PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix typos and wording

This commit is contained in:
Paul Schaub 2021-12-28 13:53:25 +01:00
parent ce7b69269b
commit b1bde161b4
Signed by: vanitasvitae
GPG Key ID: 62BEE9264BF17311
40 changed files with 87 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -6,7 +6,7 @@ SPDX-License-Identifier: CC0-1.0
# PGPainless Changelog
## 1.0.0-rc9
- When key has both direct-key sig + primary user-id sig: resolve expiration date to earliest expiration
- When key has both direct-key sig + primary user-id sig: resolve expiration date to the earliest expiration
- Add `SecretKeyRingEditor.removeUserId()` convenience methods that do soft-revoke the user-id.
- Add `SelectUserId.byEmail()` which also matches the plain email address
@ -110,7 +110,7 @@ SPDX-License-Identifier: CC0-1.0
## 0.2.16
- Fix handling of subkey revocation signatures
- SOP: improve API use with byte arrays
- SOP: improve API usage with byte arrays
- Fix `AssertionError` when determining encryption subkeys from set containing unbound key
- Add `ConsumerOptions.setMissingKeyPassphraseStrategy(strategy)` to modify behavior when missing key passphrases are encountered during decryption

2
README.md
View File

@ -185,7 +185,7 @@ dependencies {
## About
PGPainless is a by-product of my [Summer of Code 2018 project](https://blog.jabberhead.tk/summer-of-code-2018/)
implementing OpenPGP support for the XMPP client library [Smack](https://github.com/igniterealtime/Smack).
For that project I was in need of a simple to use OpenPGP library.
For that project I was in need of a simple-to-use OpenPGP library.
Originally I was going to use [Bouncy-GPG](https://github.com/neuhalje/bouncy-gpg) for my project,
but ultimately I decided to create my own OpenPGP library which better fits my needs.

2
SECURITY.md
View File

@ -19,7 +19,7 @@ currently being supported with security updates.
## Reporting a Vulnerability
If you find a security relevant vulnerability inside of PGPainless, please let me know!
If you find a security relevant vulnerability inside PGPainless, please let me know!
[Here](https://keyoxide.org/7F9116FEA90A5983936C7CFAA027DB2F3E1E118A) you can find my OpenPGP key to email me confidentially.
Valid security issues will be fixed ASAP.

4
pgpainless-core/README.md
View File

@ -19,7 +19,7 @@ In short: Communication protected using PGPainless is intended to be private,
users can verify that messages they receive were really send by their communication peer
and users can verify that messages have not been tampered with.
This is being achieved by preventing a number of typical attacks on the users communication,
This is being achieved by preventing a number of typical attacks on the user's communication,
like the attacker introducing an evil subkey to the victims public key, or the attacker creating
counterfeit signatures to fool the victim.
@ -33,7 +33,7 @@ through a benign client application (like an email app) on a trustworthy device.
The attacker can try to feed the application malicious input (like manipulated public key updates,
specially crafted PGP message objects etc.) but they cannot access the victims decrypted secret key material as
it is protected by the device (eg. stored in a secure key store).
it is protected by the device (e.g. stored in a secure key store).
### What doesn't PGPainless Protect Against?

4
pgpainless-core/src/main/java/org/pgpainless/algorithm/EncryptionPurpose.java
View File

@ -7,12 +7,12 @@ package org.pgpainless.algorithm;
public enum EncryptionPurpose {
/**
* The stream will encrypt communication that goes over the wire.
* Eg. EMail, Chat...
* E.g. EMail, Chat...
*/
COMMUNICATIONS,
/**
* The stream will encrypt data at rest.
* Eg. Encrypted backup...
* E.g. Encrypted backup...
*/
STORAGE,
/**

2
pgpainless-core/src/main/java/org/pgpainless/algorithm/Feature.java
View File

@ -40,7 +40,7 @@ public enum Feature {
/**
* If a key announces this feature, it is a version 5 public key.
* The version 5 format is similar to the version 4 format except for the addition of a count for the key material.
* This count helps parsing secret key packets (which are an extension of the public key packet format) in the case
* This count helps to parse secret key packets (which are an extension of the public key packet format) in the case
* of an unknown algorithm.
* In addition, fingerprints of version 5 keys are calculated differently from version 4 keys.
*

