1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-10 14:35:59 +01:00
Simple to use OpenPGP API based on Bouncycastle https://pgpainless.org
Find a file
2021-01-18 17:10:40 +01:00
assets/test_vectors Add signed message of cryptie as test vector 2020-01-14 22:11:16 +01:00
config/checkstyle Bump checkstyle to 8.18 2020-01-09 19:04:50 +01:00
gradle/wrapper Bump gradle wrapper to 6.4rc1 2020-08-24 14:56:42 +02:00
pgpainless-core Improve logging and verify purpose of signing keys 2021-01-09 21:03:24 +01:00
pgpainless-sop Add README for sop module 2021-01-03 17:45:05 +01:00
.gitignore Add bin/ to gitignore 2019-07-28 12:28:55 +02:00
.travis.yml Travis: Fix build errors 2020-12-05 00:21:38 +01:00
build.gradle SOP: Do not apply animalsniffer to pgpainless-sop 2020-12-16 20:11:58 +01:00
CODE_OF_CONDUCT.md Add code of conduct 2018-06-28 10:54:51 +02:00
gradlew Bump gradle wrapper to 6.4rc1 2020-08-24 14:56:42 +02:00
gradlew.bat Bump gradle wrapper to 6.4rc1 2020-08-24 14:56:42 +02:00
LICENSE Add license 2018-06-02 21:27:21 +02:00
README.md fixed readme? 2021-01-12 14:31:43 +00:00
settings.gradle Wip: Start implementing a SOP client 2020-12-16 20:11:58 +01:00
version.gradle PGPainless 0.2.0-alpha6 2021-01-13 17:37:39 +01:00

PGPainless - Use OpenPGP Painlessly!

Travis (.com) Git Tag Coverage Status JavaDoc

About

PGPainless aims to make using OpenPGP in Java projects as simple as possible. It does so by introducing an intuitive Builder structure, which allows easy setup of encryption / decrytion operations, as well as straight forward key generation.

PGPainless is based around the Bouncycastle java library and can be used on Android down to API level 9.

NOTE: PGPainless is in an early state of development. There may be dragons!

Include PGPainless in your Project

PGPainless is available on maven central. In order to include it in your project, just add the maven central repository and add PGPainless as a dependency.

repositories {
	mavenCentral()
}

dependencies {
	implementation 'org.pgpainless:pgpainless-core:0.1.0'
}

How to use PGPainless

The entry point to the API is the PGPainless class. Here you can find methods for a quick start :)

Generate Keys

The first thing you probably want to do is generate you some nice tasty Key Pairs. The most straight forward way to do so is by calling

        PGPKeyRing keyRing = PGPainless.generateKeyRing()
                .simpleRsaKeyRing("Juliet <juliet@montague.lit>", RsaLength._4096);

but feel free to explore the API further. PGPainless allows you to create Key Pairs consisting of a master key plus several sub keys, even with different algorithms at the same time! Take for example a look at this delicious key:

        PGPSecretKeyRing keyRing = PGPainless.generateKeyRing()
                .withSubKey(
                        KeySpec.getBuilder(ECDSA.fromCurve(EllipticCurve._P256))
                        .withKeyFlags(KeyFlag.SIGN_DATA)
                        .withDetailedConfiguration()
                        .withDefaultSymmetricAlgorithms()
                        .withDefaultHashAlgorithms()
                        .withPreferredCompressionAlgorithms(CompressionAlgorithm.ZLIB)
                        .withFeature(Feature.MODIFICATION_DETECTION)
                        .done())
                .withSubKey(
                        KeySpec.getBuilder(ECDH.fromCurve(EllipticCurve._P256))
                        .withKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
                        .withDefaultAlgorithms())
                .withMasterKey(
                        KeySpec.getBuilder(RSA.withLength(RsaLength._8192))
                                .withKeyFlags(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER)
                                .withDefaultAlgorithms())
                .withPrimaryUserId("Juliet <juliet@montague.lit>")
                .withPassphrase("romeo_oh_Romeo<3")
                .build();

Encrypt / Sign Data

Encrypting and signing data is pretty straight forward as well.

        EncryptionStream encryptor = PGPainless.encryptAndOrSign()
                .onOutputStream(targetOuputStream)
                .toRecipients(publicKeyRings)
                .usingSecureAlgorithms()
                .signWith(secretKeyDecryptor, signingKeyRing)
                .noArmor();

Note: Despite the name, the EncryptionStream can be used to sign only as well. Simply replace the .toRecipients() option with doNotEncrypt().

The resulting EncryptionStream can then be used to encrypt data like follows:

        Streams.pipeAll(sourceInputStream, encryptor);
        sourceInputStream.close();
        encryptor.close();

The encrypted data will be written to the provided targetOutputStream.

Additionally you can get information about the encrypted data by calling

        OpenPgpMetadata result = encryptor.getResult();

This object will contain information like to which keys the message is encrypted, which keys were used for signing and so on.

Decrypt / Verify Encrypted Data

To process incoming encrypted / signed data, just do the following:

        DecryptionStream decryptor = PGPainless.decryptAndOrVerify()
                .onInputStream(sourceInputStream) // insert encrypted data here
                .decryptWith(secretKeyDecryptor, secretKey)
                .verifyWith(trustedKeyIds, senderKeys)
                .ignoreMissingPublicKeys()
                .build();

Again, the resulting DecryptionStream can be used like a normal stream.

        Streams.pipeAll(decryptor, targetOutputStream);
        decryptor.close();

After the DecryptionStream was closed, you can get metadata about the processed data by retrieving the OpenPgpMetadata. Again, this object will contain information about how the message was encrypted, who signed it and so on.

        OpenPgpMetadata result = decryptor.getResult();

For further details you should check out the javadoc!

About

PGPainless is a by-product of my Summer of Code 2018 project. For that project I was in need of a simple to use OpenPGP library.

Originally I was going to use Bouncy-GPG for my project, but ultimately I decided to create my own OpenPGP library which better fits my needs.

However, PGPainless is heavily influenced by Bouncy-GPG.

To reach out to the development team, feel free to send a mail: info@pgpainless.org

Development

PGPainless is developed in - and accepts contributions from - the following places:

Please follow the code of conduct if you want to be part of the project.