { public void subkeyBindingIssuerFpOnly() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -177,7 +178,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingIssuerV6IssuerFp() throws IOException { public void subkeyBindingIssuerV6IssuerFp() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -236,7 +237,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingIssuerFakeIssuer() throws IOException { public void subkeyBindingIssuerFakeIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -295,7 +296,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingFakeIssuerIssuer() throws IOException { public void subkeyBindingFakeIssuerIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -354,7 +355,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingFakeIssuer() throws IOException { public void subkeyBindingFakeIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -413,7 +414,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingNoIssuer() throws IOException { public void subkeyBindingNoIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -471,7 +472,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void unknownSubpacketHashed() throws IOException { public void unknownSubpacketHashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -530,7 +531,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingUnknownCriticalSubpacket() throws IOException { public void subkeyBindingUnknownCriticalSubpacket() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -589,7 +590,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingUnknownSubpacketUnhashed() throws IOException { public void subkeyBindingUnknownSubpacketUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -648,7 +649,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingUnknownCriticalSubpacketUnhashed() throws IOException { public void subkeyBindingUnknownCriticalSubpacketUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -707,7 +708,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingUnknownNotationHashed() throws IOException { public void subkeyBindingUnknownNotationHashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -767,7 +768,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingCriticalUnknownNotationHashed() throws IOException { public void subkeyBindingCriticalUnknownNotationHashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -827,7 +828,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingUnknownNotationUnhashed() throws IOException { public void subkeyBindingUnknownNotationUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -887,7 +888,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingCriticalUnknownNotationUnhashed() throws IOException { public void subkeyBindingCriticalUnknownNotationUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -947,7 +948,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingBackSigFakeBackSig() throws IOException { public void subkeyBindingBackSigFakeBackSig() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1017,7 +1018,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void subkeyBindingFakeBackSigBackSig() throws IOException { public void subkeyBindingFakeBackSigBackSig() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1087,7 +1088,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingIssuerFpOnly() throws IOException { public void primaryBindingIssuerFpOnly() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1146,7 +1147,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingIssuerV6IssuerFp() throws IOException { public void primaryBindingIssuerV6IssuerFp() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1205,7 +1206,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingIssuerFakeIssuer() throws IOException { public void primaryBindingIssuerFakeIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1264,7 +1265,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingFakeIssuerIssuer() throws IOException { public void primaryBindingFakeIssuerIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1323,7 +1324,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingFakeIssuer() throws IOException { public void primaryBindingFakeIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1382,7 +1383,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingNoIssuer() throws IOException { public void primaryBindingNoIssuer() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1440,7 +1441,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingUnknownSubpacketHashed() throws IOException { public void primaryBindingUnknownSubpacketHashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1499,7 +1500,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingCriticalUnknownSubpacketHashed() throws IOException { public void primaryBindingCriticalUnknownSubpacketHashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1558,7 +1559,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingUnknownSubpacketUnhashed() throws IOException { public void primaryBindingUnknownSubpacketUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1617,7 +1618,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingCriticalUnknownSubpacketUnhashed() throws IOException { public void primaryBindingCriticalUnknownSubpacketUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1676,7 +1677,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingUnknownNotationHashed() throws IOException { public void primaryBindingUnknownNotationHashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1736,7 +1737,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingCriticalUnknownNotationHashed() throws IOException { public void primaryBindingCriticalUnknownNotationHashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1796,7 +1797,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingUnknownNotationUnhashed() throws IOException { public void primaryBindingUnknownNotationUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1856,7 +1857,7 @@ public class BindingSignatureSubpacketsTest {
} }
@Test @Test
public void primaryBindingCriticalUnknownNotationUnhashed() throws IOException { public void primaryBindingCriticalUnknownNotationUnhashed() throws IOException, PGPException {
String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"\n" + "\n" +
"xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" +
@ -1915,7 +1916,7 @@ public class BindingSignatureSubpacketsTest {
expectSignatureValidationSucceeds(key, "Critical unknown notation is acceptable in unhashed area of primary key binding sig."); expectSignatureValidationSucceeds(key, "Critical unknown notation is acceptable in unhashed area of primary key binding sig.");
} }
private void expectSignatureValidationSucceeds(String key, String message) throws IOException { private void expectSignatureValidationSucceeds(String key, String message) throws IOException, PGPException {
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
@ -1929,7 +1930,7 @@ public class BindingSignatureSubpacketsTest {
} }
} }
private void expectSignatureValidationFails(String key, String message) throws IOException { private void expectSignatureValidationFails(String key, String message) throws IOException, PGPException {
PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key);
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);

View file

@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
@ -32,10 +33,10 @@ import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.util.KeyRingUtils; import org.pgpainless.key.util.KeyRingUtils;
/** /**
@ -151,12 +152,13 @@ public class IgnoreMarkerPackets {
String data = "Marker + Detached signature"; String data = "Marker + Detached signature";
PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0);
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8))) InputStream messageIn = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8));
.doNotDecrypt() DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.verifyDetachedSignature(signature) .onInputStream(messageIn)
.verifyWith(publicKeys) .withOptions(new ConsumerOptions()
.ignoreMissingPublicKeys() .addVerificationCert(publicKeys)
.build(); .addVerificationOfDetachedSignature(signature)
);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
@ -199,11 +201,13 @@ public class IgnoreMarkerPackets {
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
String data = "Marker + Encrypted Message"; String data = "Marker + Encrypted Message";
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8))) InputStream messageIn = new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8));
.decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
.verifyWith(publicKeys) .onInputStream(messageIn)
.ignoreMissingPublicKeys() .withOptions(new ConsumerOptions()
.build(); .addDecryptionKey(secretKeys)
.addVerificationCert(publicKeys)
);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ByteArrayOutputStream outputStream = new ByteArrayOutputStream();

View file

@ -22,6 +22,7 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Date; import java.util.Date;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -33,7 +34,7 @@ public class KeyRevocationTest {
private static final String data = "Hello, World"; private static final String data = "Hello, World";
@Test @Test
public void subkeySignsPrimaryKeyRevokedNoReason() throws IOException, SignatureValidationException { public void subkeySignsPrimaryKeyRevokedNoReason() throws IOException, PGPException {
String key = "-----BEGIN PGP ARMORED FILE-----\n" + String key = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +
@ -178,7 +179,7 @@ public class KeyRevocationTest {
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_not_revoked__base_case_">Sequoia Test-Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_not_revoked__base_case_">Sequoia Test-Suite</a>
*/ */
@Test @Test
public void subkeySignsPrimaryKeyNotRevoked() throws IOException, SignatureValidationException { public void subkeySignsPrimaryKeyNotRevoked() throws IOException, PGPException {
String key = "-----BEGIN PGP ARMORED FILE-----\n" + String key = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +

View file

@ -24,6 +24,7 @@ import java.io.InputStream;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Date; import java.util.Date;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -39,7 +40,7 @@ public class SignatureChainValidatorTest {
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__unknown">Sequoia Test Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__unknown">Sequoia Test Suite</a>
*/ */
@Test @Test
public void testPrimaryKeySignsAndIsHardRevokedUnknown() throws IOException { public void testPrimaryKeySignsAndIsHardRevokedUnknown() throws IOException, PGPException {
String key = "-----BEGIN PGP ARMORED FILE-----\n" + String key = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +
@ -188,7 +189,7 @@ public class SignatureChainValidatorTest {
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__unknown">Sequoia Test Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__unknown">Sequoia Test Suite</a>
*/ */
@Test @Test
public void testSubkeySignsPrimaryKeyIsHardRevokedUnknown() throws IOException { public void testSubkeySignsPrimaryKeyIsHardRevokedUnknown() throws IOException, PGPException {
String key = "-----BEGIN PGP ARMORED FILE-----\n" + String key = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +
@ -338,7 +339,7 @@ public class SignatureChainValidatorTest {
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__subkey_is_revoked__revoked__unknown">Sequoia Test Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__subkey_is_revoked__revoked__unknown">Sequoia Test Suite</a>
*/ */
@Test @Test
public void testSubkeySignsAndIsHardRevokedUnknown() throws IOException { public void testSubkeySignsAndIsHardRevokedUnknown() throws IOException, PGPException {
String keyWithHardRev = "-----BEGIN PGP ARMORED FILE-----\n" + String keyWithHardRev = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +
@ -488,7 +489,7 @@ public class SignatureChainValidatorTest {
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__superseded">Sequoia Test Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__superseded">Sequoia Test Suite</a>
*/ */
@Test @Test
public void testPrimaryKeySignsAndIsSoftRevokedSuperseded() throws IOException { public void testPrimaryKeySignsAndIsSoftRevokedSuperseded() throws IOException, PGPException {
String keyWithSoftRev = "-----BEGIN PGP ARMORED FILE-----\n" + String keyWithSoftRev = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +
@ -643,7 +644,7 @@ public class SignatureChainValidatorTest {
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__superseded">Sequoia Test Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__subkey_signs__primary_key_is_revoked__revoked__superseded">Sequoia Test Suite</a>
*/ */
@Test @Test
public void testSubkeySignsPrimaryKeyIsSoftRevokedSuperseded() throws IOException { public void testSubkeySignsPrimaryKeyIsSoftRevokedSuperseded() throws IOException, PGPException {
String key = "-----BEGIN PGP ARMORED FILE-----\n" + String key = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +
@ -794,7 +795,7 @@ public class SignatureChainValidatorTest {
* @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__key_retired">Sequoia Test Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Key_revocation_test__primary_key_signs_and_is_revoked__revoked__key_retired">Sequoia Test Suite</a>
*/ */
@Test @Test
public void testPrimaryKeySignsAndIsSoftRevokedRetired() throws IOException { public void testPrimaryKeySignsAndIsSoftRevokedRetired() throws IOException, PGPException {
String key = "-----BEGIN PGP ARMORED FILE-----\n" + String key = "-----BEGIN PGP ARMORED FILE-----\n" +
"Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" +
"\n" + "\n" +
@ -945,7 +946,7 @@ public class SignatureChainValidatorTest {
* @see <a href="https://tests.sequoia-pgp.org/#Temporary_validity">Sequoia Test Suite</a> * @see <a href="https://tests.sequoia-pgp.org/#Temporary_validity">Sequoia Test Suite</a>
*/ */
@Test @Test
public void testTemporaryValidity() throws IOException { public void testTemporaryValidity() throws IOException, PGPException {
String keyA = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + String keyA = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
"Comment: D1A6 6E1A 23B1 82C9 980F 788C FBFC C82A 015E 7330\n" + "Comment: D1A6 6E1A 23B1 82C9 980F 788C FBFC C82A 015E 7330\n" +
"Comment: Bob Babbage <bob@openpgp.example>\n" + "Comment: Bob Babbage <bob@openpgp.example>\n" +

View file

@ -21,6 +21,7 @@ import java.io.IOException;
import java.util.List; import java.util.List;
import org.bouncycastle.bcpg.sig.NotationData; import org.bouncycastle.bcpg.sig.NotationData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.encoders.Hex;
import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeAll;
@ -38,7 +39,7 @@ public class SignatureStructureTest {
private static PGPSignature signature; private static PGPSignature signature;
@BeforeAll @BeforeAll
public static void parseSignature() throws IOException { public static void parseSignature() throws IOException, PGPException {
// see https://tests.sequoia-pgp.org/#Detached_signature_with_Subpackets (base case) // see https://tests.sequoia-pgp.org/#Detached_signature_with_Subpackets (base case)
signature = SignatureUtils.readSignatures("-----BEGIN PGP SIGNATURE-----\n" + signature = SignatureUtils.readSignatures("-----BEGIN PGP SIGNATURE-----\n" +
"\n" + "\n" +

View file

@ -26,8 +26,11 @@ import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.encryption_signing.EncryptionOptions;
import org.pgpainless.encryption_signing.EncryptionStream; import org.pgpainless.encryption_signing.EncryptionStream;
import org.pgpainless.encryption_signing.ProducerOptions;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
@ -44,12 +47,11 @@ public class MultiPassphraseSymmetricEncryptionTest {
ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream(); ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
EncryptionStream encryptor = PGPainless.encryptAndOrSign() EncryptionStream encryptor = PGPainless.encryptAndOrSign()
.onOutputStream(ciphertextOut) .onOutputStream(ciphertextOut)
.forPassphrase(Passphrase.fromPassword("p1")) .withOptions(ProducerOptions.encrypt(
.and() EncryptionOptions.encryptCommunications()
.forPassphrase(Passphrase.fromPassword("p2")) .addPassphrase(Passphrase.fromPassword("p1"))
.and() .addPassphrase(Passphrase.fromPassword("p2"))
.doNotSign() ).setAsciiArmor(false));
.noArmor();
Streams.pipeAll(plaintextIn, encryptor); Streams.pipeAll(plaintextIn, encryptor);
encryptor.close(); encryptor.close();
@ -58,10 +60,10 @@ public class MultiPassphraseSymmetricEncryptionTest {
// decrypting the p1 package with p2 first will not work. Test if it is handled correctly. // decrypting the p1 package with p2 first will not work. Test if it is handled correctly.
for (Passphrase passphrase : new Passphrase[] {Passphrase.fromPassword("p2"), Passphrase.fromPassword("p1")}) { for (Passphrase passphrase : new Passphrase[] {Passphrase.fromPassword("p2"), Passphrase.fromPassword("p1")}) {
DecryptionStream decryptor = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(ciphertext)) DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
.decryptWith(passphrase) .onInputStream(new ByteArrayInputStream(ciphertext))
.doNotVerify() .withOptions(new ConsumerOptions()
.build(); .addDecryptionPassphrase(passphrase));
ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream(); ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();

View file

@ -31,8 +31,8 @@ import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.encryption_signing.EncryptionBuilderInterface;
import org.pgpainless.encryption_signing.EncryptionOptions; import org.pgpainless.encryption_signing.EncryptionOptions;
import org.pgpainless.encryption_signing.EncryptionStream; import org.pgpainless.encryption_signing.EncryptionStream;
import org.pgpainless.encryption_signing.ProducerOptions; import org.pgpainless.encryption_signing.ProducerOptions;
@ -60,14 +60,13 @@ public class SymmetricEncryptionTest {
Passphrase encryptionPassphrase = Passphrase.fromPassword("greenBeans"); Passphrase encryptionPassphrase = Passphrase.fromPassword("greenBeans");
ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream(); ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
EncryptionBuilderInterface.Armor armor = PGPainless.encryptAndOrSign().onOutputStream(ciphertextOut) EncryptionStream encryptor = PGPainless.encryptAndOrSign()
.forPassphrase(encryptionPassphrase) .onOutputStream(ciphertextOut)
.and() .withOptions(ProducerOptions.encrypt(
.toRecipient(encryptionKey) EncryptionOptions.encryptCommunications()
.and() .addPassphrase(encryptionPassphrase)
.doNotSign(); .addRecipient(encryptionKey)
EncryptionStream encryptor = armor ));
.noArmor();
Streams.pipeAll(plaintextIn, encryptor); Streams.pipeAll(plaintextIn, encryptor);
encryptor.close(); encryptor.close();
@ -77,9 +76,8 @@ public class SymmetricEncryptionTest {
// Test symmetric decryption // Test symmetric decryption
DecryptionStream decryptor = PGPainless.decryptAndOrVerify() DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
.onInputStream(new ByteArrayInputStream(ciphertext)) .onInputStream(new ByteArrayInputStream(ciphertext))
.decryptWith(encryptionPassphrase) .withOptions(new ConsumerOptions()
.doNotVerify() .addDecryptionPassphrase(encryptionPassphrase));
.build();
ByteArrayOutputStream decrypted = new ByteArrayOutputStream(); ByteArrayOutputStream decrypted = new ByteArrayOutputStream();
@ -95,9 +93,8 @@ public class SymmetricEncryptionTest {
new SolitaryPassphraseProvider(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD))); new SolitaryPassphraseProvider(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD)));
decryptor = PGPainless.decryptAndOrVerify() decryptor = PGPainless.decryptAndOrVerify()
.onInputStream(new ByteArrayInputStream(ciphertext)) .onInputStream(new ByteArrayInputStream(ciphertext))
.decryptWith(protector, decryptionKeys) .withOptions(new ConsumerOptions()
.doNotVerify() .addDecryptionKeys(decryptionKeys, protector));
.build();
decrypted = new ByteArrayOutputStream(); decrypted = new ByteArrayOutputStream();
@ -126,8 +123,7 @@ public class SymmetricEncryptionTest {
assertThrows(MissingDecryptionMethodException.class, () -> PGPainless.decryptAndOrVerify() assertThrows(MissingDecryptionMethodException.class, () -> PGPainless.decryptAndOrVerify()
.onInputStream(new ByteArrayInputStream(ciphertextOut.toByteArray())) .onInputStream(new ByteArrayInputStream(ciphertextOut.toByteArray()))
.decryptWith(Passphrase.fromPassword("meldir")) .withOptions(new ConsumerOptions()
.doNotVerify() .addDecryptionPassphrase(Passphrase.fromPassword("meldir"))));
.build());
} }
} }

View file

@ -17,7 +17,6 @@ package org.pgpainless.weird_keys;
import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
@ -27,9 +26,8 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.encryption_signing.EncryptionBuilderInterface; import org.pgpainless.encryption_signing.EncryptionOptions;
import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.rsa.RsaLength; import org.pgpainless.key.generation.type.rsa.RsaLength;
@ -49,13 +47,10 @@ public class TestEncryptCommsStorageFlagsDifferentiated {
.withPrimaryUserId("cannot@encrypt.comms") .withPrimaryUserId("cannot@encrypt.comms")
.withoutPassphrase() .withoutPassphrase()
.build(); .build();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);
ByteArrayOutputStream out = new ByteArrayOutputStream(); assertThrows(IllegalArgumentException.class, () -> EncryptionOptions.encryptCommunications()
EncryptionBuilderInterface.ToRecipients builder = PGPainless.encryptAndOrSign(EncryptionPurpose.COMMUNICATIONS) .addRecipient(publicKeys));
.onOutputStream(out);
// since the key does not carry the flag ENCRYPT_COMMS, it cannot be used by the stream.
assertThrows(IllegalArgumentException.class, () -> builder.toRecipient(publicKeys));
} }
} }

View file

@ -59,7 +59,7 @@ public class TestTwoSubkeysEncryption {
PGPSecretKeyRing twoSuitableSubkeysKeyRing = WeirdKeys.getTwoCryptSubkeysKey(); PGPSecretKeyRing twoSuitableSubkeysKeyRing = WeirdKeys.getTwoCryptSubkeysKey();
PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(twoSuitableSubkeysKeyRing); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(twoSuitableSubkeysKeyRing);
ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream();
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign(EncryptionPurpose.STORAGE) EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
.onOutputStream(out) .onOutputStream(out)
.withOptions( .withOptions(
ProducerOptions.encrypt(new EncryptionOptions(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS) ProducerOptions.encrypt(new EncryptionOptions(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS)

View file

@ -24,17 +24,15 @@ import java.io.IOException;
import java.io.PrintStream; import java.io.PrintStream;
import java.text.DateFormat; import java.text.DateFormat;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.HashSet;
import java.util.List; import java.util.List;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.DecryptionBuilderInterface; import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.key.OpenPgpV4Fingerprint;
@ -108,34 +106,34 @@ public class Decrypt implements Runnable {
System.exit(1); System.exit(1);
} }
PGPSecretKeyRingCollection secretKeys; ConsumerOptions options = new ConsumerOptions();
List<PGPPublicKeyRing> verifyWith = null;
List<PGPPublicKeyRing> verifyWith = null;
try { try {
List<PGPSecretKeyRing> secretKeyRings = loadKeysFromFiles(keys); List<PGPSecretKeyRing> secretKeyRings = loadKeysFromFiles(keys);
secretKeys = new PGPSecretKeyRingCollection(secretKeyRings); for (PGPSecretKeyRing secretKey : secretKeyRings) {
options.addDecryptionKey(secretKey);
}
if (certs != null) { if (certs != null) {
verifyWith = SopKeyUtil.loadCertificatesFromFile(certs); verifyWith = SopKeyUtil.loadCertificatesFromFile(certs);
for (PGPPublicKeyRing cert : verifyWith) {
options.addVerificationCert(cert);
}
} }
} catch (IOException | PGPException e) { } catch (IOException | PGPException e) {
err_ln(e.getMessage()); err_ln(e.getMessage());
System.exit(1); System.exit(1);
return; return;
} }
DecryptionStream decryptionStream;
DecryptionBuilderInterface.Verify builder = PGPainless.decryptAndOrVerify()
.onInputStream(System.in)
.decryptWith(secretKeys);
DecryptionStream decryptionStream = null;
try { try {
if (verifyWith != null) { decryptionStream = PGPainless.decryptAndOrVerify()
decryptionStream = builder.verifyWith(new HashSet<>(verifyWith)) .onInputStream(System.in)
.ignoreMissingPublicKeys().build(); .withOptions(options);
} else {
decryptionStream = builder.doNotVerify()
.build();
}
} catch (IOException | PGPException e) { } catch (IOException | PGPException e) {
err_ln("Error constructing decryption stream: " + e.getMessage()); err_ln("Error constructing decryption stream: " + e.getMessage());
System.exit(1); System.exit(1);
@ -169,14 +167,14 @@ public class Decrypt implements Runnable {
PGPSignature signature = metadata.getVerifiedSignatures().get(fingerprint); PGPSignature signature = metadata.getVerifiedSignatures().get(fingerprint);
sb.append(df.format(signature.getCreationTime())).append(' ') sb.append(df.format(signature.getCreationTime())).append(' ')
.append(fingerprint).append(' ') .append(fingerprint).append(' ')
.append(new OpenPgpV4Fingerprint(verifier)).append('\n'); .append(verifier != null ? new OpenPgpV4Fingerprint(verifier) : "null").append('\n');
} }
try { try {
verifyOut.createNewFile(); verifyOut.createNewFile();
PrintStream verifyPrinter = new PrintStream(new FileOutputStream(verifyOut)); PrintStream verifyPrinter = new PrintStream(new FileOutputStream(verifyOut));
// CHECKSTYLE:OFF // CHECKSTYLE:OFF
verifyPrinter.println(sb.toString()); verifyPrinter.println(sb);
// CHECKSTYLE:ON // CHECKSTYLE:ON
verifyPrinter.close(); verifyPrinter.close();
} catch (IOException e) { } catch (IOException e) {

