mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-16 01:12:05 +01:00
WIP: Explore Hardware Decryption
This commit is contained in:
parent
0f768a7258
commit
f15040dae0
3 changed files with 72 additions and 0 deletions
|
@ -48,6 +48,7 @@ public class ConsumerOptions {
|
||||||
|
|
||||||
// Session key for decryption without passphrase/key
|
// Session key for decryption without passphrase/key
|
||||||
private SessionKey sessionKey = null;
|
private SessionKey sessionKey = null;
|
||||||
|
private HardwareSecurity.DecryptionCallback hardwareDecryptionCallback = null;
|
||||||
|
|
||||||
private final Map<PGPSecretKeyRing, SecretKeyRingProtector> decryptionKeys = new HashMap<>();
|
private final Map<PGPSecretKeyRing, SecretKeyRingProtector> decryptionKeys = new HashMap<>();
|
||||||
private final Set<Passphrase> decryptionPassphrases = new HashSet<>();
|
private final Set<Passphrase> decryptionPassphrases = new HashSet<>();
|
||||||
|
@ -238,6 +239,11 @@ public class ConsumerOptions {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ConsumerOptions setHardwareDecryptionCallback(HardwareSecurity.DecryptionCallback callback) {
|
||||||
|
this.hardwareDecryptionCallback = callback;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
public @Nonnull Set<PGPSecretKeyRing> getDecryptionKeys() {
|
public @Nonnull Set<PGPSecretKeyRing> getDecryptionKeys() {
|
||||||
return Collections.unmodifiableSet(decryptionKeys.keySet());
|
return Collections.unmodifiableSet(decryptionKeys.keySet());
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
package org.pgpainless.decryption_verification;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
|
||||||
|
import org.pgpainless.util.SessionKey;
|
||||||
|
|
||||||
|
public class HardwareSecurity {
|
||||||
|
|
||||||
|
public interface DecryptionCallback {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Delegate decryption of a Public-Key-Encrypted-Session-Key (PKESK) to an external API for dealing with
|
||||||
|
* hardware security modules such as smartcards or TPMs.
|
||||||
|
*
|
||||||
|
* If decryption fails for some reason, a subclass of the {@link HardwareSecurityException} is thrown.
|
||||||
|
*
|
||||||
|
* @param pkesk public-key-encrypted session key
|
||||||
|
* @return decrypted session key
|
||||||
|
* @throws HardwareSecurityException exception
|
||||||
|
*/
|
||||||
|
SessionKey decryptSessionKey(PGPPublicKeyEncryptedData pkesk) throws HardwareSecurityException;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class HardwareSecurityException extends Exception {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,39 @@
|
||||||
|
package org.pgpainless.decryption_verification;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.util.SessionKey;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
public class HardwareSecurityCallbackTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void test() throws PGPException, IOException {
|
||||||
|
PGPainless.decryptAndOrVerify()
|
||||||
|
.onInputStream(new ByteArrayInputStream(new byte[0]))
|
||||||
|
.withOptions(ConsumerOptions.get()
|
||||||
|
.setHardwareDecryptionCallback(new HardwareSecurity.DecryptionCallback() {
|
||||||
|
@Override
|
||||||
|
public SessionKey decryptSessionKey(PGPPublicKeyEncryptedData pkesk) throws HardwareSecurity.HardwareSecurityException {
|
||||||
|
/*
|
||||||
|
pkesk.getSessionKey(new PublicKeyDataDecryptorFactory() {
|
||||||
|
@Override
|
||||||
|
public byte[] recoverSessionData(int keyAlgorithm, byte[][] secKeyData) throws PGPException {
|
||||||
|
return new byte[0];
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket, int encAlgorithm, byte[] key) throws PGPException {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
*/
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue