mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 22:32:07 +01:00
Apply sub key fix to generated keys
This commit is contained in:
parent
a7aec9edeb
commit
dd458e7da7
4 changed files with 41 additions and 24 deletions
|
@ -52,6 +52,7 @@ import org.pgpainless.pgpainless.key.generation.type.KeyType;
|
|||
import org.pgpainless.pgpainless.key.generation.type.RSA_GENERAL;
|
||||
import org.pgpainless.pgpainless.key.generation.type.curve.EllipticCurve;
|
||||
import org.pgpainless.pgpainless.key.generation.type.length.RsaLength;
|
||||
import org.pgpainless.pgpainless.util.KeyRingSubKeyFix;
|
||||
import org.pgpainless.pgpainless.util.Passphrase;
|
||||
|
||||
public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||
|
@ -210,6 +211,10 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
|||
|
||||
PGPPublicKeyRing publicKeys = ringGenerator.generatePublicKeyRing();
|
||||
PGPSecretKeyRing secretKeys = ringGenerator.generateSecretKeyRing();
|
||||
|
||||
// TODO: Remove once BC 1.61 is released
|
||||
secretKeys = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
|
||||
|
||||
return new PGPKeyRing(publicKeys, secretKeys);
|
||||
}
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
|||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
|
||||
import org.bouncycastle.openpgp.PGPUtil;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
|
||||
import org.bouncycastle.util.io.Streams;
|
||||
import org.pgpainless.pgpainless.algorithm.KeyFlag;
|
||||
import org.pgpainless.pgpainless.key.selection.key.PublicKeySelectionStrategy;
|
||||
|
@ -61,6 +62,21 @@ public class BCUtil {
|
|||
return new PGPSecretKeyRingCollection(Arrays.asList(rings));
|
||||
}
|
||||
|
||||
public static PGPPublicKeyRing publicKeyRingFromSecretKeyRing(PGPSecretKeyRing secretKeys)
|
||||
throws PGPException, IOException {
|
||||
PGPSecretKeyRing fixedSecretKeys = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
|
||||
|
||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream(512);
|
||||
for (PGPSecretKey secretKey : fixedSecretKeys) {
|
||||
PGPPublicKey publicKey = secretKey.getPublicKey();
|
||||
if (publicKey != null) {
|
||||
publicKey.encode(buffer, false);
|
||||
}
|
||||
}
|
||||
|
||||
return new PGPPublicKeyRing(buffer.toByteArray(), new BcKeyFingerprintCalculator());
|
||||
}
|
||||
|
||||
/*
|
||||
PGPXxxKeyRingCollection -> PGPXxxKeyRing
|
||||
*/
|
||||
|
|
|
@ -60,17 +60,24 @@ public class KeyRingSubKeyFix {
|
|||
PBESecretKeyDecryptor decryptor,
|
||||
PBESecretKeyEncryptor encryptor)
|
||||
throws PGPException {
|
||||
List<PGPSecretKey> _secretKeys = new ArrayList<>();
|
||||
Iterator<PGPSecretKey> secretKeyIterator = secretKeys.iterator();
|
||||
_secretKeys.add(secretKeyIterator.next());
|
||||
|
||||
PGPDigestCalculator calculator = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);
|
||||
|
||||
List<PGPSecretKey> _secretKeys = new ArrayList<>();
|
||||
Iterator<PGPSecretKey> secretKeyIterator = secretKeys.iterator();
|
||||
try {
|
||||
|
||||
while (secretKeyIterator.hasNext()) {
|
||||
PGPSecretKey subKey = secretKeyIterator.next();
|
||||
PGPPublicKey pubSubKey = subKey.getPublicKey();
|
||||
PGPSecretKey key = secretKeyIterator.next();
|
||||
|
||||
if (key.isMasterKey()) {
|
||||
LOGGER.log(Level.INFO, Long.toHexString(key.getKeyID()) + " is master key. Skip.");
|
||||
_secretKeys.add(key);
|
||||
continue;
|
||||
}
|
||||
|
||||
PGPSecretKey secSubKey = key;
|
||||
PGPPublicKey pubSubKey = secSubKey.getPublicKey();
|
||||
|
||||
// check for public key packet type
|
||||
|
||||
|
@ -80,15 +87,16 @@ public class KeyRingSubKeyFix {
|
|||
|
||||
if (keyPacket instanceof PublicSubkeyPacket) {
|
||||
// Sub key is already sub key
|
||||
_secretKeys.add(secSubKey);
|
||||
continue;
|
||||
}
|
||||
|
||||
// Sub key is normal key -> fix
|
||||
LOGGER.log(Level.INFO, "Subkey " + Long.toHexString(subKey.getKeyID()) + " does not have a subkey key packet. Convert it...");
|
||||
LOGGER.log(Level.INFO, "Subkey " + Long.toHexString(secSubKey.getKeyID()) + " does not have a subkey key packet. Convert it...");
|
||||
keyPacket = new PublicSubkeyPacket(pubSubKey.getAlgorithm(), pubSubKey.getCreationTime(), keyPacket.getKey());
|
||||
publicPk.set(pubSubKey, keyPacket);
|
||||
|
||||
PGPPrivateKey privateKey = subKey.extractPrivateKey(decryptor);
|
||||
PGPPrivateKey privateKey = secSubKey.extractPrivateKey(decryptor);
|
||||
|
||||
PGPSecretKey secretKey = new PGPSecretKey(privateKey, pubSubKey, calculator, false, encryptor);
|
||||
_secretKeys.add(secretKey);
|
||||
|
|
|
@ -17,7 +17,6 @@ package org.pgpainless.pgpainless;
|
|||
|
||||
import static junit.framework.TestCase.assertTrue;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
@ -27,13 +26,11 @@ import java.util.Arrays;
|
|||
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
|
||||
import org.junit.Test;
|
||||
import org.pgpainless.pgpainless.key.collection.PGPKeyRing;
|
||||
import org.pgpainless.pgpainless.util.BCUtil;
|
||||
import org.pgpainless.pgpainless.util.KeyRingSubKeyFix;
|
||||
|
||||
public class KeyRingSubKeyFixTest {
|
||||
|
@ -51,20 +48,11 @@ public class KeyRingSubKeyFixTest {
|
|||
PGPPublicKeyRing publicKeys = ring.getPublicKeys();
|
||||
|
||||
PGPSecretKeyRing fixed = KeyRingSubKeyFix.repairSubkeyPackets(secretKeys, null, null);
|
||||
PGPPublicKeyRing fixedPub = publicKeyRing(fixed);
|
||||
|
||||
assertTrue(Arrays.equals(secretKeys.getEncoded(), fixed.getEncoded()));
|
||||
|
||||
PGPPublicKeyRing fixedPub = BCUtil.publicKeyRingFromSecretKeyRing(fixed);
|
||||
|
||||
assertTrue(Arrays.equals(publicKeys.getEncoded(), fixedPub.getEncoded()));
|
||||
}
|
||||
|
||||
private PGPPublicKeyRing publicKeyRing(PGPSecretKeyRing secretKeys) throws IOException {
|
||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream(2048);
|
||||
for (PGPSecretKey s : secretKeys) {
|
||||
PGPPublicKey p = s.getPublicKey();
|
||||
if (p != null) {
|
||||
p.encode(buffer);
|
||||
}
|
||||
}
|
||||
|
||||
return new PGPPublicKeyRing(buffer.toByteArray(), new BcKeyFingerprintCalculator());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue