From 05ae631a1211dc4d082874aa431e569a6f82bd8f Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Thu, 15 Dec 2022 12:25:35 +0100
Subject: [PATCH] Fix NPE when sop generate-key --with-key-password is used
 with multiple uids

Fixes #351
---
 CHANGELOG.md                                                   | 3 +++
 .../src/main/java/org/pgpainless/sop/GenerateKeyImpl.java      | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f0f8f71..e67aa3fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@ SPDX-License-Identifier: CC0-1.0
 
 # PGPainless Changelog
 
+## 1.3.15-SNAPSHOT
+- Fix crash in `sop generate-key --with-key-password` when more then one user-id is given
+
 ## 1.3.14
 - Bump `bcpg` to `1.72.3`
 - Fix DSA key parameter check
diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/GenerateKeyImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/GenerateKeyImpl.java
index 893c8dd8..e732a6cc 100644
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/GenerateKeyImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/GenerateKeyImpl.java
@@ -55,6 +55,7 @@ public class GenerateKeyImpl implements GenerateKey {
             throw new SOPGPException.MissingArg("Missing user-id.");
         }
 
+        Passphrase passphraseCopy = new Passphrase(passphrase.getChars()); // generateKeyRing clears the original passphrase
         PGPSecretKeyRing key;
         try {
              key = PGPainless.generateKeyRing()
@@ -64,7 +65,7 @@ public class GenerateKeyImpl implements GenerateKey {
                 SecretKeyRingEditorInterface editor = PGPainless.modifyKeyRing(key);
 
                 while (userIdIterator.hasNext()) {
-                    editor.addUserId(userIdIterator.next(), SecretKeyRingProtector.unprotectedKeys());
+                    editor.addUserId(userIdIterator.next(), SecretKeyRingProtector.unlockAnyKeyWith(passphraseCopy));
                 }
 
                 key = editor.done();