1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-18 02:12:06 +01:00

Add encryption API

This commit is contained in:
Paul Schaub 2018-06-05 01:30:58 +02:00
parent 4844bf697c
commit afce16e51e
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
6 changed files with 222 additions and 73 deletions

View file

@ -1,25 +0,0 @@
package de.vanitasvitae.crypto.pgpainless;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
public class Main {
public static void main(String[] args)
throws NoSuchAlgorithmException, PGPException, NoSuchProviderException, IOException,
InvalidAlgorithmParameterException {
Security.addProvider(new BouncyCastleProvider());
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.simpleEcKeyRing("elliptic@cur.ve");
//System.out.println(Base64.getEncoder().encodeToString(secretKeys.getEncoded()));
}
}

View file

@ -1,8 +1,14 @@
package de.vanitasvitae.crypto.pgpainless; package de.vanitasvitae.crypto.pgpainless;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import de.vanitasvitae.crypto.pgpainless.decryption_verification.DecryptionBuilder; import de.vanitasvitae.crypto.pgpainless.decryption_verification.DecryptionBuilder;
import de.vanitasvitae.crypto.pgpainless.encryption_signing.EncryptionBuilder; import de.vanitasvitae.crypto.pgpainless.encryption_signing.EncryptionBuilder;
import de.vanitasvitae.crypto.pgpainless.key.generation.KeyRingBuilder; import de.vanitasvitae.crypto.pgpainless.key.generation.KeyRingBuilder;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
public class PGPainless { public class PGPainless {
@ -18,4 +24,7 @@ public class PGPainless {
return new DecryptionBuilder(); return new DecryptionBuilder();
} }
public static PGPPublicKeyRing publicKeyRingFromBytes(byte[] bytes) throws IOException {
return new PGPPublicKeyRing(new ArmoredInputStream(new ByteArrayInputStream(bytes)), new BcKeyFingerprintCalculator());
}
} }