4
pgpainless-core/src/main/java/org/pgpainless/algorithm/PublicKeyAlgorithm.java
View File

@ -124,7 +124,7 @@ public enum PublicKeyAlgorithm {
/**
* Return true if this public key algorithm is able to create signatures.
*
* @return true if can sign
* @return true if the algorithm can sign
*/
public boolean isSigningCapable() {
return signingCapable;
@ -133,7 +133,7 @@ public enum PublicKeyAlgorithm {
/**
* Return true if this public key algorithm can be used as an encryption algorithm.
*
* @return true if can encrypt
* @return true if the algorithm can encrypt
*/
public boolean isEncryptionCapable() {
return encryptionCapable;

26
pgpainless-core/src/main/java/org/pgpainless/algorithm/SignatureSubpacket.java
View File

@ -63,7 +63,7 @@ public enum SignatureSubpacket {
signatureExpirationTime(EXPIRE_TIME),
/**
* Denotes whether or not the signature is exportable for other users.
* Denotes whether the signature is exportable for other users.
*
* @see <a href="https://tools.ietf.org/html/rfc4880#section-5.2.3.11">Exportable Certification</a>
*/
@ -73,7 +73,7 @@ public enum SignatureSubpacket {
* Signer asserts that the key is not only valid but also trustworthy at
* the specified level. Level 0 has the same meaning as an ordinary
* validity signature. Level 1 means that the signed key is asserted to
* be a valid trusted introducer, with the 2nd octet of the body
* be a valid, trusted introducer, with the 2nd octet of the body
* specifying the degree of trust. Level 2 means that the signed key is
* asserted to be trusted to issue level 1 trust signatures, i.e., that
* it is a "meta introducer". Generally, a level n trust signature
@ -128,8 +128,8 @@ public enum SignatureSubpacket {
placeholder(PLACEHOLDER),
/**
* Symmetric algorithm numbers that indicate which algorithms the key
* holder prefers to use. The subpacket body is an ordered list of
* Symmetric algorithm numbers that indicate which algorithms the keyholder
* prefers to use. The subpackets body is an ordered list of
* octets with the most preferred listed first. It is assumed that only
* algorithms listed are supported by the recipient's software.
* This is only found on a self-signature.
@ -180,7 +180,7 @@ public enum SignatureSubpacket {
/**
* Message digest algorithm numbers that indicate which algorithms the
* key holder prefers to receive. Like the preferred symmetric
* keyholder prefers to receive. Like the preferred symmetric
* algorithms, the list is ordered.
* This is only found on a self-signature.
*
@ -189,10 +189,10 @@ public enum SignatureSubpacket {
preferredHashAlgorithms(PREFERRED_HASH_ALGS),
/**
* Compression algorithm numbers that indicate which algorithms the key
* holder prefers to use. Like the preferred symmetric algorithms, the
* Compression algorithm numbers that indicate which algorithms the
* keyholder prefers to use. Like the preferred symmetric algorithms, the
* list is ordered. If this subpacket is not included, ZIP is preferred.
* A zero denotes that uncompressed data is preferred; the key holder's
* A zero denotes that uncompressed data is preferred; the keyholder's
* software might have no compression software in that implementation.
* This is only found on a self-signature.
*
@ -202,7 +202,7 @@ public enum SignatureSubpacket {
/**
* This is a list of one-bit flags that indicate preferences that the
* key holder has about how the key is handled on a key server. All
* keyholder has about how the key is handled on a key server. All
* undefined flags MUST be zero.
* This is found only on a self-signature.
*
@ -211,7 +211,7 @@ public enum SignatureSubpacket {
keyServerPreferences(KEY_SERVER_PREFS),
/**
* This is a URI of a key server that the key holder prefers be used for
* This is a URI of a key server that the keyholder prefers be used for
* updates. Note that keys with multiple User IDs can have a preferred
* key server for each User ID. Note also that since this is a URI, the
* key server can actually be a copy of the key retrieved by ftp, http,
@ -345,8 +345,8 @@ public enum SignatureSubpacket {
issuerFingerprint(ISSUER_FINGERPRINT),
/**
* AEAD algorithm numbers that indicate which AEAD algorithms the key
* holder prefers to use. The subpacket body is an ordered list of
* AEAD algorithm numbers that indicate which AEAD algorithms the
* keyholder prefers to use. The subpackets body is an ordered list of
* octets with the most preferred listed first. It is assumed that only
* algorithms listed are supported by the recipient's software.
* This is only found on a self-signature.
@ -363,7 +363,7 @@ public enum SignatureSubpacket {
* it SHOULD be considered valid only in an encrypted context, where the
* key it was encrypted to is one of the indicated primary keys, or one
* of their subkeys. This can be used to prevent forwarding a signature
* outside of its intended, encrypted context.
* outside its intended, encrypted context.
*
* Note that the length N of the fingerprint for a version 4 key is 20
* octets; for a version 5 key N is 32.

