PGPainless/bc-sop
1
0
Fork 0
mirror of https://codeberg.org/PGPainless/bc-sop.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
bc-sop/README.md

101 lines
4.1 KiB
Markdown
Raw Blame History

# Stateless OpenPGP Protocol Implementation using Bouncy Castle
This repository contains an implementation of the [Stateless OpenPGP Protocol](https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/)
using [sop-java](https://github.com/pgpainless/sop-java) and [Bouncy Castle](https://www.bouncycastle.org/).
Note: THIS IS STILL EXPERIMENTAL SOFTWARE NOT SUITABLE FOR PRODUCTION USE!!!
There are two modules in this repository:
* [bc-sop-api] contains a high-level JAVA API of the SOP protocol using Bouncy Castle
* [bc-sop-cli] contains a CLI app implementing the SOP protocol following the spec.
# Build
Currently, this build depends on an open development branch of Bouncy Castle, which can be found in an
external repository [here](https://github.com/pgpainless/bc-java/tree/valiadateAPI).
To make this code available to bcsop, you need to clone the repository and locally install the custom
BC build:
```bash
git clone git@github.com:pgpainless/bc-java.git
cd bc-java
git checkout valiadateAPI
gradle publishToMavenLocal
```
Furthermode, you need a custom build of `sop-java` which can similarly be build like this:
```bash
git clone git@github.com:pgpainless/sop-java.git
gradle publishToMavenLocal
```
In order to build the GraalVM native-image of the CLI app, you need to have graalvm 21.0.5 installed
and `GRAALVM_HOME` pointing to it.
The easiest way to accomplish this is using [sdkman](https://sdkman.io).
Afterwards, you can navigate to your clone of this repository and build the CLI app as a GraalVM
native-image using this command:
```bash
mvn clean install -Dmaven.test.skip
```
The CLI binary can then be found as `bc-sop-cli/target/bcsop`.
```
$ ./bcsop help
Stateless OpenPGP Protocol
Usage: bcsop [--stacktrace] [COMMAND]
Options:
--stacktrace Print stacktrace
Commands:
version Display version information about the tool
list-profiles Emit a list of profiles supported by the identified
subcommand
generate-key Generate a secret key
change-key-password Update the password of a key
revoke-key Generate revocation certificates
extract-cert Extract a public key certificate from a secret key
sign Create a detached message signature
verify Verify a detached signature
encrypt Encrypt a message from standard input
decrypt Decrypt a message
inline-detach Split signatures from a clearsigned message
inline-sign Create an inline-signed message
inline-verify Verify an inline-signed message
armor Add ASCII Armor to standard input
dearmor Remove ASCII Armor from standard input
help Stateless OpenPGP Protocol
Exit Codes:
0 Successful program execution
1 Generic program error
3 Verification requested but no verifiable signature found
13 Unsupported asymmetric algorithm
17 Certificate is not encryption capable
19 Usage error: Missing argument
23 Incomplete verification instructions
29 Unable to decrypt
31 Password is not human-readable
37 Unsupported Option
41 Invalid data or data of wrong type encountered
53 Non-text input received where text was expected
59 Output file already exists
61 Input file does not exist
67 Cannot unlock password protected secret key
69 Unsupported subcommand
71 Unsupported special prefix (e.g. "@ENV/@FD") of indirect parameter
73 Ambiguous input (a filename matching the designator already exists)
79 Key is not signing capable
83 Options were supplied that are incompatible with each other
89 The requested profile is unsupported, or the indicated subcommand does
not accept profiles
97 The implementation supports some form of hardware-backed secret keys,
but could not identify the hardware device
101 The implementation tried to use a hardware-backed secret key, but the
cryptographic hardware refused the operation for some reason other
than a bad PIN or password
Powered by picocli
```
Reference in a new issue View git blame Copy permalink