mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-22 19:08:00 +01:00
Add encryption API
This commit is contained in:
parent
4844bf697c
commit
afce16e51e
6 changed files with 222 additions and 73 deletions
|
@ -1,25 +0,0 @@
|
|||
package de.vanitasvitae.crypto.pgpainless;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.Security;
|
||||
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
|
||||
public class Main {
|
||||
|
||||
public static void main(String[] args)
|
||||
throws NoSuchAlgorithmException, PGPException, NoSuchProviderException, IOException,
|
||||
InvalidAlgorithmParameterException {
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
|
||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||
.simpleEcKeyRing("elliptic@cur.ve");
|
||||
|
||||
//System.out.println(Base64.getEncoder().encodeToString(secretKeys.getEncoded()));
|
||||
}
|
||||
}
|
|
@ -1,8 +1,14 @@
|
|||
package de.vanitasvitae.crypto.pgpainless;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
|
||||
import de.vanitasvitae.crypto.pgpainless.decryption_verification.DecryptionBuilder;
|
||||
import de.vanitasvitae.crypto.pgpainless.encryption_signing.EncryptionBuilder;
|
||||
import de.vanitasvitae.crypto.pgpainless.key.generation.KeyRingBuilder;
|
||||
import org.bouncycastle.bcpg.ArmoredInputStream;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
|
||||
|
||||
public class PGPainless {
|
||||
|
||||
|
@ -18,4 +24,7 @@ public class PGPainless {
|
|||
return new DecryptionBuilder();
|
||||
}
|
||||
|
||||
public static PGPPublicKeyRing publicKeyRingFromBytes(byte[] bytes) throws IOException {
|
||||
return new PGPPublicKeyRing(new ArmoredInputStream(new ByteArrayInputStream(bytes)), new BcKeyFingerprintCalculator());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
package de.vanitasvitae.crypto.pgpainless.encryption_signing;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
|
@ -10,6 +11,8 @@ import de.vanitasvitae.crypto.pgpainless.SecretKeyNotFoundException;
|
|||
import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm;
|
||||
import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm;
|
||||
import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||
|
@ -22,9 +25,10 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
|
|||
private OutputStream outputStream;
|
||||
private final Set<PGPPublicKey> encryptionKeys = new HashSet<>();
|
||||
private final Set<PGPSecretKey> signingKeys = new HashSet<>();
|
||||
private SymmetricKeyAlgorithm symmetricKeyAlgorithm;
|
||||
private HashAlgorithm hashAlgorithm;
|
||||
private CompressionAlgorithm compressionAlgorithm;
|
||||
private SecretKeyRingDecryptor signingKeysDecryptor;
|
||||
private SymmetricKeyAlgorithm symmetricKeyAlgorithm = SymmetricKeyAlgorithm.AES_128;
|
||||
private HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256;
|
||||
private CompressionAlgorithm compressionAlgorithm = CompressionAlgorithm.UNCOMPRESSED;
|
||||
private boolean asciiArmor = false;
|
||||
|
||||
@Override
|
||||
|
@ -115,19 +119,21 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
|
|||
class SignWithImpl implements SignWith {
|
||||
|
||||
@Override
|
||||
public Armor signWith(PGPSecretKey key) {
|
||||
public Armor signWith(PGPSecretKey key, SecretKeyRingDecryptor decryptor) {
|
||||
EncryptionBuilder.this.signingKeys.add(key);
|
||||
EncryptionBuilder.this.signingKeysDecryptor = decryptor;
|
||||
return new ArmorImpl();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Armor signWith(Set<PGPSecretKey> keys) {
|
||||
public Armor signWith(Set<PGPSecretKey> keys, SecretKeyRingDecryptor decryptor) {
|
||||
EncryptionBuilder.this.signingKeys.addAll(keys);
|
||||
EncryptionBuilder.this.signingKeysDecryptor = decryptor;
|
||||
return new ArmorImpl();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings)
|
||||
public Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings, SecretKeyRingDecryptor decryptor)
|
||||
throws SecretKeyNotFoundException {
|
||||
Set<PGPSecretKey> keys = new HashSet<>();
|
||||
|
||||
|
@ -148,11 +154,11 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
|
|||
|
||||
keys.add(key);
|
||||
}
|
||||
return signWith(keys);
|
||||
return signWith(keys, decryptor);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys)
|
||||
public Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys, SecretKeyRingDecryptor decryptor)
|
||||
throws SecretKeyNotFoundException {
|
||||
|
||||
Set<PGPSecretKeyRing> rings = new HashSet<>();
|
||||
|
@ -160,7 +166,7 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
|
|||
for (Iterator<PGPSecretKeyRing> i = keys.getKeyRings(); i.hasNext();) {
|
||||
rings.add(i.next());
|
||||
}
|
||||
return signWith(keyIds, rings);
|
||||
return signWith(keyIds, rings, decryptor);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -172,22 +178,28 @@ public class EncryptionBuilder implements EncryptionBuilderInterface {
|
|||
class ArmorImpl implements Armor {
|
||||
|
||||
@Override
|
||||
public OutputStream asciiArmor() {
|
||||
public OutputStream asciiArmor() throws IOException, PGPException {
|
||||
EncryptionBuilder.this.asciiArmor = true;
|
||||
return build();
|
||||
}
|
||||
|
||||
@Override
|
||||
public OutputStream noArmor() {
|
||||
public OutputStream noArmor() throws IOException, PGPException {
|
||||
EncryptionBuilder.this.asciiArmor = false;
|
||||
return build();
|
||||
}
|
||||
|
||||
private OutputStream build() {
|
||||
private OutputStream build() throws IOException, PGPException {
|
||||
|
||||
Set<PGPPrivateKey> privateKeys = new HashSet<>();
|
||||
for (PGPSecretKey secretKey : signingKeys) {
|
||||
privateKeys.add(secretKey.extractPrivateKey(signingKeysDecryptor.getDecryptor(secretKey.getKeyID())));
|
||||
}
|
||||
|
||||
return EncryptionStream.create(
|
||||
EncryptionBuilder.this.outputStream,
|
||||
EncryptionBuilder.this.encryptionKeys,
|
||||
EncryptionBuilder.this.signingKeys,
|
||||
privateKeys,
|
||||
EncryptionBuilder.this.symmetricKeyAlgorithm,
|
||||
EncryptionBuilder.this.hashAlgorithm,
|
||||
EncryptionBuilder.this.compressionAlgorithm,
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
package de.vanitasvitae.crypto.pgpainless.encryption_signing;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.util.Set;
|
||||
|
@ -9,6 +10,7 @@ import de.vanitasvitae.crypto.pgpainless.SecretKeyNotFoundException;
|
|||
import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm;
|
||||
import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm;
|
||||
import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||
|
@ -48,13 +50,15 @@ public interface EncryptionBuilderInterface {
|
|||
|
||||
interface SignWith {
|
||||
|
||||
Armor signWith(PGPSecretKey key);
|
||||
Armor signWith(PGPSecretKey key, SecretKeyRingDecryptor decryptor);
|
||||
|
||||
Armor signWith(Set<PGPSecretKey> keys);
|
||||
Armor signWith(Set<PGPSecretKey> keys, SecretKeyRingDecryptor decryptor);
|
||||
|
||||
Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings) throws SecretKeyNotFoundException;
|
||||
Armor signWith(Set<Long> keyIds, Set<PGPSecretKeyRing> keyRings, SecretKeyRingDecryptor decryptor)
|
||||
throws SecretKeyNotFoundException;
|
||||
|
||||
Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys) throws SecretKeyNotFoundException;
|
||||
Armor signWith(Set<Long> keyIds, PGPSecretKeyRingCollection keys, SecretKeyRingDecryptor decryptor)
|
||||
throws SecretKeyNotFoundException;
|
||||
|
||||
Armor doNotSign();
|
||||
|
||||
|
@ -62,9 +66,9 @@ public interface EncryptionBuilderInterface {
|
|||
|
||||
interface Armor {
|
||||
|
||||
OutputStream asciiArmor();
|
||||
OutputStream asciiArmor() throws IOException, PGPException;
|
||||
|
||||
OutputStream noArmor();
|
||||
OutputStream noArmor() throws IOException, PGPException;
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -2,57 +2,134 @@ package de.vanitasvitae.crypto.pgpainless.encryption_signing;
|
|||
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import de.vanitasvitae.crypto.pgpainless.algorithm.CompressionAlgorithm;
|
||||
import de.vanitasvitae.crypto.pgpainless.algorithm.HashAlgorithm;
|
||||
import de.vanitasvitae.crypto.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
||||
import org.bouncycastle.bcpg.BCPGOutputStream;
|
||||
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
|
||||
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPLiteralData;
|
||||
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
|
||||
|
||||
/**
|
||||
* This class is based upon Jens Neuhalfen's Bouncy-GPG PGPEncryptingStream.
|
||||
* @see <a href="https://github.com/neuhalje/bouncy-gpg/blob/master/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java">Source</a>
|
||||
*/
|
||||
public class EncryptionStream extends OutputStream {
|
||||
|
||||
private final OutputStream outputStream;
|
||||
private final Set<PGPPublicKey> encryptionKeys;
|
||||
private final Set<PGPSecretKey> signingKeys;
|
||||
private final SymmetricKeyAlgorithm symmetricKeyAlgorithm;
|
||||
private final HashAlgorithm hashAlgorithm;
|
||||
private final CompressionAlgorithm compressionAlgorithm;
|
||||
private final boolean asciiArmor;
|
||||
private static final int BUFFER_SIZE = 1 << 8;
|
||||
|
||||
private EncryptionStream(OutputStream outputStream,
|
||||
private List<PGPSignatureGenerator> signatureGenerators = new ArrayList<>();
|
||||
private boolean closed = false;
|
||||
|
||||
// ASCII Armor
|
||||
private ArmoredOutputStream armorOutputStream = null;
|
||||
|
||||
// Public Key Encryption of Symmetric Session Key
|
||||
private OutputStream publicKeyEncryptedStream = null;
|
||||
|
||||
// Data Compression
|
||||
private PGPCompressedDataGenerator compressedDataGenerator;
|
||||
private BCPGOutputStream basicCompressionStream;
|
||||
|
||||
// Literal Data
|
||||
private PGPLiteralDataGenerator literalDataGenerator;
|
||||
private OutputStream literalDataStream;
|
||||
|
||||
private EncryptionStream(OutputStream targetOutputStream,
|
||||
Set<PGPPublicKey> encryptionKeys,
|
||||
Set<PGPSecretKey> signingKeys,
|
||||
Set<PGPPrivateKey> signingKeys,
|
||||
SymmetricKeyAlgorithm symmetricKeyAlgorithm,
|
||||
HashAlgorithm hashAlgorithm,
|
||||
CompressionAlgorithm compressionAlgorithm,
|
||||
boolean asciiArmor) {
|
||||
this.outputStream = outputStream;
|
||||
this.encryptionKeys = encryptionKeys;
|
||||
this.signingKeys = signingKeys;
|
||||
this.symmetricKeyAlgorithm = symmetricKeyAlgorithm;
|
||||
this.hashAlgorithm = hashAlgorithm;
|
||||
this.compressionAlgorithm = compressionAlgorithm;
|
||||
this.asciiArmor = asciiArmor;
|
||||
boolean asciiArmor)
|
||||
throws IOException, PGPException {
|
||||
|
||||
// Currently outermost Stream
|
||||
OutputStream outerMostStream;
|
||||
if (asciiArmor) {
|
||||
armorOutputStream = new ArmoredOutputStream(targetOutputStream);
|
||||
outerMostStream = armorOutputStream;
|
||||
} else {
|
||||
outerMostStream = targetOutputStream;
|
||||
}
|
||||
|
||||
public static EncryptionStream create(OutputStream outputStream,
|
||||
// If we want to encrypt
|
||||
if (!encryptionKeys.isEmpty()) {
|
||||
BcPGPDataEncryptorBuilder dataEncryptorBuilder =
|
||||
new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getAlgorithmId());
|
||||
|
||||
dataEncryptorBuilder.setWithIntegrityPacket(true);
|
||||
|
||||
PGPEncryptedDataGenerator encryptedDataGenerator =
|
||||
new PGPEncryptedDataGenerator(dataEncryptorBuilder);
|
||||
|
||||
for (PGPPublicKey key : encryptionKeys) {
|
||||
encryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key));
|
||||
}
|
||||
|
||||
publicKeyEncryptedStream = encryptedDataGenerator.open(outerMostStream, new byte[BUFFER_SIZE]);
|
||||
outerMostStream = publicKeyEncryptedStream;
|
||||
}
|
||||
|
||||
// If we want to sign, prepare for signing
|
||||
if (!signingKeys.isEmpty()) {
|
||||
for (PGPPrivateKey privateKey : signingKeys) {
|
||||
|
||||
BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder(
|
||||
privateKey.getPublicKeyPacket().getAlgorithm(), hashAlgorithm.getAlgorithmId());
|
||||
|
||||
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
|
||||
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
|
||||
signatureGenerators.add(signatureGenerator);
|
||||
}
|
||||
}
|
||||
|
||||
// Compression
|
||||
compressedDataGenerator = new PGPCompressedDataGenerator(
|
||||
compressionAlgorithm.getAlgorithmId());
|
||||
basicCompressionStream = new BCPGOutputStream(compressedDataGenerator.open(outerMostStream));
|
||||
|
||||
// If we want to sign, sign!
|
||||
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
||||
signatureGenerator.generateOnePassVersion(false).encode(basicCompressionStream);
|
||||
}
|
||||
|
||||
literalDataGenerator = new PGPLiteralDataGenerator();
|
||||
literalDataStream = literalDataGenerator.open(basicCompressionStream,
|
||||
PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, new Date(), new byte[BUFFER_SIZE]);
|
||||
}
|
||||
|
||||
static EncryptionStream create(OutputStream outputStream,
|
||||
Set<PGPPublicKey> encryptionKeys,
|
||||
Set<PGPSecretKey> signingKeys,
|
||||
Set<PGPPrivateKey> signingKeys,
|
||||
SymmetricKeyAlgorithm symmetricKeyAlgorithm,
|
||||
HashAlgorithm hashAlgorithm,
|
||||
CompressionAlgorithm compressionAlgorithm,
|
||||
boolean asciiArmor) {
|
||||
boolean asciiArmor)
|
||||
throws IOException, PGPException {
|
||||
|
||||
requireNonNull(outputStream, "outputStream");
|
||||
requireNonNull(outputStream, "targetOutputStream");
|
||||
requireNonNull(encryptionKeys, "encryptionKeys");
|
||||
requireNonNull(signingKeys, "signingKeys");
|
||||
requireNonNull(symmetricKeyAlgorithm, "symmetricKeyAlgorithm");
|
||||
requireNonNull(hashAlgorithm, "hashAlgorithm");
|
||||
requireNonNull(compressionAlgorithm, "compressionAlgorithm");
|
||||
|
||||
|
||||
|
||||
return new EncryptionStream(outputStream,
|
||||
encryptionKeys,
|
||||
signingKeys,
|
||||
|
@ -63,8 +140,68 @@ public class EncryptionStream extends OutputStream {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void write(int i) throws IOException {
|
||||
public void write(int data) throws IOException {
|
||||
literalDataStream.write(data);
|
||||
|
||||
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
||||
byte asByte = (byte) (data & 0xff);
|
||||
signatureGenerator.update(asByte);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void write(byte[] buffer) throws IOException {
|
||||
write(buffer, 0, buffer.length);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void write(byte[] buffer, int off, int len) throws IOException {
|
||||
literalDataStream.write(buffer, 0, len);
|
||||
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
||||
signatureGenerator.update(buffer, 0, len);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void flush() throws IOException {
|
||||
literalDataStream.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() throws IOException {
|
||||
if (!closed) {
|
||||
|
||||
// Literal Data
|
||||
literalDataStream.flush();
|
||||
literalDataStream.close();
|
||||
literalDataGenerator.close();
|
||||
|
||||
// Signing
|
||||
for (PGPSignatureGenerator signatureGenerator : signatureGenerators) {
|
||||
try {
|
||||
signatureGenerator.generate().encode(basicCompressionStream);
|
||||
} catch (PGPException e) {
|
||||
throw new IOException(e);
|
||||
}
|
||||
}
|
||||
|
||||
// Compressed Data
|
||||
compressedDataGenerator.close();
|
||||
|
||||
// Public Key Encryption
|
||||
if (publicKeyEncryptedStream != null) {
|
||||
publicKeyEncryptedStream.flush();
|
||||
publicKeyEncryptedStream.close();
|
||||
}
|
||||
|
||||
// Armor
|
||||
if (armorOutputStream != null) {
|
||||
armorOutputStream.flush();
|
||||
armorOutputStream.close();
|
||||
}
|
||||
closed = true;
|
||||
}
|
||||
}
|
||||
|
||||
private static void requireNonNull(Object o, String name) {
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
package de.vanitasvitae.crypto.pgpainless.encryption_signing;
|
||||
|
||||
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
|
||||
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
|
||||
|
||||
public interface SecretKeyRingDecryptor {
|
||||
|
||||
PBESecretKeyDecryptor getDecryptor(Long keyId);
|
||||
|
||||
PBESecretKeyEncryptor getEncryptor(Long keyId);
|
||||
|
||||
}
|
Loading…
Reference in a new issue