Remove ImplementationFactory in favor of BCs OpenPGPImplementation

2025-09-09 18:29:39 +02:00 · 2025-03-07 14:48:03 +01:00 · 2025-03-07 14:48:03 +01:00 · 32afabf878
commit 32afabf878
parent 3834f354d6
48 changed files with 303 additions and 550 deletions
--- a/docs/source/pgpainless-core/migration_2.0.md
+++ b/docs/source/pgpainless-core/migration_2.0.md
@ -86,6 +86,12 @@ Consequently, `KeyIdentifier` is now also the preferred way to reference keys in
 previously a key-id or fingerprint was expected, now also accept `KeyIdentifier` objects.
 In places, where you need to access a 64-bit key-id, you can call `keyIdentifier.getKeyId()`.
 ## `SecretKeyRingProtector`
 When an OpenPGP v6 key is encrypted, the public key parts are incorporated as authenticated data into the encryption
 process. Therefore, when instantiating a `PBESecretKeyEncryptor`, the public key needs to be passed in.
 As a consequence, the API of `SecretKeyRingProtector` changed and now a `PGPPublicKey` needs to be passed in,
 instead of merely a key-id or `KeyIdentifier`.
 ## Differences between BCs high-level API and PGPainless
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/MessageInspector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/MessageInspector.kt
@ -7,7 +7,7 @@ package org.pgpainless.decryption_verification
 import java.io.IOException
 import java.io.InputStream
 import org.bouncycastle.openpgp.*
-import org.pgpainless.implementation.ImplementationFactory
+import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.pgpainless.util.ArmorUtils
 /**
@ -68,7 +68,7 @@ class MessageInspector {
        @JvmStatic
        @Throws(PGPException::class, IOException::class)
        private fun processMessage(inputStream: InputStream): EncryptionInfo {
-            var objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(inputStream)
+            var objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(inputStream)
            var n: Any?
            while (objectFactory.nextObject().also { n = it } != null) {
@ -94,8 +94,8 @@ class MessageInspector {
                    }
                    is PGPCompressedData -> {
                        objectFactory =
-                            ImplementationFactory.getInstance()
+                            OpenPGPImplementation.getInstance()
-                                .getPGPObjectFactory(PGPUtil.getDecoderStream(next.dataStream))
+                                .pgpObjectFactory(PGPUtil.getDecoderStream(next.dataStream))
                        continue
                    }
                    is PGPLiteralData -> {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
@ -23,8 +23,10 @@ import org.bouncycastle.openpgp.PGPOnePassSignature
 import org.bouncycastle.openpgp.PGPPBEEncryptedData
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData
 import org.bouncycastle.openpgp.PGPSessionKey
 import org.bouncycastle.openpgp.PGPSignature
 import org.bouncycastle.openpgp.api.OpenPGPCertificate
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.openpgp.api.OpenPGPKey.OpenPGPPrivateKey
 import org.bouncycastle.openpgp.api.OpenPGPKey.OpenPGPSecretKey
@ -57,7 +59,6 @@ import org.pgpainless.exception.MissingPassphraseException
 import org.pgpainless.exception.SignatureValidationException
 import org.pgpainless.exception.UnacceptableAlgorithmException
 import org.pgpainless.exception.WrongPassphraseException
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.SubkeyIdentifier
 import org.pgpainless.key.protection.UnlockSecretKey.Companion.unlockSecretKey
 import org.pgpainless.policy.Policy
@ -360,8 +361,9 @@ class OpenPgpMessageInputStream(
            LOGGER.debug("Attempt decryption with provided session key.")
            throwIfUnacceptable(sk.algorithm)
            val pgpSk = PGPSessionKey(sk.algorithm.algorithmId, sk.key)
            val decryptorFactory =
-                ImplementationFactory.getInstance().getSessionKeyDataDecryptorFactory(sk)
+                OpenPGPImplementation.getInstance().sessionKeyDataDecryptorFactory(pgpSk)
            val layer = EncryptedData(sk.algorithm, layerMetadata.depth + 1)
            val skEncData = encDataList.extractSessionKeyEncryptedData()
            try {
@ -393,7 +395,8 @@ class OpenPgpMessageInputStream(
                }
                val decryptorFactory =
-                    ImplementationFactory.getInstance().getPBEDataDecryptorFactory(passphrase)
+                    OpenPGPImplementation.getInstance()
                        .pbeDataDecryptorFactory(passphrase.getChars())
                if (decryptSKESKAndStream(esks, skesk, decryptorFactory)) {
                    return true
                }
@ -515,8 +518,7 @@ class OpenPgpMessageInputStream(
        pkesk: PGPPublicKeyEncryptedData
    ): Boolean {
        val decryptorFactory =
-            ImplementationFactory.getInstance()
+            OpenPGPImplementation.getInstance().publicKeyDataDecryptorFactory(privateKey.privateKey)
                .getPublicKeyDataDecryptorFactory(privateKey.privateKey)
        return decryptPKESKAndStream(esks, decryptionKeyId, decryptorFactory, pkesk)
    }
@ -1046,7 +1048,7 @@ class OpenPgpMessageInputStream(
            @JvmStatic
            private fun initialize(signature: PGPSignature, publicKey: PGPPublicKey) {
                val verifierProvider =
-                    ImplementationFactory.getInstance().pgpContentVerifierBuilderProvider
+                    OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider()
                try {
                    signature.init(verifierProvider, publicKey)
                } catch (e: PGPException) {
@ -1057,7 +1059,7 @@ class OpenPgpMessageInputStream(
            @JvmStatic
            private fun initialize(ops: PGPOnePassSignature, publicKey: PGPPublicKey) {
                val verifierProvider =
-                    ImplementationFactory.getInstance().pgpContentVerifierBuilderProvider
+                    OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider()
                try {
                    ops.init(verifierProvider, publicKey)
                } catch (e: PGPException) {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/cleartext_signatures/ClearsignedMessageUtil.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/cleartext_signatures/ClearsignedMessageUtil.kt
@ -8,9 +8,9 @@ import java.io.*
 import kotlin.jvm.Throws
 import org.bouncycastle.bcpg.ArmoredInputStream
 import org.bouncycastle.openpgp.PGPSignatureList
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.util.Strings
 import org.pgpainless.exception.WrongConsumingMethodException
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.util.ArmoredInputStreamFactory
 /**
@ -72,7 +72,7 @@ class ClearsignedMessageUtil {
                }
            }
-            val objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(input)
+            val objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(input)
            val next = objectFactory.nextObject() ?: PGPSignatureList(arrayOf())
            return next as PGPSignatureList
        }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt
@ -8,6 +8,7 @@ import java.util.*
 import org.bouncycastle.openpgp.PGPPublicKeyRing
 import org.bouncycastle.openpgp.api.OpenPGPCertificate
 import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator
 import org.pgpainless.PGPainless.Companion.inspectKeyRing
 import org.pgpainless.algorithm.EncryptionPurpose
@ -16,7 +17,6 @@ import org.pgpainless.authentication.CertificateAuthority
 import org.pgpainless.bouncycastle.extensions.toOpenPGPCertificate
 import org.pgpainless.encryption_signing.EncryptionOptions.EncryptionKeySelector
 import org.pgpainless.exception.KeyException.*
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.SubkeyIdentifier
 import org.pgpainless.key.info.KeyAccessor
 import org.pgpainless.key.info.KeyRingInfo
@ -326,13 +326,13 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) {
        }
    }
-    private fun addRecipientKey(key: OpenPGPComponentKey, wildcardKeyId: Boolean) {
+    private fun addRecipientKey(key: OpenPGPComponentKey, wildcardRecipient: Boolean) {
        _encryptionKeys.add(key)
        _encryptionKeyIdentifiers.add(SubkeyIdentifier(key))
        addEncryptionMethod(
-            ImplementationFactory.getInstance()
+            OpenPGPImplementation.getInstance()
-                .getPublicKeyKeyEncryptionMethodGenerator(key.pgpPublicKey)
+                .publicKeyKeyEncryptionMethodGenerator(key.pgpPublicKey)
-                .also { it.setUseWildcardKeyID(wildcardKeyId) })
+                .also { it.setUseWildcardRecipient(wildcardRecipient) })
    }
    /**
@ -355,7 +355,8 @@ class EncryptionOptions(private val purpose: EncryptionPurpose) {
    fun addMessagePassphrase(passphrase: Passphrase) = apply {
        require(!passphrase.isEmpty) { "Passphrase MUST NOT be empty." }
        addEncryptionMethod(
-            ImplementationFactory.getInstance().getPBEKeyEncryptionMethodGenerator(passphrase))
+            OpenPGPImplementation.getInstance()
                .pbeKeyEncryptionMethodGenerator(passphrase.getChars()))
    }
    /**
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionStream.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionStream.kt
@ -13,10 +13,10 @@ import org.bouncycastle.openpgp.PGPCompressedDataGenerator
 import org.bouncycastle.openpgp.PGPEncryptedDataGenerator
 import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPLiteralDataGenerator
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.pgpainless.algorithm.CompressionAlgorithm
 import org.pgpainless.algorithm.StreamEncoding
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.SubkeyIdentifier
 import org.pgpainless.util.ArmoredOutputStreamFactory
 import org.slf4j.LoggerFactory
@ -89,9 +89,9 @@ class EncryptionStream(
            LOGGER.debug("Encrypt message using symmetric algorithm $it.")
