1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-23 03:17:58 +01:00

Implement '--signing-only' option for 'generate-key' subcommand

This commit is contained in:
Paul Schaub 2023-07-12 01:07:29 +02:00
parent d3fe850c95
commit 9c216e1ff4
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -9,7 +9,6 @@ import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@ -18,9 +17,13 @@ import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.key.generation.KeyRingBuilder;
import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
import org.pgpainless.key.generation.type.rsa.RsaLength; import org.pgpainless.key.generation.type.rsa.RsaLength;
import org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface; import org.pgpainless.key.generation.type.xdh.XDHSpec;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.util.ArmorUtils; import org.pgpainless.util.ArmorUtils;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
import sop.Profile; import sop.Profile;
@ -39,6 +42,7 @@ public class GenerateKeyImpl implements GenerateKey {
public static final List<Profile> SUPPORTED_PROFILES = Arrays.asList(CURVE25519_PROFILE, RSA4096_PROFILE); public static final List<Profile> SUPPORTED_PROFILES = Arrays.asList(CURVE25519_PROFILE, RSA4096_PROFILE);
private boolean armor = true; private boolean armor = true;
private boolean signingOnly = false;
private final Set<String> userIds = new LinkedHashSet<>(); private final Set<String> userIds = new LinkedHashSet<>();
private Passphrase passphrase = Passphrase.emptyPassphrase(); private Passphrase passphrase = Passphrase.emptyPassphrase();
private String profile = CURVE25519_PROFILE.getName(); private String profile = CURVE25519_PROFILE.getName();
@ -76,35 +80,25 @@ public class GenerateKeyImpl implements GenerateKey {
throw new SOPGPException.UnsupportedProfile("generate-key", profileName); throw new SOPGPException.UnsupportedProfile("generate-key", profileName);
} }
@Override
public GenerateKey signingOnly() {
signingOnly = true;
return this;
}
@Override @Override
public Ready generate() throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo { public Ready generate() throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo {
Iterator<String> userIdIterator = userIds.iterator();
Passphrase passphraseCopy = new Passphrase(passphrase.getChars()); // generateKeyRing clears the original passphrase
PGPSecretKeyRing key;
try { try {
String primaryUserId = userIdIterator.hasNext() ? userIdIterator.next() : null; final PGPSecretKeyRing key = generateKeyWithProfile(profile, userIds, passphrase, signingOnly);
key = generateKeyWithProfile(profile, primaryUserId, passphrase);
if (userIdIterator.hasNext()) {
SecretKeyRingEditorInterface editor = PGPainless.modifyKeyRing(key);
while (userIdIterator.hasNext()) {
editor.addUserId(userIdIterator.next(), SecretKeyRingProtector.unlockAnyKeyWith(passphraseCopy));
}
key = editor.done();
}
PGPSecretKeyRing finalKey = key;
return new Ready() { return new Ready() {
@Override @Override
public void writeTo(OutputStream outputStream) throws IOException { public void writeTo(OutputStream outputStream) throws IOException {
if (armor) { if (armor) {
ArmoredOutputStream armoredOutputStream = ArmorUtils.toAsciiArmoredStream(finalKey, outputStream); ArmoredOutputStream armoredOutputStream = ArmorUtils.toAsciiArmoredStream(key, outputStream);
finalKey.encode(armoredOutputStream); key.encode(armoredOutputStream);
armoredOutputStream.close(); armoredOutputStream.close();
} else { } else {
finalKey.encode(outputStream); key.encode(outputStream);
} }
} }
}; };
@ -115,23 +109,38 @@ public class GenerateKeyImpl implements GenerateKey {
} }
} }
private PGPSecretKeyRing generateKeyWithProfile(String profile, String primaryUserId, Passphrase passphrase) private PGPSecretKeyRing generateKeyWithProfile(String profile, Set<String> userIds, Passphrase passphrase, boolean signingOnly)
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing key; KeyRingBuilder keyBuilder;
// XDH + EdDSA // XDH + EdDSA
if (profile.equals(CURVE25519_PROFILE.getName())) { if (profile.equals(CURVE25519_PROFILE.getName())) {
key = PGPainless.generateKeyRing() keyBuilder = PGPainless.buildKeyRing()
.modernKeyRing(primaryUserId, passphrase); .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
.addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA));
if (!signingOnly) {
keyBuilder.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE));
}
} }
// RSA 4096 // RSA 4096
else if (profile.equals(RSA4096_PROFILE.getName())) { else if (profile.equals(RSA4096_PROFILE.getName())) {
key = PGPainless.generateKeyRing() keyBuilder = PGPainless.buildKeyRing()
.rsaKeyRing(primaryUserId, RsaLength._4096, passphrase); .setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.CERTIFY_OTHER))
.addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.SIGN_DATA));
if (!signingOnly) {
keyBuilder.addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE));
}
} }
else { else {
// Missing else-if branch for profile. Oops. // Missing else-if branch for profile. Oops.
throw new SOPGPException.UnsupportedProfile("generate-key", profile); throw new SOPGPException.UnsupportedProfile("generate-key", profile);
} }
return key;
for (String userId : userIds) {
keyBuilder.addUserId(userId);
}
if (!passphrase.isEmpty()) {
keyBuilder.setPassphrase(passphrase);
}
return keyBuilder.build();
} }
} }