View file

@ -15,20 +15,11 @@
*/ */
package org.pgpainless.sop.commands; package org.pgpainless.sop.commands;
import org.bouncycastle.openpgp.PGPException; import static org.pgpainless.sop.Print.err_ln;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import static org.pgpainless.sop.Print.print_ln;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import picocli.CommandLine;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.text.DateFormat; import java.text.DateFormat;
@ -36,12 +27,20 @@ import java.text.ParseException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.TimeZone; import java.util.TimeZone;
import static org.pgpainless.sop.Print.err_ln; import org.bouncycastle.openpgp.PGPException;
import static org.pgpainless.sop.Print.print_ln; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.OpenPgpMetadata;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import picocli.CommandLine;
@CommandLine.Command(name = "verify", @CommandLine.Command(name = "verify",
description = "Verify a detached signature over the data from standard input", description = "Verify a detached signature over the data from standard input",
@ -89,32 +88,35 @@ public class Verify implements Runnable {
Date notBeforeDate = parseNotBefore(); Date notBeforeDate = parseNotBefore();
Date notAfterDate = parseNotAfter(); Date notAfterDate = parseNotAfter();
ConsumerOptions options = new ConsumerOptions();
try (FileInputStream sigIn = new FileInputStream(signature)) {
options.addVerificationOfDetachedSignatures(sigIn);
} catch (IOException | PGPException e) {
err_ln("Cannot read detached signature: " + e.getMessage());
System.exit(1);
}
Map<PGPPublicKeyRing, File> publicKeys = readCertificatesFromFiles(); Map<PGPPublicKeyRing, File> publicKeys = readCertificatesFromFiles();
if (publicKeys.isEmpty()) { if (publicKeys.isEmpty()) {
err_ln("No certificates supplied."); err_ln("No certificates supplied.");
System.exit(19); System.exit(19);
} }
for (PGPPublicKeyRing cert : publicKeys.keySet()) {
options.addVerificationCert(cert);
}
OpenPgpMetadata metadata; OpenPgpMetadata metadata;
try (FileInputStream sigIn = new FileInputStream(signature)) { try {
DecryptionStream verifier = PGPainless.decryptAndOrVerify() DecryptionStream verifier = PGPainless.decryptAndOrVerify()
.onInputStream(System.in) .onInputStream(System.in)
.doNotDecrypt() .withOptions(options);
.verifyDetachedSignature(sigIn)
.verifyWith(new HashSet<>(publicKeys.keySet()))
.ignoreMissingPublicKeys()
.build();
OutputStream out = new NullOutputStream(); OutputStream out = new NullOutputStream();
Streams.pipeAll(verifier, out); Streams.pipeAll(verifier, out);
verifier.close(); verifier.close();
metadata = verifier.getResult(); metadata = verifier.getResult();
} catch (FileNotFoundException e) {
err_ln("Signature file not found:");
err_ln(e.getMessage());
System.exit(1);
return;
} catch (IOException | PGPException e) { } catch (IOException | PGPException e) {
err_ln("Signature validation failed."); err_ln("Signature validation failed.");
err_ln(e.getMessage()); err_ln(e.getMessage());