mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-26 12:58:02 +01:00
Fix typos and wording
This commit is contained in:
parent
ce7b69269b
commit
b1bde161b4
40 changed files with 87 additions and 87 deletions
|
@ -6,7 +6,7 @@ SPDX-License-Identifier: CC0-1.0
|
|||
# PGPainless Changelog
|
||||
|
||||
## 1.0.0-rc9
|
||||
- When key has both direct-key sig + primary user-id sig: resolve expiration date to earliest expiration
|
||||
- When key has both direct-key sig + primary user-id sig: resolve expiration date to the earliest expiration
|
||||
- Add `SecretKeyRingEditor.removeUserId()` convenience methods that do soft-revoke the user-id.
|
||||
- Add `SelectUserId.byEmail()` which also matches the plain email address
|
||||
|
||||
|
@ -110,7 +110,7 @@ SPDX-License-Identifier: CC0-1.0
|
|||
|
||||
## 0.2.16
|
||||
- Fix handling of subkey revocation signatures
|
||||
- SOP: improve API use with byte arrays
|
||||
- SOP: improve API usage with byte arrays
|
||||
- Fix `AssertionError` when determining encryption subkeys from set containing unbound key
|
||||
- Add `ConsumerOptions.setMissingKeyPassphraseStrategy(strategy)` to modify behavior when missing key passphrases are encountered during decryption
|
||||
|
||||
|
|
|
@ -185,7 +185,7 @@ dependencies {
|
|||
## About
|
||||
PGPainless is a by-product of my [Summer of Code 2018 project](https://blog.jabberhead.tk/summer-of-code-2018/)
|
||||
implementing OpenPGP support for the XMPP client library [Smack](https://github.com/igniterealtime/Smack).
|
||||
For that project I was in need of a simple to use OpenPGP library.
|
||||
For that project I was in need of a simple-to-use OpenPGP library.
|
||||
|
||||
Originally I was going to use [Bouncy-GPG](https://github.com/neuhalje/bouncy-gpg) for my project,
|
||||
but ultimately I decided to create my own OpenPGP library which better fits my needs.
|
||||
|
|
|
@ -19,7 +19,7 @@ currently being supported with security updates.
|
|||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you find a security relevant vulnerability inside of PGPainless, please let me know!
|
||||
If you find a security relevant vulnerability inside PGPainless, please let me know!
|
||||
[Here](https://keyoxide.org/7F9116FEA90A5983936C7CFAA027DB2F3E1E118A) you can find my OpenPGP key to email me confidentially.
|
||||
|
||||
Valid security issues will be fixed ASAP.
|
||||
|
|
|
@ -19,7 +19,7 @@ In short: Communication protected using PGPainless is intended to be private,
|
|||
users can verify that messages they receive were really send by their communication peer
|
||||
and users can verify that messages have not been tampered with.
|
||||
|
||||
This is being achieved by preventing a number of typical attacks on the users communication,
|
||||
This is being achieved by preventing a number of typical attacks on the user's communication,
|
||||
like the attacker introducing an evil subkey to the victims public key, or the attacker creating
|
||||
counterfeit signatures to fool the victim.
|
||||
|
||||
|
@ -33,7 +33,7 @@ through a benign client application (like an email app) on a trustworthy device.
|
|||
|
||||
The attacker can try to feed the application malicious input (like manipulated public key updates,
|
||||
specially crafted PGP message objects etc.) but they cannot access the victims decrypted secret key material as
|
||||
it is protected by the device (eg. stored in a secure key store).
|
||||
it is protected by the device (e.g. stored in a secure key store).
|
||||
|
||||
### What doesn't PGPainless Protect Against?
|
||||
|
||||
|
|
|
@ -7,12 +7,12 @@ package org.pgpainless.algorithm;
|
|||
public enum EncryptionPurpose {
|
||||
/**
|
||||
* The stream will encrypt communication that goes over the wire.
|
||||
* Eg. EMail, Chat...
|
||||
* E.g. EMail, Chat...
|
||||
*/
|
||||
COMMUNICATIONS,
|
||||
/**
|
||||
* The stream will encrypt data at rest.
|
||||
* Eg. Encrypted backup...
|
||||
* E.g. Encrypted backup...
|
||||
*/
|
||||
STORAGE,
|
||||
/**
|
||||
|
|
|
@ -40,7 +40,7 @@ public enum Feature {
|
|||
/**
|
||||
* If a key announces this feature, it is a version 5 public key.
|
||||
* The version 5 format is similar to the version 4 format except for the addition of a count for the key material.
|
||||
* This count helps parsing secret key packets (which are an extension of the public key packet format) in the case
|
||||
* This count helps to parse secret key packets (which are an extension of the public key packet format) in the case
|
||||
* of an unknown algorithm.
|
||||
* In addition, fingerprints of version 5 keys are calculated differently from version 4 keys.
|
||||
*
|
||||
|
|
|
@ -124,7 +124,7 @@ public enum PublicKeyAlgorithm {
|
|||
/**
|
||||
* Return true if this public key algorithm is able to create signatures.
|
||||
*
|
||||
* @return true if can sign
|
||||
* @return true if the algorithm can sign
|
||||
*/
|
||||
public boolean isSigningCapable() {
|
||||
return signingCapable;
|
||||
|
@ -133,7 +133,7 @@ public enum PublicKeyAlgorithm {
|
|||
/**
|
||||
* Return true if this public key algorithm can be used as an encryption algorithm.
|
||||
*
|
||||
* @return true if can encrypt
|
||||
* @return true if the algorithm can encrypt
|
||||
*/
|
||||
public boolean isEncryptionCapable() {
|
||||
return encryptionCapable;
|
||||
|
|
|
@ -63,7 +63,7 @@ public enum SignatureSubpacket {
|
|||
signatureExpirationTime(EXPIRE_TIME),
|
||||
|
||||
/**
|
||||
* Denotes whether or not the signature is exportable for other users.
|
||||
* Denotes whether the signature is exportable for other users.
|
||||
*
|
||||
* @see <a href="https://tools.ietf.org/html/rfc4880#section-5.2.3.11">Exportable Certification</a>
|
||||
*/
|
||||
|
@ -73,7 +73,7 @@ public enum SignatureSubpacket {
|
|||
* Signer asserts that the key is not only valid but also trustworthy at
|
||||
* the specified level. Level 0 has the same meaning as an ordinary
|
||||
* validity signature. Level 1 means that the signed key is asserted to
|
||||
* be a valid trusted introducer, with the 2nd octet of the body
|
||||
* be a valid, trusted introducer, with the 2nd octet of the body
|
||||
* specifying the degree of trust. Level 2 means that the signed key is
|
||||
* asserted to be trusted to issue level 1 trust signatures, i.e., that
|
||||
* it is a "meta introducer". Generally, a level n trust signature
|
||||
|
@ -128,8 +128,8 @@ public enum SignatureSubpacket {
|
|||
placeholder(PLACEHOLDER),
|
||||
|
||||
/**
|
||||
* Symmetric algorithm numbers that indicate which algorithms the key
|
||||
* holder prefers to use. The subpacket body is an ordered list of
|
||||
* Symmetric algorithm numbers that indicate which algorithms the keyholder
|
||||
* prefers to use. The subpackets body is an ordered list of
|
||||
* octets with the most preferred listed first. It is assumed that only
|
||||
* algorithms listed are supported by the recipient's software.
|
||||
* This is only found on a self-signature.
|
||||
|
@ -180,7 +180,7 @@ public enum SignatureSubpacket {
|
|||
|
||||
/**
|
||||
* Message digest algorithm numbers that indicate which algorithms the
|
||||
* key holder prefers to receive. Like the preferred symmetric
|
||||
* keyholder prefers to receive. Like the preferred symmetric
|
||||
* algorithms, the list is ordered.
|
||||
* This is only found on a self-signature.
|
||||
*
|
||||
|
@ -189,10 +189,10 @@ public enum SignatureSubpacket {
|
|||
preferredHashAlgorithms(PREFERRED_HASH_ALGS),
|
||||
|
||||
/**
|
||||
* Compression algorithm numbers that indicate which algorithms the key
|
||||
* holder prefers to use. Like the preferred symmetric algorithms, the
|
||||
* Compression algorithm numbers that indicate which algorithms the
|
||||
* keyholder prefers to use. Like the preferred symmetric algorithms, the
|
||||
* list is ordered. If this subpacket is not included, ZIP is preferred.
|
||||
* A zero denotes that uncompressed data is preferred; the key holder's
|
||||
* A zero denotes that uncompressed data is preferred; the keyholder's
|
||||
* software might have no compression software in that implementation.
|
||||
* This is only found on a self-signature.
|
||||
*
|
||||
|
@ -202,7 +202,7 @@ public enum SignatureSubpacket {
|
|||
|
||||
/**
|
||||
* This is a list of one-bit flags that indicate preferences that the
|
||||
* key holder has about how the key is handled on a key server. All
|
||||
* keyholder has about how the key is handled on a key server. All
|
||||
* undefined flags MUST be zero.
|
||||
* This is found only on a self-signature.
|
||||
*
|
||||
|
@ -211,7 +211,7 @@ public enum SignatureSubpacket {
|
|||
keyServerPreferences(KEY_SERVER_PREFS),
|
||||
|
||||
/**
|
||||
* This is a URI of a key server that the key holder prefers be used for
|
||||
* This is a URI of a key server that the keyholder prefers be used for
|
||||
* updates. Note that keys with multiple User IDs can have a preferred
|
||||
* key server for each User ID. Note also that since this is a URI, the
|
||||
* key server can actually be a copy of the key retrieved by ftp, http,
|
||||
|
@ -345,8 +345,8 @@ public enum SignatureSubpacket {
|
|||
issuerFingerprint(ISSUER_FINGERPRINT),
|
||||
|
||||
/**
|
||||
* AEAD algorithm numbers that indicate which AEAD algorithms the key
|
||||
* holder prefers to use. The subpacket body is an ordered list of
|
||||
* AEAD algorithm numbers that indicate which AEAD algorithms the
|
||||
* keyholder prefers to use. The subpackets body is an ordered list of
|
||||
* octets with the most preferred listed first. It is assumed that only
|
||||
* algorithms listed are supported by the recipient's software.
