Stateless OpenPGP Protocol Implementation using Bouncy Castle

This repository contains an implementation of the Stateless OpenPGP Protocol using sop-java and Bouncy Castle.

Note: THIS IS STILL EXPERIMENTAL SOFTWARE NOT SUITABLE FOR PRODUCTION USE!!!

There are two modules in this repository:

• [bc-sop-api] contains a high-level JAVA API of the SOP protocol using Bouncy Castle
• [bc-sop-cli] contains a CLI app implementing the SOP protocol following the spec.

Build

In order to build the GraalVM native-image of the CLI app, you need to have graalvm 21.0.5 installed and GRAALVM_HOME pointing to it. The easiest way to accomplish this is using sdkman.

Afterwards, you can navigate to your clone of this repository and build the CLI app as a GraalVM native-image using this command:

mvn clean install -Dmaven.test.skip

The CLI binary can then be found as bc-sop-cli/target/bcsop.

$ ./bcsop help
Stateless OpenPGP Protocol
Usage: bcsop [--debug] [-l=<ignored>] [COMMAND]

Options:
      --debug, --stacktrace
                           Print stacktrace
  -l, --locale=<ignored>   Locale for description texts

Commands:
  version              Display version information about the tool
  list-profiles        Emit a list of profiles supported by the identified
                         subcommand
  generate-key         Generate a secret key
  change-key-password  Update the password of a key
  revoke-key           Generate revocation certificates
  extract-cert         Extract a public key certificate from a secret key
  update-key           Keep a secret key up-to-date
  merge-certs          Merge OpenPGP certificates from standard input with
                         related elements from CERTS and emit the result to
                         standard output
  certify-userid       Certify OpenPGP Certificate User IDs
  validate-userid      Validate a UserID in an OpenPGP certificate
  sign                 Create a detached message signature
  verify               Verify a detached signature
  encrypt              Encrypt a message from standard input
  decrypt              Decrypt a message
  inline-detach        Split signatures from a clearsigned message
  inline-sign          Create an inline-signed message
  inline-verify        Verify an inline-signed message
  armor                Add ASCII Armor to standard input
  dearmor              Remove ASCII Armor from standard input
  help                 Stateless OpenPGP Protocol

Exit Codes:
   0    Successful program execution
   1    Generic program error
   3    Verification requested but no verifiable signature found
  13    Unsupported asymmetric algorithm
  17    Certificate is not encryption capable
  19    Usage error: Missing argument
  23    Incomplete verification instructions
  29    Unable to decrypt
  31    Password is not human-readable
  37    Unsupported Option
  41    Invalid data or data of wrong type encountered
  53    Non-text input received where text was expected
  59    Output file already exists
  61    Input file does not exist
  67    Cannot unlock password protected secret key
  69    Unsupported subcommand
  71    Unsupported special prefix (e.g. "@ENV/@FD") of indirect parameter
  73    Ambiguous input (a filename matching the designator already exists)
  79    Key is not signing capable
  83    Options were supplied that are incompatible with each other
  89    The requested profile is unsupported, or the indicated subcommand does
          not accept profiles
  97    The implementation supports some form of hardware-backed secret keys,
          but could not identify the hardware device
  101   The implementation tried to use a hardware-backed secret key, but the
          cryptographic hardware refused the operation for some reason other
          than a bad PIN or password
  103   The primary key of a KEYS object is too weak or revoked
  107   The CERTS object has no matching User ID
Powered by picocli