4
pgpainless-core/src/main/java/org/pgpainless/algorithm/SymmetricKeyAlgorithm.java
View File

@ -34,12 +34,12 @@ public enum SymmetricKeyAlgorithm {
TRIPLE_DES (SymmetricKeyAlgorithmTags.TRIPLE_DES),
/**
* CAST5 (128 bit key, as per RFC2144).
* CAST5 (128-bit key, as per RFC2144).
*/
CAST5 (SymmetricKeyAlgorithmTags.CAST5),
/**
* Blowfish (128 bit key, 16 rounds).
* Blowfish (128-bit key, 16 rounds).
*/
BLOWFISH (SymmetricKeyAlgorithmTags.BLOWFISH),

2
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMetadata.java
View File

@ -87,7 +87,7 @@ public class OpenPgpMetadata {
/**
* Return the {@link SubkeyIdentifier} of the key that was used to decrypt the message.
* This can be null if the message was decrypted using a {@link org.pgpainless.util.Passphrase}, or if it was not
* encrypted at all (eg. signed only).
* encrypted at all (e.g. signed only).
*
* @return subkey identifier of decryption key
*/

2
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/SignatureVerification.java
View File

@ -80,7 +80,7 @@ public class SignatureVerification {
}
/**
* Return the verification (tuple of {@link PGPSignature} and corresponding {@link SubkeyIdentifier}
* Return the verification (tuple of {@link PGPSignature} and corresponding {@link SubkeyIdentifier})
* of the signing/verification key.
*
* @return verification

4
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/cleartext_signatures/MultiPassStrategy.java
View File

@ -13,7 +13,7 @@ import java.io.OutputStream;
/**
* Since the {@link CleartextSignatureProcessor} needs to read the whole data twice in order to verify signatures,
* a strategy for how to cache the read data is required.
* Otherwise large data kept in memory could cause {@link OutOfMemoryError OutOfMemoryErrors} or other issues.
* Otherwise, large data kept in memory could cause {@link OutOfMemoryError OutOfMemoryErrors} or other issues.
*
* This is an Interface that describes a strategy to deal with the fact that detached signatures require multiple passes
* to do verification.
@ -46,7 +46,7 @@ public interface MultiPassStrategy {
/**
* Write the message content out to a file and re-read it to verify signatures.
* This strategy is best suited for larger messages (eg. plaintext signed files) which might not fit into memory.
* This strategy is best suited for larger messages (e.g. plaintext signed files) which might not fit into memory.
* After the message has been processed completely, the messages content are available at the provided file.
*
* @param file target file

2
pgpainless-core/src/main/java/org/pgpainless/encryption_signing/EncryptionOptions.java
View File

@ -47,7 +47,7 @@ import org.pgpainless.util.Passphrase;
* by inspecting the provided recipient keys.
*
* By default, PGPainless will only encrypt to a single encryption capable subkey per recipient key.
* This behavior can be changed, eg. by calling
* This behavior can be changed, e.g. by calling
* <pre>
* {@code
* opt.addRecipient(aliceKey, EncryptionOptions.encryptToAllCapableSubkeys());

2
pgpainless-core/src/main/java/org/pgpainless/encryption_signing/ProducerOptions.java
View File

@ -84,7 +84,7 @@ public final class ProducerOptions {
}
/**
* Specify, whether or not the result of the encryption/signing operation shall be ascii armored.
* Specify, whether the result of the encryption/signing operation shall be ascii armored.
* The default value is true.
*
* @param asciiArmor ascii armor

12
pgpainless-core/src/main/java/org/pgpainless/encryption_signing/SigningOptions.java
View File

@ -224,8 +224,8 @@ public final class SigningOptions {
/**
* Create a detached signature.
* Detached signatures are not being added into the PGP message itself.
* Instead they can be distributed separately to the message.
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
* Instead, they can be distributed separately to the message.
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
*
* @param secretKeyDecryptor decryptor to unlock the secret signing key
* @param secretKey signing key
@ -243,8 +243,8 @@ public final class SigningOptions {
/**
* Create a detached signature.
* Detached signatures are not being added into the PGP message itself.
* Instead they can be distributed separately to the message.
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
* Instead, they can be distributed separately to the message.
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
*
* This method uses the passed in user-id to select user-specific hash algorithms.
*
@ -266,8 +266,8 @@ public final class SigningOptions {
/**
* Create a detached signature.
* Detached signatures are not being added into the PGP message itself.
* Instead they can be distributed separately to the message.
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
* Instead, they can be distributed separately to the message.
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
*
* This method uses the passed in user-id to select user-specific hash algorithms.
*

2
pgpainless-core/src/main/java/org/pgpainless/key/generation/type/KeyType.java
View File

@ -70,7 +70,7 @@ public interface KeyType {
* Return true if the key that is generated from this type is able to carry the AUTHENTICATION key flag.
* See {@link org.pgpainless.algorithm.KeyFlag#AUTHENTICATION}.
*
* @return true if the key is able to be used for authentication purposes.
* @return true if the key can be used for authentication purposes.
*/
default boolean canAuthenticate() {
return canSign();

2
pgpainless-core/src/main/java/org/pgpainless/key/info/KeyAccessor.java
View File

@ -64,7 +64,7 @@ public abstract class KeyAccessor {
}
/**
* Address the key via a user-id (eg "Alice &lt;alice@wonderland.lit&gt;).
* Address the key via a user-id (e.g. "Alice &lt;alice@wonderland.lit&gt;").
* In this case we are sourcing preferred algorithms from the user-id certification first.
*/
public static class ViaUserId extends KeyAccessor {

6
pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
View File

@ -490,7 +490,7 @@ public class KeyRingInfo {
}
/**
* Return the a list of {@link KeyFlag KeyFlags} that apply to the subkey with the provided key id.
* Return a list of {@link KeyFlag KeyFlags} that apply to the subkey with the provided key id.
* @param keyId key-id
* @return list of key flags
*/
@ -734,11 +734,11 @@ public class KeyRingInfo {
/**
* Return the latest date on which the key ring is still usable for the given key flag.
* If a only a subkey is carrying the required flag and the primary key expires earlier than the subkey,
* If only a subkey is carrying the required flag and the primary key expires earlier than the subkey,
* the expiry date of the primary key is returned.
*
* This method might return null, if the primary key and a subkey with the required flag does not expire.
* @param use key flag representing the use case, eg. {@link KeyFlag#SIGN_DATA} or
* @param use key flag representing the use case, e.g. {@link KeyFlag#SIGN_DATA} or
* {@link KeyFlag#ENCRYPT_COMMS}/{@link KeyFlag#ENCRYPT_STORAGE}.
* @return latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.
*/

4
pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditorInterface.java
View File

@ -175,7 +175,7 @@ public interface SecretKeyRingEditorInterface {
/**
* Revoke the key ring.
* You can use the {@link RevocationSignatureSubpackets.Callback} to modify the revocation signatures
* subpackets, eg. in order to define whether this is a hard or soft revocation.
* subpackets, e.g. in order to define whether this is a hard or soft revocation.
*
* @param secretKeyRingProtector protector to unlock the primary secret key
* @param subpacketsCallback callback to modify the revocations subpackets
@ -192,7 +192,7 @@ public interface SecretKeyRingEditorInterface {
*
* Note: This method will hard-revoke the provided subkey, meaning it cannot be re-certified at a later point.
* If you instead want to temporarily "deactivate" the subkey, provide a soft revocation reason,
* eg. by calling {@link #revokeSubKey(OpenPgpFingerprint, SecretKeyRingProtector, RevocationAttributes)}
* e.g. by calling {@link #revokeSubKey(OpenPgpFingerprint, SecretKeyRingProtector, RevocationAttributes)}
* and provide a suitable {@link RevocationAttributes} object.
*
* @param fingerprint fingerprint of the subkey to be revoked