            val encryptedDataGenerator =
                PGPEncryptedDataGenerator(
-                    ImplementationFactory.getInstance().getPGPDataEncryptorBuilder(it).apply {
+                    OpenPGPImplementation.getInstance()
-                        setWithIntegrityPacket(true)
+                        .pgpDataEncryptorBuilder(it.algorithmId)
-                    })
+                        .apply { setWithIntegrityPacket(true) })
            options.encryptionOptions.encryptionMethods.forEach { m ->
                encryptedDataGenerator.addMethod(m)
            }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt
@ -7,6 +7,7 @@ package org.pgpainless.encryption_signing
 import java.util.*
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.openpgp.api.OpenPGPKey.OpenPGPPrivateKey
 import org.bouncycastle.openpgp.api.OpenPGPKey.OpenPGPSecretKey
@ -19,7 +20,6 @@ import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator.Companion.ne
 import org.pgpainless.bouncycastle.extensions.toOpenPGPKey
 import org.pgpainless.exception.KeyException
 import org.pgpainless.exception.KeyException.*
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.OpenPgpFingerprint.Companion.of
 import org.pgpainless.key.protection.SecretKeyRingProtector
 import org.pgpainless.key.protection.UnlockSecretKey.Companion.unlockSecretKey
@ -495,8 +495,8 @@ class SigningOptions {
        hashAlgorithm: HashAlgorithm,
        signatureType: DocumentSignatureType
    ): PGPSignatureGenerator {
-        return ImplementationFactory.getInstance()
+        return OpenPGPImplementation.getInstance()
-            .getPGPContentSignerBuilder(signingKey.publicKey.algorithm, hashAlgorithm.algorithmId)
+            .pgpContentSignerBuilder(signingKey.publicKey.algorithm, hashAlgorithm.algorithmId)
            .let { csb ->
                PGPSignatureGenerator(csb, signingKey.publicKey).also {
                    it.init(signatureType.signatureType.code, signingKey.privateKey)
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/implementation/BcImplementationFactory.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/implementation/BcImplementationFactory.kt
@ -1,114 +0,0 @@
 // SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package org.pgpainless.implementation
 import java.io.InputStream
 import java.security.KeyPair
 import java.util.*
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.bc.BcPGPObjectFactory
 import org.bouncycastle.openpgp.operator.*
 import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator
 import org.bouncycastle.openpgp.operator.bc.BcPBEDataDecryptorFactory
 import org.bouncycastle.openpgp.operator.bc.BcPBEKeyEncryptionMethodGenerator
 import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder
 import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyEncryptorBuilder
 import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder
 import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider
 import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder
 import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider
 import org.bouncycastle.openpgp.operator.bc.BcPGPKeyConverter
 import org.bouncycastle.openpgp.operator.bc.BcPGPKeyPair
 import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory
 import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator
 import org.bouncycastle.openpgp.operator.bc.BcSessionKeyDataDecryptorFactory
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair
 import org.pgpainless.algorithm.HashAlgorithm
 import org.pgpainless.algorithm.PublicKeyAlgorithm
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm
 import org.pgpainless.util.Passphrase
 class BcImplementationFactory : ImplementationFactory() {
    override val pgpDigestCalculatorProvider: BcPGPDigestCalculatorProvider =
        BcPGPDigestCalculatorProvider()
    override val pgpContentVerifierBuilderProvider: BcPGPContentVerifierBuilderProvider =
        BcPGPContentVerifierBuilderProvider()
    override val keyFingerprintCalculator: BcKeyFingerprintCalculator = BcKeyFingerprintCalculator()
    override fun getPBESecretKeyEncryptor(
        symmetricKeyAlgorithm: SymmetricKeyAlgorithm,
        digestCalculator: PGPDigestCalculator,
        passphrase: Passphrase
    ): PBESecretKeyEncryptor =
        BcPBESecretKeyEncryptorBuilder(symmetricKeyAlgorithm.algorithmId, digestCalculator)
            .build(passphrase.getChars())
    override fun getPBESecretKeyEncryptor(
        encryptionAlgorithm: SymmetricKeyAlgorithm,
        hashAlgorithm: HashAlgorithm,
        s2kCount: Int,
        passphrase: Passphrase
    ): PBESecretKeyEncryptor =
        BcPBESecretKeyEncryptorBuilder(
                encryptionAlgorithm.algorithmId, getPGPDigestCalculator(hashAlgorithm), s2kCount)
            .build(passphrase.getChars())
    override fun getPBESecretKeyDecryptor(passphrase: Passphrase): PBESecretKeyDecryptor =
        BcPBESecretKeyDecryptorBuilder(pgpDigestCalculatorProvider).build(passphrase.getChars())
    override fun getPGPContentSignerBuilder(
        keyAlgorithm: Int,
        hashAlgorithm: Int
    ): PGPContentSignerBuilder = BcPGPContentSignerBuilder(keyAlgorithm, hashAlgorithm)
    override fun getPBEDataDecryptorFactory(passphrase: Passphrase): PBEDataDecryptorFactory =
        BcPBEDataDecryptorFactory(passphrase.getChars(), pgpDigestCalculatorProvider)
    override fun getPublicKeyDataDecryptorFactory(
        privateKey: PGPPrivateKey
    ): PublicKeyDataDecryptorFactory = BcPublicKeyDataDecryptorFactory(privateKey)
    override fun getSessionKeyDataDecryptorFactory(
        sessionKey: PGPSessionKey
    ): SessionKeyDataDecryptorFactory = BcSessionKeyDataDecryptorFactory(sessionKey)
    override fun getPublicKeyKeyEncryptionMethodGenerator(
        key: PGPPublicKey
    ): PublicKeyKeyEncryptionMethodGenerator = BcPublicKeyKeyEncryptionMethodGenerator(key)
    override fun getPBEKeyEncryptionMethodGenerator(
        passphrase: Passphrase
    ): PBEKeyEncryptionMethodGenerator = BcPBEKeyEncryptionMethodGenerator(passphrase.getChars())
    override fun getPGPDataEncryptorBuilder(symmetricKeyAlgorithm: Int): PGPDataEncryptorBuilder =
        BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm)
    override fun getPGPKeyPair(
        publicKeyAlgorithm: PublicKeyAlgorithm,
        keyPair: KeyPair,
        creationDate: Date
    ): PGPKeyPair =
        BcPGPKeyPair(
            publicKeyAlgorithm.algorithmId,
            jceToBcKeyPair(publicKeyAlgorithm, keyPair, creationDate),
            creationDate)
    override fun getPGPObjectFactory(inputStream: InputStream): PGPObjectFactory =
        BcPGPObjectFactory(inputStream)
    private fun jceToBcKeyPair(
        publicKeyAlgorithm: PublicKeyAlgorithm,
        keyPair: KeyPair,
        creationDate: Date
    ): AsymmetricCipherKeyPair =
        BcPGPKeyConverter().let { converter ->
            JcaPGPKeyPair(publicKeyAlgorithm.algorithmId, keyPair, creationDate).let { pair ->
                AsymmetricCipherKeyPair(
                    converter.getPublicKey(pair.publicKey),
                    converter.getPrivateKey(pair.privateKey))
            }
        }
 }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/implementation/ImplementationFactory.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/implementation/ImplementationFactory.kt
@ -1,117 +0,0 @@
 // SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package org.pgpainless.implementation
 import java.io.InputStream
 import java.security.KeyPair
 import java.util.*
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.operator.*
 import org.pgpainless.algorithm.HashAlgorithm
 import org.pgpainless.algorithm.PublicKeyAlgorithm
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm
 import org.pgpainless.util.Passphrase
 import org.pgpainless.util.SessionKey
 abstract class ImplementationFactory {
    companion object {
        @JvmStatic private var instance: ImplementationFactory = BcImplementationFactory()
        @JvmStatic fun getInstance() = instance
        @JvmStatic
        fun setFactoryImplementation(implementation: ImplementationFactory) = apply {
            instance = implementation
        }
    }
    abstract val pgpDigestCalculatorProvider: PGPDigestCalculatorProvider
    abstract val pgpContentVerifierBuilderProvider: PGPContentVerifierBuilderProvider
    abstract val keyFingerprintCalculator: KeyFingerPrintCalculator
    val v4FingerprintCalculator: PGPDigestCalculator
        get() = getPGPDigestCalculator(HashAlgorithm.SHA1)
    @Throws(PGPException::class)
    abstract fun getPBESecretKeyEncryptor(
        symmetricKeyAlgorithm: SymmetricKeyAlgorithm,
        digestCalculator: PGPDigestCalculator,
        passphrase: Passphrase
    ): PBESecretKeyEncryptor
    @Throws(PGPException::class)
    abstract fun getPBESecretKeyDecryptor(passphrase: Passphrase): PBESecretKeyDecryptor
    @Throws(PGPException::class)
    abstract fun getPBESecretKeyEncryptor(
        encryptionAlgorithm: SymmetricKeyAlgorithm,
        hashAlgorithm: HashAlgorithm,
        s2kCount: Int,
        passphrase: Passphrase
    ): PBESecretKeyEncryptor
    fun getPGPDigestCalculator(hashAlgorithm: HashAlgorithm): PGPDigestCalculator =
        getPGPDigestCalculator(hashAlgorithm.algorithmId)
    fun getPGPDigestCalculator(hashAlgorithm: Int): PGPDigestCalculator =
        pgpDigestCalculatorProvider.get(hashAlgorithm)
    fun getPGPContentSignerBuilder(
        keyAlgorithm: PublicKeyAlgorithm,
        hashAlgorithm: HashAlgorithm
    ): PGPContentSignerBuilder =
        getPGPContentSignerBuilder(keyAlgorithm.algorithmId, hashAlgorithm.algorithmId)
