# Stateless OpenPGP Protocol Implementation using Bouncy Castle This repository contains an implementation of the [Stateless OpenPGP Protocol](https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/) using [sop-java](https://github.com/pgpainless/sop-java) and [Bouncy Castle](https://www.bouncycastle.org/). Note: THIS IS STILL EXPERIMENTAL SOFTWARE NOT SUITABLE FOR PRODUCTION USE!!! There are two modules in this repository: * [bc-sop-api] contains a high-level JAVA API of the SOP protocol using Bouncy Castle * [bc-sop-cli] contains a CLI app implementing the SOP protocol following the spec. # Build Currently, this build depends on an open development branch of Bouncy Castle, which can be found in an external repository [here](https://github.com/pgpainless/bc-java/tree/valiadateAPI). To make this code available to bcsop, you need to clone the repository and locally install the custom BC build: ```bash git clone git@github.com:pgpainless/bc-java.git cd bc-java git checkout valiadateAPI gradle publishToMavenLocal ``` Furthermode, you need a custom build of `sop-java` which can similarly be build like this: ```bash git clone git@github.com:pgpainless/sop-java.git gradle publishToMavenLocal ``` In order to build the GraalVM native-image of the CLI app, you need to have graalvm 21.0.5 installed and `GRAALVM_HOME` pointing to it. The easiest way to accomplish this is using [sdkman](https://sdkman.io). Afterwards, you can navigate to your clone of this repository and build the CLI app as a GraalVM native-image using this command: ```bash mvn clean install -Dmaven.test.skip ``` The CLI binary can then be found as `bc-sop-cli/target/bcsop`. ``` $ ./bcsop help Stateless OpenPGP Protocol Usage: bcsop [--stacktrace] [COMMAND] Options: --stacktrace Print stacktrace Commands: version Display version information about the tool list-profiles Emit a list of profiles supported by the identified subcommand generate-key Generate a secret key change-key-password Update the password of a key revoke-key Generate revocation certificates extract-cert Extract a public key certificate from a secret key sign Create a detached message signature verify Verify a detached signature encrypt Encrypt a message from standard input decrypt Decrypt a message inline-detach Split signatures from a clearsigned message inline-sign Create an inline-signed message inline-verify Verify an inline-signed message armor Add ASCII Armor to standard input dearmor Remove ASCII Armor from standard input help Stateless OpenPGP Protocol Exit Codes: 0 Successful program execution 1 Generic program error 3 Verification requested but no verifiable signature found 13 Unsupported asymmetric algorithm 17 Certificate is not encryption capable 19 Usage error: Missing argument 23 Incomplete verification instructions 29 Unable to decrypt 31 Password is not human-readable 37 Unsupported Option 41 Invalid data or data of wrong type encountered 53 Non-text input received where text was expected 59 Output file already exists 61 Input file does not exist 67 Cannot unlock password protected secret key 69 Unsupported subcommand 71 Unsupported special prefix (e.g. "@ENV/@FD") of indirect parameter 73 Ambiguous input (a filename matching the designator already exists) 79 Key is not signing capable 83 Options were supplied that are incompatible with each other 89 The requested profile is unsupported, or the indicated subcommand does not accept profiles 97 The implementation supports some form of hardware-backed secret keys, but could not identify the hardware device 101 The implementation tried to use a hardware-backed secret key, but the cryptographic hardware refused the operation for some reason other than a bad PIN or password Powered by picocli ```