View file

@ -1,5 +1,6 @@
package de.vanitasvitae.crypto.pgpainless.encryption_signing; package de.vanitasvitae.crypto.pgpainless.encryption_signing;
import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
@ -10,6 +11,8 @@ import de.vanitasvitae.crypto.pgpainless.SecretKeyNotFoundException;
import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm;
import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm;
import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
@ -22,9 +25,10 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
private OutputStream outputStream; private OutputStream outputStream;
private final Set<PGPPublicKey> encryptionKeys = new HashSet<>(); private final Set<PGPPublicKey> encryptionKeys = new HashSet<>();
private final Set<PGPSecretKey> signingKeys = new HashSet<>(); private final Set<PGPSecretKey> signingKeys = new HashSet<>();
private SymmetricKeyAlgorithm symmetricKeyAlgorithm; private SecretKeyRingDecryptor signingKeysDecryptor;
private HashAlgorithm hashAlgorithm; private SymmetricKeyAlgorithm symmetricKeyAlgorithm = SymmetricKeyAlgorithm.AES_128;
private CompressionAlgorithm compressionAlgorithm; private HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256;
private CompressionAlgorithm compressionAlgorithm = CompressionAlgorithm.UNCOMPRESSED;
private boolean asciiArmor = false; private boolean asciiArmor = false;
@Override @Override
@ -115,19 +119,21 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
class SignWithImpl implements SignWith { class SignWithImpl implements SignWith {
@Override @Override
public Armor signWith(PGPSecretKey key) { public Armor signWith(PGPSecretKey key, SecretKeyRingDecryptor decryptor) {
EncryptionBuilder.this.signingKeys.add(key); EncryptionBuilder.this.signingKeys.add(key);
EncryptionBuilder.this.signingKeysDecryptor = decryptor;
return new ArmorImpl(); return new ArmorImpl();
} }
@Override @Override
public Armor signWith(Set<PGPSecretKey> keys) { public Armor signWith(Set<PGPSecretKey> keys, SecretKeyRingDecryptor decryptor) {
EncryptionBuilder.this.signingKeys.addAll(keys); EncryptionBuilder.this.signingKeys.addAll(keys);
EncryptionBuilder.this.signingKeysDecryptor = decryptor;
return new ArmorImpl(); return new ArmorImpl();
} }
@Override @Override
public Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings) public Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings, SecretKeyRingDecryptor decryptor)
throws SecretKeyNotFoundException { throws SecretKeyNotFoundException {
Set<PGPSecretKey> keys = new HashSet<>(); Set<PGPSecretKey> keys = new HashSet<>();
@ -148,11 +154,11 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
keys.add(key); keys.add(key);
} }
return signWith(keys); return signWith(keys, decryptor);
} }
@Override @Override
public Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys) public Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys, SecretKeyRingDecryptor decryptor)
throws SecretKeyNotFoundException { throws SecretKeyNotFoundException {
Set<PGPSecretKeyRing> rings = new HashSet<>(); Set<PGPSecretKeyRing> rings = new HashSet<>();
@ -160,7 +166,7 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
for (Iterator<PGPSecretKeyRing> i = keys.getKeyRings(); i.hasNext();) { for (Iterator<PGPSecretKeyRing> i = keys.getKeyRings(); i.hasNext();) {
rings.add(i.next()); rings.add(i.next());
} }
return signWith(keyIds, rings); return signWith(keyIds, rings, decryptor);
} }
@Override @Override
@ -172,22 +178,28 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
class ArmorImpl implements Armor { class ArmorImpl implements Armor {
@Override @Override
public OutputStream asciiArmor() { public OutputStream asciiArmor() throws IOException, PGPException {
EncryptionBuilder.this.asciiArmor = true; EncryptionBuilder.this.asciiArmor = true;
return build(); return build();
} }
@Override @Override
public OutputStream noArmor() { public OutputStream noArmor() throws IOException, PGPException {
EncryptionBuilder.this.asciiArmor = false; EncryptionBuilder.this.asciiArmor = false;
return build(); return build();
} }
private OutputStream build() { private OutputStream build() throws IOException, PGPException {
Set<PGPPrivateKey> privateKeys = new HashSet<>();
for (PGPSecretKey secretKey : signingKeys) {
privateKeys.add(secretKey.extractPrivateKey(signingKeysDecryptor.getDecryptor(secretKey.getKeyID())));
}
return EncryptionStream.create( return EncryptionStream.create(
EncryptionBuilder.this.outputStream, EncryptionBuilder.this.outputStream,
EncryptionBuilder.this.encryptionKeys, EncryptionBuilder.this.encryptionKeys,
EncryptionBuilder.this.signingKeys, privateKeys,
EncryptionBuilder.this.symmetricKeyAlgorithm, EncryptionBuilder.this.symmetricKeyAlgorithm,
EncryptionBuilder.this.hashAlgorithm, EncryptionBuilder.this.hashAlgorithm,
EncryptionBuilder.this.compressionAlgorithm, EncryptionBuilder.this.compressionAlgorithm,

View file

@ -1,5 +1,6 @@
package de.vanitasvitae.crypto.pgpainless.encryption_signing; package de.vanitasvitae.crypto.pgpainless.encryption_signing;
import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.Set; import java.util.Set;
@ -9,6 +10,7 @@ import de.vanitasvitae.crypto.pgpainless.SecretKeyNotFoundException;
import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm;
import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm;
import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
@ -48,13 +50,15 @@ public interface EncryptionBuilderInterface {
interface SignWith { interface SignWith {
Armor signWith(PGPSecretKey key); Armor signWith(PGPSecretKey key, SecretKeyRingDecryptor decryptor);
Armor signWith(Set<PGPSecretKey> keys); Armor signWith(Set<PGPSecretKey> keys, SecretKeyRingDecryptor decryptor);
Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings) throws SecretKeyNotFoundException; Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings, SecretKeyRingDecryptor decryptor)
throws SecretKeyNotFoundException;
Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys) throws SecretKeyNotFoundException; Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys, SecretKeyRingDecryptor decryptor)
throws SecretKeyNotFoundException;
Armor doNotSign(); Armor doNotSign();
@ -62,9 +66,9 @@ public interface EncryptionBuilderInterface {
interface Armor { interface Armor {
OutputStream asciiArmor(); OutputStream asciiArmor() throws IOException, PGPException;
OutputStream noArmor(); OutputStream noArmor() throws IOException, PGPException;
} }

View file

@ -2,57 +2,134 @@ package de.vanitasvitae.crypto.pgpainless.encryption_signing;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Set; import java.util.Set;
import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm;
import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm;
import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm; import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
/**
* This class is based upon Jens Neuhalfen's Bouncy-GPG PGPEncryptingStream.
* @see <a href="https://github.com/neuhalje/bouncy-gpg/blob/master/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java">Source</a>
*/
public class EncryptionStream extends OutputStream { public class EncryptionStream extends OutputStream {
private final OutputStream outputStream; private static final int BUFFER_SIZE = 1 << 8;
private final Set<PGPPublicKey> encryptionKeys;
private final Set<PGPSecretKey> signingKeys;
private final SymmetricKeyAlgorithm symmetricKeyAlgorithm;
private final HashAlgorithm hashAlgorithm;
private final CompressionAlgorithm compressionAlgorithm;
private final boolean asciiArmor;
private EncryptionStream(OutputStream outputStream, private List<PGPSignatureGenerator> signatureGenerators = new ArrayList<>();
private boolean closed = false;
// ASCII Armor
private ArmoredOutputStream armorOutputStream = null;
// Public Key Encryption of Symmetric Session Key
private OutputStream publicKeyEncryptedStream = null;
// Data Compression
private PGPCompressedDataGenerator compressedDataGenerator;
private BCPGOutputStream basicCompressionStream;
// Literal Data
private PGPLiteralDataGenerator literalDataGenerator;
private OutputStream literalDataStream;
private EncryptionStream(OutputStream targetOutputStream,
Set<PGPPublicKey> encryptionKeys, Set<PGPPublicKey> encryptionKeys,
Set<PGPSecretKey> signingKeys, Set<PGPPrivateKey> signingKeys,
SymmetricKeyAlgorithm symmetricKeyAlgorithm, SymmetricKeyAlgorithm symmetricKeyAlgorithm,
HashAlgorithm hashAlgorithm, HashAlgorithm hashAlgorithm,
CompressionAlgorithm compressionAlgorithm, CompressionAlgorithm compressionAlgorithm,
boolean asciiArmor) { boolean asciiArmor)
this.outputStream = outputStream; throws IOException, PGPException {
this.encryptionKeys = encryptionKeys;
this.signingKeys = signingKeys; // Currently outermost Stream
this.symmetricKeyAlgorithm = symmetricKeyAlgorithm; OutputStream outerMostStream;
this.hashAlgorithm = hashAlgorithm; if (asciiArmor) {
this.compressionAlgorithm = compressionAlgorithm; armorOutputStream = new ArmoredOutputStream(targetOutputStream);
this.asciiArmor = asciiArmor; outerMostStream = armorOutputStream;
} else {
outerMostStream = targetOutputStream;
}
// If we want to encrypt
if (!encryptionKeys.isEmpty()) {
BcPGPDataEncryptorBuilder dataEncryptorBuilder =
new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getAlgorithmId());
dataEncryptorBuilder.setWithIntegrityPacket(true);
PGPEncryptedDataGenerator encryptedDataGenerator =
new PGPEncryptedDataGenerator(dataEncryptorBuilder);
for (PGPPublicKey key : encryptionKeys) {
encryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key));
}
publicKeyEncryptedStream = encryptedDataGenerator.open(outerMostStream, new byte[BUFFER_SIZE]);
outerMostStream = publicKeyEncryptedStream;
}
// If we want to sign, prepare for signing
if (!signingKeys.isEmpty()) {
for (PGPPrivateKey privateKey : signingKeys) {
BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder(
privateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId());
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
signatureGenerators.add(signatureGenerator);
}
}
// Compression
compressedDataGenerator = new PGPCompressedDataGenerator(
