mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-08 19:27:57 +01:00
Implement '--signing-only' option for 'generate-key' subcommand
This commit is contained in:
parent
d3fe850c95
commit
9c216e1ff4
1 changed files with 39 additions and 30 deletions
|
@ -9,7 +9,6 @@ import java.io.OutputStream;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.LinkedHashSet;
|
import java.util.LinkedHashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
@ -18,9 +17,13 @@ import org.bouncycastle.bcpg.ArmoredOutputStream;
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.key.generation.KeyRingBuilder;
|
||||||
|
import org.pgpainless.key.generation.KeySpec;
|
||||||
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
|
||||||
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
||||||
import org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditorInterface;
|
import org.pgpainless.key.generation.type.xdh.XDHSpec;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
|
||||||
import org.pgpainless.util.ArmorUtils;
|
import org.pgpainless.util.ArmorUtils;
|
||||||
import org.pgpainless.util.Passphrase;
|
import org.pgpainless.util.Passphrase;
|
||||||
import sop.Profile;
|
import sop.Profile;
|
||||||
|
@ -39,6 +42,7 @@ public class GenerateKeyImpl implements GenerateKey {
|
||||||
public static final List<Profile> SUPPORTED_PROFILES = Arrays.asList(CURVE25519_PROFILE, RSA4096_PROFILE);
|
public static final List<Profile> SUPPORTED_PROFILES = Arrays.asList(CURVE25519_PROFILE, RSA4096_PROFILE);
|
||||||
|
|
||||||
private boolean armor = true;
|
private boolean armor = true;
|
||||||
|
private boolean signingOnly = false;
|
||||||
private final Set<String> userIds = new LinkedHashSet<>();
|
private final Set<String> userIds = new LinkedHashSet<>();
|
||||||
private Passphrase passphrase = Passphrase.emptyPassphrase();
|
private Passphrase passphrase = Passphrase.emptyPassphrase();
|
||||||
private String profile = CURVE25519_PROFILE.getName();
|
private String profile = CURVE25519_PROFILE.getName();
|
||||||
|
@ -76,35 +80,25 @@ public class GenerateKeyImpl implements GenerateKey {
|
||||||
throw new SOPGPException.UnsupportedProfile("generate-key", profileName);
|
throw new SOPGPException.UnsupportedProfile("generate-key", profileName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public GenerateKey signingOnly() {
|
||||||
|
signingOnly = true;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Ready generate() throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo {
|
public Ready generate() throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo {
|
||||||
Iterator<String> userIdIterator = userIds.iterator();
|
|
||||||
Passphrase passphraseCopy = new Passphrase(passphrase.getChars()); // generateKeyRing clears the original passphrase
|
|
||||||
PGPSecretKeyRing key;
|
|
||||||
try {
|
try {
|
||||||
String primaryUserId = userIdIterator.hasNext() ? userIdIterator.next() : null;
|
final PGPSecretKeyRing key = generateKeyWithProfile(profile, userIds, passphrase, signingOnly);
|
||||||
key = generateKeyWithProfile(profile, primaryUserId, passphrase);
|
|
||||||
|
|
||||||
if (userIdIterator.hasNext()) {
|
|
||||||
SecretKeyRingEditorInterface editor = PGPainless.modifyKeyRing(key);
|
|
||||||
|
|
||||||
while (userIdIterator.hasNext()) {
|
|
||||||
editor.addUserId(userIdIterator.next(), SecretKeyRingProtector.unlockAnyKeyWith(passphraseCopy));
|
|
||||||
}
|
|
||||||
|
|
||||||
key = editor.done();
|
|
||||||
}
|
|
||||||
|
|
||||||
PGPSecretKeyRing finalKey = key;
|
|
||||||
return new Ready() {
|
return new Ready() {
|
||||||
@Override
|
@Override
|
||||||
public void writeTo(OutputStream outputStream) throws IOException {
|
public void writeTo(OutputStream outputStream) throws IOException {
|
||||||
if (armor) {
|
if (armor) {
|
||||||
ArmoredOutputStream armoredOutputStream = ArmorUtils.toAsciiArmoredStream(finalKey, outputStream);
|
ArmoredOutputStream armoredOutputStream = ArmorUtils.toAsciiArmoredStream(key, outputStream);
|
||||||
finalKey.encode(armoredOutputStream);
|
key.encode(armoredOutputStream);
|
||||||
armoredOutputStream.close();
|
armoredOutputStream.close();
|
||||||
} else {
|
} else {
|
||||||
finalKey.encode(outputStream);
|
key.encode(outputStream);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
@ -115,23 +109,38 @@ public class GenerateKeyImpl implements GenerateKey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private PGPSecretKeyRing generateKeyWithProfile(String profile, String primaryUserId, Passphrase passphrase)
|
private PGPSecretKeyRing generateKeyWithProfile(String profile, Set<String> userIds, Passphrase passphrase, boolean signingOnly)
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
PGPSecretKeyRing key;
|
KeyRingBuilder keyBuilder;
|
||||||
// XDH + EdDSA
|
// XDH + EdDSA
|
||||||
if (profile.equals(CURVE25519_PROFILE.getName())) {
|
if (profile.equals(CURVE25519_PROFILE.getName())) {
|
||||||
key = PGPainless.generateKeyRing()
|
keyBuilder = PGPainless.buildKeyRing()
|
||||||
.modernKeyRing(primaryUserId, passphrase);
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER))
|
||||||
|
.addSubkey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.SIGN_DATA));
|
||||||
|
if (!signingOnly) {
|
||||||
|
keyBuilder.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// RSA 4096
|
// RSA 4096
|
||||||
else if (profile.equals(RSA4096_PROFILE.getName())) {
|
else if (profile.equals(RSA4096_PROFILE.getName())) {
|
||||||
key = PGPainless.generateKeyRing()
|
keyBuilder = PGPainless.buildKeyRing()
|
||||||
.rsaKeyRing(primaryUserId, RsaLength._4096, passphrase);
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.CERTIFY_OTHER))
|
||||||
|
.addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.SIGN_DATA));
|
||||||
|
if (!signingOnly) {
|
||||||
|
keyBuilder.addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Missing else-if branch for profile. Oops.
|
// Missing else-if branch for profile. Oops.
|
||||||
throw new SOPGPException.UnsupportedProfile("generate-key", profile);
|
throw new SOPGPException.UnsupportedProfile("generate-key", profile);
|
||||||
}
|
}
|
||||||
return key;
|
|
||||||
|
for (String userId : userIds) {
|
||||||
|
keyBuilder.addUserId(userId);
|
||||||
|
}
|
||||||
|
if (!passphrase.isEmpty()) {
|
||||||
|
keyBuilder.setPassphrase(passphrase);
|
||||||
|
}
|
||||||
|
return keyBuilder.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue