mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 11:27:57 +01:00
Remove no longer reuired KeyRingSubKeyFix
since we are using BouncyCastle 1.62 now.
This commit is contained in:
parent
ea17d11a99
commit
9f062ebd79
4 changed files with 1 additions and 170 deletions
|
@ -51,7 +51,6 @@ import org.pgpainless.key.generation.type.KeyType;
|
||||||
import org.pgpainless.key.generation.type.RSA_GENERAL;
|
import org.pgpainless.key.generation.type.RSA_GENERAL;
|
||||||
import org.pgpainless.key.generation.type.curve.EllipticCurve;
|
import org.pgpainless.key.generation.type.curve.EllipticCurve;
|
||||||
import org.pgpainless.key.generation.type.length.RsaLength;
|
import org.pgpainless.key.generation.type.length.RsaLength;
|
||||||
import org.pgpainless.util.KeyRingSubKeyFix;
|
|
||||||
import org.pgpainless.util.Passphrase;
|
import org.pgpainless.util.Passphrase;
|
||||||
|
|
||||||
public class KeyRingBuilder implements KeyRingBuilderInterface {
|
public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
|
@ -206,9 +205,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
PGPPublicKeyRing publicKeys = ringGenerator.generatePublicKeyRing();
|
PGPPublicKeyRing publicKeys = ringGenerator.generatePublicKeyRing();
|
||||||
PGPSecretKeyRing secretKeys = ringGenerator.generateSecretKeyRing();
|
PGPSecretKeyRing secretKeys = ringGenerator.generateSecretKeyRing();
|
||||||
|
|
||||||
// TODO: Remove once BC 1.61 is released
|
|
||||||
secretKeys = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
|
|
||||||
|
|
||||||
return new PGPKeyRing(publicKeys, secretKeys);
|
return new PGPKeyRing(publicKeys, secretKeys);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -65,10 +65,8 @@ public class BCUtil {
|
||||||
|
|
||||||
public static PGPPublicKeyRing publicKeyRingFromSecretKeyRing(@Nonnull PGPSecretKeyRing secretKeys)
|
public static PGPPublicKeyRing publicKeyRingFromSecretKeyRing(@Nonnull PGPSecretKeyRing secretKeys)
|
||||||
throws PGPException, IOException {
|
throws PGPException, IOException {
|
||||||
PGPSecretKeyRing fixedSecretKeys = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
|
|
||||||
|
|
||||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream(512);
|
ByteArrayOutputStream buffer = new ByteArrayOutputStream(512);
|
||||||
for (PGPSecretKey secretKey : fixedSecretKeys) {
|
for (PGPSecretKey secretKey : secretKeys) {
|
||||||
PGPPublicKey publicKey = secretKey.getPublicKey();
|
PGPPublicKey publicKey = secretKey.getPublicKey();
|
||||||
if (publicKey != null) {
|
if (publicKey != null) {
|
||||||
publicKey.encode(buffer, false);
|
publicKey.encode(buffer, false);
|
||||||
|
|
|
@ -1,111 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2018 Paul Schaub.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.pgpainless.util;
|
|
||||||
|
|
||||||
import javax.annotation.Nonnull;
|
|
||||||
import javax.annotation.Nullable;
|
|
||||||
import java.lang.reflect.Field;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.logging.Level;
|
|
||||||
import java.util.logging.Logger;
|
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.HashAlgorithmTags;
|
|
||||||
import org.bouncycastle.bcpg.PublicKeyPacket;
|
|
||||||
import org.bouncycastle.bcpg.PublicSubkeyPacket;
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
|
|
||||||
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
|
|
||||||
import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
|
|
||||||
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
|
|
||||||
|
|
||||||
public class KeyRingSubKeyFix {
|
|
||||||
|
|
||||||
private static final Logger LOGGER = Logger.getLogger(KeyRingSubKeyFix.class.getName());
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This method makes sure, that sub keys do consist of sub key packets.
|
|
||||||
* Bouncycastle versions up to and including 1.60 created {@link PGPSecretKeyRing}s which sub keys consisted of
|
|
||||||
* normal public key packets, which would result in lost keys when converting PGPSecretKeyRings to PGPPublicKeyRings.
|
|
||||||
*
|
|
||||||
* This method throws a {@link RuntimeException} of a {@link NoSuchFieldException} or {@link IllegalAccessException}.
|
|
||||||
*
|
|
||||||
* @see <a href="https://github.com/bcgit/bc-java/issues/381">Bouncycastle Java bug report #381</a>
|
|
||||||
*
|
|
||||||
* @param secretKeys possibly faulty PGPSecretKeyRing
|
|
||||||
* @param decryptor decryptor in case the keys are encrypted (can be null)
|
|
||||||
* @param encryptor encryptor to re-encrypt the keys in case they are encrypted (can be null)
|
|
||||||
*
|
|
||||||
* @return fixed PGPSecretKeyRing
|
|
||||||
*
|
|
||||||
* @throws PGPException in case we cannot dismantle or reassemble the key.
|
|
||||||
*/
|
|
||||||
public static PGPSecretKeyRing repairSubkeyPackets(@Nonnull PGPSecretKeyRing secretKeys,
|
|
||||||
@Nullable PBESecretKeyDecryptor decryptor,
|
|
||||||
@Nullable PBESecretKeyEncryptor encryptor)
|
|
||||||
throws PGPException {
|
|
||||||
|
|
||||||
PGPDigestCalculator calculator = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);
|
|
||||||
|
|
||||||
List<PGPSecretKey> _secretKeys = new ArrayList<>();
|
|
||||||
Iterator<PGPSecretKey> secretKeyIterator = secretKeys.iterator();
|
|
||||||
try {
|
|
||||||
|
|
||||||
while (secretKeyIterator.hasNext()) {
|
|
||||||
PGPSecretKey secSubKey = secretKeyIterator.next();
|
|
||||||
|
|
||||||
if (secSubKey.isMasterKey()) {
|
|
||||||
LOGGER.log(Level.FINER, Long.toHexString(secSubKey.getKeyID()) + " is master key. Skip.");
|
|
||||||
_secretKeys.add(secSubKey);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
PGPPublicKey pubSubKey = secSubKey.getPublicKey();
|
|
||||||
|
|
||||||
// check for public key packet type
|
|
||||||
|
|
||||||
Field publicPk = pubSubKey.getClass().getDeclaredField("publicPk");
|
|
||||||
publicPk.setAccessible(true);
|
|
||||||
PublicKeyPacket keyPacket = (PublicKeyPacket) publicPk.get(pubSubKey);
|
|
||||||
|
|
||||||
if (keyPacket instanceof PublicSubkeyPacket) {
|
|
||||||
// Sub key is already sub key
|
|
||||||
_secretKeys.add(secSubKey);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Sub key is normal key -> fix
|
|
||||||
LOGGER.log(Level.FINER, "Subkey " + Long.toHexString(secSubKey.getKeyID()) + " does not have a subkey key packet. Convert it...");
|
|
||||||
keyPacket = new PublicSubkeyPacket(pubSubKey.getAlgorithm(), pubSubKey.getCreationTime(), keyPacket.getKey());
|
|
||||||
publicPk.set(pubSubKey, keyPacket);
|
|
||||||
|
|
||||||
PGPPrivateKey privateKey = secSubKey.extractPrivateKey(decryptor);
|
|
||||||
|
|
||||||
PGPSecretKey secretKey = new PGPSecretKey(privateKey, pubSubKey, calculator, false, encryptor);
|
|
||||||
_secretKeys.add(secretKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
return new PGPSecretKeyRing(_secretKeys);
|
|
||||||
} catch (NoSuchFieldException | IllegalAccessException e) {
|
|
||||||
throw new RuntimeException("Cannot apply fix due to an error while using reflections.", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,52 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2018 Paul Schaub.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.pgpainless;
|
|
||||||
|
|
||||||
import static junit.framework.TestCase.assertTrue;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.security.NoSuchProviderException;
|
|
||||||
import java.util.Arrays;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.pgpainless.key.collection.PGPKeyRing;
|
|
||||||
import org.pgpainless.util.BCUtil;
|
|
||||||
import org.pgpainless.util.KeyRingSubKeyFix;
|
|
||||||
|
|
||||||
public class KeyRingSubKeyFixTest extends AbstractPGPainlessTest {
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void test()
|
|
||||||
throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
|
|
||||||
IOException {
|
|
||||||
PGPKeyRing ring = PGPainless.generateKeyRing().simpleEcKeyRing("hallo@welt.de");
|
|
||||||
PGPSecretKeyRing secretKeys = ring.getSecretKeys();
|
|
||||||
PGPPublicKeyRing publicKeys = ring.getPublicKeys();
|
|
||||||
|
|
||||||
PGPSecretKeyRing fixed = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
|
|
||||||
|
|
||||||
assertTrue(Arrays.equals(secretKeys.getEncoded(), fixed.getEncoded()));
|
|
||||||
|
|
||||||
PGPPublicKeyRing fixedPub = BCUtil.publicKeyRingFromSecretKeyRing(fixed);
|
|
||||||
|
|
||||||
assertTrue(Arrays.equals(publicKeys.getEncoded(), fixedPub.getEncoded()));
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in a new issue