2
pgpainless-core/src/main/java/org/pgpainless/key/protection/CachingSecretKeyRingProtector.java
View File

@ -90,7 +90,7 @@ public class CachingSecretKeyRingProtector implements SecretKeyRingProtector, Se
* This is to prevent accidental passphrase override when dealing with multiple key rings containing
* keys with conflicting key-ids.
*
* If you can ensure that there will be no key-id clashes and you want to replace the passphrases for the key ring,
* If you can ensure that there will be no key-id clashes, and you want to replace the passphrases for the key ring,
* use {@link #replacePassphrase(PGPKeyRing, Passphrase)} instead.
*
* If you need to unlock multiple {@link PGPKeyRing PGPKeyRings}, it is advised to use a separate

4
pgpainless-core/src/main/java/org/pgpainless/key/protection/SecretKeyRingProtector.java
View File

@ -116,7 +116,7 @@ public interface SecretKeyRingProtector {
* This protector will only return a non-null encryptor/decryptor based on the provided passphrase if
* {@link #getEncryptor(Long)}/{@link #getDecryptor(Long)} is getting called with the key-id of the provided key.
*
* Otherwise this protector will always return null.
* Otherwise, this protector will always return null.
*
* @param passphrase passphrase
* @param key key to lock/unlock
@ -137,7 +137,7 @@ public interface SecretKeyRingProtector {
*
* As a consequence, this protector can only "unlock" keys which are not protected using a passphrase, and it will
* leave keys unprotected, should it be used to "protect" a key
* (eg. in {@link org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor#changePassphraseFromOldPassphrase(Passphrase)}).
* (e.g. in {@link org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor#changePassphraseFromOldPassphrase(Passphrase)}).
*
* @return protector
*/

2
pgpainless-core/src/main/java/org/pgpainless/key/util/KeyRingUtils.java
View File

@ -135,7 +135,7 @@ public final class KeyRingUtils {
* @param protector protector to unlock the secret key
* @return private key
*
* @throws PGPException if something goes wrong (eg. wrong passphrase)
* @throws PGPException if something goes wrong (e.g. wrong passphrase)
*/
public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector) throws PGPException {
return UnlockSecretKey.unlockSecretKey(secretKey, protector);

2
pgpainless-core/src/main/java/org/pgpainless/key/util/RevocationAttributes.java
View File

@ -157,7 +157,7 @@ public final class RevocationAttributes {
}
/**
* Build a {@link RevocationAttributes} object suitable for certification (eg. user-id) revocations.
* Build a {@link RevocationAttributes} object suitable for certification (e.g. user-id) revocations.
*
* @return builder
*/

2
pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java
View File

@ -304,7 +304,7 @@ public final class Policy {
}
/**
* Return true if the the given hash algorithm is acceptable by this policy.
* Return true if the given hash algorithm is acceptable by this policy.
*
* @param algorithmId hash algorithm
* @return true if the hash algorithm is acceptable, false otherwise

6
pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java
View File

@ -76,7 +76,7 @@ public final class SignatureUtils {
/**
* Return a content signer builder for the passed public key.
*
* The content signer will use a hash algorithm derived from the keys algorithm preferences.
* The content signer will use a hash algorithm derived from the keys' algorithm preferences.
* If no preferences can be derived, the key will fall back to the default hash algorithm as set in
* the {@link org.pgpainless.policy.Policy}.
*
@ -123,7 +123,7 @@ public final class SignatureUtils {
/**
* Return a new date which represents the given date plus the given amount of seconds added.
*
* Since '0' is a special value in the OpenPGP specification when it comes to dates
* Since '0' is a special date value in the OpenPGP specification
* (e.g. '0' means no expiration for expiration dates), this method will return 'null' if seconds is 0.
*
* @param date date
@ -271,7 +271,7 @@ public final class SignatureUtils {
* This method first inspects the {@link IssuerKeyID} subpacket of the signature and returns the key-id if present.
* If not, it inspects the {@link org.bouncycastle.bcpg.sig.IssuerFingerprint} packet and retrieves the key-id from the fingerprint.
*
* Otherwise it returns 0.
* Otherwise, it returns 0.
* @param signature signature
* @return signatures issuing key id
*/

