PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-09 10:19:39 +02:00
Code Issues Releases Wiki Activity

WIP: Port SecretKeyRingEditor over to OpenPGPKeyEditor

Browse source
This commit is contained in:
Paul Schaub 2025-02-17 15:18:58 +01:00
parent 5266fa53c8
commit 1a8c29e1ea
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
6 changed files with 242 additions and 396 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt
View file

@ -54,6 +54,9 @@ class PGPainless(
fun toCertificate(publicKeyRing: PGPPublicKeyRing): OpenPGPCertificate = fun toCertificate(publicKeyRing: PGPPublicKeyRing): OpenPGPCertificate =
OpenPGPCertificate(publicKeyRing, implementation) OpenPGPCertificate(publicKeyRing, implementation)
fun modifyKey(key: OpenPGPKey, referenceTime: Date = Date()): SecretKeyRingEditor =
SecretKeyRingEditor(key, referenceTime)
companion object { companion object {
@Volatile private var instance: PGPainless? = null @Volatile private var instance: PGPainless? = null

332
pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
View file

@ -12,10 +12,13 @@ import openpgp.openPgpKeyId
import org.bouncycastle.bcpg.KeyIdentifier import org.bouncycastle.bcpg.KeyIdentifier
import org.bouncycastle.bcpg.sig.KeyExpirationTime import org.bouncycastle.bcpg.sig.KeyExpirationTime
import org.bouncycastle.openpgp.* import org.bouncycastle.openpgp.*
import org.bouncycastle.openpgp.api.OpenPGPKey
import org.bouncycastle.openpgp.api.OpenPGPKeyEditor
import org.bouncycastle.openpgp.api.SignatureParameters
import org.bouncycastle.openpgp.api.SignatureParameters.Callback
import org.bouncycastle.openpgp.api.SignatureSubpacketsFunction
import org.pgpainless.PGPainless import org.pgpainless.PGPainless
import org.pgpainless.PGPainless.Companion.inspectKeyRing import org.pgpainless.PGPainless.Companion.inspectKeyRing
import org.pgpainless.algorithm.AlgorithmSuite
import org.pgpainless.algorithm.Feature
import org.pgpainless.algorithm.KeyFlag import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.algorithm.OpenPGPKeyVersion import org.pgpainless.algorithm.OpenPGPKeyVersion
import org.pgpainless.algorithm.SignatureType import org.pgpainless.algorithm.SignatureType
@ -23,8 +26,8 @@ import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator
import org.pgpainless.bouncycastle.extensions.getKeyExpirationDate import org.pgpainless.bouncycastle.extensions.getKeyExpirationDate
import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
import org.pgpainless.bouncycastle.extensions.requirePublicKey import org.pgpainless.bouncycastle.extensions.requirePublicKey
import org.pgpainless.bouncycastle.extensions.toOpenPGPKey
import org.pgpainless.implementation.ImplementationFactory import org.pgpainless.implementation.ImplementationFactory
import org.pgpainless.key.OpenPgpFingerprint
import org.pgpainless.key.generation.KeyRingBuilder import org.pgpainless.key.generation.KeyRingBuilder
import org.pgpainless.key.generation.KeySpec import org.pgpainless.key.generation.KeySpec
import org.pgpainless.key.protection.* import org.pgpainless.key.protection.*
@ -38,66 +41,38 @@ import org.pgpainless.signature.subpackets.*
import org.pgpainless.util.Passphrase import org.pgpainless.util.Passphrase
import org.pgpainless.util.selection.userid.SelectUserId import org.pgpainless.util.selection.userid.SelectUserId
class SecretKeyRingEditor( class SecretKeyRingEditor(key: OpenPGPKey,
var secretKeyRing: PGPSecretKeyRing, keyProtector: SecretKeyRingProtector,
override val referenceTime: Date = Date() override val referenceTime: Date = Date()
) : SecretKeyRingEditorInterface { ) : SecretKeyRingEditorInterface {
private var editor: OpenPGPKeyEditor = OpenPGPKeyEditor(key, keyProtector, PGPainless.getInstance().implementation)
constructor(
secretKey: PGPSecretKeyRing,
referenceTime: Date = Date(),
keyProtector: SecretKeyRingProtector
) : this(secretKey.toOpenPGPKey(), keyProtector, referenceTime)
override fun addUserId( override fun addUserId(
userId: CharSequence, userId: CharSequence,
callback: SelfSignatureSubpackets.Callback?, callback: SelfSignatureSubpackets.Callback?
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
val sanitizedUserId = sanitizeUserId(userId).toString() val sanitizedUserId = sanitizeUserId(userId).toString()
val primaryKey = secretKeyRing.secretKey editor.addUserId(sanitizedUserId, object : Callback {
override fun apply(parameters: SignatureParameters): SignatureParameters {
val info = inspectKeyRing(secretKeyRing, referenceTime) return parameters.setSignatureCreationTime(referenceTime)
require(!info.isHardRevoked(userId)) {
"User-ID $userId is hard revoked and cannot be re-certified."
}
val (
hashAlgorithmPreferences,
symmetricKeyAlgorithmPreferences,
compressionAlgorithmPreferences) =
try {
Triple(
info.preferredHashAlgorithms,
info.preferredSymmetricKeyAlgorithms,
info.preferredCompressionAlgorithms)
} catch (e: IllegalStateException) { // missing user-id sig
val algorithmSuite = AlgorithmSuite.defaultAlgorithmSuite
Triple(
algorithmSuite.hashAlgorithms,
algorithmSuite.symmetricKeyAlgorithms,
algorithmSuite.compressionAlgorithms)
} }
})
val builder =
SelfSignatureBuilder(primaryKey, protector).apply {
hashedSubpackets.setSignatureCreationTime(referenceTime)
setSignatureType(SignatureType.POSITIVE_CERTIFICATION)
}
builder.hashedSubpackets.apply {
setKeyFlags(info.getKeyFlagsOf(primaryKey.keyID))
setPreferredHashAlgorithms(hashAlgorithmPreferences)
setPreferredSymmetricKeyAlgorithms(symmetricKeyAlgorithmPreferences)
setPreferredCompressionAlgorithms(compressionAlgorithmPreferences)
setFeatures(Feature.MODIFICATION_DETECTION)
}
builder.applyCallback(callback)
secretKeyRing =
injectCertification(secretKeyRing, sanitizedUserId, builder.build(sanitizedUserId))
return this return this
} }
override fun addPrimaryUserId( override fun addPrimaryUserId(
userId: CharSequence, userId: CharSequence,
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
val uid = sanitizeUserId(userId) val uid = sanitizeUserId(userId)
val primaryKey = secretKeyRing.publicKey val primaryKey = key.publicKey
var info = inspectKeyRing(secretKeyRing, referenceTime) var info = inspectKeyRing(key, referenceTime)
val primaryUserId = info.primaryUserId val primaryUserId = info.primaryUserId
val signature = val signature =
if (primaryUserId == null) info.latestDirectKeySelfSignature if (primaryUserId == null) info.latestDirectKeySelfSignature
@ -116,18 +91,17 @@ class SecretKeyRingEditor(
else setKeyExpirationTime(null) else setKeyExpirationTime(null)
} }
} }
}, })
protector)
// unmark previous primary user-ids to be non-primary // unmark previous primary user-ids to be non-primary
info = inspectKeyRing(secretKeyRing, referenceTime) info = inspectKeyRing(key, referenceTime)
info.validAndExpiredUserIds info.validAndExpiredUserIds
.filterNot { it == uid } .filterNot { it == uid }
.forEach { otherUserId -> .forEach { otherUserId ->
if (info if (info
.getLatestUserIdCertification(otherUserId)!! .getLatestUserIdCertification(otherUserId)!!
.hashedSubPackets .hashedSubPackets
.isPrimaryUserID) { .isPrimaryUserID) {
// We need to unmark this user-id as primary // We need to unmark this user-id as primary
addUserId( addUserId(
otherUserId, otherUserId,
@ -140,34 +114,16 @@ class SecretKeyRingEditor(
setKeyExpirationTime(null) // non-primary setKeyExpirationTime(null) // non-primary
} }
} }
}, })
protector)
} }
} }
return this return this
} }
@Deprecated(
"Use of SelectUserId class is deprecated.",
replaceWith = ReplaceWith("removeUserId(protector, predicate)"))
override fun removeUserId( override fun removeUserId(
selector: SelectUserId,
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface {
return revokeUserIds(
selector,
protector,
RevocationAttributes.createCertificateRevocation()
.withReason(RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID)
.withoutDescription())
}
override fun removeUserId(
protector: SecretKeyRingProtector,
predicate: (String) -> Boolean predicate: (String) -> Boolean
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
return revokeUserIds( return revokeUserIds(
protector,
RevocationAttributes.createCertificateRevocation() RevocationAttributes.createCertificateRevocation()
.withReason(RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID) .withReason(RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID)
.withoutDescription(), .withoutDescription(),
@ -175,23 +131,21 @@ class SecretKeyRingEditor(
} }
override fun removeUserId( override fun removeUserId(
userId: CharSequence, userId: CharSequence
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
return removeUserId(protector) { uid -> userId == uid } return removeUserId { uid -> userId == uid }
} }
override fun replaceUserId( override fun replaceUserId(
oldUserId: CharSequence, oldUserId: CharSequence,
newUserId: CharSequence, newUserId: CharSequence
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
val oldUID = sanitizeUserId(oldUserId) val oldUID = sanitizeUserId(oldUserId)
val newUID = sanitizeUserId(newUserId) val newUID = sanitizeUserId(newUserId)
require(oldUID.isNotBlank()) { "Old user-ID cannot be empty." } require(oldUID.isNotBlank()) { "Old user-ID cannot be empty." }
require(newUID.isNotBlank()) { "New user-ID cannot be empty." } require(newUID.isNotBlank()) { "New user-ID cannot be empty." }
val info = inspectKeyRing(secretKeyRing, referenceTime) val info = inspectKeyRing(key, referenceTime)
if (!info.isUserIdValid(oldUID)) { if (!info.isUserIdValid(oldUID)) {
throw NoSuchElementException( throw NoSuchElementException(
"Key does not carry user-ID '$oldUID', or it is not valid.") "Key does not carry user-ID '$oldUID', or it is not valid.")
@ -218,16 +172,14 @@ class SecretKeyRingEditor(
oldCertification.unhashedSubPackets, oldCertification.unhashedSubPackets,
unhashedSubpackets as SignatureSubpackets) unhashedSubpackets as SignatureSubpackets)
} }
}, })
protector)
return revokeUserId(oldUID, protector) return revokeUserId(oldUID)
} }
override fun addSubKey( override fun addSubkey(
keySpec: KeySpec, keySpec: KeySpec,
subkeyPassphrase: Passphrase, subkeyPassphrase: Passphrase
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
val callback = val callback =
object : SelfSignatureSubpackets.Callback { object : SelfSignatureSubpackets.Callback {
@ -237,34 +189,31 @@ class SecretKeyRingEditor(
hashedSubpackets.setSignatureCreationTime(referenceTime) hashedSubpackets.setSignatureCreationTime(referenceTime)
} }
} }
return addSubKey(keySpec, subkeyPassphrase, callback, protector) return addSubkey(keySpec, subkeyPassphrase, callback)
} }
override fun addSubKey( override fun addSubkey(
keySpec: KeySpec, keySpec: KeySpec,
subkeyPassphrase: Passphrase, subkeyPassphrase: Passphrase,
callback: SelfSignatureSubpackets.Callback?, callback: SelfSignatureSubpackets.Callback?
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
val version = OpenPGPKeyVersion.from(secretKeyRing.getPublicKey().version) val version = OpenPGPKeyVersion.from(key.getPublicKey().version)
val keyPair = KeyRingBuilder.generateKeyPair(keySpec, OpenPGPKeyVersion.v4, referenceTime) val keyPair = KeyRingBuilder.generateKeyPair(keySpec, OpenPGPKeyVersion.v4, referenceTime)
val subkeyProtector = val subkeyProtector =
PasswordBasedSecretKeyRingProtector.forKeyId(keyPair.keyIdentifier, subkeyPassphrase) PasswordBasedSecretKeyRingProtector.forKeyId(keyPair.keyIdentifier, subkeyPassphrase)
val keyFlags = KeyFlag.fromBitmask(keySpec.subpackets.keyFlags).toMutableList() val keyFlags = KeyFlag.fromBitmask(keySpec.subpackets.keyFlags).toMutableList()
return addSubKey( return addSubkey(
keyPair, keyPair,
callback, callback,
subkeyProtector, subkeyProtector,
protector,
keyFlags.removeFirst(), keyFlags.removeFirst(),
*keyFlags.toTypedArray()) *keyFlags.toTypedArray())
} }
override fun addSubKey( override fun addSubkey(
subkey: PGPKeyPair, subkey: PGPKeyPair,
callback: SelfSignatureSubpackets.Callback?, callback: SelfSignatureSubpackets.Callback?,
subkeyProtector: SecretKeyRingProtector, subkeyProtector: SecretKeyRingProtector,
primaryKeyProtector: SecretKeyRingProtector,
keyFlag: KeyFlag, keyFlag: KeyFlag,
vararg keyFlags: KeyFlag vararg keyFlags: KeyFlag
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
@ -277,11 +226,11 @@ class SecretKeyRingEditor(
PGPainless.getPolicy() PGPainless.getPolicy()
.publicKeyAlgorithmPolicy .publicKeyAlgorithmPolicy
.isAcceptable(subkeyAlgorithm, bitStrength)) { .isAcceptable(subkeyAlgorithm, bitStrength)) {
"Public key algorithm policy violation: $subkeyAlgorithm with bit strength $bitStrength is not acceptable." "Public key algorithm policy violation: $subkeyAlgorithm with bit strength $bitStrength is not acceptable."
} }
val primaryKey = secretKeyRing.secretKey val primaryKey = key.secretKey
val info = inspectKeyRing(secretKeyRing, referenceTime) val info = inspectKeyRing(key, referenceTime)
val hashAlgorithm = val hashAlgorithm =
HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(PGPainless.getPolicy()) HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(PGPainless.getPolicy())
.negotiateHashAlgorithm(info.preferredHashAlgorithms) .negotiateHashAlgorithm(info.preferredHashAlgorithms)
@ -309,61 +258,60 @@ class SecretKeyRingEditor(
secretSubkey = secretSubkey =
KeyRingUtils.secretKeyPlusSignature( KeyRingUtils.secretKeyPlusSignature(
secretSubkey, skBindingBuilder.build(secretSubkey.publicKey)) secretSubkey, skBindingBuilder.build(secretSubkey.publicKey))
secretKeyRing = KeyRingUtils.keysPlusSecretKey(secretKeyRing, secretSubkey) key = KeyRingUtils.keysPlusSecretKey(key, secretSubkey)
return this return this
} }
override fun revoke( override fun revoke(
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
return revoke(protector, callbackFromRevocationAttributes(revocationAttributes)) return revoke(callbackFromRevocationAttributes(revocationAttributes))
} }
override fun revoke( override fun revoke(
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
return revokeSubKey(secretKeyRing.secretKey.keyID, protector, callback) editor.revokeKey(object : SignatureParameters.Callback {
override fun apply(parameters: SignatureParameters?): SignatureParameters {
if (callback != null) {
callback.modifyHashedSubpackets()
}
}
})
} }
override fun revokeSubKey( override fun revokeSubkey(
subkeyId: Long, subkeyIdentifier: KeyIdentifier,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
return revokeSubKey( return revokeSubkey(subkeyIdentifier, callbackFromRevocationAttributes(revocationAttributes))
subkeyId, protector, callbackFromRevocationAttributes(revocationAttributes))
} }
override fun revokeSubKey( override fun revokeSubkey(
subkeyId: Long, subkeyId: Long,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
val revokeeSubKey = secretKeyRing.requirePublicKey(subkeyId) val revokeeSubKey = key.requirePublicKey(subkeyId)
val subkeyRevocation = generateRevocation(protector, revokeeSubKey, callback) val subkeyRevocation = generateRevocation(revokeeSubKey, callback)
secretKeyRing = injectCertification(secretKeyRing, revokeeSubKey, subkeyRevocation) key = injectCertification(key, revokeeSubKey, subkeyRevocation)
return this return this
} }
override fun revokeUserId( override fun revokeUserId(
userId: CharSequence, userId: CharSequence,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
if (revocationAttributes != null) { if (revocationAttributes != null) {
require( require(
revocationAttributes.reason == RevocationAttributes.Reason.NO_REASON || revocationAttributes.reason == RevocationAttributes.Reason.NO_REASON ||
revocationAttributes.reason == revocationAttributes.reason ==
RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID) { RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID) {
"Revocation reason must either be NO_REASON or USER_ID_NO_LONGER_VALID" "Revocation reason must either be NO_REASON or USER_ID_NO_LONGER_VALID"
} }
} }
return revokeUserId( return revokeUserId(
userId, userId,
protector,
object : RevocationSignatureSubpackets.Callback { object : RevocationSignatureSubpackets.Callback {
override fun modifyHashedSubpackets( override fun modifyHashedSubpackets(
hashedSubpackets: RevocationSignatureSubpackets hashedSubpackets: RevocationSignatureSubpackets
@ -377,19 +325,16 @@ class SecretKeyRingEditor(
override fun revokeUserId( override fun revokeUserId(
userId: CharSequence, userId: CharSequence,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
return revokeUserIds(protector, callback, SelectUserId.exactMatch(sanitizeUserId(userId))) return revokeUserIds(callback, SelectUserId.exactMatch(sanitizeUserId(userId)))
} }
override fun revokeUserIds( override fun revokeUserIds(
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes?, revocationAttributes: RevocationAttributes?,
predicate: (String) -> Boolean predicate: (String) -> Boolean
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
return revokeUserIds( return revokeUserIds(
protector,
object : RevocationSignatureSubpackets.Callback { object : RevocationSignatureSubpackets.Callback {
override fun modifyHashedSubpackets( override fun modifyHashedSubpackets(
hashedSubpackets: RevocationSignatureSubpackets hashedSubpackets: RevocationSignatureSubpackets
@ -402,7 +347,6 @@ class SecretKeyRingEditor(
} }
override fun revokeUserIds( override fun revokeUserIds(
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback?, callback: RevocationSignatureSubpackets.Callback?,
predicate: (String) -> Boolean predicate: (String) -> Boolean
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
@ -411,38 +355,36 @@ class SecretKeyRingEditor(
if (it.isEmpty()) if (it.isEmpty())
throw NoSuchElementException("No matching user-ids found on the key.") throw NoSuchElementException("No matching user-ids found on the key.")
