PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add documentation for KeyRingUtils.removeSecretKey()

This commit is contained in:
Paul Schaub 2022-03-22 12:49:30 +01:00
parent b1eb33eb2c
commit b5ccb23a62
Signed by: vanitasvitae
GPG Key ID: 62BEE9264BF17311
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pgpainless-core/src/main/java/org/pgpainless/key/util/KeyRingUtils.java
View File

@ -292,17 +292,34 @@ public final class KeyRingUtils {
return newSecretKey;
}
/**
* Remove the secret key of the subkey identified by the given secret key id from the key ring.
* The public part stays attached to the key ring, so that it can still be used for encryption / verification of signatures.
*
* This method is intended to be used to remove secret primary keys from live keys when those are kept in offline storage.
*
* @param secretKeys secret key ring
* @param secretKeyId id of the secret key to remove
* @return secret key ring with removed secret key
*
* @throws IOException
* @throws PGPException
*/
public static PGPSecretKeyRing removeSecretKey(PGPSecretKeyRing secretKeys, long secretKeyId)
throws IOException, PGPException {
if (secretKeys.getSecretKey(secretKeyId) == null) {
throw new NoSuchElementException("PGPSecretKeyRing does not contain secret key " + Long.toHexString(secretKeyId));
}
// Since BCs constructors for secret key rings are mostly private, we need to encode the key ring how we want it
// and then parse it again.
ByteArrayOutputStream encoded = new ByteArrayOutputStream();
for (PGPSecretKey secretKey : secretKeys) {
if (secretKey.getKeyID() == secretKeyId) {
// only encode the public part of the target key
secretKey.getPublicKey().encode(encoded);
} else {
// otherwise, encode secret + public key
secretKey.encode(encoded);
}
}
@ -310,6 +327,7 @@ public final class KeyRingUtils {
PGPPublicKey extra = it.next();
extra.encode(encoded);
}
// Parse the key back into an object
return new PGPSecretKeyRing(encoded.toByteArray(), ImplementationFactory.getInstance().getKeyFingerprintCalculator());
}
}