2
pgpainless-core/src/main/java/org/pgpainless/signature/consumer/DetachedSignatureCheck.java
View File

@ -11,7 +11,7 @@ import org.pgpainless.key.SubkeyIdentifier;
/**
* Tuple-class which bundles together a signature, the signing key that created the signature,
* an identifier of the signing key and a record of whether or not the signature was verified.
* an identifier of the signing key and a record of whether the signature was verified.
*/
public class DetachedSignatureCheck {
private final PGPSignature signature;

2
pgpainless-core/src/main/java/org/pgpainless/signature/consumer/README.md
View File

@ -14,7 +14,7 @@ therefore let me quickly outline some of its challenges for you:
A signature is either valid or it is not.
However, signature validity goes beyond merely checking the cryptographic correctness like BouncyCastle does.
A signature that is correct can still be invalid, eg. if it is past its expiry date
A signature that is correct can still be invalid, e.g. if it is past its expiry date
or the key that issued the signature got revoked or is simply not a signing key in the first place.
All the little criteria like "is not expired", "has a hashed signature creation time subpacket",

22
pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignaturePicker.java
View File

@ -38,7 +38,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validation date most recent valid key revocation signature.
* Pick the at validation date most recent valid key revocation signature.
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
* validationDate or if it is already expired.
*
@ -65,7 +65,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate most recent, valid direct key signature.
* Pick the at validationDate most recent, valid direct key signature.
* This method might return null, if there is no direct key self-signature which is valid at validationDate.
*
* @param keyRing key ring
@ -78,7 +78,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate, latest, valid direct key signature made by signingKey on signedKey.
* Pick the at validationDate, latest, valid direct key signature made by signingKey on signedKey.
* This method might return null, if there is no direct key self signature which is valid at validationDate.
*
* @param signingKey key that created the signature
@ -104,7 +104,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate, latest direct key signature.
* Pick the at validationDate latest direct key signature.
* This method might return an expired signature.
* If there are more than one direct-key signature, and some of those are not expired, the latest non-expired
* yet already effective direct-key signature will be returned.
@ -119,7 +119,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate, latest direct key signature made by signingKey on signedKey.
* Pick the at validationDate latest direct key signature made by signingKey on signedKey.
* This method might return an expired signature.
* If a non-expired direct-key signature exists, the latest non-expired yet already effective direct-key
* signature will be returned.
@ -154,7 +154,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate most recent, valid user-id revocation signature.
* Pick the at validationDate most recent, valid user-id revocation signature.
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
* validationDate or if it is already expired.
*
@ -182,7 +182,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate latest, valid certification self-signature for the given user-id.
* Pick the at validationDate latest, valid certification self-signature for the given user-id.
* This method might return null, if there is no certification self signature for that user-id which is valid
* at validationDate.
*
@ -213,7 +213,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate latest certification self-signature for the given user-id.
* Pick the at validationDate latest certification self-signature for the given user-id.
* This method might return an expired signature.
* If a non-expired user-id certification signature exists, the latest non-expired yet already effective
* user-id certification signature for the given user-id will be returned.
@ -250,7 +250,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate most recent, valid subkey revocation signature.
* Pick the at validationDate most recent, valid subkey revocation signature.
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
* validationDate or if it is already expired.
*
@ -282,7 +282,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate latest, valid subkey binding signature for the given subkey.
* Pick the at validationDate latest, valid subkey binding signature for the given subkey.
* This method might return null, if there is no subkey binding signature which is valid
* at validationDate.
*
@ -314,7 +314,7 @@ public final class SignaturePicker {
}
/**
* Pick the, at validationDate latest subkey binding signature for the given subkey.
* Pick the at validationDate latest subkey binding signature for the given subkey.
* This method might return an expired signature.
* If a non-expired subkey binding signature exists, the latest non-expired yet already effective
* subkey binding signature for the given subkey will be returned.

2
pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidityComparator.java
View File

@ -21,7 +21,7 @@ public class SignatureValidityComparator implements Comparator<PGPSignature> {
private final SignatureCreationDateComparator creationDateComparator;
/**
* Create a new {@link SignatureValidityComparator} which orders signatures oldest first.
* Create a new {@link SignatureValidityComparator} which orders signatures the oldest first.
* Still, hard revocations will come first.
*/
public SignatureValidityComparator() {

2
pgpainless-core/src/main/java/org/pgpainless/signature/subpackets/SignatureSubpacketGeneratorUtil.java
View File

@ -12,7 +12,7 @@ import org.bouncycastle.bcpg.SignatureSubpacketTags;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
/**
* Utility class that helps dealing with BCs SignatureSubpacketGenerator class.
* Utility class that helps to deal with BCs SignatureSubpacketGenerator class.
*/
public final class SignatureSubpacketGeneratorUtil {

4
pgpainless-core/src/main/java/org/pgpainless/signature/subpackets/SignatureSubpacketsUtil.java
View File

@ -158,7 +158,7 @@ public final class SignatureSubpacketsUtil {
}
/**
* Return the signatures expiration time as a date.
* Return the signatures' expiration time as a date.
* The expiration date is computed by adding the expiration time to the signature creation date.
* If the signature has no expiration time subpacket, or the expiration time is set to '0', this message returns null.
*
@ -211,7 +211,7 @@ public final class SignatureSubpacketsUtil {
*
* @param expirationDate new expiration date
* @param creationDate key creation time
* @return life time of the key in seconds
* @return lifetime of the key in seconds
*/
public static long getKeyLifetimeInSeconds(@Nullable Date expirationDate, @Nonnull Date creationDate) {
long secondsToExpire = 0; // 0 means "no expiration"

4
pgpainless-core/src/main/java/org/pgpainless/util/DateUtil.java
View File

@ -47,8 +47,8 @@ public final class DateUtil {
/**
* "Round" a date down to seconds precision.
* @param date
* @return
* @param date date
* @return rounded date
*/
public static Date toSecondsPrecision(Date date) {
long seconds = date.getTime() / 1000;

2
pgpainless-core/src/test/java/investigations/OnePassSignatureVerificationWithPartialLengthLiteralDataRegressionTest.java
View File

@ -26,7 +26,7 @@ public class OnePassSignatureVerificationWithPartialLengthLiteralDataRegressionT
* PGPainless versions 0.2.10 - 0.2.18 fail to decrypt this message, due to it failing to parse the signatures trailing
* the literal data. The cause for this was not draining the literal data first before trying to parse the sigs.
* This is likely caused by the literal data using a partial length encoding scheme, so the PGPObjectFactory did not yet
* reach the signatures packet.
* reach the signatures packets.
*
* As a fix, PGPainless now only tries to parse signatures from after the literal data packet, once the literal data
* stream gets closed.

2
pgpainless-core/src/test/java/org/pgpainless/decryption_verification/CleartextSignatureVerificationTest.java
View File

@ -212,7 +212,7 @@ public class CleartextSignatureVerificationTest {
@Test
public void getDecoderStreamMistakensPlaintextForBase64RegressionTest()
throws PGPException, IOException {
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would mistaken this for base64 data
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would have mistaken this for base64 data
ByteArrayInputStream msgIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
PGPSecretKeyRing secretKey = TestKeys.getEmilSecretKeyRing();

12
pgpainless-core/src/test/java/org/pgpainless/example/GenerateKeys.java
View File