} }
.forEach { userId -> doRevokeUserId(userId, protector, callback) } .forEach { userId -> doRevokeUserId(userId, callback) }
return this return this
} }
override fun setExpirationDate( override fun setExpirationDate(
expiration: Date?, expiration: Date?
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
require(secretKeyRing.secretKey.isMasterKey) { require(key.secretKey.isMasterKey) {
"OpenPGP key does not appear to contain a primary secret key." "OpenPGP key does not appear to contain a primary secret key."
} }
val prevDirectKeySig = getPreviousDirectKeySignature() val prevDirectKeySig = getPreviousDirectKeySignature()
// reissue direct key sig // reissue direct key sig
if (prevDirectKeySig != null) { if (prevDirectKeySig != null) {
secretKeyRing = key =
injectCertification( injectCertification(
secretKeyRing, key,
secretKeyRing.publicKey, key.publicKey,
reissueDirectKeySignature(expiration, protector, prevDirectKeySig)) reissueDirectKeySignature(expiration, prevDirectKeySig))
} }
val primaryUserId = val primaryUserId = inspectKeyRing(key, referenceTime).getPossiblyExpiredPrimaryUserId()
inspectKeyRing(secretKeyRing, referenceTime).getPossiblyExpiredPrimaryUserId()
if (primaryUserId != null) { if (primaryUserId != null) {
val prevUserIdSig = getPreviousUserIdSignatures(primaryUserId) val prevUserIdSig = getPreviousUserIdSignatures(primaryUserId)
val userIdSig = val userIdSig =
reissuePrimaryUserIdSig(expiration, protector, primaryUserId, prevUserIdSig!!) reissuePrimaryUserIdSig(expiration, primaryUserId, prevUserIdSig!!)
secretKeyRing = injectCertification(secretKeyRing, primaryUserId, userIdSig) key = injectCertification(key, primaryUserId, userIdSig)
} }
val info = inspectKeyRing(secretKeyRing, referenceTime) val info = inspectKeyRing(key, referenceTime)
for (userId in info.validUserIds) { for (userId in info.validUserIds) {
if (userId == primaryUserId) { if (userId == primaryUserId) {
continue continue
@ -453,11 +395,11 @@ class SecretKeyRingEditor(
?: throw AssertionError( ?: throw AssertionError(
"A valid user-id shall never have no user-id signature.") "A valid user-id shall never have no user-id signature.")
if (prevUserIdSig.hashedSubPackets.isPrimaryUserID) { if (prevUserIdSig.hashedSubPackets.isPrimaryUserID) {
secretKeyRing = key =
injectCertification( injectCertification(
secretKeyRing, key,
primaryUserId!!, primaryUserId!!,
reissueNonPrimaryUserId(protector, userId, prevUserIdSig)) reissueNonPrimaryUserId(userId, prevUserIdSig))
} }
} }
@ -466,28 +408,26 @@ class SecretKeyRingEditor(
override fun setExpirationDateOfSubkey( override fun setExpirationDateOfSubkey(
expiration: Date?, expiration: Date?,
keyId: Long, keyIdentifier: KeyIdentifier
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface = apply { ): SecretKeyRingEditorInterface = apply {
// is primary key // is primary key
if (keyId == secretKeyRing.publicKey.keyID) { if (keyId == key.publicKey.keyID) {
return setExpirationDate(expiration, protector) return setExpirationDate(expiration)
} }
// is subkey // is subkey
val subkey = val subkey =
secretKeyRing.getPublicKey(keyId) key.getPublicKey(keyId)
?: throw NoSuchElementException("No subkey with ID ${keyId.openPgpKeyId()} found.") ?: throw NoSuchElementException("No subkey with ID ${keyId.openPgpKeyId()} found.")
val prevBinding = val prevBinding =
inspectKeyRing(secretKeyRing).getCurrentSubkeyBindingSignature(keyId) inspectKeyRing(key).getCurrentSubkeyBindingSignature(keyId)
?: throw NoSuchElementException( ?: throw NoSuchElementException(
"Previous subkey binding signaure for ${keyId.openPgpKeyId()} MUST NOT be null.") "Previous subkey binding signaure for ${keyId.openPgpKeyId()} MUST NOT be null.")
val bindingSig = reissueSubkeyBindingSignature(subkey, expiration, protector, prevBinding) val bindingSig = reissueSubkeyBindingSignature(subkey, expiration, prevBinding)
secretKeyRing = injectCertification(secretKeyRing, subkey, bindingSig) key = injectCertification(key, subkey, bindingSig)
} }
override fun createMinimalRevocationCertificate( override fun createMinimalRevocationCertificate(
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): PGPPublicKeyRing { ): PGPPublicKeyRing {
// Check reason // Check reason
@ -497,51 +437,34 @@ class SecretKeyRingEditor(
} }
} }
val revocation = createRevocation(protector, revocationAttributes) val revocation = createRevocation(revocationAttributes)
var primaryKey = secretKeyRing.secretKey.publicKey var primaryKey = key.secretKey.publicKey
primaryKey = KeyRingUtils.getStrippedDownPublicKey(primaryKey) primaryKey = KeyRingUtils.getStrippedDownPublicKey(primaryKey)
primaryKey = PGPPublicKey.addCertification(primaryKey, revocation) primaryKey = PGPPublicKey.addCertification(primaryKey, revocation)
return PGPPublicKeyRing(listOf(primaryKey)) return PGPPublicKeyRing(listOf(primaryKey))
} }
override fun createRevocation( override fun createRevocation(
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): PGPSignature { ): PGPSignature {
return generateRevocation( return generateRevocation(
protector, key.publicKey, callbackFromRevocationAttributes(revocationAttributes))
secretKeyRing.publicKey, }
override fun createRevocation(
subkeyIdentifier: KeyIdentifier,
revocationAttributes: RevocationAttributes?
): PGPSignature {
return generateRevocation(
key.requirePublicKey(subkeyId),
callbackFromRevocationAttributes(revocationAttributes)) callbackFromRevocationAttributes(revocationAttributes))
} }
override fun createRevocation( override fun createRevocation(
subkeyId: Long, subkeyIdentifier: KeyIdentifier,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes?
): PGPSignature {
return generateRevocation(
protector,
secretKeyRing.requirePublicKey(subkeyId),
callbackFromRevocationAttributes(revocationAttributes))
}
override fun createRevocation(
subkeyId: Long,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): PGPSignature { ): PGPSignature {
return generateRevocation(protector, secretKeyRing.requirePublicKey(subkeyId), callback) return generateRevocation(key.requirePublicKey(subkeyId), callback)
}
override fun createRevocation(
subkeyFingerprint: OpenPgpFingerprint,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes?