|
||||
* This is only found on a self-signature.
|
||||
|
@ -363,7 +363,7 @@ public enum SignatureSubpacket {
|
|||
* it SHOULD be considered valid only in an encrypted context, where the
|
||||
* key it was encrypted to is one of the indicated primary keys, or one
|
||||
* of their subkeys. This can be used to prevent forwarding a signature
|
||||
* outside of its intended, encrypted context.
|
||||
* outside its intended, encrypted context.
|
||||
*
|
||||
* Note that the length N of the fingerprint for a version 4 key is 20
|
||||
* octets; for a version 5 key N is 32.
|
||||
|
|
|
@ -34,12 +34,12 @@ public enum SymmetricKeyAlgorithm {
|
|||
TRIPLE_DES (SymmetricKeyAlgorithmTags.TRIPLE_DES),
|
||||
|
||||
/**
|
||||
* CAST5 (128 bit key, as per RFC2144).
|
||||
* CAST5 (128-bit key, as per RFC2144).
|
||||
*/
|
||||
CAST5 (SymmetricKeyAlgorithmTags.CAST5),
|
||||
|
||||
/**
|
||||
* Blowfish (128 bit key, 16 rounds).
|
||||
* Blowfish (128-bit key, 16 rounds).
|
||||
*/
|
||||
BLOWFISH (SymmetricKeyAlgorithmTags.BLOWFISH),
|
||||
|
||||
|
|
|
@ -87,7 +87,7 @@ public class OpenPgpMetadata {
|
|||
/**
|
||||
* Return the {@link SubkeyIdentifier} of the key that was used to decrypt the message.
|
||||
* This can be null if the message was decrypted using a {@link org.pgpainless.util.Passphrase}, or if it was not
|
||||
* encrypted at all (eg. signed only).
|
||||
* encrypted at all (e.g. signed only).
|
||||
*
|
||||
* @return subkey identifier of decryption key
|
||||
*/
|
||||
|
|
|
@ -80,7 +80,7 @@ public class SignatureVerification {
|
|||
}
|
||||
|
||||
/**
|
||||
* Return the verification (tuple of {@link PGPSignature} and corresponding {@link SubkeyIdentifier}
|
||||
* Return the verification (tuple of {@link PGPSignature} and corresponding {@link SubkeyIdentifier})
|
||||
* of the signing/verification key.
|
||||
*
|
||||
* @return verification
|
||||
|
|
|
@ -13,7 +13,7 @@ import java.io.OutputStream;
|
|||
/**
|
||||
* Since the {@link CleartextSignatureProcessor} needs to read the whole data twice in order to verify signatures,
|
||||
* a strategy for how to cache the read data is required.
|
||||
* Otherwise large data kept in memory could cause {@link OutOfMemoryError OutOfMemoryErrors} or other issues.
|
||||
* Otherwise, large data kept in memory could cause {@link OutOfMemoryError OutOfMemoryErrors} or other issues.
|
||||
*
|
||||
* This is an Interface that describes a strategy to deal with the fact that detached signatures require multiple passes
|
||||
* to do verification.
|
||||
|
@ -46,7 +46,7 @@ public interface MultiPassStrategy {
|
|||
|
||||
/**
|
||||
* Write the message content out to a file and re-read it to verify signatures.
|
||||
* This strategy is best suited for larger messages (eg. plaintext signed files) which might not fit into memory.
|
||||
* This strategy is best suited for larger messages (e.g. plaintext signed files) which might not fit into memory.
|
||||
* After the message has been processed completely, the messages content are available at the provided file.
|
||||
*
|
||||
* @param file target file
|
||||
|
|
|
@ -47,7 +47,7 @@ import org.pgpainless.util.Passphrase;
|
|||
* by inspecting the provided recipient keys.
|
||||
*
|
||||
* By default, PGPainless will only encrypt to a single encryption capable subkey per recipient key.
|
||||
* This behavior can be changed, eg. by calling
|
||||
* This behavior can be changed, e.g. by calling
|
||||
* <pre>
|
||||
* {@code
|
||||
* opt.addRecipient(aliceKey, EncryptionOptions.encryptToAllCapableSubkeys());
|
||||
|
|
|
@ -84,7 +84,7 @@ public final class ProducerOptions {
|
|||
}
|
||||
|
||||
/**
|
||||
* Specify, whether or not the result of the encryption/signing operation shall be ascii armored.
|
||||
* Specify, whether the result of the encryption/signing operation shall be ascii armored.
|
||||
* The default value is true.
|
||||
*
|
||||
* @param asciiArmor ascii armor
|
||||
|
|
|
@ -224,8 +224,8 @@ public final class SigningOptions {
|
|||
/**
|
||||
* Create a detached signature.
|
||||
* Detached signatures are not being added into the PGP message itself.
|
||||
* Instead they can be distributed separately to the message.
|
||||
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
|
||||
* Instead, they can be distributed separately to the message.
|
||||
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
|
||||
*
|
||||
* @param secretKeyDecryptor decryptor to unlock the secret signing key
|
||||
* @param secretKey signing key
|
||||
|
@ -243,8 +243,8 @@ public final class SigningOptions {
|
|||
/**
|
||||
* Create a detached signature.
|
||||
* Detached signatures are not being added into the PGP message itself.
|
||||
* Instead they can be distributed separately to the message.
|
||||
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
|
||||
* Instead, they can be distributed separately to the message.
|
||||
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
|
||||
*
|
||||
* This method uses the passed in user-id to select user-specific hash algorithms.
|
||||
*
|
||||
|
@ -266,8 +266,8 @@ public final class SigningOptions {
|
|||
/**
|
||||
* Create a detached signature.
|
||||
* Detached signatures are not being added into the PGP message itself.
|
||||
* Instead they can be distributed separately to the message.
|
||||
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
|
||||
* Instead, they can be distributed separately to the message.
|
||||
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
|
||||
*
|
||||
* This method uses the passed in user-id to select user-specific hash algorithms.
|
||||
*
|
||||
|
|
|
@ -70,7 +70,7 @@ public interface KeyType {
|
|||
* Return true if the key that is generated from this type is able to carry the AUTHENTICATION key flag.
|
||||
* See {@link org.pgpainless.algorithm.KeyFlag#AUTHENTICATION}.
|
||||
*
|
||||
* @return true if the key is able to be used for authentication purposes.
|
||||
* @return true if the key can be used for authentication purposes.
|
||||
*/
|
||||
default boolean canAuthenticate() {
|
||||
return canSign();
|
||||
|
|
|
@ -64,7 +64,7 @@ public abstract class KeyAccessor {
|
|||
}
|
||||
|
||||
/**
|
||||
* Address the key via a user-id (eg "Alice <alice@wonderland.lit>).
|
||||
* Address the key via a user-id (e.g. "Alice <alice@wonderland.lit>").
|
||||
* In this case we are sourcing preferred algorithms from the user-id certification first.
|
||||
*/
|
||||
public static class ViaUserId extends KeyAccessor {
|
||||
|
|
|
@ -490,7 +490,7 @@ public class KeyRingInfo {
|
|||
}
|
||||
|
||||
/**
|
||||
* Return the a list of {@link KeyFlag KeyFlags} that apply to the subkey with the provided key id.
|
||||
* Return a list of {@link KeyFlag KeyFlags} that apply to the subkey with the provided key id.
|
||||
* @param keyId key-id
|
||||
* @return list of key flags
|
||||
*/
|
||||
|
@ -734,11 +734,11 @@ public class KeyRingInfo {
|
|||
|
||||
/**
|
||||
* Return the latest date on which the key ring is still usable for the given key flag.
|
||||
* If a only a subkey is carrying the required flag and the primary key expires earlier than the subkey,
|
||||
* If only a subkey is carrying the required flag and the primary key expires earlier than the subkey,
|
||||
* the expiry date of the primary key is returned.
|
||||
*
|
||||
* This method might return null, if the primary key and a subkey with the required flag does not expire.
|
||||
* @param use key flag representing the use case, eg. {@link KeyFlag#SIGN_DATA} or
|
||||
* @param use key flag representing the use case, e.g. {@link KeyFlag#SIGN_DATA} or
|
||||
* {@link KeyFlag#ENCRYPT_COMMS}/{@link KeyFlag#ENCRYPT_STORAGE}.
|
||||
* @return latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.
|
||||
*/
|
||||
|
|
|
@ -175,7 +175,7 @@ public interface SecretKeyRingEditorInterface {
|
|||
/**
|
||||
* Revoke the key ring.
|
||||
* You can use the {@link RevocationSignatureSubpackets.Callback} to modify the revocation signatures
|
||||
* subpackets, eg. in order to define whether this is a hard or soft revocation.
|
||||
* subpackets, e.g. in order to define whether this is a hard or soft revocation.
|
||||
*
|
||||
* @param secretKeyRingProtector protector to unlock the primary secret key
|
||||
* @param subpacketsCallback callback to modify the revocations subpackets
|
||||
|
@ -192,7 +192,7 @@ public interface SecretKeyRingEditorInterface {
|
|||
*
|
||||
* Note: This method will hard-revoke the provided subkey, meaning it cannot be re-certified at a later point.
|
||||
* If you instead want to temporarily "deactivate" the subkey, provide a soft revocation reason,
|
||||
* eg. by calling {@link #revokeSubKey(OpenPgpFingerprint, SecretKeyRingProtector, RevocationAttributes)}
|
||||
* e.g. by calling {@link #revokeSubKey(OpenPgpFingerprint, SecretKeyRingProtector, RevocationAttributes)}
|
||||
* and provide a suitable {@link RevocationAttributes} object.
|
||||
*
|
||||
* @param fingerprint fingerprint of the subkey to be revoked
|
||||
|
|
|
@ -90,7 +90,7 @@ public class CachingSecretKeyRingProtector implements SecretKeyRingProtector, Se
|
|||
* This is to prevent accidental passphrase override when dealing with multiple key rings containing
|
||||
* keys with conflicting key-ids.
|
||||
*
|
||||
* If you can ensure that there will be no key-id clashes and you want to replace the passphrases for the key ring,
|
||||
* If you can ensure that there will be no key-id clashes, and you want to replace the passphrases for the key ring,
|
||||
* use {@link #replacePassphrase(PGPKeyRing, Passphrase)} instead.
|
||||
*
|
||||
* If you need to unlock multiple {@link PGPKeyRing PGPKeyRings}, it is advised to use a separate
|
||||
|
|
|
@ -116,7 +116,7 @@ public interface SecretKeyRingProtector {
|
|||
* This protector will only return a non-null encryptor/decryptor based on the provided passphrase if
|
||||
* {@link #getEncryptor(Long)}/{@link #getDecryptor(Long)} is getting called with the key-id of the provided key.
|
||||
*
|
||||
* Otherwise this protector will always return null.
|
||||
* Otherwise, this protector will always return null.
|
||||
*
|
||||
* @param passphrase passphrase
|
||||
* @param key key to lock/unlock
|
||||
|
@ -137,7 +137,7 @@ public interface SecretKeyRingProtector {
|
|||
*
|
||||
* As a consequence, this protector can only "unlock" keys which are not protected using a passphrase, and it will
|
||||
* leave keys unprotected, should it be used to "protect" a key
|
||||
* (eg. in {@link org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor#changePassphraseFromOldPassphrase(Passphrase)}).
|
||||
* (e.g. in {@link org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor#changePassphraseFromOldPassphrase(Passphrase)}).
|
||||
*
|
||||
* @return protector
|
||||
*/
|
||||
|
|
|
@ -135,7 +135,7 @@ public final class KeyRingUtils {
|
|||
* @param protector protector to unlock the secret key
|
||||
* @return private key
|
||||
*
|
||||
* @throws PGPException if something goes wrong (eg. wrong passphrase)
|
||||
* @throws PGPException if something goes wrong (e.g. wrong passphrase)
|
||||
*/
|
||||
public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector) throws PGPException {
|
||||
return UnlockSecretKey.unlockSecretKey(secretKey, protector);
|
||||
|
|
|
@ -157,7 +157,7 @@ public final class RevocationAttributes {
|
|||
}
|
||||
|
||||
/**
|
||||
* Build a {@link RevocationAttributes} object suitable for certification (eg. user-id) revocations.
|
||||
* Build a {@link RevocationAttributes} object suitable for certification (e.g. user-id) revocations.
|
||||
*
|
||||
* @return builder
|
||||
*/
|
||||
|
|
|
@ -304,7 +304,7 @@ public final class Policy {
|
|||
}
|
||||
|
||||
/**
|
||||
* Return true if the the given hash algorithm is acceptable by this policy.
|
||||
* Return true if the given hash algorithm is acceptable by this policy.
|
||||
*
|
||||
* @param algorithmId hash algorithm
|
||||
* @return true if the hash algorithm is acceptable, false otherwise
|
||||
|
|
|
@ -76,7 +76,7 @@ public final class SignatureUtils {
|
|||
/**
|
||||
* Return a content signer builder for the passed public key.
|
||||
*
|
||||
* The content signer will use a hash algorithm derived from the keys algorithm preferences.
|
||||
* The content signer will use a hash algorithm derived from the keys' algorithm preferences.
|
||||
* If no preferences can be derived, the key will fall back to the default hash algorithm as set in
|
||||
* the {@link org.pgpainless.policy.Policy}.
|
||||
*
|
||||
|
@ -123,7 +123,7 @@ public final class SignatureUtils {
|
|||
/**
|
||||
* Return a new date which represents the given date plus the given amount of seconds added.
|
||||
*
|
||||
* Since '0' is a special value in the OpenPGP specification when it comes to dates
|
||||
* Since '0' is a special date value in the OpenPGP specification
|
||||
* (e.g. '0' means no expiration for expiration dates), this method will return 'null' if seconds is 0.
|
||||
*
|
||||
* @param date date
|
||||
|
@ -271,7 +271,7 @@ public final class SignatureUtils {
|
|||
* This method first inspects the {@link IssuerKeyID} subpacket of the signature and returns the key-id if present.
|
||||
* If not, it inspects the {@link org.bouncycastle.bcpg.sig.IssuerFingerprint} packet and retrieves the key-id from the fingerprint.
|
||||
*
|
||||
* Otherwise it returns 0.
|
||||
* Otherwise, it returns 0.
|
||||
* @param signature signature
|
||||
* @return signatures issuing key id
|
||||
*/
|
||||
|
|
|
@ -11,7 +11,7 @@ import org.pgpainless.key.SubkeyIdentifier;
|
|||
|
||||
/**
|
||||
* Tuple-class which bundles together a signature, the signing key that created the signature,
|
||||
* an identifier of the signing key and a record of whether or not the signature was verified.
|
||||
* an identifier of the signing key and a record of whether the signature was verified.
|
||||
*/
|
||||
public class DetachedSignatureCheck {
|
||||
private final PGPSignature signature;
|
||||
|
|
|
@ -14,7 +14,7 @@ therefore let me quickly outline some of its challenges for you:
|
|||
|
||||
A signature is either valid or it is not.
|
||||
However, signature validity goes beyond merely checking the cryptographic correctness like BouncyCastle does.
|
||||
A signature that is correct can still be invalid, eg. if it is past its expiry date
|
||||
A signature that is correct can still be invalid, e.g. if it is past its expiry date
|
||||
or the key that issued the signature got revoked or is simply not a signing key in the first place.
|
||||
|
||||
All the little criteria like "is not expired", "has a hashed signature creation time subpacket",
|
||||
|
|
|
@ -38,7 +38,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validation date most recent valid key revocation signature.
|
||||
* Pick the at validation date most recent valid key revocation signature.
|
||||
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
||||
* validationDate or if it is already expired.
|
||||
*
|
||||
|
@ -65,7 +65,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate most recent, valid direct key signature.
|
||||
* Pick the at validationDate most recent, valid direct key signature.
|
||||
* This method might return null, if there is no direct key self-signature which is valid at validationDate.
|
||||
*
|
||||
* @param keyRing key ring
|
||||
|
@ -78,7 +78,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate, latest, valid direct key signature made by signingKey on signedKey.
|
||||
* Pick the at validationDate, latest, valid direct key signature made by signingKey on signedKey.
|
||||
* This method might return null, if there is no direct key self signature which is valid at validationDate.
|
||||
*
|
||||
* @param signingKey key that created the signature
|
||||
|
@ -104,7 +104,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate, latest direct key signature.
|
||||
* Pick the at validationDate latest direct key signature.
|
||||
* This method might return an expired signature.
|
||||
* If there are more than one direct-key signature, and some of those are not expired, the latest non-expired
|
||||
* yet already effective direct-key signature will be returned.
|
||||
|
@ -119,7 +119,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate, latest direct key signature made by signingKey on signedKey.
|
||||
* Pick the at validationDate latest direct key signature made by signingKey on signedKey.
|
||||
* This method might return an expired signature.
|
||||
* If a non-expired direct-key signature exists, the latest non-expired yet already effective direct-key
|
||||
* signature will be returned.
|
||||
|
@ -154,7 +154,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate most recent, valid user-id revocation signature.
|
||||
* Pick the at validationDate most recent, valid user-id revocation signature.
|
||||
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
||||
* validationDate or if it is already expired.
|
||||
*
|
||||
|
@ -182,7 +182,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate latest, valid certification self-signature for the given user-id.
|
||||
* Pick the at validationDate latest, valid certification self-signature for the given user-id.
|
||||
* This method might return null, if there is no certification self signature for that user-id which is valid
|
||||
* at validationDate.
|
||||
*
|
||||
|
@ -213,7 +213,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate latest certification self-signature for the given user-id.
|
||||
* Pick the at validationDate latest certification self-signature for the given user-id.
|
||||
* This method might return an expired signature.
|
||||
* If a non-expired user-id certification signature exists, the latest non-expired yet already effective
|
||||
* user-id certification signature for the given user-id will be returned.
|
||||
|
@ -250,7 +250,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate most recent, valid subkey revocation signature.
|
||||
* Pick the at validationDate most recent, valid subkey revocation signature.
|
||||
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
||||
* validationDate or if it is already expired.
|
||||
*
|
||||
|
@ -282,7 +282,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate latest, valid subkey binding signature for the given subkey.
|
||||
* Pick the at validationDate latest, valid subkey binding signature for the given subkey.
|
||||
* This method might return null, if there is no subkey binding signature which is valid
|
||||
* at validationDate.
|
||||
*
|
||||
|
@ -314,7 +314,7 @@ public final class SignaturePicker {
|
|||
}
|
||||
|
||||
/**
|
||||
* Pick the, at validationDate latest subkey binding signature for the given subkey.
|
||||
* Pick the at validationDate latest subkey binding signature for the given subkey.
|
||||
* This method might return an expired signature.
|
||||
* If a non-expired subkey binding signature exists, the latest non-expired yet already effective
|
||||
* subkey binding signature for the given subkey will be returned.
|
||||
|
|
|
@ -21,7 +21,7 @@ public class SignatureValidityComparator implements Comparator<PGPSignature> {
|
|||
private final SignatureCreationDateComparator creationDateComparator;
|
||||
|
||||
/**
|
||||
* Create a new {@link SignatureValidityComparator} which orders signatures oldest first.
|
||||
* Create a new {@link SignatureValidityComparator} which orders signatures the oldest first.
|
||||
* Still, hard revocations will come first.
|
||||
*/
|
||||
public SignatureValidityComparator() {
|
||||
|
|
|
@ -12,7 +12,7 @@ import org.bouncycastle.bcpg.SignatureSubpacketTags;
|
|||
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
||||
|
||||
/**
|
||||
* Utility class that helps dealing with BCs SignatureSubpacketGenerator class.
|
||||
* Utility class that helps to deal with BCs SignatureSubpacketGenerator class.
|
||||
*/
|
||||
public final class SignatureSubpacketGeneratorUtil {
|
||||
|
||||
|
|
|
@ -158,7 +158,7 @@ public final class SignatureSubpacketsUtil {
|
|||
}
|
||||
|
||||
/**
|
||||
* Return the signatures expiration time as a date.
|
||||
* Return the signatures' expiration time as a date.
|
||||
* The expiration date is computed by adding the expiration time to the signature creation date.
|
||||
* If the signature has no expiration time subpacket, or the expiration time is set to '0', this message returns null.
|
||||
*
|
||||
|
@ -211,7 +211,7 @@ public final class SignatureSubpacketsUtil {
|
|||
*
|
||||
* @param expirationDate new expiration date
|
||||
* @param creationDate key creation time
|
||||
* @return life time of the key in seconds
|
||||
* @return lifetime of the key in seconds
|
||||
*/
|
||||
public static long getKeyLifetimeInSeconds(@Nullable Date expirationDate, @Nonnull Date creationDate) {
|
||||
long secondsToExpire = 0; // 0 means "no expiration"
|
||||
|
|
|
@ -47,8 +47,8 @@ public final class DateUtil {
|
|||
|
||||
/**
|
||||
* "Round" a date down to seconds precision.
|
||||
* @param date
|
||||
* @return
|
||||
* @param date date
|
||||
* @return rounded date
|
||||
*/
|
||||
public static Date toSecondsPrecision(Date date) {
|
||||
long seconds = date.getTime() / 1000;
|
||||
|
|
|
@ -26,7 +26,7 @@ public class OnePassSignatureVerificationWithPartialLengthLiteralDataRegressionT
|
|||
* PGPainless versions 0.2.10 - 0.2.18 fail to decrypt this message, due to it failing to parse the signatures trailing
|
||||
* the literal data. The cause for this was not draining the literal data first before trying to parse the sigs.
|
||||
* This is likely caused by the literal data using a partial length encoding scheme, so the PGPObjectFactory did not yet
|
||||
* reach the signatures packet.
|
||||
* reach the signatures packets.
|
||||
*
|
||||
* As a fix, PGPainless now only tries to parse signatures from after the literal data packet, once the literal data
|
||||
* stream gets closed.
|
||||
|
|
|
@ -212,7 +212,7 @@ public class CleartextSignatureVerificationTest {
|
|||
@Test
|
||||
public void getDecoderStreamMistakensPlaintextForBase64RegressionTest()
|
||||
throws PGPException, IOException {
|
||||
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would mistaken this for base64 data
|
||||
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would have mistaken this for base64 data
|
||||
ByteArrayInputStream msgIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||
|
||||
PGPSecretKeyRing secretKey = TestKeys.getEmilSecretKeyRing();
|
||||
|
|
|
@ -83,7 +83,7 @@ public class GenerateKeys {
|
|||
}
|
||||
|
||||
/**
|
||||
* This example demonstrates how to generate a simple OpenPGP key consisting of a 4096 bit RSA key.
|
||||
* This example demonstrates how to generate a simple OpenPGP key consisting of a 4096-bit RSA key.
|
||||
* The RSA key is used for both signing and certifying, as well as encryption.
|
||||
*
|
||||
* This method is recommended if the application has to deal with legacy clients with poor algorithm support.
|
||||
|
@ -107,7 +107,7 @@ public class GenerateKeys {
|
|||
|
||||
/**
|
||||
* This example demonstrates how to generate a simple OpenPGP key based on elliptic curves.
|
||||
* The key consists of an ECDSA primary key that is used both for certification of subkeys, as well as signing of data,
|
||||
* The key consists of an ECDSA primary key that is used both for certification of subkeys, and signing of data,
|
||||
* and a single ECDH encryption subkey.
|
||||
*
|
||||
* This method is recommended if small keys and high performance are desired.
|
||||
|
@ -141,7 +141,7 @@ public class GenerateKeys {
|
|||
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag, KeyFlag...)}
|
||||
* method and providing a {@link KeyType}.
|
||||
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
|
||||
* (such as {@link KeyType#ECDH(EllipticCurve)}. {@link KeyFlag KeyFlags} determine
|
||||
* (such as {@link KeyType#ECDH(EllipticCurve)}). {@link KeyFlag KeyFlags} determine
|
||||
* the use of the key, like encryption, signing data or certifying subkeys.
|
||||
*
|
||||
* If you so desire, you can now specify your own algorithm preferences.
|
||||
|
@ -155,7 +155,7 @@ public class GenerateKeys {
|
|||
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement
|
||||
* for primary keys.
|
||||
*
|
||||
* Furthermore you have to set at least the primary user-id via
|
||||
* Furthermore, you have to set at least the primary user-id via
|
||||
* {@link org.pgpainless.key.generation.KeyRingBuilder#addUserId(String)},
|
||||
* but you can also add additional user-ids.
|
||||
*
|
||||
|
@ -187,11 +187,11 @@ public class GenerateKeys {
|
|||
.addSubkey(KeySpec.getBuilder(
|
||||
// We choose an ECDH key over the brainpoolp256r1 curve
|
||||
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1),
|
||||
// Our key can encrypt both communication data, as well as data at rest
|
||||
// Our key can encrypt both communication data, and data at rest
|
||||
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS
|
||||
)
|
||||
// Optionally: Configure the subkey with custom algorithm preferences
|
||||
// Is is recommended though to go with PGPainless' defaults which can be found in the
|
||||
// It is recommended though to go with PGPainless' defaults which can be found in the
|
||||
// AlgorithmSuite class.
|
||||
.overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
|
||||
.overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
|
||||
|
|
|
@ -26,7 +26,7 @@ import org.pgpainless.util.NotationRegistry;
|
|||
* Note, that PGPainless distinguishes between hash algorithms used in revocation and non-revocation signatures,
|
||||
* and has different policies for those.
|
||||
*
|
||||
* Furthermore PGPainless has policies for symmetric encryption algorithms (both for encrypting and decrypting),
|
||||
* Furthermore, PGPainless has policies for symmetric encryption algorithms (both for encrypting and decrypting),
|
||||
* for public key algorithms and key lengths, as well as compression algorithms.
|
||||
*
|
||||
* The following examples show how these policies can be modified.
|
||||
|
|
|
@ -154,7 +154,7 @@ public class ModifyKeys {
|
|||
* Prerequisites are a {@link SecretKeyRingProtector} that is capable of unlocking the primary key of the existing key,
|
||||
* and a {@link Passphrase} for the new subkey.
|
||||
*
|
||||
* There are two way to add a subkey into an existing key;
|
||||
* There are two ways to add a subkey into an existing key;
|
||||
* Either the subkey gets generated on the fly (see below),
|
||||
* or the subkey already exists. In the latter case, the user has to provide
|
||||
* {@link org.bouncycastle.openpgp.PGPSignatureSubpacketVector PGPSignatureSubpacketVectors} for the binding signature
|
||||
|
|
|
@ -115,7 +115,7 @@ public class DecryptCmdTest {
|
|||
verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
|
||||
verify(decrypt, times(1)).verifyNotAfter(
|
||||
ArgumentMatchers.argThat(argument -> {
|
||||
// allow 1 second difference
|
||||
// allow 1-second difference
|
||||
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
|
||||
}));
|
||||
}
|
||||
|
@ -131,7 +131,7 @@ public class DecryptCmdTest {
|
|||
public void assertVerifyNotAfterAndBeforeNowResultsInMinTimeRange() throws SOPGPException.UnsupportedOption {
|
||||
Date now = new Date();
|
||||
ArgumentMatcher<Date> isMaxOneSecOff = argument -> {
|
||||
// Allow less than 1 second difference
|
||||
// Allow less than 1-second difference
|
||||
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
|
||||
};
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ import sop.exception.SOPGPException;
|
|||
public abstract class ReadyWithResult<T> {
|
||||
|
||||
/**
|
||||
* Write the data eg. decrypted plaintext to the provided output stream and return the result of the
|
||||
* Write the data e.g. decrypted plaintext to the provided output stream and return the result of the
|
||||
* processing operation.
|
||||
*
|
||||
* @param outputStream output stream
|
||||
|
|
|
@ -21,7 +21,7 @@ public class Verification {
|
|||
}
|
||||
|
||||
/**
|
||||
* Return the signatures creation time.
|
||||
* Return the signatures' creation time.
|
||||
*
|
||||
* @return signature creation time
|
||||
*/
|
||||
|
|
Loading…
Reference in a new issue