@ -83,7 +83,7 @@ public class GenerateKeys {
}
/**
* This example demonstrates how to generate a simple OpenPGP key consisting of a 4096 bit RSA key.
* This example demonstrates how to generate a simple OpenPGP key consisting of a 4096-bit RSA key.
* The RSA key is used for both signing and certifying, as well as encryption.
*
* This method is recommended if the application has to deal with legacy clients with poor algorithm support.
@ -107,7 +107,7 @@ public class GenerateKeys {
/**
* This example demonstrates how to generate a simple OpenPGP key based on elliptic curves.
* The key consists of an ECDSA primary key that is used both for certification of subkeys, as well as signing of data,
* The key consists of an ECDSA primary key that is used both for certification of subkeys, and signing of data,
* and a single ECDH encryption subkey.
*
* This method is recommended if small keys and high performance are desired.
@ -141,7 +141,7 @@ public class GenerateKeys {
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag, KeyFlag...)}
* method and providing a {@link KeyType}.
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
* (such as {@link KeyType#ECDH(EllipticCurve)}. {@link KeyFlag KeyFlags} determine
* (such as {@link KeyType#ECDH(EllipticCurve)}). {@link KeyFlag KeyFlags} determine
* the use of the key, like encryption, signing data or certifying subkeys.
*
* If you so desire, you can now specify your own algorithm preferences.
@ -155,7 +155,7 @@ public class GenerateKeys {
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement
* for primary keys.
*
* Furthermore you have to set at least the primary user-id via
* Furthermore, you have to set at least the primary user-id via
* {@link org.pgpainless.key.generation.KeyRingBuilder#addUserId(String)},
* but you can also add additional user-ids.
*
@ -187,11 +187,11 @@ public class GenerateKeys {
.addSubkey(KeySpec.getBuilder(
// We choose an ECDH key over the brainpoolp256r1 curve
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1),
// Our key can encrypt both communication data, as well as data at rest
// Our key can encrypt both communication data, and data at rest
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS
)
// Optionally: Configure the subkey with custom algorithm preferences
// Is is recommended though to go with PGPainless' defaults which can be found in the
// It is recommended though to go with PGPainless' defaults which can be found in the
// AlgorithmSuite class.
.overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
.overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)

2
pgpainless-core/src/test/java/org/pgpainless/example/ManagePolicy.java
View File

@ -26,7 +26,7 @@ import org.pgpainless.util.NotationRegistry;
* Note, that PGPainless distinguishes between hash algorithms used in revocation and non-revocation signatures,
* and has different policies for those.
*
* Furthermore PGPainless has policies for symmetric encryption algorithms (both for encrypting and decrypting),
* Furthermore, PGPainless has policies for symmetric encryption algorithms (both for encrypting and decrypting),
* for public key algorithms and key lengths, as well as compression algorithms.
*
* The following examples show how these policies can be modified.

2
pgpainless-core/src/test/java/org/pgpainless/example/ModifyKeys.java
View File

@ -154,7 +154,7 @@ public class ModifyKeys {
* Prerequisites are a {@link SecretKeyRingProtector} that is capable of unlocking the primary key of the existing key,
* and a {@link Passphrase} for the new subkey.
*
* There are two way to add a subkey into an existing key;
* There are two ways to add a subkey into an existing key;
* Either the subkey gets generated on the fly (see below),
* or the subkey already exists. In the latter case, the user has to provide
* {@link org.bouncycastle.openpgp.PGPSignatureSubpacketVector PGPSignatureSubpacketVectors} for the binding signature

4
sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java
View File

@ -115,7 +115,7 @@ public class DecryptCmdTest {
verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
verify(decrypt, times(1)).verifyNotAfter(
ArgumentMatchers.argThat(argument -> {
// allow 1 second difference
// allow 1-second difference
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
}));
}
@ -131,7 +131,7 @@ public class DecryptCmdTest {
public void assertVerifyNotAfterAndBeforeNowResultsInMinTimeRange() throws SOPGPException.UnsupportedOption {
Date now = new Date();
ArgumentMatcher<Date> isMaxOneSecOff = argument -> {
// Allow less than 1 second difference
// Allow less than 1-second difference
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
};

2
sop-java/src/main/java/sop/ReadyWithResult.java
View File

@ -13,7 +13,7 @@ import sop.exception.SOPGPException;
public abstract class ReadyWithResult<T> {
/**
* Write the data eg. decrypted plaintext to the provided output stream and return the result of the
* Write the data e.g. decrypted plaintext to the provided output stream and return the result of the
* processing operation.
*
* @param outputStream output stream

2
sop-java/src/main/java/sop/Verification.java
View File

@ -21,7 +21,7 @@ public class Verification {
}
/**
* Return the signatures creation time.
* Return the signatures' creation time.
*
* @return signature creation time
*/