Progress
This commit is contained in:
parent
0e25ada166
commit
92550e35cc
GPG Key ID:
62BEE9264BF17311
|
|
@ -1,15 +1,22 @@
|
|||
package org.pgpainless.key.generation
|
||||
|
||||
import org.bouncycastle.bcpg.PublicSubkeyPacket
|
||||
import org.bouncycastle.openpgp.PGPKeyPair
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey
|
||||
import org.bouncycastle.openpgp.PGPPublicKey
|
||||
import org.pgpainless.algorithm.HashAlgorithm
|
||||
import org.pgpainless.algorithm.SignatureType
|
||||
import org.pgpainless.implementation.ImplementationFactory
|
||||
import org.pgpainless.key.generation.type.KeyType
|
||||
import org.pgpainless.key.generation.type.eddsa.EdDSACurve
|
||||
import org.pgpainless.key.generation.type.rsa.RsaLength
|
||||
import org.pgpainless.key.generation.type.xdh.XDHSpec
|
||||
import org.pgpainless.provider.ProviderFactory
|
||||
import org.pgpainless.signature.builder.SelfSignatureBuilder
|
||||
import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
|
||||
import java.security.KeyPairGenerator
|
||||
import java.util.Date
|
||||
import java.util.*
|
||||
|
||||
class OpenPgpKeyBuilder {
|
||||
|
||||
|
|
@ -19,34 +26,19 @@ class OpenPgpKeyBuilder {
|
|||
): V4PrimaryKeyBuilder = V4PrimaryKeyBuilder(type, creationTime)
|
||||
|
||||
abstract class V4KeyBuilder<T: V4KeyBuilder<T>>(
|
||||
protected val type: KeyType,
|
||||
protected val creationTime: Date,
|
||||
val type: KeyType,
|
||||
val creationTime: Date,
|
||||
val certificateCreationTime: Date = Date()
|
||||
) {
|
||||
|
||||
internal val keyPair = generateKeyPair()
|
||||
internal var key = generateKeyPair()
|
||||
|
||||
fun subkey(
|
||||
type: KeyType,
|
||||
creationTime: Date = certificateCreationTime
|
||||
): V4SubkeyBuilder = V4SubkeyBuilder(type, creationTime, this)
|
||||
): V4SubkeyBuilder = V4SubkeyBuilder(type, creationTime, primaryKey())
|
||||
|
||||
fun generate(): PGPSecretKeyRing {
|
||||
val keys = collectKeysForGeneration()
|
||||
|
||||
assert(keys.first() is V4PrimaryKeyBuilder)
|
||||
assert(keys.drop(1).all { it is V4SubkeyBuilder })
|
||||
|
||||
val primaryKey: V4PrimaryKeyBuilder = keys.first() as V4PrimaryKeyBuilder
|
||||
|
||||
}
|
||||
|
||||
private fun collectKeysForGeneration(): List<V4KeyBuilder<*>> =
|
||||
if (this is V4SubkeyBuilder) {
|
||||
predecessor.collectKeysForGeneration().plus(this)
|
||||
} else {
|
||||
listOf(this)
|
||||
}
|
||||
internal abstract fun primaryKey(): V4PrimaryKeyBuilder
|
||||
|
||||
private fun generateKeyPair(): PGPKeyPair {
|
||||
// Create raw Key Pair
|
||||
|
|
@ -57,7 +49,12 @@ class OpenPgpKeyBuilder {
|
|||
// Form PGP Key Pair
|
||||
return ImplementationFactory.getInstance()
|
||||
.getPGPV4KeyPair(type.algorithm, keyPair, creationTime)
|
||||
.let {
|
||||
adjustKeyPacket(it)
|
||||
}
|
||||
}
|
||||
|
||||
protected abstract fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair
|
||||
}
|
||||
|
||||
class V4PrimaryKeyBuilder(
|
||||
|
|
@ -65,35 +62,73 @@ class OpenPgpKeyBuilder {
|
|||
creationTime: Date
|
||||
): V4KeyBuilder<V4PrimaryKeyBuilder>(type, creationTime) {
|
||||
|
||||
fun userId(userId: CharSequence) = userId(userId, OpenPgpV4KeyGenerator.Preferences())
|
||||
fun userId(
|
||||
userId: CharSequence,
|
||||
bindingTime: Date = creationTime,
|
||||
hashAlgorithm: HashAlgorithm = HashAlgorithm.SHA512,
|
||||
subpacketsCallback: SelfSignatureSubpackets.Callback =
|
||||
object : SelfSignatureSubpackets.Callback {
|
||||
|
||||
fun userId(userId: CharSequence, preferences: OpenPgpV4KeyGenerator.Preferences) = apply {
|
||||
keyPair.publicKey.
|
||||
}
|
||||
) = apply {
|
||||
val sig = SelfSignatureBuilder(
|
||||
key.privateKey,
|
||||
key.publicKey,
|
||||
SignatureType.POSITIVE_CERTIFICATION,
|
||||
hashAlgorithm)
|
||||
.applyCallback(subpacketsCallback)
|
||||
.build(userId)
|
||||
key = PGPKeyPair(
|
||||
PGPPublicKey.addCertification(key.publicKey, userId.toString(), sig),
|
||||
key.privateKey
|
||||
)
|
||||
}
|
||||
|
||||
fun selfSignature(preferences: OpenPgpV4KeyGenerator.Preferences) = apply {
|
||||
|
||||
override fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair {
|
||||
return keyPair // is already a secret key packet
|
||||
}
|
||||
|
||||
override fun primaryKey() = this
|
||||
}
|
||||
|
||||
class V4SubkeyBuilder(
|
||||
type: KeyType,
|
||||
creationTime: Date,
|
||||
internal val predecessor: V4KeyBuilder<*>,
|
||||
): V4KeyBuilder<V4SubkeyBuilder>(type, creationTime, predecessor.certificateCreationTime) {
|
||||
fun bindingSignature(preferences: OpenPgpV4KeyGenerator.Preferences) = apply {
|
||||
private val primaryKeyBuilder: V4PrimaryKeyBuilder
|
||||
): V4KeyBuilder<V4SubkeyBuilder>(type, creationTime) {
|
||||
|
||||
fun bindingSignature(subpacketCallback: SelfSignatureSubpackets.Callback) = apply {
|
||||
SubkeyBindingSignatureBuilder(primaryKeyBuilder.key.privateKey, primaryKeyBuilder.key.publicKey)
|
||||
.applyCallback(subpacketCallback)
|
||||
.build(key.publicKey)
|
||||
.let {
|
||||
key = PGPKeyPair(
|
||||
PGPPublicKey.addCertification(key.publicKey, it),
|
||||
key.privateKey)
|
||||
}
|
||||
}
|
||||
|
||||
override fun adjustKeyPacket(keyPair: PGPKeyPair): PGPKeyPair {
|
||||
val fpCalc = ImplementationFactory.getInstance().keyFingerprintCalculator
|
||||
val pubkey = keyPair.publicKey
|
||||
val privkey = keyPair.privateKey
|
||||
// form subkey packet
|
||||
val subkey = PublicSubkeyPacket(pubkey.algorithm,
|
||||
pubkey.creationTime, pubkey.publicKeyPacket.key)
|
||||
return PGPKeyPair(
|
||||
PGPPublicKey(subkey, fpCalc),
|
||||
PGPPrivateKey(pubkey.keyID, subkey, privkey.privateKeyDataPacket)
|
||||
)
|
||||
}
|
||||
|
||||
override fun primaryKey() = primaryKeyBuilder.primaryKey()
|
||||
|
||||
fun bindingSignature(
|
||||
bindingTime: Date = creationTime
|
||||
): V4SubkeyBuilder = bindingSignature(object : SelfSignatureSubpackets.Callback {
|
||||
override fun modifyHashedSubpackets(hashedSubpackets: SelfSignatureSubpackets) {
|
||||
hashedSubpackets.setSignatureCreationTime(bindingTime)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
fun test() {
|
||||
OpenPgpKeyBuilder()
|
||||
.buildV4Key(KeyType.RSA(RsaLength._4096))
|
||||
.selfSignature(OpenPgpV4KeyGenerator.Preferences())
|
||||
.userId("Alice", OpenPgpV4KeyGenerator.Preferences())
|
||||
.subkey(KeyType.EDDSA(EdDSACurve._Ed25519))
|
||||
.bindingSignature(OpenPgpV4KeyGenerator.Preferences())
|
||||
.subkey(KeyType.XDH(XDHSpec._X25519))
|
||||
.bindingSignature(OpenPgpV4KeyGenerator.Preferences())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,117 +1,79 @@
|
|||
package org.pgpainless.key.generation
|
||||
|
||||
import org.bouncycastle.openpgp.PGPSecretKey
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing
|
||||
import org.pgpainless.algorithm.HashAlgorithm
|
||||
import org.pgpainless.algorithm.KeyFlag
|
||||
import org.pgpainless.implementation.ImplementationFactory
|
||||
import org.pgpainless.key.generation.type.KeyType
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector
|
||||
import org.pgpainless.policy.Policy
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
|
||||
import java.util.*
|
||||
|
||||
class OpenPgpV4KeyGenerator(
|
||||
keyType: KeyType,
|
||||
private val policy: Policy,
|
||||
private val referenceTime: Date = Date()
|
||||
) {
|
||||
|
||||
fun primaryKey(
|
||||
type: KeyType,
|
||||
vararg flag: KeyFlag = arrayOf(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
||||
) = primaryKey(type, referenceTime, *flag)
|
||||
private val primaryKey = OpenPgpKeyBuilder.V4PrimaryKeyBuilder(keyType, referenceTime)
|
||||
private val subkeys = mutableListOf<OpenPgpKeyBuilder.V4SubkeyBuilder>()
|
||||
|
||||
fun primaryKey(
|
||||
type: KeyType,
|
||||
creationTime: Date,
|
||||
vararg flag: KeyFlag = arrayOf(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
|
||||
) = WithSubkeys(
|
||||
KeyDescription(type, creationTime, flag.toList()),
|
||||
policy,
|
||||
referenceTime
|
||||
)
|
||||
|
||||
class WithSubkeys(
|
||||
private val primaryKey: KeyDescription,
|
||||
private val policy: Policy,
|
||||
private val referenceTime: Date
|
||||
) {
|
||||
|
||||
val builder = OpenPgpKeyBuilder()
|
||||
.buildV4Key(primaryKey.type)
|
||||
.
|
||||
|
||||
init {
|
||||
|
||||
}
|
||||
|
||||
fun encryptionSubkey(
|
||||
type: KeyType,
|
||||
vararg flag: KeyFlag = arrayOf(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
|
||||
) = encryptionSubkey(type, referenceTime, *flag)
|
||||
|
||||
fun encryptionSubkey(
|
||||
type: KeyType,
|
||||
creationTime: Date,
|
||||
vararg flag: KeyFlag = arrayOf(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
|
||||
) = subkey(type, creationTime, *flag)
|
||||
|
||||
fun signingSubkey(
|
||||
type: KeyType
|
||||
) = signingSubkey(type, referenceTime)
|
||||
|
||||
fun signingSubkey(
|
||||
type: KeyType,
|
||||
creationTime: Date
|
||||
) = subkey(type, creationTime, KeyFlag.SIGN_DATA)
|
||||
|
||||
fun subkey(
|
||||
type: KeyType,
|
||||
vararg flag: KeyFlag
|
||||
) = subkey(type, referenceTime, *flag)
|
||||
|
||||
fun subkey(
|
||||
type: KeyType,
|
||||
creationTime: Date = referenceTime,
|
||||
vararg flag: KeyFlag
|
||||
) = apply {
|
||||
|
||||
}
|
||||
|
||||
fun noUserId(
|
||||
preferences: Preferences
|
||||
): PGPSecretKeyRing {
|
||||
|
||||
}
|
||||
|
||||
fun userId(
|
||||
userId: CharSequence,
|
||||
preferences: Preferences
|
||||
): WithUserIds = WithUserIds().apply {
|
||||
userId(userId, preferences)
|
||||
}
|
||||
fun addUserId(
|
||||
userId: CharSequence,
|
||||
bindingTime: Date = referenceTime
|
||||
) = apply {
|
||||
primaryKey.userId(userId, bindingTime)
|
||||
}
|
||||
|
||||
class WithUserIds {
|
||||
fun userId(
|
||||
userId: CharSequence,
|
||||
preferences: Preferences
|
||||
): WithUserIds {
|
||||
fun addSubkey(
|
||||
keyType: KeyType,
|
||||
creationTime: Date = referenceTime,
|
||||
bindingTime: Date = creationTime
|
||||
) = addSubkey(OpenPgpKeyBuilder.V4SubkeyBuilder(keyType, creationTime, primaryKey), bindingTime)
|
||||
|
||||
}
|
||||
|
||||
fun done(): PGPSecretKeyRing {
|
||||
|
||||
}
|
||||
|
||||
fun directKeySignature(
|
||||
preferences: Preferences
|
||||
): PGPSecretKeyRing {
|
||||
|
||||
}
|
||||
fun addSubkey(
|
||||
subkeyBuilder: OpenPgpKeyBuilder.V4SubkeyBuilder,
|
||||
bindingTime: Date = subkeyBuilder.creationTime
|
||||
) = apply {
|
||||
subkeys.add(subkeyBuilder)
|
||||
}
|
||||
|
||||
data class KeyDescription(
|
||||
val type: KeyType,
|
||||
val creationTime: Date,
|
||||
val flags: List<KeyFlag>
|
||||
fun addEncryptionSubkey(
|
||||
keyType: KeyType,
|
||||
creationTime: Date = referenceTime,
|
||||
bindingTime: Date = creationTime
|
||||
) = addSubkey(OpenPgpKeyBuilder.V4SubkeyBuilder(keyType, creationTime, primaryKey)
|
||||
.bindingSignature(object: SelfSignatureSubpackets.Callback {
|
||||
override fun modifyHashedSubpackets(hashedSubpackets: SelfSignatureSubpackets) {
|
||||
hashedSubpackets.setSignatureCreationTime(bindingTime)
|
||||
hashedSubpackets.setKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
|
||||
}
|
||||
})
|
||||
)
|
||||
|
||||
data class Preferences()
|
||||
|
||||
fun build(protector: SecretKeyRingProtector): PGPSecretKeyRing {
|
||||
return PGPSecretKeyRing(
|
||||
mutableListOf(
|
||||
PGPSecretKey(
|
||||
primaryKey.key.privateKey,
|
||||
primaryKey.key.publicKey,
|
||||
ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1),
|
||||
true,
|
||||
protector.getEncryptor(primaryKey.key.keyID)
|
||||
)
|
||||
).plus(
|
||||
subkeys.map {
|
||||
PGPSecretKey(
|
||||
it.key.privateKey,
|
||||
it.key.publicKey,
|
||||
ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1),
|
||||
false,
|
||||
protector.getEncryptor(it.key.keyID)
|
||||
)
|
||||
}
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -53,6 +53,20 @@ abstract class AbstractSignatureBuilder<B : AbstractSignatureBuilder<B>>(
|
|||
hashedSubpackets,
|
||||
unhashedSubpackets)
|
||||
|
||||
@Throws(PGPException::class)
|
||||
constructor(
|
||||
privateSigningKey: PGPPrivateKey,
|
||||
publicSigningKey: PGPPublicKey,
|
||||
archetypeSignature: PGPSignature
|
||||
) : this(
|
||||
privateSigningKey,
|
||||
publicSigningKey,
|
||||
negotiateHashAlgorithm(publicSigningKey),
|
||||
SignatureType.requireFromCode(archetypeSignature.signatureType),
|
||||
SignatureSubpackets.refreshHashedSubpackets(publicSigningKey, archetypeSignature),
|
||||
SignatureSubpackets.refreshUnhashedSubpackets(archetypeSignature)
|
||||
)
|
||||
|
||||
@Throws(PGPException::class)
|
||||
constructor(
|
||||
signatureType: SignatureType,
|
||||
|
|
|
|||
|
|
@ -4,14 +4,18 @@
|
|||
|
||||
package org.pgpainless.signature.builder
|
||||
|
||||
import java.util.function.Predicate
|
||||
import org.bouncycastle.openpgp.PGPException
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey
|
||||
import org.bouncycastle.openpgp.PGPPublicKey
|
||||
import org.bouncycastle.openpgp.PGPSecretKey
|
||||
import org.bouncycastle.openpgp.PGPSignature
|
||||
import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
|
||||
import org.pgpainless.algorithm.HashAlgorithm
|
||||
import org.pgpainless.algorithm.SignatureType
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
|
||||
import org.pgpainless.signature.subpackets.SignatureSubpackets
|
||||
import java.util.function.Predicate
|
||||
|
||||
/**
|
||||
* [AbstractSignatureBuilder] devoted to all types of self-certifications. Self-certifications are
|
||||
|
|
@ -49,6 +53,28 @@ class SelfSignatureBuilder : AbstractSignatureBuilder<SelfSignatureBuilder> {
|
|||
oldCertification: PGPSignature
|
||||
) : super(primaryKey, primaryKeyProtector, oldCertification)
|
||||
|
||||
@Throws(PGPException::class)
|
||||
constructor(
|
||||
privatePrimaryKey: PGPPrivateKey,
|
||||
publicPrimaryKey: PGPPublicKey,
|
||||
oldCertification: PGPSignature
|
||||
) : super(privatePrimaryKey, publicPrimaryKey, oldCertification)
|
||||
|
||||
@Throws(PGPException::class)
|
||||
constructor(
|
||||
privatePrimaryKey: PGPPrivateKey,
|
||||
publicPrimaryKey: PGPPublicKey,
|
||||
signatureType: SignatureType = SignatureType.POSITIVE_CERTIFICATION,
|
||||
hashAlgorithm: HashAlgorithm,
|
||||
) : super(
|
||||
privatePrimaryKey,
|
||||
publicPrimaryKey,
|
||||
hashAlgorithm,
|
||||
signatureType,
|
||||
SignatureSubpackets.createHashedSubpackets(publicPrimaryKey),
|
||||
SignatureSubpackets.createEmptySubpackets()
|
||||
)
|
||||
|
||||
val hashedSubpackets: SelfSignatureSubpackets = _hashedSubpackets
|
||||
val unhashedSubpackets: SelfSignatureSubpackets = _unhashedSubpackets
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ package org.pgpainless.signature.builder
|
|||
|
||||
import java.util.function.Predicate
|
||||
import org.bouncycastle.openpgp.PGPException
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey
|
||||
import org.bouncycastle.openpgp.PGPPublicKey
|
||||
import org.bouncycastle.openpgp.PGPSecretKey
|
||||
import org.bouncycastle.openpgp.PGPSignature
|
||||
|
|
@ -24,6 +25,18 @@ class SubkeyBindingSignatureBuilder : AbstractSignatureBuilder<SubkeyBindingSign
|
|||
override val signatureTypePredicate: Predicate<SignatureType>
|
||||
get() = Predicate<SignatureType> { it == SignatureType.SUBKEY_BINDING }
|
||||
|
||||
@Throws(PGPException::class)
|
||||
constructor(
|
||||
signingKey: PGPPrivateKey,
|
||||
publicSigningKey: PGPPublicKey,
|
||||
) : super(signingKey,
|
||||
publicSigningKey,
|
||||
negotiateHashAlgorithm(publicSigningKey),
|
||||
SignatureType.SUBKEY_BINDING,
|
||||
SignatureSubpackets.createHashedSubpackets(publicSigningKey),
|
||||
SignatureSubpackets.createEmptySubpackets()
|
||||
)
|
||||
|
||||
@Throws(PGPException::class)
|
||||
constructor(
|
||||
signingKey: PGPSecretKey,
|
||||
|
|
|
|||
|
|
@ -1,26 +1,24 @@
|
|||
package org.pgpainless.key.generation
|
||||
|
||||
import org.junit.jupiter.api.Test
|
||||
import org.pgpainless.algorithm.KeyFlag
|
||||
import org.pgpainless.PGPainless
|
||||
import org.pgpainless.key.generation.type.KeyType
|
||||
import org.pgpainless.key.generation.type.ecc.EllipticCurve
|
||||
import org.pgpainless.key.generation.type.eddsa.EdDSACurve
|
||||
import org.pgpainless.key.generation.type.rsa.RsaLength
|
||||
import org.pgpainless.key.generation.type.xdh.XDHSpec
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector
|
||||
import org.pgpainless.policy.Policy
|
||||
|
||||
class OpenPgpV4KeyGeneratorTest {
|
||||
|
||||
@Test
|
||||
fun test() {
|
||||
|
||||
OpenPgpV4KeyGenerator(Policy.getInstance())
|
||||
|
||||
OpenPgpV4KeyGenerator(Policy.getInstance())
|
||||
.primaryKey(
|
||||
KeyType.RSA(RsaLength._4096),
|
||||
KeyFlag.CERTIFY_OTHER
|
||||
).signingSubkey(
|
||||
KeyType.RSA(RsaLength._4096)
|
||||
).encryptionSubkey(
|
||||
KeyType.RSA(RsaLength._4096)
|
||||
)
|
||||
println(PGPainless.asciiArmor(
|
||||
OpenPgpV4KeyGenerator(KeyType.EDDSA(EdDSACurve._Ed25519), Policy.getInstance())
|
||||
.addUserId("Alice")
|
||||
.addEncryptionSubkey(KeyType.XDH(XDHSpec._X25519))
|
||||
.build(SecretKeyRingProtector.unprotectedKeys())
|
||||
))
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue