mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-29 15:52:08 +01:00
Fix typos and wording
This commit is contained in:
parent
ce7b69269b
commit
b1bde161b4
40 changed files with 87 additions and 87 deletions
|
@ -6,7 +6,7 @@ SPDX-License-Identifier: CC0-1.0
|
||||||
# PGPainless Changelog
|
# PGPainless Changelog
|
||||||
|
|
||||||
## 1.0.0-rc9
|
## 1.0.0-rc9
|
||||||
- When key has both direct-key sig + primary user-id sig: resolve expiration date to earliest expiration
|
- When key has both direct-key sig + primary user-id sig: resolve expiration date to the earliest expiration
|
||||||
- Add `SecretKeyRingEditor.removeUserId()` convenience methods that do soft-revoke the user-id.
|
- Add `SecretKeyRingEditor.removeUserId()` convenience methods that do soft-revoke the user-id.
|
||||||
- Add `SelectUserId.byEmail()` which also matches the plain email address
|
- Add `SelectUserId.byEmail()` which also matches the plain email address
|
||||||
|
|
||||||
|
@ -110,7 +110,7 @@ SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
## 0.2.16
|
## 0.2.16
|
||||||
- Fix handling of subkey revocation signatures
|
- Fix handling of subkey revocation signatures
|
||||||
- SOP: improve API use with byte arrays
|
- SOP: improve API usage with byte arrays
|
||||||
- Fix `AssertionError` when determining encryption subkeys from set containing unbound key
|
- Fix `AssertionError` when determining encryption subkeys from set containing unbound key
|
||||||
- Add `ConsumerOptions.setMissingKeyPassphraseStrategy(strategy)` to modify behavior when missing key passphrases are encountered during decryption
|
- Add `ConsumerOptions.setMissingKeyPassphraseStrategy(strategy)` to modify behavior when missing key passphrases are encountered during decryption
|
||||||
|
|
||||||
|
|
|
@ -185,7 +185,7 @@ dependencies {
|
||||||
## About
|
## About
|
||||||
PGPainless is a by-product of my [Summer of Code 2018 project](https://blog.jabberhead.tk/summer-of-code-2018/)
|
PGPainless is a by-product of my [Summer of Code 2018 project](https://blog.jabberhead.tk/summer-of-code-2018/)
|
||||||
implementing OpenPGP support for the XMPP client library [Smack](https://github.com/igniterealtime/Smack).
|
implementing OpenPGP support for the XMPP client library [Smack](https://github.com/igniterealtime/Smack).
|
||||||
For that project I was in need of a simple to use OpenPGP library.
|
For that project I was in need of a simple-to-use OpenPGP library.
|
||||||
|
|
||||||
Originally I was going to use [Bouncy-GPG](https://github.com/neuhalje/bouncy-gpg) for my project,
|
Originally I was going to use [Bouncy-GPG](https://github.com/neuhalje/bouncy-gpg) for my project,
|
||||||
but ultimately I decided to create my own OpenPGP library which better fits my needs.
|
but ultimately I decided to create my own OpenPGP library which better fits my needs.
|
||||||
|
|
|
@ -19,7 +19,7 @@ currently being supported with security updates.
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
If you find a security relevant vulnerability inside of PGPainless, please let me know!
|
If you find a security relevant vulnerability inside PGPainless, please let me know!
|
||||||
[Here](https://keyoxide.org/7F9116FEA90A5983936C7CFAA027DB2F3E1E118A) you can find my OpenPGP key to email me confidentially.
|
[Here](https://keyoxide.org/7F9116FEA90A5983936C7CFAA027DB2F3E1E118A) you can find my OpenPGP key to email me confidentially.
|
||||||
|
|
||||||
Valid security issues will be fixed ASAP.
|
Valid security issues will be fixed ASAP.
|
||||||
|
|
|
@ -19,7 +19,7 @@ In short: Communication protected using PGPainless is intended to be private,
|
||||||
users can verify that messages they receive were really send by their communication peer
|
users can verify that messages they receive were really send by their communication peer
|
||||||
and users can verify that messages have not been tampered with.
|
and users can verify that messages have not been tampered with.
|
||||||
|
|
||||||
This is being achieved by preventing a number of typical attacks on the users communication,
|
This is being achieved by preventing a number of typical attacks on the user's communication,
|
||||||
like the attacker introducing an evil subkey to the victims public key, or the attacker creating
|
like the attacker introducing an evil subkey to the victims public key, or the attacker creating
|
||||||
counterfeit signatures to fool the victim.
|
counterfeit signatures to fool the victim.
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@ through a benign client application (like an email app) on a trustworthy device.
|
||||||
|
|
||||||
The attacker can try to feed the application malicious input (like manipulated public key updates,
|
The attacker can try to feed the application malicious input (like manipulated public key updates,
|
||||||
specially crafted PGP message objects etc.) but they cannot access the victims decrypted secret key material as
|
specially crafted PGP message objects etc.) but they cannot access the victims decrypted secret key material as
|
||||||
it is protected by the device (eg. stored in a secure key store).
|
it is protected by the device (e.g. stored in a secure key store).
|
||||||
|
|
||||||
### What doesn't PGPainless Protect Against?
|
### What doesn't PGPainless Protect Against?
|
||||||
|
|
||||||
|
|
|
@ -7,12 +7,12 @@ package org.pgpainless.algorithm;
|
||||||
public enum EncryptionPurpose {
|
public enum EncryptionPurpose {
|
||||||
/**
|
/**
|
||||||
* The stream will encrypt communication that goes over the wire.
|
* The stream will encrypt communication that goes over the wire.
|
||||||
* Eg. EMail, Chat...
|
* E.g. EMail, Chat...
|
||||||
*/
|
*/
|
||||||
COMMUNICATIONS,
|
COMMUNICATIONS,
|
||||||
/**
|
/**
|
||||||
* The stream will encrypt data at rest.
|
* The stream will encrypt data at rest.
|
||||||
* Eg. Encrypted backup...
|
* E.g. Encrypted backup...
|
||||||
*/
|
*/
|
||||||
STORAGE,
|
STORAGE,
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -40,7 +40,7 @@ public enum Feature {
|
||||||
/**
|
/**
|
||||||
* If a key announces this feature, it is a version 5 public key.
|
* If a key announces this feature, it is a version 5 public key.
|
||||||
* The version 5 format is similar to the version 4 format except for the addition of a count for the key material.
|
* The version 5 format is similar to the version 4 format except for the addition of a count for the key material.
|
||||||
* This count helps parsing secret key packets (which are an extension of the public key packet format) in the case
|
* This count helps to parse secret key packets (which are an extension of the public key packet format) in the case
|
||||||
* of an unknown algorithm.
|
* of an unknown algorithm.
|
||||||
* In addition, fingerprints of version 5 keys are calculated differently from version 4 keys.
|
* In addition, fingerprints of version 5 keys are calculated differently from version 4 keys.
|
||||||
*
|
*
|
||||||
|
|
|
@ -124,7 +124,7 @@ public enum PublicKeyAlgorithm {
|
||||||
/**
|
/**
|
||||||
* Return true if this public key algorithm is able to create signatures.
|
* Return true if this public key algorithm is able to create signatures.
|
||||||
*
|
*
|
||||||
* @return true if can sign
|
* @return true if the algorithm can sign
|
||||||
*/
|
*/
|
||||||
public boolean isSigningCapable() {
|
public boolean isSigningCapable() {
|
||||||
return signingCapable;
|
return signingCapable;
|
||||||
|
@ -133,7 +133,7 @@ public enum PublicKeyAlgorithm {
|
||||||
/**
|
/**
|
||||||
* Return true if this public key algorithm can be used as an encryption algorithm.
|
* Return true if this public key algorithm can be used as an encryption algorithm.
|
||||||
*
|
*
|
||||||
* @return true if can encrypt
|
* @return true if the algorithm can encrypt
|
||||||
*/
|
*/
|
||||||
public boolean isEncryptionCapable() {
|
public boolean isEncryptionCapable() {
|
||||||
return encryptionCapable;
|
return encryptionCapable;
|
||||||
|
|
|
@ -63,7 +63,7 @@ public enum SignatureSubpacket {
|
||||||
signatureExpirationTime(EXPIRE_TIME),
|
signatureExpirationTime(EXPIRE_TIME),
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Denotes whether or not the signature is exportable for other users.
|
* Denotes whether the signature is exportable for other users.
|
||||||
*
|
*
|
||||||
* @see <a href="https://tools.ietf.org/html/rfc4880#section-5.2.3.11">Exportable Certification</a>
|
* @see <a href="https://tools.ietf.org/html/rfc4880#section-5.2.3.11">Exportable Certification</a>
|
||||||
*/
|
*/
|
||||||
|
@ -73,7 +73,7 @@ public enum SignatureSubpacket {
|
||||||
* Signer asserts that the key is not only valid but also trustworthy at
|
* Signer asserts that the key is not only valid but also trustworthy at
|
||||||
* the specified level. Level 0 has the same meaning as an ordinary
|
* the specified level. Level 0 has the same meaning as an ordinary
|
||||||
* validity signature. Level 1 means that the signed key is asserted to
|
* validity signature. Level 1 means that the signed key is asserted to
|
||||||
* be a valid trusted introducer, with the 2nd octet of the body
|
* be a valid, trusted introducer, with the 2nd octet of the body
|
||||||
* specifying the degree of trust. Level 2 means that the signed key is
|
* specifying the degree of trust. Level 2 means that the signed key is
|
||||||
* asserted to be trusted to issue level 1 trust signatures, i.e., that
|
* asserted to be trusted to issue level 1 trust signatures, i.e., that
|
||||||
* it is a "meta introducer". Generally, a level n trust signature
|
* it is a "meta introducer". Generally, a level n trust signature
|
||||||
|
@ -128,8 +128,8 @@ public enum SignatureSubpacket {
|
||||||
placeholder(PLACEHOLDER),
|
placeholder(PLACEHOLDER),
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Symmetric algorithm numbers that indicate which algorithms the key
|
* Symmetric algorithm numbers that indicate which algorithms the keyholder
|
||||||
* holder prefers to use. The subpacket body is an ordered list of
|
* prefers to use. The subpackets body is an ordered list of
|
||||||
* octets with the most preferred listed first. It is assumed that only
|
* octets with the most preferred listed first. It is assumed that only
|
||||||
* algorithms listed are supported by the recipient's software.
|
* algorithms listed are supported by the recipient's software.
|
||||||
* This is only found on a self-signature.
|
* This is only found on a self-signature.
|
||||||
|
@ -180,7 +180,7 @@ public enum SignatureSubpacket {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Message digest algorithm numbers that indicate which algorithms the
|
* Message digest algorithm numbers that indicate which algorithms the
|
||||||
* key holder prefers to receive. Like the preferred symmetric
|
* keyholder prefers to receive. Like the preferred symmetric
|
||||||
* algorithms, the list is ordered.
|
* algorithms, the list is ordered.
|
||||||
* This is only found on a self-signature.
|
* This is only found on a self-signature.
|
||||||
*
|
*
|
||||||
|
@ -189,10 +189,10 @@ public enum SignatureSubpacket {
|
||||||
preferredHashAlgorithms(PREFERRED_HASH_ALGS),
|
preferredHashAlgorithms(PREFERRED_HASH_ALGS),
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compression algorithm numbers that indicate which algorithms the key
|
* Compression algorithm numbers that indicate which algorithms the
|
||||||
* holder prefers to use. Like the preferred symmetric algorithms, the
|
* keyholder prefers to use. Like the preferred symmetric algorithms, the
|
||||||
* list is ordered. If this subpacket is not included, ZIP is preferred.
|
* list is ordered. If this subpacket is not included, ZIP is preferred.
|
||||||
* A zero denotes that uncompressed data is preferred; the key holder's
|
* A zero denotes that uncompressed data is preferred; the keyholder's
|
||||||
* software might have no compression software in that implementation.
|
* software might have no compression software in that implementation.
|
||||||
* This is only found on a self-signature.
|
* This is only found on a self-signature.
|
||||||
*
|
*
|
||||||
|
@ -202,7 +202,7 @@ public enum SignatureSubpacket {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This is a list of one-bit flags that indicate preferences that the
|
* This is a list of one-bit flags that indicate preferences that the
|
||||||
* key holder has about how the key is handled on a key server. All
|
* keyholder has about how the key is handled on a key server. All
|
||||||
* undefined flags MUST be zero.
|
* undefined flags MUST be zero.
|
||||||
* This is found only on a self-signature.
|
* This is found only on a self-signature.
|
||||||
*
|
*
|
||||||
|
@ -211,7 +211,7 @@ public enum SignatureSubpacket {
|
||||||
keyServerPreferences(KEY_SERVER_PREFS),
|
keyServerPreferences(KEY_SERVER_PREFS),
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This is a URI of a key server that the key holder prefers be used for
|
* This is a URI of a key server that the keyholder prefers be used for
|
||||||
* updates. Note that keys with multiple User IDs can have a preferred
|
* updates. Note that keys with multiple User IDs can have a preferred
|
||||||
* key server for each User ID. Note also that since this is a URI, the
|
* key server for each User ID. Note also that since this is a URI, the
|
||||||
* key server can actually be a copy of the key retrieved by ftp, http,
|
* key server can actually be a copy of the key retrieved by ftp, http,
|
||||||
|
@ -345,8 +345,8 @@ public enum SignatureSubpacket {
|
||||||
issuerFingerprint(ISSUER_FINGERPRINT),
|
issuerFingerprint(ISSUER_FINGERPRINT),
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* AEAD algorithm numbers that indicate which AEAD algorithms the key
|
* AEAD algorithm numbers that indicate which AEAD algorithms the
|
||||||
* holder prefers to use. The subpacket body is an ordered list of
|
* keyholder prefers to use. The subpackets body is an ordered list of
|
||||||
* octets with the most preferred listed first. It is assumed that only
|
* octets with the most preferred listed first. It is assumed that only
|
||||||
* algorithms listed are supported by the recipient's software.
|
* algorithms listed are supported by the recipient's software.
|
||||||
* This is only found on a self-signature.
|
* This is only found on a self-signature.
|
||||||
|
@ -363,7 +363,7 @@ public enum SignatureSubpacket {
|
||||||
* it SHOULD be considered valid only in an encrypted context, where the
|
* it SHOULD be considered valid only in an encrypted context, where the
|
||||||
* key it was encrypted to is one of the indicated primary keys, or one
|
* key it was encrypted to is one of the indicated primary keys, or one
|
||||||
* of their subkeys. This can be used to prevent forwarding a signature
|
* of their subkeys. This can be used to prevent forwarding a signature
|
||||||
* outside of its intended, encrypted context.
|
* outside its intended, encrypted context.
|
||||||
*
|
*
|
||||||
* Note that the length N of the fingerprint for a version 4 key is 20
|
* Note that the length N of the fingerprint for a version 4 key is 20
|
||||||
* octets; for a version 5 key N is 32.
|
* octets; for a version 5 key N is 32.
|
||||||
|
|
|
@ -34,12 +34,12 @@ public enum SymmetricKeyAlgorithm {
|
||||||
TRIPLE_DES (SymmetricKeyAlgorithmTags.TRIPLE_DES),
|
TRIPLE_DES (SymmetricKeyAlgorithmTags.TRIPLE_DES),
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* CAST5 (128 bit key, as per RFC2144).
|
* CAST5 (128-bit key, as per RFC2144).
|
||||||
*/
|
*/
|
||||||
CAST5 (SymmetricKeyAlgorithmTags.CAST5),
|
CAST5 (SymmetricKeyAlgorithmTags.CAST5),
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Blowfish (128 bit key, 16 rounds).
|
* Blowfish (128-bit key, 16 rounds).
|
||||||
*/
|
*/
|
||||||
BLOWFISH (SymmetricKeyAlgorithmTags.BLOWFISH),
|
BLOWFISH (SymmetricKeyAlgorithmTags.BLOWFISH),
|
||||||
|
|
||||||
|
|
|
@ -87,7 +87,7 @@ public class OpenPgpMetadata {
|
||||||
/**
|
/**
|
||||||
* Return the {@link SubkeyIdentifier} of the key that was used to decrypt the message.
|
* Return the {@link SubkeyIdentifier} of the key that was used to decrypt the message.
|
||||||
* This can be null if the message was decrypted using a {@link org.pgpainless.util.Passphrase}, or if it was not
|
* This can be null if the message was decrypted using a {@link org.pgpainless.util.Passphrase}, or if it was not
|
||||||
* encrypted at all (eg. signed only).
|
* encrypted at all (e.g. signed only).
|
||||||
*
|
*
|
||||||
* @return subkey identifier of decryption key
|
* @return subkey identifier of decryption key
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -80,7 +80,7 @@ public class SignatureVerification {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the verification (tuple of {@link PGPSignature} and corresponding {@link SubkeyIdentifier}
|
* Return the verification (tuple of {@link PGPSignature} and corresponding {@link SubkeyIdentifier})
|
||||||
* of the signing/verification key.
|
* of the signing/verification key.
|
||||||
*
|
*
|
||||||
* @return verification
|
* @return verification
|
||||||
|
|
|
@ -13,7 +13,7 @@ import java.io.OutputStream;
|
||||||
/**
|
/**
|
||||||
* Since the {@link CleartextSignatureProcessor} needs to read the whole data twice in order to verify signatures,
|
* Since the {@link CleartextSignatureProcessor} needs to read the whole data twice in order to verify signatures,
|
||||||
* a strategy for how to cache the read data is required.
|
* a strategy for how to cache the read data is required.
|
||||||
* Otherwise large data kept in memory could cause {@link OutOfMemoryError OutOfMemoryErrors} or other issues.
|
* Otherwise, large data kept in memory could cause {@link OutOfMemoryError OutOfMemoryErrors} or other issues.
|
||||||
*
|
*
|
||||||
* This is an Interface that describes a strategy to deal with the fact that detached signatures require multiple passes
|
* This is an Interface that describes a strategy to deal with the fact that detached signatures require multiple passes
|
||||||
* to do verification.
|
* to do verification.
|
||||||
|
@ -46,7 +46,7 @@ public interface MultiPassStrategy {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Write the message content out to a file and re-read it to verify signatures.
|
* Write the message content out to a file and re-read it to verify signatures.
|
||||||
* This strategy is best suited for larger messages (eg. plaintext signed files) which might not fit into memory.
|
* This strategy is best suited for larger messages (e.g. plaintext signed files) which might not fit into memory.
|
||||||
* After the message has been processed completely, the messages content are available at the provided file.
|
* After the message has been processed completely, the messages content are available at the provided file.
|
||||||
*
|
*
|
||||||
* @param file target file
|
* @param file target file
|
||||||
|
|
|
@ -47,7 +47,7 @@ import org.pgpainless.util.Passphrase;
|
||||||
* by inspecting the provided recipient keys.
|
* by inspecting the provided recipient keys.
|
||||||
*
|
*
|
||||||
* By default, PGPainless will only encrypt to a single encryption capable subkey per recipient key.
|
* By default, PGPainless will only encrypt to a single encryption capable subkey per recipient key.
|
||||||
* This behavior can be changed, eg. by calling
|
* This behavior can be changed, e.g. by calling
|
||||||
* <pre>
|
* <pre>
|
||||||
* {@code
|
* {@code
|
||||||
* opt.addRecipient(aliceKey, EncryptionOptions.encryptToAllCapableSubkeys());
|
* opt.addRecipient(aliceKey, EncryptionOptions.encryptToAllCapableSubkeys());
|
||||||
|
|
|
@ -84,7 +84,7 @@ public final class ProducerOptions {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Specify, whether or not the result of the encryption/signing operation shall be ascii armored.
|
* Specify, whether the result of the encryption/signing operation shall be ascii armored.
|
||||||
* The default value is true.
|
* The default value is true.
