mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-25 04:17:59 +01:00
Add methods to control direct-key sigs and add unfinished test for primaryUserId test
This commit is contained in:
parent
fa9b07d2ce
commit
f08981b78c
2 changed files with 52 additions and 1 deletions
|
@ -103,6 +103,7 @@ open class GenerateOpenPgpKey(
|
||||||
private val primaryKey =
|
private val primaryKey =
|
||||||
OpenPgpComponentKeyBuilder.V4PrimaryKeyBuilder(primaryKeyType, referenceTime, policy)
|
OpenPgpComponentKeyBuilder.V4PrimaryKeyBuilder(primaryKeyType, referenceTime, policy)
|
||||||
private val subkeys = mutableListOf<OpenPgpComponentKeyBuilder.V4SubkeyBuilder>()
|
private val subkeys = mutableListOf<OpenPgpComponentKeyBuilder.V4SubkeyBuilder>()
|
||||||
|
private var addDirectKeySignature = true
|
||||||
|
|
||||||
private val preferencesCallback =
|
private val preferencesCallback =
|
||||||
SelfSignatureSubpackets.applyHashed {
|
SelfSignatureSubpackets.applyHashed {
|
||||||
|
@ -113,6 +114,16 @@ open class GenerateOpenPgpKey(
|
||||||
primaryFlags?.let { setKeyFlags(*it.toTypedArray()) }
|
primaryFlags?.let { setKeyFlags(*it.toTypedArray()) }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fun directKeySignature(
|
||||||
|
subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop()
|
||||||
|
) = apply {
|
||||||
|
addDirectKeySignature = false
|
||||||
|
primaryKey.directKeySignature(
|
||||||
|
subpacketsCallback = preferencesCallback.then(subpacketsCallback))
|
||||||
|
}
|
||||||
|
|
||||||
|
fun noDirectKeySignature() = apply { addDirectKeySignature = false }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add a user-id to the key. The subpackets of the binding signature are prepopulated,
|
* Add a user-id to the key. The subpackets of the binding signature are prepopulated,
|
||||||
* setting algorithm preferences and features. However, the subpackets can still be modified
|
* setting algorithm preferences and features. However, the subpackets can still be modified
|
||||||
|
@ -259,7 +270,9 @@ open class GenerateOpenPgpKey(
|
||||||
): PGPSecretKeyRing {
|
): PGPSecretKeyRing {
|
||||||
|
|
||||||
// add a direct key sig with preferences
|
// add a direct key sig with preferences
|
||||||
primaryKey.directKeySignature(subpacketsCallback = preferencesCallback)
|
if (addDirectKeySignature) {
|
||||||
|
primaryKey.directKeySignature(subpacketsCallback = preferencesCallback)
|
||||||
|
}
|
||||||
|
|
||||||
return PGPSecretKeyRing(
|
return PGPSecretKeyRing(
|
||||||
mutableListOf(
|
mutableListOf(
|
||||||
|
|
|
@ -7,10 +7,14 @@ package org.pgpainless.key.generation
|
||||||
import org.bouncycastle.bcpg.sig.Exportable
|
import org.bouncycastle.bcpg.sig.Exportable
|
||||||
import org.bouncycastle.bcpg.sig.PrimaryUserID
|
import org.bouncycastle.bcpg.sig.PrimaryUserID
|
||||||
import org.bouncycastle.bcpg.sig.Revocable
|
import org.bouncycastle.bcpg.sig.Revocable
|
||||||
|
import org.bouncycastle.extensions.toAsciiArmor
|
||||||
import org.junit.jupiter.api.Test
|
import org.junit.jupiter.api.Test
|
||||||
import org.pgpainless.PGPainless
|
import org.pgpainless.PGPainless
|
||||||
|
import org.pgpainless.algorithm.HashAlgorithm
|
||||||
|
import org.pgpainless.algorithm.KeyFlag
|
||||||
import org.pgpainless.key.generation.type.KeyType
|
import org.pgpainless.key.generation.type.KeyType
|
||||||
import org.pgpainless.key.generation.type.eddsa.EdDSACurve
|
import org.pgpainless.key.generation.type.eddsa.EdDSACurve
|
||||||
|
import org.pgpainless.key.generation.type.xdh.XDHSpec
|
||||||
import org.pgpainless.policy.Policy
|
import org.pgpainless.policy.Policy
|
||||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
|
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
|
||||||
|
|
||||||
|
@ -70,4 +74,38 @@ class MalformedKeyGenerationTest {
|
||||||
PGPainless.readKeyRing().secretKeyRing(key.encoded)!!
|
PGPainless.readKeyRing().secretKeyRing(key.encoded)!!
|
||||||
// TODO: Check interpretation of faulty packet
|
// TODO: Check interpretation of faulty packet
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
fun primaryUserIdOnDirectKeySig() {
|
||||||
|
val policy = Policy.getInstance()
|
||||||
|
val key =
|
||||||
|
GenerateOpenPgpKey(policy)
|
||||||
|
.buildV4Key(
|
||||||
|
KeyType.EDDSA(EdDSACurve._Ed25519),
|
||||||
|
listOf(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
|
||||||
|
.directKeySignature(
|
||||||
|
SelfSignatureSubpackets.applyHashed {
|
||||||
|
setPrimaryUserId()
|
||||||
|
setPreferredHashAlgorithms(HashAlgorithm.SHA224)
|
||||||
|
})
|
||||||
|
.addUserId(
|
||||||
|
"Alice <alice@pgpainless.org>",
|
||||||
|
SelfSignatureSubpackets.applyHashed {
|
||||||
|
setPrimaryUserId(null)
|
||||||
|
setPreferredHashAlgorithms(HashAlgorithm.SHA256)
|
||||||
|
})
|
||||||
|
.addUserId(
|
||||||
|
"Bob <bob@pgpainless.org>",
|
||||||
|
SelfSignatureSubpackets.applyHashed {
|
||||||
|
setPrimaryUserId()
|
||||||
|
setPreferredHashAlgorithms(HashAlgorithm.SHA384)
|
||||||
|
})
|
||||||
|
.addEncryptionSubkey(KeyType.XDH(XDHSpec._X25519))
|
||||||
|
.build()
|
||||||
|
println(key.toAsciiArmor())
|
||||||
|
|
||||||
|
// TODO: Test, which hash algo is used when we encrypt+sign a message for this key.
|
||||||
|
// Correct would be SHA384, since this is the primary user-id.
|
||||||
|
// PrimaryUserID packets on the DK sig shall be ignored.
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue