Allow UserIDs with trailing/leading whitespace and escape newlines in ASCII armor

2025-09-08 09:49:40 +02:00 · 2025-07-23 11:23:34 +02:00 · 2025-07-23 11:23:34 +02:00 · 0ee31b232a
commit 0ee31b232a
parent f2cbde43be
4 changed files with 17 additions and 5 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@ -45,7 +45,7 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
    }

    override fun addUserId(userId: CharSequence): KeyRingBuilder = apply {
-        userIds[userId.toString().trim()] = null
+        userIds[userId.toString()] = null
    }

    override fun addUserId(userId: ByteArray): KeyRingBuilder =
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@ -569,9 +569,10 @@ class SecretKeyRingEditor(
    }

    private fun sanitizeUserId(userId: CharSequence): CharSequence =
-        // TODO: Further research how to sanitize user IDs.
-        //  e.g. what about newlines?
-        userId.toString().trim()
+        // I'm not sure, what kind of sanitization is needed.
+        // Newlines are allowed, they just need to be escaped when emitted in an ASCII armor header
+        // Trailing/Leading whitespace is also fine.
+        userId.toString()

    private fun callbackFromRevocationAttributes(attributes: RevocationAttributes?) =
        object : RevocationSignatureSubpackets.Callback {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/util/ArmorUtils.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/util/ArmorUtils.kt
@ -247,7 +247,8 @@ class ArmorUtils {
                .add(OpenPgpFingerprint.of(publicKey).prettyPrint())
            // Primary / First User ID
            (primary ?: first)?.let {
-                headerMap.getOrPut(HEADER_COMMENT) { mutableSetOf() }.add(it)
+                headerMap.getOrPut(HEADER_COMMENT) { mutableSetOf() }
+                    .add(it.replace("\n", "\\n").replace("\r", "\\r"))
            }
            // X-1 further identities
            when (userIds.size) {
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/GenerateKeyTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/GenerateKeyTest.java
@ -100,4 +100,14 @@ public class GenerateKeyTest {
        assertThrows(SOPGPException.UnsupportedProfile.class, () ->
                sop.generateKey().profile("invalid"));
    }
+
+    @Test
+    public void generateKeyWithNewlinesInUserId() throws IOException {
+        byte[] keyBytes = sop.generateKey()
+                .userId("Foo\n\nBar")
+                .generate()
+                .getBytes();
+
+        assertTrue(new String(keyBytes).contains("Foo\\n\\nBar"));
+    }
 }