Add OpenPGPImplementation.checksumCalculator() extension function

pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/OpenPGPImplementationExtensions.kt

@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.bouncycastle.extensions
+
+import org.bouncycastle.bcpg.HashAlgorithmTags
+import org.bouncycastle.openpgp.api.OpenPGPImplementation
+import org.bouncycastle.openpgp.operator.PGPDigestCalculator
+
+fun OpenPGPImplementation.checksumCalculator(): PGPDigestCalculator {
+    return pgpDigestCalculatorProvider().get(HashAlgorithmTags.SHA1)
+}

pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt

@@ -6,7 +6,6 @@ package org.pgpainless.key.generation
 
 import java.io.IOException
 import java.util.*
-import org.bouncycastle.bcpg.HashAlgorithmTags
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
@@ -18,6 +17,7 @@ import org.pgpainless.PGPainless
 import org.pgpainless.algorithm.KeyFlag
 import org.pgpainless.algorithm.OpenPGPKeyVersion
 import org.pgpainless.algorithm.SignatureType
+import org.pgpainless.bouncycastle.extensions.checksumCalculator
 import org.pgpainless.bouncycastle.extensions.unlock
 import org.pgpainless.policy.Policy
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
@@ -83,10 +83,7 @@ class KeyRingBuilder(
     private fun keyIsCertificationCapable(keySpec: KeySpec) = keySpec.keyType.canCertify
 
     override fun build(): OpenPGPKey {
-        val keyFingerprintCalculator =
-            OpenPGPImplementation.getInstance()
-                .pgpDigestCalculatorProvider()
-                .get(HashAlgorithmTags.SHA1)
+        val checksumCalculator = OpenPGPImplementation.getInstance().checksumCalculator()
 
         // generate primary key
         requireNotNull(primaryKeySpec) { "Primary Key spec required." }
@@ -111,18 +108,13 @@ class KeyRingBuilder(
         val ringGenerator =
             if (userIds.isEmpty()) {
                 PGPKeyRingGenerator(
-                    certKey,
-                    keyFingerprintCalculator,
-                    hashedSubPackets,
-                    null,
-                    signer,
-                    secretKeyEncryptor)
+                    certKey, checksumCalculator, hashedSubPackets, null, signer, secretKeyEncryptor)
             } else {
                 PGPKeyRingGenerator(
                     SignatureType.POSITIVE_CERTIFICATION.code,
                     certKey,
                     userIds.keys.first(),
-                    keyFingerprintCalculator,
+                    checksumCalculator,
                     hashedSubPackets,
                     null,
                     signer,
@@ -165,8 +157,7 @@ class KeyRingBuilder(
 
         // Reassemble secret key ring with modified primary key
         val primarySecretKey =
-            PGPSecretKey(
-                privateKey, primaryPubKey, keyFingerprintCalculator, true, secretKeyEncryptor)
+            PGPSecretKey(privateKey, primaryPubKey, checksumCalculator, true, secretKeyEncryptor)
         val secretKeyList = mutableListOf(primarySecretKey)
         while (secretKeys.hasNext()) {
             secretKeyList.add(secretKeys.next())

pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt

@@ -9,7 +9,6 @@ import java.util.function.Predicate
 import javax.annotation.Nonnull
 import kotlin.NoSuchElementException
 import openpgp.openPgpKeyId
-import org.bouncycastle.bcpg.HashAlgorithmTags
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.bcpg.sig.KeyExpirationTime
 import org.bouncycastle.openpgp.*
@@ -27,6 +26,7 @@ import org.pgpainless.algorithm.KeyFlag
 import org.pgpainless.algorithm.OpenPGPKeyVersion
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator
+import org.pgpainless.bouncycastle.extensions.checksumCalculator
 import org.pgpainless.bouncycastle.extensions.getKeyExpirationDate
 import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
 import org.pgpainless.bouncycastle.extensions.requirePublicKey
@@ -310,9 +310,7 @@ class SecretKeyRingEditor(var key: OpenPGPKey, override val referenceTime: Date
             PGPSecretKey(
                 subkey.privateKey,
                 subkey.publicKey,
-                OpenPGPImplementation.getInstance()
-                    .pgpDigestCalculatorProvider()
-                    .get(HashAlgorithmTags.SHA1),
+                OpenPGPImplementation.getInstance().checksumCalculator(),
                 false,
                 subkeyProtector.getEncryptor(subkey.publicKey))
 

pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/fixes/S2KUsageFix.kt

@@ -4,11 +4,11 @@
 
 package org.pgpainless.key.protection.fixes
 
-import org.bouncycastle.bcpg.HashAlgorithmTags
 import org.bouncycastle.bcpg.SecretKeyPacket
 import org.bouncycastle.openpgp.PGPSecretKey
 import org.bouncycastle.openpgp.PGPSecretKeyRing
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
+import org.pgpainless.bouncycastle.extensions.checksumCalculator
 import org.pgpainless.bouncycastle.extensions.unlock
 import org.pgpainless.exception.WrongPassphraseException
 import org.pgpainless.key.protection.SecretKeyRingProtector
@@ -48,10 +48,7 @@ class S2KUsageFix {
             protector: SecretKeyRingProtector,
             skipKeysWithMissingPassphrase: Boolean = false
         ): PGPSecretKeyRing {
-            val digestCalculator =
-                OpenPGPImplementation.getInstance()
-                    .pgpDigestCalculatorProvider()
-                    .get(HashAlgorithmTags.SHA1)
+            val digestCalculator = OpenPGPImplementation.getInstance().checksumCalculator()
             val keyList = mutableListOf<PGPSecretKey>()
             for (key in keys) {
                 // CHECKSUM is not recommended