1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-27 06:42:05 +01:00

Switch simpleEcKeyRing over to curve25519

This commit is contained in:
Paul Schaub 2021-02-11 17:10:00 +01:00
parent 79b2d42f9c
commit fbb4061164
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -50,8 +50,9 @@ import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SignatureType; import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.ecc.EllipticCurve; import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
import org.pgpainless.key.generation.type.rsa.RsaLength; import org.pgpainless.key.generation.type.rsa.RsaLength;
import org.pgpainless.key.generation.type.xdh.XDHCurve;
import org.pgpainless.key.util.UserId; import org.pgpainless.key.util.UserId;
import org.pgpainless.provider.ProviderFactory; import org.pgpainless.provider.ProviderFactory;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
@ -66,6 +67,15 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
private final Set<String> additionalUserIds = new LinkedHashSet<>(); private final Set<String> additionalUserIds = new LinkedHashSet<>();
private Passphrase passphrase; private Passphrase passphrase;
/**
* Creates a simple, unencrypted RSA KeyPair of length {@code length} with user-id {@code userId}.
* The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
*
* @param userId user id.
* @param length length in bits.
*
* @return {@link PGPSecretKeyRing} containing the KeyPair.
*/
public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength length) public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength length)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
return simpleRsaKeyRing(userId.toString(), length); return simpleRsaKeyRing(userId.toString(), length);
@ -85,9 +95,19 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
return simpleRsaKeyRing(userId, length, null); return simpleRsaKeyRing(userId, length, null);
} }
public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength rsaLength, String password) /**
* Creates a simple RSA KeyPair of length {@code length} with user-id {@code userId}.
* The KeyPair consists of a single RSA master key which is used for signing, encryption and certification.
*
* @param userId user id.
* @param length length in bits.
* @param password Password of the key. Can be null for unencrypted keys.
*
* @return {@link PGPSecretKeyRing} containing the KeyPair.
*/
public PGPSecretKeyRing simpleRsaKeyRing(@Nonnull UserId userId, @Nonnull RsaLength length, String password)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
return simpleRsaKeyRing(userId.toString(), rsaLength, password); return simpleRsaKeyRing(userId.toString(), length, password);
} }
/** /**
@ -116,15 +136,24 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
} }
} }
/**
* Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
* The EdDSA primary key is used for signing messages and certifying the sub key.
* The XDH subkey is used for encryption and decryption of messages.
*
* @param userId user-id
*
* @return {@link PGPSecretKeyRing} containing the key pairs.
*/
public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId) public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
return simpleEcKeyRing(userId.toString()); return simpleEcKeyRing(userId.toString());
} }
/** /**
* Creates an unencrypted key ring consisting of an ECDSA master key and an ECDH sub-key. * Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
* The ECDSA master key is used for signing messages and certifying the sub key. * The EdDSA primary key is used for signing messages and certifying the sub key.
* The ECDH sub-key is used for encryption of messages. * The XDH subkey is used for encryption and decryption of messages.
* *
* @param userId user-id * @param userId user-id
* *
@ -135,15 +164,25 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
return simpleEcKeyRing(userId, null); return simpleEcKeyRing(userId, null);
} }
/**
* Creates a key ring consisting of an ed25519 EdDSA primary key and a curve25519 XDH subkey.
* The EdDSA primary key is used for signing messages and certifying the sub key.
* The XDH subkey is used for encryption and decryption of messages.
*
* @param userId user-id
* @param password Password of the private key. Can be null for an unencrypted key.
*
* @return {@link PGPSecretKeyRing} containing the key pairs.
*/
public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId, String password) public PGPSecretKeyRing simpleEcKeyRing(@Nonnull UserId userId, String password)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
return simpleEcKeyRing(userId.toString(), password); return simpleEcKeyRing(userId.toString(), password);
} }
/** /**
* Creates a key ring consisting of an ECDSA master key and an ECDH sub-key. * Creates a key ring consisting of an ed25519 EdDSA primary key and a X25519 XDH subkey.
* The ECDSA master key is used for signing messages and certifying the sub key. * The EdDSA primary key is used for signing messages and certifying the sub key.
* The ECDH sub-key is used for encryption of messages. * The XDH subkey is used for encryption and decryption of messages.
* *
* @param userId user-id * @param userId user-id
* @param password Password of the private key. Can be null for an unencrypted key. * @param password Password of the private key. Can be null for an unencrypted key.
@ -154,12 +193,12 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { throws PGPException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
WithAdditionalUserIdOrPassphrase builder = this WithAdditionalUserIdOrPassphrase builder = this
.withSubKey( .withSubKey(
KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._P256)) KeySpec.getBuilder(KeyType.XDH(XDHCurve._X25519))
.withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) .withKeyFlags(KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)
.withDefaultAlgorithms()) .withDefaultAlgorithms())
.withMasterKey( .withMasterKey(
KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P256)) KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
.withKeyFlags(KeyFlag.AUTHENTICATION, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)
.withDefaultAlgorithms()) .withDefaultAlgorithms())
.withPrimaryUserId(userId); .withPrimaryUserId(userId);