|
||||||
*
|
*
|
||||||
* @param asciiArmor ascii armor
|
* @param asciiArmor ascii armor
|
||||||
|
|
|
@ -224,8 +224,8 @@ public final class SigningOptions {
|
||||||
/**
|
/**
|
||||||
* Create a detached signature.
|
* Create a detached signature.
|
||||||
* Detached signatures are not being added into the PGP message itself.
|
* Detached signatures are not being added into the PGP message itself.
|
||||||
* Instead they can be distributed separately to the message.
|
* Instead, they can be distributed separately to the message.
|
||||||
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
|
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
|
||||||
*
|
*
|
||||||
* @param secretKeyDecryptor decryptor to unlock the secret signing key
|
* @param secretKeyDecryptor decryptor to unlock the secret signing key
|
||||||
* @param secretKey signing key
|
* @param secretKey signing key
|
||||||
|
@ -243,8 +243,8 @@ public final class SigningOptions {
|
||||||
/**
|
/**
|
||||||
* Create a detached signature.
|
* Create a detached signature.
|
||||||
* Detached signatures are not being added into the PGP message itself.
|
* Detached signatures are not being added into the PGP message itself.
|
||||||
* Instead they can be distributed separately to the message.
|
* Instead, they can be distributed separately to the message.
|
||||||
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
|
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
|
||||||
*
|
*
|
||||||
* This method uses the passed in user-id to select user-specific hash algorithms.
|
* This method uses the passed in user-id to select user-specific hash algorithms.
|
||||||
*
|
*
|
||||||
|
@ -266,8 +266,8 @@ public final class SigningOptions {
|
||||||
/**
|
/**
|
||||||
* Create a detached signature.
|
* Create a detached signature.
|
||||||
* Detached signatures are not being added into the PGP message itself.
|
* Detached signatures are not being added into the PGP message itself.
|
||||||
* Instead they can be distributed separately to the message.
|
* Instead, they can be distributed separately to the message.
|
||||||
* Detached signatures are useful if the data that is being signed shall not be modified (eg. when signing a file).
|
* Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
|
||||||
*
|
*
|
||||||
* This method uses the passed in user-id to select user-specific hash algorithms.
|
* This method uses the passed in user-id to select user-specific hash algorithms.
|
||||||
*
|
*
|
||||||
|
|
|
@ -70,7 +70,7 @@ public interface KeyType {
|
||||||
* Return true if the key that is generated from this type is able to carry the AUTHENTICATION key flag.
|
* Return true if the key that is generated from this type is able to carry the AUTHENTICATION key flag.
|
||||||
* See {@link org.pgpainless.algorithm.KeyFlag#AUTHENTICATION}.
|
* See {@link org.pgpainless.algorithm.KeyFlag#AUTHENTICATION}.
|
||||||
*
|
*
|
||||||
* @return true if the key is able to be used for authentication purposes.
|
* @return true if the key can be used for authentication purposes.
|
||||||
*/
|
*/
|
||||||
default boolean canAuthenticate() {
|
default boolean canAuthenticate() {
|
||||||
return canSign();
|
return canSign();
|
||||||
|
|
|
@ -64,7 +64,7 @@ public abstract class KeyAccessor {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Address the key via a user-id (eg "Alice <alice@wonderland.lit>).
|
* Address the key via a user-id (e.g. "Alice <alice@wonderland.lit>").
|
||||||
* In this case we are sourcing preferred algorithms from the user-id certification first.
|
* In this case we are sourcing preferred algorithms from the user-id certification first.
|
||||||
*/
|
*/
|
||||||
public static class ViaUserId extends KeyAccessor {
|
public static class ViaUserId extends KeyAccessor {
|
||||||
|
|
|
@ -490,7 +490,7 @@ public class KeyRingInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the a list of {@link KeyFlag KeyFlags} that apply to the subkey with the provided key id.
|
* Return a list of {@link KeyFlag KeyFlags} that apply to the subkey with the provided key id.
|
||||||
* @param keyId key-id
|
* @param keyId key-id
|
||||||
* @return list of key flags
|
* @return list of key flags
|
||||||
*/
|
*/
|
||||||
|
@ -734,11 +734,11 @@ public class KeyRingInfo {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the latest date on which the key ring is still usable for the given key flag.
|
* Return the latest date on which the key ring is still usable for the given key flag.
|
||||||
* If a only a subkey is carrying the required flag and the primary key expires earlier than the subkey,
|
* If only a subkey is carrying the required flag and the primary key expires earlier than the subkey,
|
||||||
* the expiry date of the primary key is returned.
|
* the expiry date of the primary key is returned.
|
||||||
*
|
*
|
||||||
* This method might return null, if the primary key and a subkey with the required flag does not expire.
|
* This method might return null, if the primary key and a subkey with the required flag does not expire.
|
||||||
* @param use key flag representing the use case, eg. {@link KeyFlag#SIGN_DATA} or
|
* @param use key flag representing the use case, e.g. {@link KeyFlag#SIGN_DATA} or
|
||||||
* {@link KeyFlag#ENCRYPT_COMMS}/{@link KeyFlag#ENCRYPT_STORAGE}.
|
* {@link KeyFlag#ENCRYPT_COMMS}/{@link KeyFlag#ENCRYPT_STORAGE}.
|
||||||
* @return latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.
|
* @return latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -175,7 +175,7 @@ public interface SecretKeyRingEditorInterface {
|
||||||
/**
|
/**
|
||||||
* Revoke the key ring.
|
* Revoke the key ring.
|
||||||
* You can use the {@link RevocationSignatureSubpackets.Callback} to modify the revocation signatures
|
* You can use the {@link RevocationSignatureSubpackets.Callback} to modify the revocation signatures
|
||||||
* subpackets, eg. in order to define whether this is a hard or soft revocation.
|
* subpackets, e.g. in order to define whether this is a hard or soft revocation.
|
||||||
*
|
*
|
||||||
* @param secretKeyRingProtector protector to unlock the primary secret key
|
* @param secretKeyRingProtector protector to unlock the primary secret key
|
||||||
* @param subpacketsCallback callback to modify the revocations subpackets
|
* @param subpacketsCallback callback to modify the revocations subpackets
|
||||||
|
@ -192,7 +192,7 @@ public interface SecretKeyRingEditorInterface {
|
||||||
*
|
*
|
||||||
* Note: This method will hard-revoke the provided subkey, meaning it cannot be re-certified at a later point.
|
* Note: This method will hard-revoke the provided subkey, meaning it cannot be re-certified at a later point.
|
||||||
* If you instead want to temporarily "deactivate" the subkey, provide a soft revocation reason,
|
* If you instead want to temporarily "deactivate" the subkey, provide a soft revocation reason,
|
||||||
* eg. by calling {@link #revokeSubKey(OpenPgpFingerprint, SecretKeyRingProtector, RevocationAttributes)}
|
* e.g. by calling {@link #revokeSubKey(OpenPgpFingerprint, SecretKeyRingProtector, RevocationAttributes)}
|
||||||
* and provide a suitable {@link RevocationAttributes} object.
|
* and provide a suitable {@link RevocationAttributes} object.
|
||||||
*
|
*
|
||||||
* @param fingerprint fingerprint of the subkey to be revoked
|
* @param fingerprint fingerprint of the subkey to be revoked
|
||||||
|
|
|
@ -90,7 +90,7 @@ public class CachingSecretKeyRingProtector implements SecretKeyRingProtector, Se
|
||||||
* This is to prevent accidental passphrase override when dealing with multiple key rings containing
|
* This is to prevent accidental passphrase override when dealing with multiple key rings containing
|
||||||
* keys with conflicting key-ids.
|
* keys with conflicting key-ids.
|
||||||
*
|
*
|
||||||
* If you can ensure that there will be no key-id clashes and you want to replace the passphrases for the key ring,
|
* If you can ensure that there will be no key-id clashes, and you want to replace the passphrases for the key ring,
|
||||||
* use {@link #replacePassphrase(PGPKeyRing, Passphrase)} instead.
|
* use {@link #replacePassphrase(PGPKeyRing, Passphrase)} instead.
|
||||||
*
|
*
|
||||||
* If you need to unlock multiple {@link PGPKeyRing PGPKeyRings}, it is advised to use a separate
|
* If you need to unlock multiple {@link PGPKeyRing PGPKeyRings}, it is advised to use a separate
|
||||||
|
|
|
@ -116,7 +116,7 @@ public interface SecretKeyRingProtector {
|
||||||
* This protector will only return a non-null encryptor/decryptor based on the provided passphrase if
|
* This protector will only return a non-null encryptor/decryptor based on the provided passphrase if
|
||||||
* {@link #getEncryptor(Long)}/{@link #getDecryptor(Long)} is getting called with the key-id of the provided key.
|
* {@link #getEncryptor(Long)}/{@link #getDecryptor(Long)} is getting called with the key-id of the provided key.
|
||||||
*
|
*
|
||||||
* Otherwise this protector will always return null.
|
* Otherwise, this protector will always return null.
|
||||||
*
|
*
|
||||||
* @param passphrase passphrase
|
* @param passphrase passphrase
|
||||||
* @param key key to lock/unlock
|
* @param key key to lock/unlock
|
||||||
|
@ -137,7 +137,7 @@ public interface SecretKeyRingProtector {
|
||||||
*
|
*
|
||||||
* As a consequence, this protector can only "unlock" keys which are not protected using a passphrase, and it will
|
* As a consequence, this protector can only "unlock" keys which are not protected using a passphrase, and it will
|
||||||
* leave keys unprotected, should it be used to "protect" a key
|
* leave keys unprotected, should it be used to "protect" a key
|
||||||
* (eg. in {@link org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor#changePassphraseFromOldPassphrase(Passphrase)}).
|
* (e.g. in {@link org.pgpainless.key.modification.secretkeyring.SecretKeyRingEditor#changePassphraseFromOldPassphrase(Passphrase)}).
|
||||||
*
|
*
|
||||||
* @return protector
|
* @return protector
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -135,7 +135,7 @@ public final class KeyRingUtils {
|
||||||
* @param protector protector to unlock the secret key
|
* @param protector protector to unlock the secret key
|
||||||
* @return private key
|
* @return private key
|
||||||
*
|
*
|
||||||
* @throws PGPException if something goes wrong (eg. wrong passphrase)
|
* @throws PGPException if something goes wrong (e.g. wrong passphrase)
|
||||||
*/
|
*/
|
||||||
public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector) throws PGPException {
|
public static PGPPrivateKey unlockSecretKey(PGPSecretKey secretKey, SecretKeyRingProtector protector) throws PGPException {
|
||||||
return UnlockSecretKey.unlockSecretKey(secretKey, protector);
|
return UnlockSecretKey.unlockSecretKey(secretKey, protector);
|
||||||
|
|
|
@ -157,7 +157,7 @@ public final class RevocationAttributes {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Build a {@link RevocationAttributes} object suitable for certification (eg. user-id) revocations.
|
* Build a {@link RevocationAttributes} object suitable for certification (e.g. user-id) revocations.
|
||||||
*
|
*
|
||||||
* @return builder
|
* @return builder
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -304,7 +304,7 @@ public final class Policy {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return true if the the given hash algorithm is acceptable by this policy.
|
* Return true if the given hash algorithm is acceptable by this policy.
|
||||||
*
|
*
|
||||||
* @param algorithmId hash algorithm
|
* @param algorithmId hash algorithm
|
||||||
* @return true if the hash algorithm is acceptable, false otherwise
|
* @return true if the hash algorithm is acceptable, false otherwise
|
||||||
|
|
|
@ -76,7 +76,7 @@ public final class SignatureUtils {
|
||||||
/**
|
/**
|
||||||
* Return a content signer builder for the passed public key.
|
* Return a content signer builder for the passed public key.
|
||||||
*
|
*
|
||||||
* The content signer will use a hash algorithm derived from the keys algorithm preferences.
|
* The content signer will use a hash algorithm derived from the keys' algorithm preferences.
|
||||||
* If no preferences can be derived, the key will fall back to the default hash algorithm as set in
|
* If no preferences can be derived, the key will fall back to the default hash algorithm as set in
|
||||||
* the {@link org.pgpainless.policy.Policy}.
|
* the {@link org.pgpainless.policy.Policy}.
|
||||||
*
|
*
|
||||||
|
@ -123,7 +123,7 @@ public final class SignatureUtils {
|
||||||
/**
|
/**
|
||||||
* Return a new date which represents the given date plus the given amount of seconds added.
|
* Return a new date which represents the given date plus the given amount of seconds added.
|
||||||
*
|
*
|
||||||
* Since '0' is a special value in the OpenPGP specification when it comes to dates
|
* Since '0' is a special date value in the OpenPGP specification
|
||||||
* (e.g. '0' means no expiration for expiration dates), this method will return 'null' if seconds is 0.
|
* (e.g. '0' means no expiration for expiration dates), this method will return 'null' if seconds is 0.
|
||||||
*
|
*
|
||||||
* @param date date
|
* @param date date
|
||||||
|
@ -271,7 +271,7 @@ public final class SignatureUtils {
|
||||||
* This method first inspects the {@link IssuerKeyID} subpacket of the signature and returns the key-id if present.
|
* This method first inspects the {@link IssuerKeyID} subpacket of the signature and returns the key-id if present.
|
||||||
* If not, it inspects the {@link org.bouncycastle.bcpg.sig.IssuerFingerprint} packet and retrieves the key-id from the fingerprint.
|
* If not, it inspects the {@link org.bouncycastle.bcpg.sig.IssuerFingerprint} packet and retrieves the key-id from the fingerprint.
|
||||||
*
|
*
|
||||||
* Otherwise it returns 0.
|
* Otherwise, it returns 0.
|
||||||
* @param signature signature
|
* @param signature signature
|
||||||
* @return signatures issuing key id
|
* @return signatures issuing key id
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -11,7 +11,7 @@ import org.pgpainless.key.SubkeyIdentifier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tuple-class which bundles together a signature, the signing key that created the signature,
|
* Tuple-class which bundles together a signature, the signing key that created the signature,
|
||||||
* an identifier of the signing key and a record of whether or not the signature was verified.
|
* an identifier of the signing key and a record of whether the signature was verified.
|
||||||
*/
|
*/
|
||||||
public class DetachedSignatureCheck {
|
public class DetachedSignatureCheck {
|
||||||
private final PGPSignature signature;
|
private final PGPSignature signature;
|
||||||
|
|
|
@ -14,7 +14,7 @@ therefore let me quickly outline some of its challenges for you:
|
||||||
|
|
||||||
A signature is either valid or it is not.
|
A signature is either valid or it is not.
|
||||||
However, signature validity goes beyond merely checking the cryptographic correctness like BouncyCastle does.
|
However, signature validity goes beyond merely checking the cryptographic correctness like BouncyCastle does.
|
||||||
A signature that is correct can still be invalid, eg. if it is past its expiry date
|
A signature that is correct can still be invalid, e.g. if it is past its expiry date
|
||||||
or the key that issued the signature got revoked or is simply not a signing key in the first place.
|
or the key that issued the signature got revoked or is simply not a signing key in the first place.
|
||||||
|
|
||||||
All the little criteria like "is not expired", "has a hashed signature creation time subpacket",
|
All the little criteria like "is not expired", "has a hashed signature creation time subpacket",
|
||||||
|
|
|
@ -38,7 +38,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validation date most recent valid key revocation signature.
|
* Pick the at validation date most recent valid key revocation signature.
|
||||||
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
||||||
* validationDate or if it is already expired.
|
* validationDate or if it is already expired.
|
||||||
*
|
*
|
||||||
|
@ -65,7 +65,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate most recent, valid direct key signature.
|
* Pick the at validationDate most recent, valid direct key signature.
|
||||||
* This method might return null, if there is no direct key self-signature which is valid at validationDate.
|
* This method might return null, if there is no direct key self-signature which is valid at validationDate.
|
||||||
*
|
*
|
||||||
* @param keyRing key ring
|
* @param keyRing key ring
|
||||||
|
@ -78,7 +78,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate, latest, valid direct key signature made by signingKey on signedKey.
|
* Pick the at validationDate, latest, valid direct key signature made by signingKey on signedKey.
|
||||||
* This method might return null, if there is no direct key self signature which is valid at validationDate.
|
* This method might return null, if there is no direct key self signature which is valid at validationDate.
|
||||||
*
|
*
|
||||||
* @param signingKey key that created the signature
|
* @param signingKey key that created the signature
|
||||||
|
@ -104,7 +104,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate, latest direct key signature.
|
* Pick the at validationDate latest direct key signature.
|
||||||
* This method might return an expired signature.
|
* This method might return an expired signature.
|
||||||
* If there are more than one direct-key signature, and some of those are not expired, the latest non-expired
|
* If there are more than one direct-key signature, and some of those are not expired, the latest non-expired
|
||||||
* yet already effective direct-key signature will be returned.
|
* yet already effective direct-key signature will be returned.
|
||||||
|
@ -119,7 +119,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate, latest direct key signature made by signingKey on signedKey.
|
* Pick the at validationDate latest direct key signature made by signingKey on signedKey.
|
||||||
* This method might return an expired signature.
|
* This method might return an expired signature.
|
||||||
* If a non-expired direct-key signature exists, the latest non-expired yet already effective direct-key
|
* If a non-expired direct-key signature exists, the latest non-expired yet already effective direct-key
|
||||||
* signature will be returned.
|
* signature will be returned.
|
||||||
|
@ -154,7 +154,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate most recent, valid user-id revocation signature.
|
* Pick the at validationDate most recent, valid user-id revocation signature.
|
||||||
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
||||||
* validationDate or if it is already expired.
|
* validationDate or if it is already expired.
|
||||||
*
|
*
|
||||||
|
@ -182,7 +182,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate latest, valid certification self-signature for the given user-id.
|
* Pick the at validationDate latest, valid certification self-signature for the given user-id.
|
||||||
* This method might return null, if there is no certification self signature for that user-id which is valid
|
* This method might return null, if there is no certification self signature for that user-id which is valid
|
||||||
* at validationDate.
|
* at validationDate.
|
||||||
*
|
*
|
||||||
|
@ -213,7 +213,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate latest certification self-signature for the given user-id.
|
* Pick the at validationDate latest certification self-signature for the given user-id.
|
||||||
* This method might return an expired signature.
|
* This method might return an expired signature.
|
||||||
* If a non-expired user-id certification signature exists, the latest non-expired yet already effective
|
* If a non-expired user-id certification signature exists, the latest non-expired yet already effective
|
||||||
* user-id certification signature for the given user-id will be returned.
|
* user-id certification signature for the given user-id will be returned.
|
||||||
|
@ -250,7 +250,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate most recent, valid subkey revocation signature.
|
* Pick the at validationDate most recent, valid subkey revocation signature.
|
||||||
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
* If there are hard revocation signatures, the latest hard revocation sig is picked, even if it was created after
|
||||||
* validationDate or if it is already expired.
|
* validationDate or if it is already expired.
|
||||||
*
|
*
|
||||||
|
@ -282,7 +282,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate latest, valid subkey binding signature for the given subkey.
|
* Pick the at validationDate latest, valid subkey binding signature for the given subkey.
|
||||||
* This method might return null, if there is no subkey binding signature which is valid
|
* This method might return null, if there is no subkey binding signature which is valid
|
||||||
* at validationDate.
|
* at validationDate.
|
||||||
*
|
*
|
||||||
|
@ -314,7 +314,7 @@ public final class SignaturePicker {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pick the, at validationDate latest subkey binding signature for the given subkey.
|
* Pick the at validationDate latest subkey binding signature for the given subkey.
|
||||||
* This method might return an expired signature.
|
* This method might return an expired signature.
|
||||||
* If a non-expired subkey binding signature exists, the latest non-expired yet already effective
|
* If a non-expired subkey binding signature exists, the latest non-expired yet already effective
|
||||||
* subkey binding signature for the given subkey will be returned.
|
* subkey binding signature for the given subkey will be returned.
|
||||||
|
|
|
@ -21,7 +21,7 @@ public class SignatureValidityComparator implements Comparator<PGPSignature> {
|
||||||
private final SignatureCreationDateComparator creationDateComparator;
|
private final SignatureCreationDateComparator creationDateComparator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new {@link SignatureValidityComparator} which orders signatures oldest first.
|
* Create a new {@link SignatureValidityComparator} which orders signatures the oldest first.
|
||||||
* Still, hard revocations will come first.
|
* Still, hard revocations will come first.
|
||||||
*/
|
*/
|
||||||
public SignatureValidityComparator() {
|
public SignatureValidityComparator() {
|
||||||
|
|
|
@ -12,7 +12,7 @@ import org.bouncycastle.bcpg.SignatureSubpacketTags;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Utility class that helps dealing with BCs SignatureSubpacketGenerator class.
|
* Utility class that helps to deal with BCs SignatureSubpacketGenerator class.
|
||||||
*/
|
*/
|
||||||
public final class SignatureSubpacketGeneratorUtil {
|
public final class SignatureSubpacketGeneratorUtil {
|
||||||
|
|
||||||
|
|
|
@ -158,7 +158,7 @@ public final class SignatureSubpacketsUtil {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the signatures expiration time as a date.
|
* Return the signatures' expiration time as a date.
|
||||||
* The expiration date is computed by adding the expiration time to the signature creation date.
|
* The expiration date is computed by adding the expiration time to the signature creation date.
|
||||||
* If the signature has no expiration time subpacket, or the expiration time is set to '0', this message returns null.
|
* If the signature has no expiration time subpacket, or the expiration time is set to '0', this message returns null.
|
||||||
*
|
*
|
||||||
|
@ -211,7 +211,7 @@ public final class SignatureSubpacketsUtil {
|
||||||
*
|
*
|
||||||
* @param expirationDate new expiration date
|
* @param expirationDate new expiration date
|
||||||
* @param creationDate key creation time
|
* @param creationDate key creation time
|
||||||
* @return life time of the key in seconds
|
* @return lifetime of the key in seconds
|
||||||
*/
|
*/
|
||||||
public static long getKeyLifetimeInSeconds(@Nullable Date expirationDate, @Nonnull Date creationDate) {
|
public static long getKeyLifetimeInSeconds(@Nullable Date expirationDate, @Nonnull Date creationDate) {
|
||||||
long secondsToExpire = 0; // 0 means "no expiration"
|
long secondsToExpire = 0; // 0 means "no expiration"
|
||||||
|
|
|
@ -47,8 +47,8 @@ public final class DateUtil {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* "Round" a date down to seconds precision.
|
* "Round" a date down to seconds precision.
|
||||||
* @param date
|
* @param date date
|
||||||
* @return
|
* @return rounded date
|
||||||
*/
|
*/
|
||||||
public static Date toSecondsPrecision(Date date) {
|
public static Date toSecondsPrecision(Date date) {
|
||||||
long seconds = date.getTime() / 1000;
|
long seconds = date.getTime() / 1000;
|
||||||
|
|
|
@ -26,7 +26,7 @@ public class OnePassSignatureVerificationWithPartialLengthLiteralDataRegressionT
|
||||||
* PGPainless versions 0.2.10 - 0.2.18 fail to decrypt this message, due to it failing to parse the signatures trailing
|
* PGPainless versions 0.2.10 - 0.2.18 fail to decrypt this message, due to it failing to parse the signatures trailing
|
||||||
* the literal data. The cause for this was not draining the literal data first before trying to parse the sigs.
|
* the literal data. The cause for this was not draining the literal data first before trying to parse the sigs.
|
||||||
* This is likely caused by the literal data using a partial length encoding scheme, so the PGPObjectFactory did not yet
|
* This is likely caused by the literal data using a partial length encoding scheme, so the PGPObjectFactory did not yet
|
||||||
* reach the signatures packet.
|
* reach the signatures packets.
|
||||||
*
|
*
|
||||||
* As a fix, PGPainless now only tries to parse signatures from after the literal data packet, once the literal data
|
* As a fix, PGPainless now only tries to parse signatures from after the literal data packet, once the literal data
|
||||||
* stream gets closed.
|
* stream gets closed.
|
||||||
|
|
|
@ -212,7 +212,7 @@ public class CleartextSignatureVerificationTest {
|
||||||
@Test
|
@Test
|
||||||
public void getDecoderStreamMistakensPlaintextForBase64RegressionTest()
|
public void getDecoderStreamMistakensPlaintextForBase64RegressionTest()
|
||||||
throws PGPException, IOException {
|
throws PGPException, IOException {
|
||||||
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would mistaken this for base64 data
|
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would have mistaken this for base64 data
|
||||||
ByteArrayInputStream msgIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
ByteArrayInputStream msgIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
||||||
|
|
||||||
PGPSecretKeyRing secretKey = TestKeys.getEmilSecretKeyRing();
|
PGPSecretKeyRing secretKey = TestKeys.getEmilSecretKeyRing();
|
||||||
|
|
|
@ -83,7 +83,7 @@ public class GenerateKeys {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This example demonstrates how to generate a simple OpenPGP key consisting of a 4096 bit RSA key.
|
* This example demonstrates how to generate a simple OpenPGP key consisting of a 4096-bit RSA key.
|
||||||
* The RSA key is used for both signing and certifying, as well as encryption.
|
* The RSA key is used for both signing and certifying, as well as encryption.
|
||||||
*
|
*
|
||||||
* This method is recommended if the application has to deal with legacy clients with poor algorithm support.
|
* This method is recommended if the application has to deal with legacy clients with poor algorithm support.
|
||||||
|
@ -107,7 +107,7 @@ public class GenerateKeys {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This example demonstrates how to generate a simple OpenPGP key based on elliptic curves.
|
* This example demonstrates how to generate a simple OpenPGP key based on elliptic curves.
|
||||||
* The key consists of an ECDSA primary key that is used both for certification of subkeys, as well as signing of data,
|
* The key consists of an ECDSA primary key that is used both for certification of subkeys, and signing of data,
|
||||||
* and a single ECDH encryption subkey.
|
* and a single ECDH encryption subkey.
|
||||||
*
|
*
|
||||||
* This method is recommended if small keys and high performance are desired.
|
* This method is recommended if small keys and high performance are desired.
|
||||||
|
@ -141,7 +141,7 @@ public class GenerateKeys {
|
||||||
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag, KeyFlag...)}
|
* {@link KeySpec} objects can best be obtained by using the {@link KeySpec#getBuilder(KeyType, KeyFlag, KeyFlag...)}
|
||||||
* method and providing a {@link KeyType}.
|
* method and providing a {@link KeyType}.
|
||||||
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
|
* There are a bunch of factory methods for different {@link KeyType} implementations present in {@link KeyType} itself
|
||||||
* (such as {@link KeyType#ECDH(EllipticCurve)}. {@link KeyFlag KeyFlags} determine
|
* (such as {@link KeyType#ECDH(EllipticCurve)}). {@link KeyFlag KeyFlags} determine
|
||||||
* the use of the key, like encryption, signing data or certifying subkeys.
|
* the use of the key, like encryption, signing data or certifying subkeys.
|
||||||
*
|
*
|
||||||
* If you so desire, you can now specify your own algorithm preferences.
|
* If you so desire, you can now specify your own algorithm preferences.
|
||||||
|
@ -155,7 +155,7 @@ public class GenerateKeys {
|
||||||
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement
|
* make sure that the primary key spec has the {@link KeyFlag} {@link KeyFlag#CERTIFY_OTHER} set, as this is a requirement
|
||||||
* for primary keys.
|
* for primary keys.
|
||||||
*
|
*
|
||||||
* Furthermore you have to set at least the primary user-id via
|
* Furthermore, you have to set at least the primary user-id via
|
||||||
* {@link org.pgpainless.key.generation.KeyRingBuilder#addUserId(String)},
|
* {@link org.pgpainless.key.generation.KeyRingBuilder#addUserId(String)},
|
||||||
* but you can also add additional user-ids.
|
* but you can also add additional user-ids.
|
||||||
*
|
*
|
||||||
|
@ -187,11 +187,11 @@ public class GenerateKeys {
|
||||||
.addSubkey(KeySpec.getBuilder(
|
.addSubkey(KeySpec.getBuilder(
|
||||||
// We choose an ECDH key over the brainpoolp256r1 curve
|
// We choose an ECDH key over the brainpoolp256r1 curve
|
||||||
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1),
|
KeyType.ECDH(EllipticCurve._BRAINPOOLP256R1),
|
||||||
// Our key can encrypt both communication data, as well as data at rest
|
// Our key can encrypt both communication data, and data at rest
|
||||||
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS
|
KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS
|
||||||
)
|
)
|
||||||
// Optionally: Configure the subkey with custom algorithm preferences
|
// Optionally: Configure the subkey with custom algorithm preferences
|
||||||
// Is is recommended though to go with PGPainless' defaults which can be found in the
|
// It is recommended though to go with PGPainless' defaults which can be found in the
|
||||||
// AlgorithmSuite class.
|
// AlgorithmSuite class.
|
||||||
.overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
|
.overridePreferredSymmetricKeyAlgorithms(SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192, SymmetricKeyAlgorithm.AES_128)
|
||||||
.overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
|
.overridePreferredHashAlgorithms(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256)
|
||||||
|
|
|
@ -26,7 +26,7 @@ import org.pgpainless.util.NotationRegistry;
|
||||||
* Note, that PGPainless distinguishes between hash algorithms used in revocation and non-revocation signatures,
|
* Note, that PGPainless distinguishes between hash algorithms used in revocation and non-revocation signatures,
|
||||||
* and has different policies for those.
|
* and has different policies for those.
|
||||||
*
|
*
|
||||||
* Furthermore PGPainless has policies for symmetric encryption algorithms (both for encrypting and decrypting),
|
* Furthermore, PGPainless has policies for symmetric encryption algorithms (both for encrypting and decrypting),
|
||||||
* for public key algorithms and key lengths, as well as compression algorithms.
|
* for public key algorithms and key lengths, as well as compression algorithms.
|
||||||
*
|
*
|
||||||
* The following examples show how these policies can be modified.
|
* The following examples show how these policies can be modified.
|
||||||
|
|
|
@ -154,7 +154,7 @@ public class ModifyKeys {
|
||||||
* Prerequisites are a {@link SecretKeyRingProtector} that is capable of unlocking the primary key of the existing key,
|
* Prerequisites are a {@link SecretKeyRingProtector} that is capable of unlocking the primary key of the existing key,
|
||||||
* and a {@link Passphrase} for the new subkey.
|
* and a {@link Passphrase} for the new subkey.
|
||||||
*
|
*
|
||||||
* There are two way to add a subkey into an existing key;
|
* There are two ways to add a subkey into an existing key;
|
||||||
* Either the subkey gets generated on the fly (see below),
|
* Either the subkey gets generated on the fly (see below),
|
||||||
* or the subkey already exists. In the latter case, the user has to provide
|
* or the subkey already exists. In the latter case, the user has to provide
|
||||||
* {@link org.bouncycastle.openpgp.PGPSignatureSubpacketVector PGPSignatureSubpacketVectors} for the binding signature
|
* {@link org.bouncycastle.openpgp.PGPSignatureSubpacketVector PGPSignatureSubpacketVectors} for the binding signature
|
||||||
|
|
|
@ -115,7 +115,7 @@ public class DecryptCmdTest {
|
||||||
verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
|
verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
|
||||||
verify(decrypt, times(1)).verifyNotAfter(
|
verify(decrypt, times(1)).verifyNotAfter(
|
||||||
ArgumentMatchers.argThat(argument -> {
|
ArgumentMatchers.argThat(argument -> {
|
||||||
// allow 1 second difference
|
// allow 1-second difference
|
||||||
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
|
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
@ -131,7 +131,7 @@ public class DecryptCmdTest {
|
||||||
public void assertVerifyNotAfterAndBeforeNowResultsInMinTimeRange() throws SOPGPException.UnsupportedOption {
|
public void assertVerifyNotAfterAndBeforeNowResultsInMinTimeRange() throws SOPGPException.UnsupportedOption {
|
||||||
Date now = new Date();
|
Date now = new Date();
|
||||||
ArgumentMatcher<Date> isMaxOneSecOff = argument -> {
|
ArgumentMatcher<Date> isMaxOneSecOff = argument -> {
|
||||||
// Allow less than 1 second difference
|
// Allow less than 1-second difference
|
||||||
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
|
return Math.abs(now.getTime() - argument.getTime()) <= 1000;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ import sop.exception.SOPGPException;
|
||||||
public abstract class ReadyWithResult<T> {
|
public abstract class ReadyWithResult<T> {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Write the data eg. decrypted plaintext to the provided output stream and return the result of the
|
* Write the data e.g. decrypted plaintext to the provided output stream and return the result of the
|
||||||
* processing operation.
|
* processing operation.
|
||||||
*
|
*
|
||||||
* @param outputStream output stream
|
* @param outputStream output stream
|
||||||
|
|
|
@ -21,7 +21,7 @@ public class Verification {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the signatures creation time.
|
* Return the signatures' creation time.
|
||||||
*
|
*
|
||||||
* @return signature creation time
|
* @return signature creation time
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in a new issue