compressionAlgorithm.getAlgorithmId());
basicCompressionStream = new BCPGOutputStream(compressedDataGenerator.open(outerMostStream));
// If we want to sign, sign!
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
signatureGenerator.generateOnePassVersion(false).encode(basicCompressionStream);
}
literalDataGenerator = new PGPLiteralDataGenerator();
literalDataStream = literalDataGenerator.open(basicCompressionStream,
PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, new Date(), new byte[BUFFER_SIZE]);
} }
public static EncryptionStream create(OutputStream outputStream, static EncryptionStream create(OutputStream outputStream,
Set<PGPPublicKey> encryptionKeys, Set<PGPPublicKey> encryptionKeys,
Set<PGPSecretKey> signingKeys, Set<PGPPrivateKey> signingKeys,
SymmetricKeyAlgorithm symmetricKeyAlgorithm, SymmetricKeyAlgorithm symmetricKeyAlgorithm,
HashAlgorithm hashAlgorithm, HashAlgorithm hashAlgorithm,
CompressionAlgorithm compressionAlgorithm, CompressionAlgorithm compressionAlgorithm,
boolean asciiArmor) { boolean asciiArmor)
throws IOException, PGPException {
requireNonNull(outputStream, "outputStream"); requireNonNull(outputStream, "targetOutputStream");
requireNonNull(encryptionKeys, "encryptionKeys"); requireNonNull(encryptionKeys, "encryptionKeys");
requireNonNull(signingKeys, "signingKeys"); requireNonNull(signingKeys, "signingKeys");
requireNonNull(symmetricKeyAlgorithm, "symmetricKeyAlgorithm"); requireNonNull(symmetricKeyAlgorithm, "symmetricKeyAlgorithm");
requireNonNull(hashAlgorithm, "hashAlgorithm"); requireNonNull(hashAlgorithm, "hashAlgorithm");
requireNonNull(compressionAlgorithm, "compressionAlgorithm"); requireNonNull(compressionAlgorithm, "compressionAlgorithm");
return new EncryptionStream(outputStream, return new EncryptionStream(outputStream,
encryptionKeys, encryptionKeys,
signingKeys, signingKeys,
@ -63,8 +140,68 @@ public class EncryptionStream extends OutputStream {
} }
@Override @Override
public void write(int i) throws IOException { public void write(int data) throws IOException {
literalDataStream.write(data);
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
byte asByte = (byte) (data & 0xff);
signatureGenerator.update(asByte);
}
}
@Override
public void write(byte[] buffer) throws IOException {
write(buffer, 0, buffer.length);
}
@Override
public void write(byte[] buffer, int off, int len) throws IOException {
literalDataStream.write(buffer, 0, len);
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
signatureGenerator.update(buffer, 0, len);
}
}
@Override
public void flush() throws IOException {
literalDataStream.flush();
}
@Override
public void close() throws IOException {
if (!closed) {
// Literal Data
literalDataStream.flush();
literalDataStream.close();
literalDataGenerator.close();
// Signing
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
try {
signatureGenerator.generate().encode(basicCompressionStream);
} catch (PGPException e) {
throw new IOException(e);
}
}
// Compressed Data
compressedDataGenerator.close();
// Public Key Encryption
if (publicKeyEncryptedStream != null) {
publicKeyEncryptedStream.flush();
publicKeyEncryptedStream.close();
}
// Armor
if (armorOutputStream != null) {
armorOutputStream.flush();
armorOutputStream.close();
}
closed = true;
}
} }
private static void requireNonNull(Object o, String name) { private static void requireNonNull(Object o, String name) {

View file

@ -0,0 +1,12 @@
package de.vanitasvitae.crypto.pgpainless.encryption_signing;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
public interface SecretKeyRingDecryptor {
PBESecretKeyDecryptor getDecryptor(Long keyId);
PBESecretKeyEncryptor getEncryptor(Long keyId);
}