Apply sub key fix to generated keys

src/main/java/org/pgpainless/pgpainless/key/generation/KeyRingBuilder.java

@@ -52,6 +52,7 @@ import org.pgpainless.pgpainless.key.generation.type.KeyType;
 import org.pgpainless.pgpainless.key.generation.type.RSA_GENERAL;
 import org.pgpainless.pgpainless.key.generation.type.curve.EllipticCurve;
 import org.pgpainless.pgpainless.key.generation.type.length.RsaLength;
+import org.pgpainless.pgpainless.util.KeyRingSubKeyFix;
 import org.pgpainless.pgpainless.util.Passphrase;
 
 public class KeyRingBuilder implements KeyRingBuilderInterface {
@@ -210,6 +211,10 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
 
                 PGPPublicKeyRing publicKeys = ringGenerator.generatePublicKeyRing();
                 PGPSecretKeyRing secretKeys = ringGenerator.generateSecretKeyRing();
+
+                // TODO: Remove once BC 1.61 is released
+                secretKeys = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
+
                 return new PGPKeyRing(publicKeys, secretKeys);
             }
 

src/main/java/org/pgpainless/pgpainless/util/BCUtil.java

@@ -37,6 +37,7 @@ import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
 import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
 import org.bouncycastle.util.io.Streams;
 import org.pgpainless.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.pgpainless.key.selection.key.PublicKeySelectionStrategy;
@@ -61,6 +62,21 @@ public class BCUtil {
         return new PGPSecretKeyRingCollection(Arrays.asList(rings));
     }
 
+    public static PGPPublicKeyRing publicKeyRingFromSecretKeyRing(PGPSecretKeyRing secretKeys)
+            throws PGPException, IOException {
+        PGPSecretKeyRing fixedSecretKeys = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
+
+        ByteArrayOutputStream buffer = new ByteArrayOutputStream(512);
+        for (PGPSecretKey secretKey : fixedSecretKeys) {
+            PGPPublicKey publicKey = secretKey.getPublicKey();
+            if (publicKey != null) {
+                publicKey.encode(buffer, false);
+            }
+        }
+
+        return new PGPPublicKeyRing(buffer.toByteArray(), new BcKeyFingerprintCalculator());
+    }
+
     /*
     PGPXxxKeyRingCollection -> PGPXxxKeyRing
      */

src/main/java/org/pgpainless/pgpainless/util/KeyRingSubKeyFix.java

@@ -60,17 +60,24 @@ public class KeyRingSubKeyFix {
                                                        PBESecretKeyDecryptor decryptor,
                                                        PBESecretKeyEncryptor encryptor)
             throws PGPException {
-        List<PGPSecretKey> _secretKeys = new ArrayList<>();
-        Iterator<PGPSecretKey> secretKeyIterator = secretKeys.iterator();
-        _secretKeys.add(secretKeyIterator.next());
 
         PGPDigestCalculator calculator = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);
 
+        List<PGPSecretKey> _secretKeys = new ArrayList<>();
+        Iterator<PGPSecretKey> secretKeyIterator = secretKeys.iterator();
         try {
 
             while (secretKeyIterator.hasNext()) {
-                PGPSecretKey subKey = secretKeyIterator.next();
-                PGPPublicKey pubSubKey = subKey.getPublicKey();
+                PGPSecretKey key = secretKeyIterator.next();
+
+                if (key.isMasterKey()) {
+                    LOGGER.log(Level.INFO, Long.toHexString(key.getKeyID()) + " is master key. Skip.");
+                    _secretKeys.add(key);
+                    continue;
+                }
+
+                PGPSecretKey secSubKey = key;
+                PGPPublicKey pubSubKey = secSubKey.getPublicKey();
 
                 // check for public key packet type
 
@@ -80,15 +87,16 @@ public class KeyRingSubKeyFix {
 
                 if (keyPacket instanceof PublicSubkeyPacket) {
                     // Sub key is already sub key
+                    _secretKeys.add(secSubKey);
                     continue;
                 }
 
                 // Sub key is normal key -> fix
-                LOGGER.log(Level.INFO, "Subkey " + Long.toHexString(subKey.getKeyID()) + " does not have a subkey key packet. Convert it...");
+                LOGGER.log(Level.INFO, "Subkey " + Long.toHexString(secSubKey.getKeyID()) + " does not have a subkey key packet. Convert it...");
                 keyPacket = new PublicSubkeyPacket(pubSubKey.getAlgorithm(), pubSubKey.getCreationTime(), keyPacket.getKey());
                 publicPk.set(pubSubKey, keyPacket);
 
-                PGPPrivateKey privateKey = subKey.extractPrivateKey(decryptor);
+                PGPPrivateKey privateKey = secSubKey.extractPrivateKey(decryptor);
 
                 PGPSecretKey secretKey = new PGPSecretKey(privateKey, pubSubKey, calculator, false, encryptor);
                 _secretKeys.add(secretKey);

src/test/java/org/pgpainless/pgpainless/KeyRingSubKeyFixTest.java

@@ -17,7 +17,6 @@ package org.pgpainless.pgpainless;
 
 import static junit.framework.TestCase.assertTrue;
 
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
@@ -27,13 +26,11 @@ import java.util.Arrays;
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openpgp.PGPException;
-import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
-import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
-import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
 import org.junit.Test;
 import org.pgpainless.pgpainless.key.collection.PGPKeyRing;
+import org.pgpainless.pgpainless.util.BCUtil;
 import org.pgpainless.pgpainless.util.KeyRingSubKeyFix;
 
 public class KeyRingSubKeyFixTest {
@@ -51,20 +48,11 @@ public class KeyRingSubKeyFixTest {
         PGPPublicKeyRing publicKeys = ring.getPublicKeys();
 
         PGPSecretKeyRing fixed = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
-        PGPPublicKeyRing fixedPub = publicKeyRing(fixed);
+
+        assertTrue(Arrays.equals(secretKeys.getEncoded(), fixed.getEncoded()));
+
+        PGPPublicKeyRing fixedPub = BCUtil.publicKeyRingFromSecretKeyRing(fixed);
 
         assertTrue(Arrays.equals(publicKeys.getEncoded(), fixedPub.getEncoded()));
     }
-
-    private PGPPublicKeyRing publicKeyRing(PGPSecretKeyRing secretKeys) throws IOException {
-        ByteArrayOutputStream buffer = new ByteArrayOutputStream(2048);
-        for (PGPSecretKey s : secretKeys) {
-            PGPPublicKey p = s.getPublicKey();
-            if (p != null) {
-                p.encode(buffer);
-            }
-        }
-
-        return new PGPPublicKeyRing(buffer.toByteArray(), new BcKeyFingerprintCalculator());
-    }
 }