): PGPSignature {
return generateRevocation(
protector,
secretKeyRing.requirePublicKey(subkeyFingerprint),
callbackFromRevocationAttributes(revocationAttributes))
} }
override fun changePassphraseFromOldPassphrase( override fun changePassphraseFromOldPassphrase(
@ -567,12 +490,12 @@ class SecretKeyRingEditor(
mapOf(keyIdentifier to oldPassphrase), oldProtectionSettings, null)) mapOf(keyIdentifier to oldPassphrase), oldProtectionSettings, null))
} }
override fun done(): PGPSecretKeyRing { override fun done(): OpenPGPKey {
return secretKeyRing return editor.done()
} }
private fun sanitizeUserId(userId: CharSequence): CharSequence = private fun sanitizeUserId(userId: CharSequence): CharSequence =
// TODO: Further research how to sanitize user IDs. // TODO: Further research how to sanitize user IDs.
// e.g. what about newlines? // e.g. what about newlines?
userId.toString().trim() userId.toString().trim()
@ -586,45 +509,39 @@ class SecretKeyRingEditor(
} }
private fun generateRevocation( private fun generateRevocation(
protector: SecretKeyRingProtector,
revokeeSubkey: PGPPublicKey, revokeeSubkey: PGPPublicKey,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): PGPSignature { ): PGPSignature {
val primaryKey = secretKeyRing.secretKey val primaryKey = key.secretKey
val signatureType = val signatureType =
if (revokeeSubkey.isMasterKey) SignatureType.KEY_REVOCATION if (revokeeSubkey.isMasterKey) SignatureType.KEY_REVOCATION
else SignatureType.SUBKEY_REVOCATION else SignatureType.SUBKEY_REVOCATION
return RevocationSignatureBuilder(signatureType, primaryKey, protector) return RevocationSignatureBuilder(signatureType, primaryKey)
.apply { applyCallback(callback) } .apply { applyCallback(callback) }
.build(revokeeSubkey) .build(revokeeSubkey)
} }
private fun doRevokeUserId( private fun doRevokeUserId(
userId: CharSequence, userId: CharSequence,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): SecretKeyRingEditorInterface { ): SecretKeyRingEditorInterface {
RevocationSignatureBuilder( RevocationSignatureBuilder(SignatureType.CERTIFICATION_REVOCATION, key.secretKey)
SignatureType.CERTIFICATION_REVOCATION, secretKeyRing.secretKey, protector)
.apply { .apply {
hashedSubpackets.setSignatureCreationTime(referenceTime) hashedSubpackets.setSignatureCreationTime(referenceTime)
applyCallback(callback) applyCallback(callback)
} }
.let { .let { key = injectCertification(key, userId, it.build(userId.toString())) }
secretKeyRing =
injectCertification(secretKeyRing, userId, it.build(userId.toString()))
}
return this return this
} }
private fun getPreviousDirectKeySignature(): PGPSignature? { private fun getPreviousDirectKeySignature(): PGPSignature? {
val info = inspectKeyRing(secretKeyRing, referenceTime) val info = inspectKeyRing(key, referenceTime)
return info.latestDirectKeySelfSignature return info.latestDirectKeySelfSignature
} }
private fun getPreviousUserIdSignatures(userId: String): PGPSignature? { private fun getPreviousUserIdSignatures(userId: String): PGPSignature? {
val info = inspectKeyRing(secretKeyRing, referenceTime) val info = inspectKeyRing(key, referenceTime)
return info.getLatestUserIdCertification(userId) return info.getLatestUserIdCertification(userId)
} }
@ -634,8 +551,7 @@ class SecretKeyRingEditor(
userId: String, userId: String,
prevUserIdSig: PGPSignature prevUserIdSig: PGPSignature
): PGPSignature { ): PGPSignature {
val builder = val builder = SelfSignatureBuilder(key.secretKey, secretKeyRingProtector, prevUserIdSig)
SelfSignatureBuilder(secretKeyRing.secretKey, secretKeyRingProtector, prevUserIdSig)
builder.hashedSubpackets.setSignatureCreationTime(referenceTime) builder.hashedSubpackets.setSignatureCreationTime(referenceTime)
builder.applyCallback( builder.applyCallback(
object : SelfSignatureSubpackets.Callback { object : SelfSignatureSubpackets.Callback {
@ -654,7 +570,7 @@ class SecretKeyRingEditor(
@Nonnull primaryUserId: String, @Nonnull primaryUserId: String,
@Nonnull prevUserIdSig: PGPSignature @Nonnull prevUserIdSig: PGPSignature
): PGPSignature { ): PGPSignature {
return SelfSignatureBuilder(secretKeyRing.secretKey, secretKeyRingProtector, prevUserIdSig) return SelfSignatureBuilder(key.secretKey, secretKeyRingProtector, prevUserIdSig)
.apply { .apply {
hashedSubpackets.setSignatureCreationTime(referenceTime) hashedSubpackets.setSignatureCreationTime(referenceTime)
applyCallback( applyCallback(
@ -664,7 +580,7 @@ class SecretKeyRingEditor(
) { ) {
if (expiration != null) { if (expiration != null) {
hashedSubpackets.setKeyExpirationTime( hashedSubpackets.setKeyExpirationTime(
true, secretKeyRing.publicKey.creationTime, expiration) true, key.publicKey.creationTime, expiration)
} else { } else {
hashedSubpackets.setKeyExpirationTime(KeyExpirationTime(true, 0)) hashedSubpackets.setKeyExpirationTime(KeyExpirationTime(true, 0))
} }
@ -682,7 +598,7 @@ class SecretKeyRingEditor(
prevDirectKeySig: PGPSignature prevDirectKeySig: PGPSignature
): PGPSignature { ): PGPSignature {
return DirectKeySelfSignatureBuilder( return DirectKeySelfSignatureBuilder(
secretKeyRing.secretKey, secretKeyRingProtector, prevDirectKeySig) key.secretKey, secretKeyRingProtector, prevDirectKeySig)
.apply { .apply {
hashedSubpackets.setSignatureCreationTime(referenceTime) hashedSubpackets.setSignatureCreationTime(referenceTime)
applyCallback( applyCallback(
@ -692,7 +608,7 @@ class SecretKeyRingEditor(
) { ) {
if (expiration != null) { if (expiration != null) {
hashedSubpackets.setKeyExpirationTime( hashedSubpackets.setKeyExpirationTime(
secretKeyRing.publicKey.creationTime, expiration) key.publicKey.creationTime, expiration)
} else { } else {
hashedSubpackets.setKeyExpirationTime(null) hashedSubpackets.setKeyExpirationTime(null)
} }
@ -708,9 +624,9 @@ class SecretKeyRingEditor(
protector: SecretKeyRingProtector, protector: SecretKeyRingProtector,
prevSubkeyBindingSignature: PGPSignature prevSubkeyBindingSignature: PGPSignature
): PGPSignature { ): PGPSignature {
val primaryKey = secretKeyRing.publicKey val primaryKey = key.publicKey
val secretPrimaryKey = secretKeyRing.secretKey val secretPrimaryKey = key.secretKey
val secretSubkey: PGPSecretKey? = secretKeyRing.getSecretKey(subkey.keyID) val secretSubkey: PGPSecretKey? = key.getSecretKey(subkey.keyID)
val builder = val builder =
SubkeyBindingSignatureBuilder(secretPrimaryKey, protector, prevSubkeyBindingSignature) SubkeyBindingSignatureBuilder(secretPrimaryKey, protector, prevSubkeyBindingSignature)
@ -742,7 +658,7 @@ class SecretKeyRingEditor(
} }
private fun selectUserIds(predicate: Predicate<String>): List<String> = private fun selectUserIds(predicate: Predicate<String>): List<String> =
inspectKeyRing(secretKeyRing).validUserIds.filter { predicate.test(it) } inspectKeyRing(key).validUserIds.filter { predicate.test(it) }
private class WithKeyRingEncryptionSettingsImpl( private class WithKeyRingEncryptionSettingsImpl(
private val editor: SecretKeyRingEditor, private val editor: SecretKeyRingEditor,
@ -772,15 +688,15 @@ class SecretKeyRingEditor(
val protector = val protector =
PasswordBasedSecretKeyRingProtector( PasswordBasedSecretKeyRingProtector(
newProtectionSettings, SolitaryPassphraseProvider(passphrase)) newProtectionSettings, SolitaryPassphraseProvider(passphrase))
val secretKeys = changePassphrase(keyId, editor.secretKeyRing, oldProtector, protector) val secretKeys = changePassphrase(keyId, editor.key, oldProtector, protector)
editor.secretKeyRing = secretKeys editor.key = secretKeys
return editor return editor
} }
override fun toNoPassphrase(): SecretKeyRingEditorInterface { override fun toNoPassphrase(): SecretKeyRingEditorInterface {
val protector = UnprotectedKeysProtector() val protector = UnprotectedKeysProtector()
val secretKeys = changePassphrase(keyId, editor.secretKeyRing, oldProtector, protector) val secretKeys = changePassphrase(keyId, editor.key, oldProtector, protector)
editor.secretKeyRing = secretKeys editor.key = secretKeys
return editor return editor
} }
} }

291
pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditorInterface.kt
View file

@ -10,6 +10,7 @@ import java.security.NoSuchAlgorithmException
import java.util.* import java.util.*
import org.bouncycastle.bcpg.KeyIdentifier import org.bouncycastle.bcpg.KeyIdentifier
import org.bouncycastle.openpgp.* import org.bouncycastle.openpgp.*
import org.bouncycastle.openpgp.api.OpenPGPKey
import org.pgpainless.algorithm.KeyFlag import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.key.OpenPgpFingerprint import org.pgpainless.key.OpenPgpFingerprint
import org.pgpainless.key.generation.KeySpec import org.pgpainless.key.generation.KeySpec
@ -19,7 +20,6 @@ import org.pgpainless.key.util.RevocationAttributes
import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
import org.pgpainless.util.Passphrase import org.pgpainless.util.Passphrase
import org.pgpainless.util.selection.userid.SelectUserId
interface SecretKeyRingEditorInterface { interface SecretKeyRingEditorInterface {
@ -33,28 +33,23 @@ interface SecretKeyRingEditorInterface {
* Add a user-id to the key ring. * Add a user-id to the key ring.
* *
* @param userId user-id * @param userId user-id
* @param protector protector to unlock the secret key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a signature for the user-id * @throws PGPException in case we cannot generate a signature for the user-id
*/ */
@Throws(PGPException::class) @Throws(PGPException::class) fun addUserId(userId: CharSequence) = addUserId(userId, null)
fun addUserId(userId: CharSequence, protector: SecretKeyRingProtector) =
addUserId(userId, null, protector)
/** /**
* Add a user-id to the key ring. * Add a user-id to the key ring.
* *
* @param userId user-id * @param userId user-id
* @param callback callback to modify the self-signature subpackets * @param callback callback to modify the self-signature subpackets
* @param protector protector to unlock the secret key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a signature for the user-id * @throws PGPException in case we cannot generate a signature for the user-id
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun addUserId( fun addUserId(
userId: CharSequence, userId: CharSequence,
callback: SelfSignatureSubpackets.Callback? = null, callback: SelfSignatureSubpackets.Callback? = null
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
/** /**
@ -62,48 +57,23 @@ interface SecretKeyRingEditorInterface {
* new certification signature will be created. * new certification signature will be created.
* *
* @param userId user id * @param userId user id
* @param protector protector to unlock the secret key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a signature for the user-id * @throws PGPException in case we cannot generate a signature for the user-id
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun addPrimaryUserId( fun addPrimaryUserId(userId: CharSequence): SecretKeyRingEditorInterface
userId: CharSequence,
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface
/** /**
* Convenience method to revoke selected user-ids using soft revocation signatures. The * Convenience method to revoke selected user-ids using soft revocation signatures. The
* revocation will use [RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID], so that the * revocation will use [RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID], so that the
* user-id can be re-certified at a later point. * user-id can be re-certified at a later point.
* *
* @param selector selector to select user-ids
* @param protector protector to unlock the primary key
* @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id
*/
@Deprecated(
"Use of SelectUserId class is deprecated.",
ReplaceWith("removeUserId(protector, predicate)"))
@Throws(PGPException::class)
fun removeUserId(selector: SelectUserId, protector: SecretKeyRingProtector) =
removeUserId(protector, selector)
/**
* Convenience method to revoke selected user-ids using soft revocation signatures. The
* revocation will use [RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID], so that the
* user-id can be re-certified at a later point.
*
* @param protector protector to unlock the primary key
* @param predicate predicate to select user-ids for revocation * @param predicate predicate to select user-ids for revocation
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id * @throws PGPException in case we cannot generate a revocation signature for the user-id
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun removeUserId( fun removeUserId(predicate: (String) -> Boolean): SecretKeyRingEditorInterface
protector: SecretKeyRingProtector,
predicate: (String) -> Boolean
): SecretKeyRingEditorInterface
/** /**
* Convenience method to revoke a single user-id using a soft revocation signature. The * Convenience method to revoke a single user-id using a soft revocation signature. The
@ -111,15 +81,11 @@ interface SecretKeyRingEditorInterface {
* can be re-certified at a later point. * can be re-certified at a later point.
* *
* @param userId user-id to revoke * @param userId user-id to revoke
* @param protector protector to unlock the primary key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id * @throws PGPException in case we cannot generate a revocation signature for the user-id
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun removeUserId( fun removeUserId(userId: CharSequence): SecretKeyRingEditorInterface
userId: CharSequence,
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface
/** /**
* Replace a user-id on the key with a new one. The old user-id gets soft revoked and the new * Replace a user-id on the key with a new one. The old user-id gets soft revoked and the new
@ -130,7 +96,6 @@ interface SecretKeyRingEditorInterface {
* *
* @param oldUserId old user-id * @param oldUserId old user-id
* @param newUserId new user-id * @param newUserId new user-id
* @param protector protector to unlock the secret key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation and certification signature * @throws PGPException in case we cannot generate a revocation and certification signature
* @throws java.util.NoSuchElementException if the old user-id was not found on the key; or if * @throws java.util.NoSuchElementException if the old user-id was not found on the key; or if
@ -139,8 +104,7 @@ interface SecretKeyRingEditorInterface {
@Throws(PGPException::class) @Throws(PGPException::class)
fun replaceUserId( fun replaceUserId(
oldUserId: CharSequence, oldUserId: CharSequence,
newUserId: CharSequence, newUserId: CharSequence
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
/** /**
@ -149,7 +113,6 @@ interface SecretKeyRingEditorInterface {
* @param keySpec key specification * @param keySpec key specification
* @param subkeyPassphrase passphrase to encrypt the sub key * @param subkeyPassphrase passphrase to encrypt the sub key
* @param callback callback to modify the subpackets of the subkey binding signature * @param callback callback to modify the subpackets of the subkey binding signature
* @param protector protector to unlock the secret key of the key ring
* @return the builder * @return the builder
* @throws InvalidAlgorithmParameterException in case the user wants to use invalid parameters * @throws InvalidAlgorithmParameterException in case the user wants to use invalid parameters
* for the key * for the key
@ -162,11 +125,10 @@ interface SecretKeyRingEditorInterface {
IOException::class, IOException::class,
InvalidAlgorithmParameterException::class, InvalidAlgorithmParameterException::class,
NoSuchAlgorithmException::class) NoSuchAlgorithmException::class)
fun addSubKey( fun addSubkey(
keySpec: KeySpec, keySpec: KeySpec,
subkeyPassphrase: Passphrase, subkeyPassphrase: Passphrase,
callback: SelfSignatureSubpackets.Callback? = null, callback: SelfSignatureSubpackets.Callback? = null
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
/** /**
@ -175,7 +137,6 @@ interface SecretKeyRingEditorInterface {
* @param subkey subkey key pair * @param subkey subkey key pair
* @param callback callback to modify the subpackets of the subkey binding signature * @param callback callback to modify the subpackets of the subkey binding signature
* @param subkeyProtector protector to unlock and encrypt the subkey * @param subkeyProtector protector to unlock and encrypt the subkey
* @param primaryKeyProtector protector to unlock the primary key
* @param keyFlag first mandatory key flag for the subkey * @param keyFlag first mandatory key flag for the subkey
* @param keyFlags optional additional key flags * @param keyFlags optional additional key flags
* @return builder * @return builder
@ -183,11 +144,10 @@ interface SecretKeyRingEditorInterface {
* @throws IOException in case of an IO error * @throws IOException in case of an IO error
*/ */
@Throws(PGPException::class, IOException::class) @Throws(PGPException::class, IOException::class)
fun addSubKey( fun addSubkey(
subkey: PGPKeyPair, subkey: PGPKeyPair,
callback: SelfSignatureSubpackets.Callback?, callback: SelfSignatureSubpackets.Callback?,
subkeyProtector: SecretKeyRingProtector, subkeyProtector: SecretKeyRingProtector,
primaryKeyProtector: SecretKeyRingProtector,
keyFlag: KeyFlag, keyFlag: KeyFlag,
vararg keyFlags: KeyFlag vararg keyFlags: KeyFlag
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
@ -195,42 +155,60 @@ interface SecretKeyRingEditorInterface {
/** /**
* Revoke the key ring using a hard revocation. * Revoke the key ring using a hard revocation.
* *
* @param protector protector of the primary key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature * @throws PGPException in case we cannot generate a revocation signature
*/ */
@Throws(PGPException::class) @Throws(PGPException::class) fun revoke() = revoke(null as RevocationAttributes?)
fun revoke(protector: SecretKeyRingProtector) = revoke(protector, null as RevocationAttributes?)
/** /**
* Revoke the key ring using the provided revocation attributes. The attributes define, whether * Revoke the key ring using the provided revocation attributes. The attributes define, whether
* the revocation was a hard revocation or not. * the revocation was a hard revocation or not.
* *
* @param protector protector of the primary key
* @param revocationAttributes reason for the revocation * @param revocationAttributes reason for the revocation
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature * @throws PGPException in case we cannot generate a revocation signature
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revoke( fun revoke(revocationAttributes: RevocationAttributes? = null): SecretKeyRingEditorInterface
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? = null
): SecretKeyRingEditorInterface
/** /**
* Revoke the key ring. You can use the [RevocationSignatureSubpackets.Callback] to modify the * Revoke the key ring. You can use the [RevocationSignatureSubpackets.Callback] to modify the
* revocation signatures subpackets, e.g. in order to define whether this is a hard or soft * revocation signatures subpackets, e.g. in order to define whether this is a hard or soft
* revocation. * revocation.
* *
* @param protector protector to unlock the primary secret key
* @param callback callback to modify the revocations subpackets * @param callback callback to modify the revocations subpackets
* @return builder * @return builder
* @throws PGPException in case we cannot generate a revocation signature * @throws PGPException in case we cannot generate a revocation signature
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revoke( fun revoke(callback: RevocationSignatureSubpackets.Callback?): SecretKeyRingEditorInterface
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? fun revokeSubkey(subkeyIdentifier: KeyIdentifier) = revokeSubkey(subkeyIdentifier, null)
/**
* Revoke the subkey binding signature of a subkey. The subkey with the provided fingerprint
* will be revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown.
*
* @param fingerprint fingerprint of the subkey to be revoked
* @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the subkey
*/
@Throws(PGPException::class)
@Deprecated("Pass in the subkeys KeyIdentifier instead.")
fun revokeSubkey(fingerprint: OpenPgpFingerprint) = revokeSubkey(fingerprint.keyIdentifier)
/**
* Revoke the subkey binding signature of a subkey. The subkey with the provided fingerprint
* will be revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown.
*
* @param subkeyIdentifier identifier of the subkey to be revoked
* @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the subkey
*/
@Throws(PGPException::class)
fun revokeSubkey(
subkeyIdentifier: KeyIdentifier,
revocationAttributes: RevocationAttributes? = null
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
/** /**
@ -238,61 +216,44 @@ interface SecretKeyRingEditorInterface {
* will be revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown. * will be revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown.
* *
* @param fingerprint fingerprint of the subkey to be revoked * @param fingerprint fingerprint of the subkey to be revoked
* @param protector protector to unlock the primary key
* @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the subkey
*/
@Throws(PGPException::class)
fun revokeSubKey(fingerprint: OpenPgpFingerprint, protector: SecretKeyRingProtector) =
revokeSubKey(fingerprint, protector, null)
/**
* Revoke the subkey binding signature of a subkey. The subkey with the provided fingerprint
* will be revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown.
*
* @param fingerprint fingerprint of the subkey to be revoked
* @param protector protector to unlock the primary key
* @param revocationAttributes reason for the revocation * @param revocationAttributes reason for the revocation
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the subkey * @throws PGPException in case we cannot generate a revocation signature for the subkey
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeSubKey( @Deprecated("Pass in the subkeys KeyIdentifier instead.")
fun revokeSubkey(
fingerprint: OpenPgpFingerprint, fingerprint: OpenPgpFingerprint,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? = null revocationAttributes: RevocationAttributes? = null
): SecretKeyRingEditorInterface = ): SecretKeyRingEditorInterface = revokeSubkey(fingerprint.keyIdentifier, revocationAttributes)
revokeSubKey(fingerprint.keyId, protector, revocationAttributes)
/** /**
* Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be * Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be
* revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown. * revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown.
* *
* @param subkeyId id of the subkey * @param subkeyId id of the subkey
* @param protector protector to unlock the primary key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the subkey * @throws PGPException in case we cannot generate a revocation signature for the subkey
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeSubKey(subkeyId: Long, protector: SecretKeyRingProtector) = @Deprecated("Pass in the keys KeyIdentifier instead.")
revokeSubKey(subkeyId, protector, null as RevocationAttributes?) fun revokeSubkey(subkeyId: Long) =
revokeSubkey(KeyIdentifier(subkeyId), null as RevocationAttributes?)
/** /**
* Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be * Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be
* revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown. * revoked. If no suitable subkey is found, a [NoSuchElementException] will be thrown.
* *
* @param subkeyId id of the subkey * @param subkeyId id of the subkey
* @param protector protector to unlock the primary key
* @param revocationAttributes reason for the revocation * @param revocationAttributes reason for the revocation
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the subkey * @throws PGPException in case we cannot generate a revocation signature for the subkey
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeSubKey( fun revokeSubkey(
subkeyId: Long, subkeyId: Long,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? = null revocationAttributes: RevocationAttributes? = null
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface = revokeSubkey(KeyIdentifier(subkeyId), revocationAttributes)
/** /**
* Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be * Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be
@ -301,16 +262,14 @@ interface SecretKeyRingEditorInterface {
* The provided subpackets callback is used to modify the revocation signatures subpackets. * The provided subpackets callback is used to modify the revocation signatures subpackets.
* *
* @param subkeyId id of the subkey * @param subkeyId id of the subkey
* @param protector protector to unlock the secret key ring
* @param callback callback which can be used to modify the subpackets of the revocation * @param callback callback which can be used to modify the subpackets of the revocation
* signature * signature
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the subkey * @throws PGPException in case we cannot generate a revocation signature for the subkey
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeSubKey( fun revokeSubkey(
subkeyId: Long, subkeyId: Long,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
@ -318,19 +277,16 @@ interface SecretKeyRingEditorInterface {
* Hard-revoke the given userID. * Hard-revoke the given userID.
* *
* @param userId userId to revoke * @param userId userId to revoke
* @param protector protector to unlock the primary key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id * @throws PGPException in case we cannot generate a revocation signature for the user-id
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeUserId(userId: CharSequence, protector: SecretKeyRingProtector) = fun revokeUserId(userId: CharSequence) = revokeUserId(userId, null as RevocationAttributes?)
revokeUserId(userId, protector, null as RevocationAttributes?)
/** /**
* Revoke the given userID using the provided revocation attributes. * Revoke the given userID using the provided revocation attributes.
* *
* @param userId userId to revoke * @param userId userId to revoke
* @param protector protector to unlock the primary key
* @param revocationAttributes reason for the revocation * @param revocationAttributes reason for the revocation
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id * @throws PGPException in case we cannot generate a revocation signature for the user-id
@ -338,7 +294,6 @@ interface SecretKeyRingEditorInterface {
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeUserId( fun revokeUserId(
userId: CharSequence, userId: CharSequence,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? = null revocationAttributes: RevocationAttributes? = null
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
@ -350,7 +305,6 @@ interface SecretKeyRingEditorInterface {
* revocation reason in the signatures hashed area using the subpacket callback. * revocation reason in the signatures hashed area using the subpacket callback.
* *
* @param userId userid to be revoked * @param userId userid to be revoked
* @param protector protector to unlock the primary secret key
* @param callback callback to modify the revocations subpackets * @param callback callback to modify the revocations subpackets
* @return builder * @return builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id * @throws PGPException in case we cannot generate a revocation signature for the user-id
@ -358,41 +312,16 @@ interface SecretKeyRingEditorInterface {
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeUserId( fun revokeUserId(
userId: CharSequence, userId: CharSequence,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
/** /**
* Revoke all user-ids that match the provided [SelectUserId] filter. The provided * Revoke all user-ids that match the provided [predicate]. The provided [RevocationAttributes]
* [RevocationAttributes] will be set as reason for revocation in each revocation signature. * will be set as reason for revocation in each revocation signature.
* *
* Note: If you intend to re-certify these user-ids at a later point, make sure to choose a soft * Note: If you intend to re-certify these user-ids at a later point, make sure to choose a soft
* revocation reason. See [RevocationAttributes.Reason] for more information. * revocation reason. See [RevocationAttributes.Reason] for more information.
* *
* @param selector user-id selector
* @param protector protector to unlock the primary secret key
* @param revocationAttributes revocation attributes
* @return builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id
*/
@Throws(PGPException::class)
@Deprecated(
"Use of SelectUserId class is deprecated.",
ReplaceWith("revokeUserIds(protector, revocationAttributes, predicate)"))
fun revokeUserIds(
selector: SelectUserId,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes?
) = revokeUserIds(protector, revocationAttributes, selector)
/**
* Revoke all user-ids that match the provided [SelectUserId] filter. The provided
* [RevocationAttributes] will be set as reason for revocation in each revocation signature.
*
* Note: If you intend to re-certify these user-ids at a later point, make sure to choose a soft
* revocation reason. See [RevocationAttributes.Reason] for more information.
*
* @param protector protector to unlock the primary secret key
* @param revocationAttributes revocation attributes * @param revocationAttributes revocation attributes
* @param predicate to select user-ids for revocation * @param predicate to select user-ids for revocation
* @return builder * @return builder
@ -400,13 +329,12 @@ interface SecretKeyRingEditorInterface {
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeUserIds( fun revokeUserIds(
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes?, revocationAttributes: RevocationAttributes?,
predicate: (String) -> Boolean predicate: (String) -> Boolean
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
/** /**
* Revoke all user-ids that match the provided [SelectUserId] filter. The provided * Revoke all user-ids that match the provided [predicate]. The provided
* [RevocationSignatureSubpackets.Callback] will be used to modify the revocation signatures * [RevocationSignatureSubpackets.Callback] will be used to modify the revocation signatures
* subpackets. * subpackets.
* *
@ -415,33 +343,6 @@ interface SecretKeyRingEditorInterface {
* *
* See [RevocationAttributes.Reason] for more information. * See [RevocationAttributes.Reason] for more information.
* *
* @param selector user-id selector
* @param protector protector to unlock the primary secret key
* @param callback callback to modify the revocations subpackets
* @return builder
* @throws PGPException in case we cannot generate a revocation signature for the user-id
*/
@Throws(PGPException::class)
@Deprecated(
"Use of SelectUserId class is deprecated.",
ReplaceWith("revokeUserIds(protector, callback, predicate)"))
fun revokeUserIds(
selector: SelectUserId,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback?
) = revokeUserIds(protector, callback, selector)
/**
* Revoke all user-ids that match the provided [SelectUserId] filter. The provided
* [RevocationSignatureSubpackets.Callback] will be used to modify the revocation signatures
* subpackets.
*
* Note: If you intend to re-certify these user-ids at a later point, make sure to set a soft
* revocation reason in the revocation signatures hashed subpacket area using the callback.
*
* See [RevocationAttributes.Reason] for more information.
*
* @param protector protector to unlock the primary secret key
* @param callback callback to modify the revocations subpackets * @param callback callback to modify the revocations subpackets
* @param predicate to select user-ids for revocation * @param predicate to select user-ids for revocation
* @return builder * @return builder
@ -449,7 +350,6 @@ interface SecretKeyRingEditorInterface {
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun revokeUserIds( fun revokeUserIds(
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback?, callback: RevocationSignatureSubpackets.Callback?,
predicate: (String) -> Boolean predicate: (String) -> Boolean
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
@ -459,15 +359,28 @@ interface SecretKeyRingEditorInterface {
* expire, then an expiration date of null is expected. * expire, then an expiration date of null is expected.
* *
* @param expiration new expiration date or null * @param expiration new expiration date or null
* @param protector to unlock the secret key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a new self-signature with the changed * @throws PGPException in case we cannot generate a new self-signature with the changed
* expiration date * expiration date
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun setExpirationDate( fun setExpirationDate(expiration: Date?): SecretKeyRingEditorInterface
/**
* Set the expiration date for the subkey identified by the given [KeyIdentifier] to the given
* expiration date. If the key is supposed to never expire, then an expiration date of null is
* expected.
*
* @param expiration new expiration date of null
* @param keyIdentifier identifier of the subkey
* @return the builder
* @throws PGPException in case we cannot generate a new subkey-binding or self-signature with
* the changed expiration date
*/
@Throws(PGPException::class)
fun setExpirationDateOfSubkey(
expiration: Date?, expiration: Date?,
protector: SecretKeyRingProtector keyIdentifier: KeyIdentifier
): SecretKeyRingEditorInterface ): SecretKeyRingEditorInterface
/** /**
@ -476,31 +389,26 @@ interface SecretKeyRingEditorInterface {
* *
* @param expiration new expiration date of null * @param expiration new expiration date of null
* @param keyId id of the subkey * @param keyId id of the subkey
* @param protector to unlock the secret key
* @return the builder * @return the builder
* @throws PGPException in case we cannot generate a new subkey-binding or self-signature with * @throws PGPException in case we cannot generate a new subkey-binding or self-signature with
* the changed expiration date * the changed expiration date
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun setExpirationDateOfSubkey( @Deprecated("Pass in the subkeys KeyIdentifier instead.")
expiration: Date?, fun setExpirationDateOfSubkey(expiration: Date?, keyId: Long): SecretKeyRingEditorInterface =
keyId: Long, setExpirationDateOfSubkey(expiration, KeyIdentifier(keyId))
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface
/** /**
* Create a minimal, self-authorizing revocation certificate, containing only the primary key * Create a minimal, self-authorizing revocation certificate, containing only the primary key
* and a revocation signature. This type of revocation certificates was introduced in OpenPGP * and a revocation signature. This type of revocation certificates was introduced in OpenPGP
* v6. This method has no side effects on the original key and will leave it intact. * v6. This method has no side effects on the original key and will leave it intact.
* *
* @param protector protector to unlock the primary key.
* @param revocationAttributes reason for the revocation (key revocation) * @param revocationAttributes reason for the revocation (key revocation)
* @return minimal revocation certificate * @return minimal revocation certificate
* @throws PGPException in case we cannot generate a revocation signature * @throws PGPException in case we cannot generate a revocation signature
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun createMinimalRevocationCertificate( fun createMinimalRevocationCertificate(
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): PGPPublicKeyRing ): PGPPublicKeyRing
@ -508,14 +416,25 @@ interface SecretKeyRingEditorInterface {
* Create a detached revocation certificate, which can be used to revoke the whole key. The * Create a detached revocation certificate, which can be used to revoke the whole key. The
* original key will not be modified by this method. * original key will not be modified by this method.
* *
* @param protector protector to unlock the primary key. * @param revocationAttributes reason for the revocation
* @return revocation certificate
* @throws PGPException in case we cannot generate a revocation certificate
*/
@Throws(PGPException::class)
fun createRevocation(revocationAttributes: RevocationAttributes?): PGPSignature
/**
* Create a detached revocation certificate, which can be used to revoke the specified subkey.
* The original key will not be modified by this method.
*
* @param subkeyIdentifier identifier of the subkey to be revoked
* @param revocationAttributes reason for the revocation * @param revocationAttributes reason for the revocation
* @return revocation certificate * @return revocation certificate
* @throws PGPException in case we cannot generate a revocation certificate * @throws PGPException in case we cannot generate a revocation certificate
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun createRevocation( fun createRevocation(
protector: SecretKeyRingProtector, subkeyIdentifier: KeyIdentifier,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): PGPSignature ): PGPSignature
@ -524,51 +443,63 @@ interface SecretKeyRingEditorInterface {
* The original key will not be modified by this method. * The original key will not be modified by this method.
* *
* @param subkeyId id of the subkey to be revoked * @param subkeyId id of the subkey to be revoked
* @param protector protector to unlock the primary key.