    abstract fun getPGPContentSignerBuilder(
        keyAlgorithm: Int,
        hashAlgorithm: Int
    ): PGPContentSignerBuilder
    @Throws(PGPException::class)
    abstract fun getPBEDataDecryptorFactory(passphrase: Passphrase): PBEDataDecryptorFactory
    abstract fun getPublicKeyDataDecryptorFactory(
        privateKey: PGPPrivateKey
    ): PublicKeyDataDecryptorFactory
    fun getSessionKeyDataDecryptorFactory(sessionKey: SessionKey): SessionKeyDataDecryptorFactory =
        getSessionKeyDataDecryptorFactory(
            PGPSessionKey(sessionKey.algorithm.algorithmId, sessionKey.key))
    abstract fun getSessionKeyDataDecryptorFactory(
        sessionKey: PGPSessionKey
    ): SessionKeyDataDecryptorFactory
    abstract fun getPublicKeyKeyEncryptionMethodGenerator(
        key: PGPPublicKey
    ): PublicKeyKeyEncryptionMethodGenerator
    abstract fun getPBEKeyEncryptionMethodGenerator(
        passphrase: Passphrase
    ): PBEKeyEncryptionMethodGenerator
    fun getPGPDataEncryptorBuilder(
        symmetricKeyAlgorithm: SymmetricKeyAlgorithm
    ): PGPDataEncryptorBuilder = getPGPDataEncryptorBuilder(symmetricKeyAlgorithm.algorithmId)
    abstract fun getPGPDataEncryptorBuilder(symmetricKeyAlgorithm: Int): PGPDataEncryptorBuilder
    @Throws(PGPException::class)
    abstract fun getPGPKeyPair(
        publicKeyAlgorithm: PublicKeyAlgorithm,
        keyPair: KeyPair,
        creationDate: Date
    ): PGPKeyPair
    fun getPGPObjectFactory(bytes: ByteArray): PGPObjectFactory =
        getPGPObjectFactory(bytes.inputStream())
    abstract fun getPGPObjectFactory(inputStream: InputStream): PGPObjectFactory
    override fun toString(): String {
        return javaClass.simpleName
    }
 }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/implementation/JceImplementationFactory.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/implementation/JceImplementationFactory.kt
@ -1,112 +0,0 @@
 // SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0
 package org.pgpainless.implementation
 import java.io.InputStream
 import java.security.KeyPair
 import java.util.*
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.operator.*
 import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair
 import org.bouncycastle.openpgp.operator.jcajce.JcePBEDataDecryptorFactoryBuilder
 import org.bouncycastle.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator
 import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder
 import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder
 import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder
 import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder
 import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator
 import org.bouncycastle.openpgp.operator.jcajce.JceSessionKeyDataDecryptorFactoryBuilder
 import org.pgpainless.algorithm.HashAlgorithm
 import org.pgpainless.algorithm.PublicKeyAlgorithm
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm
 import org.pgpainless.provider.ProviderFactory
 import org.pgpainless.util.Passphrase
 class JceImplementationFactory : ImplementationFactory() {
    override val pgpDigestCalculatorProvider: PGPDigestCalculatorProvider =
        JcaPGPDigestCalculatorProviderBuilder().setProvider(ProviderFactory.provider).build()
    override val pgpContentVerifierBuilderProvider: PGPContentVerifierBuilderProvider =
        JcaPGPContentVerifierBuilderProvider().setProvider(ProviderFactory.provider)
    override val keyFingerprintCalculator: KeyFingerPrintCalculator =
        JcaKeyFingerprintCalculator().setProvider(ProviderFactory.provider)
    override fun getPBESecretKeyEncryptor(
        symmetricKeyAlgorithm: SymmetricKeyAlgorithm,
        digestCalculator: PGPDigestCalculator,
        passphrase: Passphrase
    ): PBESecretKeyEncryptor =
        JcePBESecretKeyEncryptorBuilder(symmetricKeyAlgorithm.algorithmId, digestCalculator)
            .setProvider(ProviderFactory.provider)
            .build(passphrase.getChars())
    override fun getPBESecretKeyEncryptor(
        encryptionAlgorithm: SymmetricKeyAlgorithm,
        hashAlgorithm: HashAlgorithm,
        s2kCount: Int,
        passphrase: Passphrase
    ): PBESecretKeyEncryptor =
        JcePBESecretKeyEncryptorBuilder(
                encryptionAlgorithm.algorithmId, getPGPDigestCalculator(hashAlgorithm), s2kCount)
            .setProvider(ProviderFactory.provider)
            .build(passphrase.getChars())
    override fun getPBESecretKeyDecryptor(passphrase: Passphrase): PBESecretKeyDecryptor =
        JcePBESecretKeyDecryptorBuilder(pgpDigestCalculatorProvider)
            .setProvider(ProviderFactory.provider)
            .build(passphrase.getChars())
    override fun getPGPContentSignerBuilder(
        keyAlgorithm: Int,
        hashAlgorithm: Int
    ): PGPContentSignerBuilder =
        JcaPGPContentSignerBuilder(keyAlgorithm, hashAlgorithm)
            .setProvider(ProviderFactory.provider)
    override fun getPBEDataDecryptorFactory(passphrase: Passphrase): PBEDataDecryptorFactory =
        JcePBEDataDecryptorFactoryBuilder(pgpDigestCalculatorProvider)
            .setProvider(ProviderFactory.provider)
            .build(passphrase.getChars())
    override fun getPublicKeyDataDecryptorFactory(
        privateKey: PGPPrivateKey
    ): PublicKeyDataDecryptorFactory =
        JcePublicKeyDataDecryptorFactoryBuilder()
            .setProvider(ProviderFactory.provider)
            .build(privateKey)
    override fun getSessionKeyDataDecryptorFactory(
        sessionKey: PGPSessionKey
    ): SessionKeyDataDecryptorFactory =
        JceSessionKeyDataDecryptorFactoryBuilder()
            .setProvider(ProviderFactory.provider)
            .build(sessionKey)
    override fun getPublicKeyKeyEncryptionMethodGenerator(
        key: PGPPublicKey
    ): PublicKeyKeyEncryptionMethodGenerator =
        JcePublicKeyKeyEncryptionMethodGenerator(key).setProvider(ProviderFactory.provider)
    override fun getPBEKeyEncryptionMethodGenerator(
        passphrase: Passphrase
    ): PBEKeyEncryptionMethodGenerator =
        JcePBEKeyEncryptionMethodGenerator(passphrase.getChars())
            .setProvider(ProviderFactory.provider)
    override fun getPGPDataEncryptorBuilder(symmetricKeyAlgorithm: Int): PGPDataEncryptorBuilder =
        JcePGPDataEncryptorBuilder(symmetricKeyAlgorithm).setProvider(ProviderFactory.provider)
    override fun getPGPKeyPair(
        publicKeyAlgorithm: PublicKeyAlgorithm,
        keyPair: KeyPair,
        creationDate: Date
    ): PGPKeyPair = JcaPGPKeyPair(publicKeyAlgorithm.algorithmId, keyPair, creationDate)
    override fun getPGPObjectFactory(inputStream: InputStream): PGPObjectFactory =
        PGPObjectFactory(inputStream, keyFingerprintCalculator)
 }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/collection/PGPKeyRingCollection.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/collection/PGPKeyRingCollection.kt
@ -6,7 +6,7 @@ package org.pgpainless.key.collection
 import java.io.InputStream
 import org.bouncycastle.openpgp.*
-import org.pgpainless.implementation.ImplementationFactory
+import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.pgpainless.util.ArmorUtils
 /**
@ -55,8 +55,8 @@ class PGPKeyRingCollection(
            val certificates = mutableListOf<PGPPublicKeyRing>()
            // Double getDecoderStream because of #96
            val objectFactory =
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                    .getPGPObjectFactory(ArmorUtils.getDecoderStream(inputStream))
+                    .pgpObjectFactory(ArmorUtils.getDecoderStream(inputStream))
            for (obj in objectFactory) {
                if (obj == null) {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@ -6,20 +6,19 @@ package org.pgpainless.key.generation
 import java.io.IOException
 import java.util.*
 import org.bouncycastle.bcpg.HashAlgorithmTags
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor
 import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
 import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder
 import org.bouncycastle.openpgp.operator.PGPDigestCalculator
 import org.bouncycastle.util.Strings
 import org.pgpainless.PGPainless
 import org.pgpainless.algorithm.KeyFlag
 import org.pgpainless.algorithm.OpenPGPKeyVersion
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.bouncycastle.extensions.unlock
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.policy.Policy
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
 import org.pgpainless.signature.subpackets.SignatureSubpackets
@ -84,15 +83,20 @@ class KeyRingBuilder(
    private fun keyIsCertificationCapable(keySpec: KeySpec) = keySpec.keyType.canCertify
    override fun build(): OpenPGPKey {
-        val keyFingerprintCalculator = ImplementationFactory.getInstance().v4FingerprintCalculator
+        val keyFingerprintCalculator =
-        val secretKeyEncryptor = buildSecretKeyEncryptor(keyFingerprintCalculator)
+            OpenPGPImplementation.getInstance()
-        val secretKeyDecryptor = buildSecretKeyDecryptor()
+                .pgpDigestCalculatorProvider()
-
+                .get(HashAlgorithmTags.SHA1)
        passphrase.clear() // Passphrase was used above, so we can get rid of it
        // generate primary key
        requireNotNull(primaryKeySpec) { "Primary Key spec required." }
        val certKey = generateKeyPair(primaryKeySpec!!, version)
        val secretKeyEncryptor = buildSecretKeyEncryptor(certKey.publicKey, false)
        val secretKeyDecryptor = buildSecretKeyDecryptor()
        passphrase.clear() // Passphrase was used above, so we can get rid of it
        val signer = buildContentSigner(certKey)
        val signatureGenerator = PGPSignatureGenerator(signer, certKey.publicKey)
@ -220,29 +224,30 @@ class KeyRingBuilder(
    private fun buildContentSigner(certKey: PGPKeyPair): PGPContentSignerBuilder {
        val hashAlgorithm =
            PGPainless.getPolicy().certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm
-        return ImplementationFactory.getInstance()
+        return OpenPGPImplementation.getInstance()
-            .getPGPContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId)
+            .pgpContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId)
    }
    private fun buildSecretKeyEncryptor(
-        keyFingerprintCalculator: PGPDigestCalculator
+        publicKey: PGPPublicKey,
        aead: Boolean
    ): PBESecretKeyEncryptor? {
        val keyEncryptionAlgorithm =
            PGPainless.getPolicy()
                .symmetricKeyEncryptionAlgorithmPolicy
                .defaultSymmetricKeyAlgorithm
        check(passphrase.isValid) { "Passphrase was cleared." }
        return if (passphrase.isEmpty) null
        else
-            ImplementationFactory.getInstance()
+            OpenPGPImplementation.getInstance()
-                .getPBESecretKeyEncryptor(
+                .pbeSecretKeyEncryptorFactory(aead)
-                    keyEncryptionAlgorithm, keyFingerprintCalculator, passphrase)
+                .build(passphrase.getChars(), publicKey.publicKeyPacket)
    }
    private fun buildSecretKeyDecryptor(): PBESecretKeyDecryptor? {
        check(passphrase.isValid) { "Passphrase was cleared." }
        return if (passphrase.isEmpty) null
-        else ImplementationFactory.getInstance().getPBESecretKeyDecryptor(passphrase)
+        else
            OpenPGPImplementation.getInstance()
                .pbeSecretKeyDecryptorBuilderProvider()
                .provide()
                .build(passphrase.getChars())
    }
    companion object {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@ -9,10 +9,12 @@ import java.util.function.Predicate
 import javax.annotation.Nonnull
 import kotlin.NoSuchElementException
 import openpgp.openPgpKeyId
 import org.bouncycastle.bcpg.HashAlgorithmTags
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.bcpg.sig.KeyExpirationTime
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPSubkey
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.openpgp.api.OpenPGPKey.OpenPGPSecretKey
 import org.bouncycastle.openpgp.api.OpenPGPSignature
@ -27,7 +29,6 @@ import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator
 import org.pgpainless.bouncycastle.extensions.getKeyExpirationDate
 import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
 import org.pgpainless.bouncycastle.extensions.requirePublicKey
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.OpenPgpFingerprint
 import org.pgpainless.key.generation.KeyRingBuilder
 import org.pgpainless.key.generation.KeySpec
@ -302,9 +303,11 @@ class SecretKeyRingEditor(var key: OpenPGPKey, override val referenceTime: Date
            PGPSecretKey(
                subkey.privateKey,
                subkey.publicKey,
-                ImplementationFactory.getInstance().v4FingerprintCalculator,
+                OpenPGPImplementation.getInstance()
                    .pgpDigestCalculatorProvider()
                    .get(HashAlgorithmTags.SHA1),
                false,
-                subkeyProtector.getEncryptor(subkey.keyID))
+                subkeyProtector.getEncryptor(subkey.publicKey))
        val componentKey =
            OpenPGPSecretKey(
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/parsing/KeyRingReader.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/parsing/KeyRingReader.kt
@ -9,9 +9,9 @@ import java.io.InputStream
 import java.nio.charset.Charset
 import kotlin.jvm.Throws
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.util.io.Streams
 import org.pgpainless.PGPainless
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.collection.PGPKeyRingCollection
 import org.pgpainless.util.ArmorUtils
@ -130,8 +130,8 @@ class KeyRingReader {
            maxIterations: Int = MAX_ITERATIONS
        ): PGPKeyRing? {
            val objectFactory =
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                    .getPGPObjectFactory(ArmorUtils.getDecoderStream(inputStream))
+                    .pgpObjectFactory(ArmorUtils.getDecoderStream(inputStream))
            try {
                for ((i, next) in objectFactory.withIndex()) {
@ -172,8 +172,8 @@ class KeyRingReader {
            maxIterations: Int = MAX_ITERATIONS
        ): PGPPublicKeyRing? {
            val objectFactory =
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                    .getPGPObjectFactory(ArmorUtils.getDecoderStream(inputStream))
+                    .pgpObjectFactory(ArmorUtils.getDecoderStream(inputStream))
            try {
                for ((i, next) in objectFactory.withIndex()) {
@ -213,8 +213,8 @@ class KeyRingReader {
            maxIterations: Int = MAX_ITERATIONS
        ): PGPPublicKeyRingCollection {
            val objectFactory =
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                    .getPGPObjectFactory(ArmorUtils.getDecoderStream(inputStream))
+                    .pgpObjectFactory(ArmorUtils.getDecoderStream(inputStream))
            val certificates = mutableListOf<PGPPublicKeyRing>()
            try {
                for ((i, next) in objectFactory.withIndex()) {
@ -260,8 +260,7 @@ class KeyRingReader {
            maxIterations: Int = MAX_ITERATIONS
        ): PGPSecretKeyRing? {
            val decoderStream = ArmorUtils.getDecoderStream(inputStream)
-            val objectFactory =
+            val objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(decoderStream)
                ImplementationFactory.getInstance().getPGPObjectFactory(decoderStream)
            try {
                for ((i, next) in objectFactory.withIndex()) {
@ -300,8 +299,8 @@ class KeyRingReader {
            maxIterations: Int = MAX_ITERATIONS
        ): PGPSecretKeyRingCollection {
            val objectFactory =
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                    .getPGPObjectFactory(ArmorUtils.getDecoderStream(inputStream))
+                    .pgpObjectFactory(ArmorUtils.getDecoderStream(inputStream))
            val secretKeys = mutableListOf<PGPSecretKeyRing>()
            try {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/BaseSecretKeyRingProtector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/BaseSecretKeyRingProtector.kt
@ -5,10 +5,11 @@
 package org.pgpainless.key.protection
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor
 import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.protection.passphrase_provider.SecretKeyPassphraseProvider
 /**
@ -34,19 +35,20 @@ open class BaseSecretKeyRingProtector(
    override fun getDecryptor(keyIdentifier: KeyIdentifier): PBESecretKeyDecryptor? =
        passphraseProvider.getPassphraseFor(keyIdentifier)?.let {
            if (it.isEmpty) null
-            else ImplementationFactory.getInstance().getPBESecretKeyDecryptor(it)
+            else
                OpenPGPImplementation.getInstance()
                    .pbeSecretKeyDecryptorBuilderProvider()
                    .provide()
                    .build(it.getChars())
        }
-    override fun getEncryptor(keyIdentifier: KeyIdentifier): PBESecretKeyEncryptor? {
+    override fun getEncryptor(key: PGPPublicKey): PBESecretKeyEncryptor? {
-        return passphraseProvider.getPassphraseFor(keyIdentifier)?.let {
+        return passphraseProvider.getPassphraseFor(key.keyIdentifier)?.let {
            if (it.isEmpty) null
            else
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                    .getPBESecretKeyEncryptor(
+                    .pbeSecretKeyEncryptorFactory(false)
-                        protectionSettings.encryptionAlgorithm,
+                    .build(it.getChars(), key.publicKeyPacket)
                        protectionSettings.hashAlgorithm,
                        protectionSettings.s2kCount,
                        it)
        }
    }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/CachingSecretKeyRingProtector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/CachingSecretKeyRingProtector.kt
@ -184,8 +184,8 @@ class CachingSecretKeyRingProtector : SecretKeyRingProtector, SecretKeyPassphras
    override fun getDecryptor(keyIdentifier: KeyIdentifier): PBESecretKeyDecryptor? =
        protector.getDecryptor(keyIdentifier)
-    override fun getEncryptor(keyIdentifier: KeyIdentifier): PBESecretKeyEncryptor? =
+    override fun getEncryptor(key: PGPPublicKey): PBESecretKeyEncryptor? =
-        protector.getEncryptor(keyIdentifier)
+        protector.getEncryptor(key)
    override fun getKeyPassword(p0: OpenPGPKey.OpenPGPSecretKey): CharArray? =
        getPassphraseFor(p0.keyIdentifier)?.getChars()
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/SecretKeyRingProtector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/SecretKeyRingProtector.kt
@ -7,9 +7,11 @@ package org.pgpainless.key.protection
 import kotlin.Throws
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
 import org.bouncycastle.openpgp.PGPSecretKeyRing
 import org.bouncycastle.openpgp.api.KeyPassphraseProvider
 import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor
 import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
 import org.pgpainless.key.protection.passphrase_provider.SecretKeyPassphraseProvider
@ -32,8 +34,15 @@ interface SecretKeyRingProtector : KeyPassphraseProvider {
     * @param keyId key id
     * @return true if it has a passphrase, false otherwise
     */
    @Deprecated("Pass in a KeyIdentifier instead.")
    fun hasPassphraseFor(keyId: Long): Boolean = hasPassphraseFor(KeyIdentifier(keyId))
    /**
     * Returns true, if the protector has a passphrase for the key with the given [keyIdentifier].
     *
     * @param keyIdentifier key identifier
     * @return true if it has a passphrase, false otherwise
     */
    fun hasPassphraseFor(keyIdentifier: KeyIdentifier): Boolean
    /**
@ -43,24 +52,37 @@ interface SecretKeyRingProtector : KeyPassphraseProvider {
     * @param keyId id of the key
     * @return decryptor for the key
     */
    @Deprecated("Pass in a KeyIdentifier instead.")
    @Throws(PGPException::class)
    fun getDecryptor(keyId: Long): PBESecretKeyDecryptor? = getDecryptor(KeyIdentifier(keyId))
    /**
     * Return a decryptor for the key with the given [keyIdentifier]. This method returns null if
     * the key is unprotected.
     *
     * @param keyIdentifier identifier of the key
     * @return decryptor for the key
     */
    @Throws(PGPException::class)
    fun getDecryptor(keyIdentifier: KeyIdentifier): PBESecretKeyDecryptor?
    /**
-     * Return an encryptor for the key of id `keyId`. This method returns null if the key is
+     * Return an encryptor for the given key.
     * unprotected.
     *
-     * @param keyId id of the key
+     * @param key component key
-     * @return encryptor for the key
+     * @return encryptor or null if the key shall not be encrypted
     */
    @Throws(PGPException::class)
-    fun getEncryptor(keyId: Long): PBESecretKeyEncryptor? = getEncryptor(KeyIdentifier(keyId))
+    fun getEncryptor(key: OpenPGPComponentKey): PBESecretKeyEncryptor? =
        getEncryptor(key.pgpPublicKey)
-    @Throws(PGPException::class)
+    /**
-    fun getEncryptor(keyIdentifier: KeyIdentifier): PBESecretKeyEncryptor?
+     * Return an encryptor for the given key.
     *
     * @param key component key
     * @return encryptor or null if the key shall not be encrypted
     */
    @Throws(PGPException::class) fun getEncryptor(key: PGPPublicKey): PBESecretKeyEncryptor?
    companion object {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/UnprotectedKeysProtector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/UnprotectedKeysProtector.kt
@ -4,6 +4,7 @@
 package org.pgpainless.key.protection
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor
 import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
@ -17,7 +18,7 @@ class UnprotectedKeysProtector : SecretKeyRingProtector {
    override fun getDecryptor(keyIdentifier: KeyIdentifier): PBESecretKeyDecryptor? = null
-    override fun getEncryptor(keyIdentifier: KeyIdentifier): PBESecretKeyEncryptor? = null
+    override fun getEncryptor(key: PGPPublicKey): PBESecretKeyEncryptor? = null
    override fun getKeyPassword(p0: OpenPGPKey.OpenPGPSecretKey?): CharArray? = null
 }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/fixes/S2KUsageFix.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/fixes/S2KUsageFix.kt
@ -4,14 +4,15 @@
 package org.pgpainless.key.protection.fixes
 import org.bouncycastle.bcpg.HashAlgorithmTags
 import org.bouncycastle.bcpg.SecretKeyPacket
 import org.bouncycastle.openpgp.PGPSecretKey
 import org.bouncycastle.openpgp.PGPSecretKeyRing
-import org.pgpainless.algorithm.HashAlgorithm
+import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.pgpainless.bouncycastle.extensions.unlock
 import org.pgpainless.exception.WrongPassphraseException
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.protection.SecretKeyRingProtector
 import org.pgpainless.key.protection.fixes.S2KUsageFix.Companion.replaceUsageChecksumWithUsageSha1
 /**
 * Repair class to fix keys which use S2K usage of value [SecretKeyPacket.USAGE_CHECKSUM]. The
@ -48,7 +49,9 @@ class S2KUsageFix {
            skipKeysWithMissingPassphrase: Boolean = false
        ): PGPSecretKeyRing {
            val digestCalculator =
-                ImplementationFactory.getInstance().getPGPDigestCalculator(HashAlgorithm.SHA1)
+                OpenPGPImplementation.getInstance()
                    .pgpDigestCalculatorProvider()
                    .get(HashAlgorithmTags.SHA1)
            val keyList = mutableListOf<PGPSecretKey>()
            for (key in keys) {
                // CHECKSUM is not recommended
@ -58,7 +61,7 @@ class S2KUsageFix {
                }
                val keyId = key.keyID
-                val encryptor = protector.getEncryptor(keyId)
+                val encryptor = protector.getEncryptor(key.publicKey)
                if (encryptor == null) {
                    if (skipKeysWithMissingPassphrase) {
                        keyList.add(key)
@ -76,7 +79,7 @@ class S2KUsageFix {
                        key.publicKey,
                        digestCalculator,
                        key.isMasterKey,
-                        protector.getEncryptor(keyId))
+                        protector.getEncryptor(key.publicKey))
                keyList.add(fixedKey)
            }
            return PGPSecretKeyRing(keyList)
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/KeyRingUtils.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/KeyRingUtils.kt
@ -11,11 +11,11 @@ import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.bcpg.S2K
 import org.bouncycastle.bcpg.SecretKeyPacket
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.util.Strings
 import org.pgpainless.bouncycastle.extensions.certificate
 import org.pgpainless.bouncycastle.extensions.requireSecretKey
 import org.pgpainless.exception.MissingPassphraseException
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.protection.SecretKeyRingProtector
 import org.pgpainless.key.protection.fixes.S2KUsageFix
 import org.slf4j.Logger
@ -436,7 +436,7 @@ class KeyRingUtils {
            }
            secretKeys.extraPublicKeys.forEach { it.encode(out) }
            return PGPSecretKeyRing(
-                out.toByteArray(), ImplementationFactory.getInstance().keyFingerprintCalculator)
+                out.toByteArray(), OpenPGPImplementation.getInstance().keyFingerPrintCalculator())
        }
        /**
@ -450,7 +450,7 @@ class KeyRingUtils {
        fun getStrippedDownPublicKey(bloatedKey: PGPPublicKey): PGPPublicKey {
            return PGPPublicKey(
                bloatedKey.publicKeyPacket,
-                ImplementationFactory.getInstance().keyFingerprintCalculator)
+                OpenPGPImplementation.getInstance().keyFingerPrintCalculator())
        }
        @JvmStatic
@ -510,7 +510,7 @@ class KeyRingUtils {
            return PGPSecretKey.copyWithNewPassword(
                secretKey,
                oldProtector.getDecryptor(secretKey.keyID),
-                newProtector.getEncryptor(secretKey.keyID))
+                newProtector.getEncryptor(secretKey.publicKey))
        }
        @JvmStatic
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/PublicKeyParameterValidationUtil.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/PublicKeyParameterValidationUtil.kt
@ -10,15 +10,12 @@ import java.math.BigInteger
 import java.security.SecureRandom
 import org.bouncycastle.bcpg.*
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.util.Arrays
 import org.bouncycastle.util.io.Streams
 import org.pgpainless.algorithm.HashAlgorithm
 import org.pgpainless.algorithm.PublicKeyAlgorithm.Companion.requireFromId
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm
 import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
 import org.pgpainless.exception.KeyIntegrityException
 import org.pgpainless.implementation.ImplementationFactory.Companion.getInstance
 /**
 * Utility class to verify keys against Key Overwriting (KO) attacks. This class of attacks is only
@ -224,9 +221,9 @@ class PublicKeyParameterValidationUtil {
            val data = ByteArray(512).also { SecureRandom().nextBytes(it) }
            val signatureGenerator =
                PGPSignatureGenerator(
-                    getInstance()
+                    OpenPGPImplementation.getInstance()
-                        .getPGPContentSignerBuilder(
+                        .pgpContentSignerBuilder(publicKey.algorithm, HashAlgorithmTags.SHA256),
-                            requireFromId(publicKey.algorithm), HashAlgorithm.SHA256))
+                    publicKey)
            return try {
                signatureGenerator
                    .apply {
@ -235,7 +232,9 @@ class PublicKeyParameterValidationUtil {
                    }
                    .generate()
                    .apply {
-                        init(getInstance().pgpContentVerifierBuilderProvider, publicKey)
+                        init(
                            OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                            publicKey)
                        update(data)
                    }
                    .verify()
@ -257,9 +256,12 @@ class PublicKeyParameterValidationUtil {
            val data = ByteArray(1024).also { SecureRandom().nextBytes(it) }
            val encryptedDataGenerator =
                PGPEncryptedDataGenerator(
-                        getInstance().getPGPDataEncryptorBuilder(SymmetricKeyAlgorithm.AES_256))
+                        OpenPGPImplementation.getInstance()
                            .pgpDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256))
                    .apply {