* @param revocationAttributes reason for the revocation * @param revocationAttributes reason for the revocation
* @return revocation certificate * @return revocation certificate
* @throws PGPException in case we cannot generate a revocation certificate * @throws PGPException in case we cannot generate a revocation certificate
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
@Deprecated("Pass in the subkeys KeyIdentifier instead.")
fun createRevocation( fun createRevocation(
subkeyId: Long, subkeyId: Long,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): PGPSignature ): PGPSignature = createRevocation(KeyIdentifier(subkeyId), revocationAttributes)
/** /**
* Create a detached revocation certificate, which can be used to revoke the specified subkey. * Create a detached revocation certificate, which can be used to revoke the specified subkey.
* The original key will not be modified by this method. * The original key will not be modified by this method.
* *
* @param subkeyId id of the subkey to be revoked * @param subkeyIdentifier identifier of the subkey to be revoked
* @param protector protector to unlock the primary key.
* @param callback callback to modify the subpackets of the revocation certificate. * @param callback callback to modify the subpackets of the revocation certificate.
* @return revocation certificate * @return revocation certificate
* @throws PGPException in case we cannot generate a revocation certificate * @throws PGPException in case we cannot generate a revocation certificate
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
fun createRevocation( fun createRevocation(
subkeyId: Long, subkeyIdentifier: KeyIdentifier,
protector: SecretKeyRingProtector,
callback: RevocationSignatureSubpackets.Callback? callback: RevocationSignatureSubpackets.Callback?
): PGPSignature ): PGPSignature
/**
* Create a detached revocation certificate, which can be used to revoke the specified subkey.
* The original key will not be modified by this method.
*
* @param subkeyId id of the subkey to be revoked
* @param callback callback to modify the subpackets of the revocation certificate.
* @return revocation certificate
* @throws PGPException in case we cannot generate a revocation certificate
*/
@Throws(PGPException::class)
@Deprecated("Pass in the subkeys KeyIdentifier instead.")
fun createRevocation(
subkeyId: Long,
callback: RevocationSignatureSubpackets.Callback?
): PGPSignature = createRevocation(KeyIdentifier(subkeyId), callback)
/** /**
* Create a detached revocation certificate, which can be used to revoke the specified subkey. * Create a detached revocation certificate, which can be used to revoke the specified subkey.
* The original key will not be modified by this method. * The original key will not be modified by this method.
* *
* @param subkeyFingerprint fingerprint of the subkey to be revoked * @param subkeyFingerprint fingerprint of the subkey to be revoked
* @param protector protector to unlock the primary key.
* @param revocationAttributes reason for the revocation * @param revocationAttributes reason for the revocation
* @return revocation certificate * @return revocation certificate
* @throws PGPException in case we cannot generate a revocation certificate * @throws PGPException in case we cannot generate a revocation certificate
*/ */
@Throws(PGPException::class) @Throws(PGPException::class)
@Deprecated("Pass in the subkey KeyIdentifier instead.")
fun createRevocation( fun createRevocation(
subkeyFingerprint: OpenPgpFingerprint, subkeyFingerprint: OpenPgpFingerprint,
protector: SecretKeyRingProtector,
revocationAttributes: RevocationAttributes? revocationAttributes: RevocationAttributes?
): PGPSignature ): PGPSignature = createRevocation(subkeyFingerprint.keyIdentifier, revocationAttributes)
/** /**
* Change the passphrase of the whole key ring. * Change the passphrase of the whole key ring.
@ -676,11 +607,7 @@ interface SecretKeyRingEditorInterface {
* *
* @return the key * @return the key
*/ */
fun done(): PGPSecretKeyRing fun done(): OpenPGPKey
fun addSubKey( fun addSubkey(keySpec: KeySpec, subkeyPassphrase: Passphrase): SecretKeyRingEditorInterface
keySpec: KeySpec,
subkeyPassphrase: Passphrase,
protector: SecretKeyRingProtector
): SecretKeyRingEditorInterface
} }

2
pgpainless-core/src/test/java/org/pgpainless/key/info/UserIdRevocationTest.java
View file

@ -109,7 +109,7 @@ public class UserIdRevocationTest {
.forKey(secretKeys.getSecretKey(), TestKeys.CRYPTIE_PASSPHRASE); .forKey(secretKeys.getSecretKey(), TestKeys.CRYPTIE_PASSPHRASE);
assertThrows(NoSuchElementException.class, () -> PGPainless.modifyKeyRing(secretKeys) assertThrows(NoSuchElementException.class, () -> PGPainless.modifyKeyRing(secretKeys)
.revokeSubKey(1L, protector)); .revokeSubkey(1L, protector));
} }
@Test @Test

4
pgpainless-core/src/test/java/org/pgpainless/key/modification/RefuseToAddWeakSubkeyTest.java
View file

@ -38,7 +38,7 @@ public class RefuseToAddWeakSubkeyTest {
KeySpec spec = KeySpec.getBuilder(KeyType.RSA(RsaLength._1024), KeyFlag.ENCRYPT_COMMS).build(); KeySpec spec = KeySpec.getBuilder(KeyType.RSA(RsaLength._1024), KeyFlag.ENCRYPT_COMMS).build();
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
editor.addSubKey(spec, Passphrase.emptyPassphrase(), SecretKeyRingProtector.unprotectedKeys())); editor.addSubkey(spec, Passphrase.emptyPassphrase(), SecretKeyRingProtector.unprotectedKeys()));
} }
@Test @Test
@ -75,7 +75,7 @@ public class RefuseToAddWeakSubkeyTest {
.setKeyCreationDate(editor.getReferenceTime()) // The key gets created after we instantiate the editor. .setKeyCreationDate(editor.getReferenceTime()) // The key gets created after we instantiate the editor.
.build(); .build();
secretKeys = editor.addSubKey(spec, Passphrase.emptyPassphrase(), SecretKeyRingProtector.unprotectedKeys()) secretKeys = editor.addSubkey(spec, Passphrase.emptyPassphrase(), SecretKeyRingProtector.unprotectedKeys())
.done(); .done();
assertEquals(2, PGPainless.inspectKeyRing(secretKeys).getEncryptionSubkeys(EncryptionPurpose.ANY).size()); assertEquals(2, PGPainless.inspectKeyRing(secretKeys).getEncryptionSubkeys(EncryptionPurpose.ANY).size());

6
pgpainless-core/src/test/java/org/pgpainless/key/modification/RevokeSubKeyTest.java
View file

@ -56,7 +56,7 @@ public class RevokeSubKeyTest {
.forKey(secretKeys, Passphrase.fromPassword("password123")); .forKey(secretKeys, Passphrase.fromPassword("password123"));
secretKeys = PGPainless.modifyKeyRing(secretKeys) secretKeys = PGPainless.modifyKeyRing(secretKeys)
.revokeSubKey(new OpenPgpV4Fingerprint(subKey), protector) .revokeSubkey(new OpenPgpV4Fingerprint(subKey), protector)
.done(); .done();
keysIterator = secretKeys.iterator(); keysIterator = secretKeys.iterator();
primaryKey = keysIterator.next(); primaryKey = keysIterator.next();
@ -133,7 +133,7 @@ public class RevokeSubKeyTest {
.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey(); .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey();
secretKeys = PGPainless.modifyKeyRing(secretKeys) secretKeys = PGPainless.modifyKeyRing(secretKeys)
.revokeSubKey(encryptionSubkey.getKeyID(), protector) .revokeSubkey(encryptionSubkey.getKeyID(), protector)
.done(); .done();
encryptionSubkey = secretKeys.getPublicKey(encryptionSubkey.getKeyID()); encryptionSubkey = secretKeys.getPublicKey(encryptionSubkey.getKeyID());
@ -158,7 +158,7 @@ public class RevokeSubKeyTest {
.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey(); .getEncryptionSubkeys(EncryptionPurpose.ANY).get(0).getPGPPublicKey();
secretKeys = PGPainless.modifyKeyRing(secretKeys) secretKeys = PGPainless.modifyKeyRing(secretKeys)
.revokeSubKey(encryptionSubkey.getKeyID(), protector, new RevocationSignatureSubpackets.Callback() { .revokeSubkey(encryptionSubkey.getKeyID(), protector, new RevocationSignatureSubpackets.Callback() {
@Override @Override
public void modifyHashedSubpackets(RevocationSignatureSubpackets hashedSubpackets) { public void modifyHashedSubpackets(RevocationSignatureSubpackets hashedSubpackets) {
hashedSubpackets.setRevocationReason( hashedSubpackets.setRevocationReason(