-                        addMethod(getInstance().getPublicKeyKeyEncryptionMethodGenerator(publicKey))
+                        addMethod(
                            OpenPGPImplementation.getInstance()
                                .publicKeyKeyEncryptionMethodGenerator(publicKey))
                    }
            var out = ByteArrayOutputStream()
@ -268,7 +270,8 @@ class PublicKeyParameterValidationUtil {
                outputStream.write(data)
                encryptedDataGenerator.close()
                val encryptedDataList = PGPEncryptedDataList(out.toByteArray())
-                val decryptorFactory = getInstance().getPublicKeyDataDecryptorFactory(privateKey)
+                val decryptorFactory =
                    OpenPGPImplementation.getInstance().publicKeyDataDecryptorFactory(privateKey)
                val encryptedData =
                    encryptedDataList.encryptedDataObjects.next() as PGPPublicKeyEncryptedData
                val decrypted = encryptedData.getDataStream(decryptorFactory)
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt
@ -10,10 +10,10 @@ import java.util.*
 import openpgp.plusSeconds
 import org.bouncycastle.bcpg.sig.KeyExpirationTime
 import org.bouncycastle.openpgp.*
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.util.encoders.Hex
 import org.bouncycastle.util.io.Streams
 import org.pgpainless.bouncycastle.extensions.*
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.OpenPgpFingerprint
 import org.pgpainless.key.util.RevocationAttributes.Reason
 import org.pgpainless.util.ArmorUtils
@ -153,7 +153,7 @@ class SignatureUtils {
        fun readSignatures(inputStream: InputStream, maxIterations: Int): List<PGPSignature> {
            val signatures = mutableListOf<PGPSignature>()
            val pgpIn = ArmorUtils.getDecoderStream(inputStream)
-            val objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(pgpIn)
+            val objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(pgpIn)
            var i = 0
            var nextObject: Any? = null
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt
@ -10,12 +10,12 @@ import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSignature
 import org.bouncycastle.openpgp.PGPSignatureGenerator
 import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.pgpainless.PGPainless
 import org.pgpainless.algorithm.HashAlgorithm
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.algorithm.negotiation.HashAlgorithmNegotiator
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.protection.SecretKeyRingProtector
 import org.pgpainless.key.protection.UnlockSecretKey
 import org.pgpainless.key.util.OpenPgpKeyAttributeUtil
@ -110,9 +110,10 @@ abstract class AbstractSignatureBuilder<B : AbstractSignatureBuilder<B>>(
    @Throws(PGPException::class)
    protected fun buildAndInitSignatureGenerator(): PGPSignatureGenerator =
        PGPSignatureGenerator(
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                    .getPGPContentSignerBuilder(
+                    .pgpContentSignerBuilder(
-                        signingKey.publicKey.pgpPublicKey.algorithm, hashAlgorithm.algorithmId))
+                        signingKey.keyPair.publicKey.algorithm, hashAlgorithm.algorithmId),
                signingKey.keyPair.publicKey)
            .apply {
                setUnhashedSubpackets(SignatureSubpacketsHelper.toVector(_unhashedSubpackets))
                setHashedSubpackets(SignatureSubpacketsHelper.toVector(_hashedSubpackets))
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt
@ -12,17 +12,16 @@ import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSignature
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.pgpainless.algorithm.KeyFlag
 import org.pgpainless.algorithm.SignatureSubpacket
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.bouncycastle.extensions.fingerprint
 import org.pgpainless.bouncycastle.extensions.isHardRevocation
 import org.pgpainless.bouncycastle.extensions.isOfType
 import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
 import org.pgpainless.bouncycastle.extensions.signatureExpirationDate
 import org.pgpainless.bouncycastle.extensions.signatureHashAlgorithm
 import org.pgpainless.exception.SignatureValidationException
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.key.OpenPgpFingerprint
 import org.pgpainless.policy.Policy
 import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil
@ -486,7 +485,7 @@ abstract class SignatureValidator {
                    }
                    try {
                        signature.init(
-                            ImplementationFactory.getInstance().pgpContentVerifierBuilderProvider,
+                            OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                            primaryKey)
                        if (!signature.verifyCertification(primaryKey, subkey)) {
                            throw SignatureValidationException("Signature is not correct.")
@ -521,7 +520,7 @@ abstract class SignatureValidator {
                    }
                    try {
                        signature.init(
-                            ImplementationFactory.getInstance().pgpContentVerifierBuilderProvider,
+                            OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                            subkey)
                        if (!signature.verifyCertification(primaryKey, subkey)) {
                            throw SignatureValidationException(
@ -554,7 +553,7 @@ abstract class SignatureValidator {
                override fun verify(signature: PGPSignature) {
                    try {
                        signature.init(
-                            ImplementationFactory.getInstance().pgpContentVerifierBuilderProvider,
+                            OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                            signingKey)
                        val valid =
                            if (signingKey.keyID == signedKey.keyID ||
@ -625,7 +624,7 @@ abstract class SignatureValidator {
                override fun verify(signature: PGPSignature) {
                    try {
                        signature.init(
-                            ImplementationFactory.getInstance().pgpContentVerifierBuilderProvider,
+                            OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                            certifyingKey)
                        if (!signature.verifyCertification(userId.toString(), certifiedKey)) {
                            throw SignatureValidationException(
@ -660,7 +659,7 @@ abstract class SignatureValidator {
                override fun verify(signature: PGPSignature) {
                    try {
                        signature.init(
-                            ImplementationFactory.getInstance().pgpContentVerifierBuilderProvider,
+                            OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                            certifyingKey)
                        if (!signature.verifyCertification(userAttributes, certifiedKey)) {
                            throw SignatureValidationException(
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureVerifier.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureVerifier.kt
@ -12,9 +12,9 @@ import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSignature
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.exception.SignatureValidationException
 import org.pgpainless.implementation.ImplementationFactory.Companion.getInstance
 import org.pgpainless.policy.Policy
 import org.pgpainless.signature.consumer.SignatureValidator.Companion.correctSignatureOverKey
 import org.pgpainless.signature.consumer.SignatureValidator.Companion.correctSignatureOverUserAttributes
@ -479,7 +479,7 @@ class SignatureVerifier {
        ) {
            try {
                signature.init(
-                    getInstance().pgpContentVerifierBuilderProvider,
+                    OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                    signingKey,
                )
                var read: Int
--- a/pgpainless-core/src/test/java/investigations/InvestigateMultiSEIPMessageHandlingTest.java
+++ b/pgpainless-core/src/test/java/investigations/InvestigateMultiSEIPMessageHandlingTest.java
@ -14,6 +14,7 @@ import java.nio.charset.StandardCharsets;
 import java.util.Date;
 import org.bouncycastle.bcpg.ArmoredOutputStream;
 import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
@ -21,6 +22,7 @@ import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.openpgp.api.OpenPGPKey;
 import org.bouncycastle.openpgp.operator.PGPDataEncryptorBuilder;
 import org.bouncycastle.util.io.Streams;
@ -29,11 +31,9 @@ import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.EncryptionPurpose;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
 import org.pgpainless.decryption_verification.ConsumerOptions;
 import org.pgpainless.decryption_verification.DecryptionStream;
 import org.pgpainless.exception.MalformedOpenPgpMessageException;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.info.KeyRingInfo;
 import org.pgpainless.key.protection.UnlockSecretKey;
 import org.pgpainless.util.Passphrase;
@ -130,7 +130,7 @@ public class InvestigateMultiSEIPMessageHandlingTest {
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        ArmoredOutputStream armorOut = new ArmoredOutputStream(out);
-        PGPDataEncryptorBuilder cryptBuilder = ImplementationFactory.getInstance().getPGPDataEncryptorBuilder(SymmetricKeyAlgorithm.AES_256);
+        PGPDataEncryptorBuilder cryptBuilder = OpenPGPImplementation.getInstance().pgpDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256);
        cryptBuilder.setWithIntegrityPacket(true);
        encryptAndSign(cryptKey1, signKey1, armorOut, data1.getBytes(StandardCharsets.UTF_8));
@ -145,15 +145,16 @@ public class InvestigateMultiSEIPMessageHandlingTest {
    private void encryptAndSign(PGPPublicKey cryptKey, PGPSecretKey signKey, ArmoredOutputStream armorOut, byte[] data) throws IOException, PGPException {
-        PGPDataEncryptorBuilder cryptBuilder = ImplementationFactory.getInstance().getPGPDataEncryptorBuilder(SymmetricKeyAlgorithm.AES_256);
+        PGPDataEncryptorBuilder cryptBuilder = OpenPGPImplementation.getInstance().pgpDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256);
        cryptBuilder.setWithIntegrityPacket(true);
        PGPEncryptedDataGenerator cryptGen = new PGPEncryptedDataGenerator(cryptBuilder);
-        cryptGen.addMethod(ImplementationFactory.getInstance().getPublicKeyKeyEncryptionMethodGenerator(cryptKey));
+        cryptGen.addMethod(OpenPGPImplementation.getInstance().publicKeyKeyEncryptionMethodGenerator(cryptKey));
        OutputStream cryptStream = cryptGen.open(armorOut, new byte[512]);
-        PGPSignatureGenerator sigGen = new PGPSignatureGenerator(ImplementationFactory.getInstance()
+        PGPSignatureGenerator sigGen = new PGPSignatureGenerator(OpenPGPImplementation.getInstance()
-                .getPGPContentSignerBuilder(signKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()));
+                .pgpContentSignerBuilder(signKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()),
                signKey.getPublicKey());
        sigGen.init(SignatureType.BINARY_DOCUMENT.getCode(), UnlockSecretKey
                .unlockSecretKey(signKey, (Passphrase) null));
--- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyVersion3SignaturePacketTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyVersion3SignaturePacketTest.java
@ -9,6 +9,7 @@ import org.bouncycastle.openpgp.PGPPrivateKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPV3SignatureGenerator;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
 import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.Test;
@ -16,7 +17,6 @@ import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.PublicKeyAlgorithm;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.TestKeys;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
@ -48,7 +48,7 @@ class VerifyVersion3SignaturePacketTest {
    }
    private static PGPSignature generateV3Signature() throws IOException, PGPException {
-        PGPContentSignerBuilder builder = ImplementationFactory.getInstance().getPGPContentSignerBuilder(PublicKeyAlgorithm.ECDSA, HashAlgorithm.SHA512);
+        PGPContentSignerBuilder builder = OpenPGPImplementation.getInstance().pgpContentSignerBuilder(PublicKeyAlgorithm.ECDSA.getAlgorithmId(), HashAlgorithm.SHA512.getAlgorithmId());
        PGPV3SignatureGenerator signatureGenerator = new PGPV3SignatureGenerator(builder);
        PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
--- a/pgpainless-core/src/test/java/org/pgpainless/key/ImportExportKeyTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/ImportExportKeyTest.java
@ -12,10 +12,10 @@ import java.io.IOException;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.util.TestAllImplementations;
 public class ImportExportKeyTest {
@ -29,7 +29,7 @@ public class ImportExportKeyTest {
    public void testExportImportPublicKeyRing() throws IOException {
        PGPPublicKeyRing publicKeys = TestKeys.getJulietPublicKeyRing();
-        KeyFingerPrintCalculator calc = ImplementationFactory.getInstance().getKeyFingerprintCalculator();
+        KeyFingerPrintCalculator calc = OpenPGPImplementation.getInstance().keyFingerPrintCalculator();
        byte[] bytes = publicKeys.getEncoded();
        PGPPublicKeyRing parsed = new PGPPublicKeyRing(bytes, calc);
        assertArrayEquals(publicKeys.getEncoded(), parsed.getEncoded());
@ -40,7 +40,7 @@ public class ImportExportKeyTest {
    public void testExportImportSecretKeyRing() throws IOException, PGPException {
        PGPSecretKeyRing secretKeys = TestKeys.getRomeoSecretKeyRing();
-        KeyFingerPrintCalculator calc = ImplementationFactory.getInstance().getKeyFingerprintCalculator();
+        KeyFingerPrintCalculator calc = OpenPGPImplementation.getInstance().keyFingerPrintCalculator();
        byte[] bytes = secretKeys.getEncoded();
        PGPSecretKeyRing parsed = new PGPSecretKeyRing(bytes, calc);
        assertArrayEquals(secretKeys.getEncoded(), parsed.getEncoded());
--- a/pgpainless-core/src/test/java/org/pgpainless/key/WeirdKeys.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/WeirdKeys.java
@ -20,11 +20,11 @@ import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.util.Strings;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.info.KeyRingInfo;
 import org.pgpainless.key.protection.UnlockSecretKey;
 import org.pgpainless.util.Passphrase;
@ -121,9 +121,10 @@ public class WeirdKeys {
        assertThrows(IllegalArgumentException.class, () -> Strings.fromUTF8ByteArray(idBytes));
        PGPSignatureGenerator sigGen = new PGPSignatureGenerator(
-                ImplementationFactory.getInstance().getPGPContentSignerBuilder(
+                OpenPGPImplementation.getInstance().pgpContentSignerBuilder(
                        pubKey.getAlgorithm(),
-                        HashAlgorithmTags.SHA512));
+                        HashAlgorithmTags.SHA512),
                pubKey);
        sigGen.init(SignatureType.GENERIC_CERTIFICATION.getCode(), privKey);
        // We have to manually generate the signature over the user-ID
--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateV6KeyTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateV6KeyTest.java
@ -6,7 +6,6 @@ package org.pgpainless.key.generation;
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.api.OpenPGPCertificate;
 import org.bouncycastle.openpgp.api.OpenPGPKey;
 import org.bouncycastle.openpgp.api.SignatureParameters;
@ -16,6 +15,7 @@ import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.algorithm.OpenPGPKeyVersion;
 import org.pgpainless.algorithm.PublicKeyAlgorithm;
 import org.pgpainless.key.generation.type.rsa.RsaLength;
 import java.io.IOException;
@ -27,10 +27,25 @@ public class GenerateV6KeyTest {
    @Test
    public void generateModernV6Key() {
-        PGPSecretKeyRing secretKey = PGPainless.generateKeyRing(OpenPGPKeyVersion.v6)
+        OpenPGPKey key = PGPainless.generateKeyRing(OpenPGPKeyVersion.v6)
-                .modernKeyRing("Alice <alice@example.org>")
+                .modernKeyRing("Alice <alice@example.org>");
-                .getPGPSecretKeyRing();
+        assertEquals(3, key.getKeys().size());
-        assertEquals(6, secretKey.getPublicKey().getVersion());
+
        OpenPGPCertificate.OpenPGPPrimaryKey primaryKey = key.getPrimaryKey();
        assertEquals(primaryKey, key.getCertificationKeys().get(0));
        assertEquals(6, primaryKey.getVersion());
        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(),
                primaryKey.getAlgorithm());
        OpenPGPCertificate.OpenPGPComponentKey signingKey = key.getSigningKeys().get(0);
        assertEquals(6, signingKey.getVersion());
        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(),
                signingKey.getAlgorithm());
        OpenPGPCertificate.OpenPGPComponentKey encryptionKey = key.getEncryptionKeys().get(0);
        assertEquals(6, encryptionKey.getVersion());
        assertEquals(PublicKeyAlgorithm.X25519.getAlgorithmId(),
                encryptionKey.getAlgorithm());
    }
    @Test
@ -53,9 +68,11 @@ public class GenerateV6KeyTest {
        assertEquals(1, key.getKeys().size());
        OpenPGPCertificate.OpenPGPPrimaryKey primaryKey = key.getPrimaryKey();
        assertTrue(key.getCertificationKeys().isEmpty());
        assertEquals(6, primaryKey.getVersion());
        assertTrue(primaryKey.isPrimaryKey());
-        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(), primaryKey.getPGPPublicKey().getAlgorithm());
+        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(),
                primaryKey.getAlgorithm());
        assertEquals(primaryKey, key.getSigningKeys().get(0));
        assertTrue(key.getEncryptionKeys().isEmpty());
@ -76,7 +93,8 @@ public class GenerateV6KeyTest {
        assertTrue(key.isSecretKey());
        assertEquals(3, key.getKeys().size());
        OpenPGPCertificate.OpenPGPPrimaryKey primaryKey = key.getPrimaryKey();
-        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(), primaryKey.getPGPPublicKey().getAlgorithm());
+        assertEquals(primaryKey, key.getCertificationKeys().get(0));
        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(), primaryKey.getAlgorithm());
        assertEquals(6, primaryKey.getVersion());
        assertTrue(primaryKey.isPrimaryKey());
        assertEquals(primaryKey, key.getKeys().get(0));
@ -84,13 +102,13 @@ public class GenerateV6KeyTest {
        OpenPGPCertificate.OpenPGPComponentKey signingKey = key.getKeys().get(1);
        assertTrue(key.getSigningKeys().contains(signingKey));
        assertEquals(6, signingKey.getVersion());
-        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(), signingKey.getPGPPublicKey().getAlgorithm());
+        assertEquals(PublicKeyAlgorithm.ED25519.getAlgorithmId(), signingKey.getAlgorithm());
        assertFalse(signingKey.isPrimaryKey());
        OpenPGPCertificate.OpenPGPComponentKey encryptionKey = key.getKeys().get(2);
        assertTrue(key.getEncryptionKeys().contains(encryptionKey));
        assertEquals(6, encryptionKey.getVersion());
-        assertEquals(PublicKeyAlgorithm.X25519.getAlgorithmId(), encryptionKey.getPGPPublicKey().getAlgorithm());
+        assertEquals(PublicKeyAlgorithm.X25519.getAlgorithmId(), encryptionKey.getAlgorithm());
        assertFalse(encryptionKey.isPrimaryKey());
        OpenPGPCertificate certificate = key.toCertificate();
@ -100,4 +118,32 @@ public class GenerateV6KeyTest {
        System.out.println(certificate.toAsciiArmoredString());
        // CHECKSTYLE:ON
    }
    @Test
    public void buildMonolithicRSAKey() {
        OpenPGPKey key = PGPainless.getInstance().generateKey(OpenPGPKeyVersion.v6)
                .simpleRsaKeyRing("Alice <alice@example.org>", RsaLength._4096);
        OpenPGPCertificate.OpenPGPPrimaryKey primaryKey = key.getPrimaryKey();
        // Primary key is used for all purposes
        assertEquals(primaryKey, key.getCertificationKeys().get(0));
        assertEquals(primaryKey, key.getSigningKeys().get(0));
        assertEquals(primaryKey, key.getEncryptionKeys().get(0));
    }
    @Test
    public void generateAEADProtectedModernKey()
            throws IOException {
        OpenPGPKey key = PGPainless.getInstance()
                .generateKey(OpenPGPKeyVersion.v6)
                .modernKeyRing("Alice <alice@example.com>", "p455w0rd");
        String armored = key.toAsciiArmoredString();
        OpenPGPKey parsed = PGPainless.getInstance().readKey().parseKey(armored);
        OpenPGPKey.OpenPGPSecretKey primaryKey = key.getPrimarySecretKey();
        assertEquals(armored, parsed.toAsciiArmoredString());
    }
 }
--- a/pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeSecretKeyRingPassphraseTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeSecretKeyRingPassphraseTest.java
@ -16,6 +16,7 @@ import java.util.Iterator;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
 import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.TestTemplate;
@ -26,7 +27,6 @@ import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
 import org.pgpainless.encryption_signing.EncryptionStream;
 import org.pgpainless.encryption_signing.ProducerOptions;
 import org.pgpainless.encryption_signing.SigningOptions;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.protection.KeyRingProtectionSettings;
 import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector;
 import org.pgpainless.key.protection.UnlockSecretKey;
@ -166,7 +166,12 @@ public class ChangeSecretKeyRingPassphraseTest {
        } else if (!passphrase.isEmpty() && secretKey.getKeyEncryptionAlgorithm() == SymmetricKeyAlgorithm.NULL.getAlgorithmId()) {
            throw new PGPException("Cannot unlock unprotected private key with non-empty passphrase.");
        }
-        PBESecretKeyDecryptor decryptor = passphrase.isEmpty() ? null : ImplementationFactory.getInstance().getPBESecretKeyDecryptor(passphrase);
+        PBESecretKeyDecryptor decryptor = passphrase.isEmpty() ?
                null :
                OpenPGPImplementation.getInstance()
                        .pbeSecretKeyDecryptorBuilderProvider()
                        .provide()
                        .build(passphrase.getChars());
        UnlockSecretKey.unlockSecretKey(secretKey, decryptor);
    }
--- a/pgpainless-core/src/test/java/org/pgpainless/key/parsing/KeyRingReaderTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/parsing/KeyRingReaderTest.java
@ -29,11 +29,11 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.Test;
 import org.opentest4j.TestAbortedException;
 import org.pgpainless.PGPainless;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.OpenPgpV4Fingerprint;
 import org.pgpainless.key.collection.PGPKeyRingCollection;
 import org.pgpainless.key.util.KeyRingUtils;
@ -63,7 +63,7 @@ class KeyRingReaderTest {
        InputStream possiblyArmored = PGPUtil.getDecoderStream(PGPUtil.getDecoderStream(inputStream));
        PGPPublicKeyRingCollection collection = new PGPPublicKeyRingCollection(
-                possiblyArmored, ImplementationFactory.getInstance().getKeyFingerprintCalculator());
+                possiblyArmored, OpenPGPImplementation.getInstance().keyFingerPrintCalculator());
        assertEquals(10, collection.size());
    }
--- a/pgpainless-core/src/test/java/org/pgpainless/key/protection/CachingSecretKeyRingProtectorTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/protection/CachingSecretKeyRingProtectorTest.java
@ -53,7 +53,6 @@ public class CachingSecretKeyRingProtectorTest {
    @Test
    public void noCallbackReturnsNullForUnknownKeyId() throws PGPException {
        assertNull(protector.getDecryptor(123L));
        assertNull(protector.getEncryptor(123L));
    }
    @Test
@ -61,7 +60,6 @@ public class CachingSecretKeyRingProtectorTest {
        Passphrase passphrase = Passphrase.fromPassword("HelloWorld");
        protector.addPassphrase(new KeyIdentifier(123L), passphrase);
        assertEquals(passphrase, protector.getPassphraseFor(123L));
        assertNotNull(protector.getEncryptor(123L));
        assertNotNull(protector.getDecryptor(123L));
        assertNull(protector.getPassphraseFor(999L));
@ -88,7 +86,7 @@ public class CachingSecretKeyRingProtectorTest {
        while (it.hasNext()) {
            PGPSecretKey key = it.next();
            assertEquals(passphrase, protector.getPassphraseFor(key));
-            assertNotNull(protector.getEncryptor(key.getKeyID()));
+            assertNotNull(protector.getEncryptor(key.getPublicKey()));
            assertNotNull(protector.getDecryptor(key.getKeyID()));
        }
@ -100,7 +98,7 @@ public class CachingSecretKeyRingProtectorTest {
        while (it.hasNext()) {
            PGPSecretKey key = it.next();
            assertNull(protector.getPassphraseFor(key));
-            assertNull(protector.getEncryptor(key.getKeyID()));
+            assertNull(protector.getEncryptor(key.getPublicKey()));
            assertNull(protector.getDecryptor(key.getKeyID()));
        }
    }
--- a/pgpainless-core/src/test/java/org/pgpainless/key/protection/PassphraseProtectedKeyTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/protection/PassphraseProtectedKeyTest.java
@ -7,6 +7,7 @@ package org.pgpainless.key.protection;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import java.io.IOException;
 import java.util.Iterator;
 import javax.annotation.Nullable;
@ -46,14 +47,14 @@ public class PassphraseProtectedKeyTest {
            });
    @Test
-    public void testReturnsNonNullDecryptorEncryptorForPassword() throws PGPException {
+    public void testReturnsNonNullDecryptorEncryptorForPassword() throws IOException {
-        assertNotNull(protector.getEncryptor(TestKeys.CRYPTIE_KEY_ID));
+        assertNotNull(protector.getEncryptor(TestKeys.getCryptiePublicKeyRing().getPublicKey(TestKeys.CRYPTIE_KEY_ID)));
        assertNotNull(protector.getDecryptor(TestKeys.CRYPTIE_KEY_ID));
    }
    @Test
-    public void testReturnsNullDecryptorEncryptorForNoPassword() throws PGPException {
+    public void testReturnsNullDecryptorEncryptorForNoPassword() throws IOException {
-        assertNull(protector.getEncryptor(TestKeys.JULIET_KEY_ID));
+        assertNull(protector.getEncryptor(TestKeys.getJulietPublicKeyRing().getPublicKey(TestKeys.JULIET_KEY_ID)));
        assertNull(protector.getDecryptor(TestKeys.JULIET_KEY_ID));
    }
@ -64,7 +65,7 @@ public class PassphraseProtectedKeyTest {
        SecretKeyRingProtector protector = PasswordBasedSecretKeyRingProtector.forKey(secretKeys, Passphrase.fromPassword("passphrase"));
        for (Iterator<PGPPublicKey> it = secretKeys.getPublicKeys(); it.hasNext(); ) {
            PGPPublicKey subkey = it.next();
-            assertNotNull(protector.getEncryptor(subkey.getKeyID()));
+            assertNotNull(protector.getEncryptor(subkey));
            assertNotNull(protector.getDecryptor(subkey.getKeyID()));
        }
    }
--- a/pgpainless-core/src/test/java/org/pgpainless/key/protection/SecretKeyRingProtectorTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/protection/SecretKeyRingProtectorTest.java
@ -62,7 +62,6 @@ public class SecretKeyRingProtectorTest {
        SecretKeyRingProtector protector = SecretKeyRingProtector.unprotectedKeys();
        for (int i = 0; i < 10; i++) {
            Long keyId = random.nextLong();
            assertNull(protector.getEncryptor(keyId));
            assertNull(protector.getDecryptor(keyId));
        }
    }
@ -80,8 +79,8 @@ public class SecretKeyRingProtectorTest {
        SecretKeyRingProtector protector =
                SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, secretKey);
        assertNotNull(protector.getDecryptor(secretKey.getKeyID()));
-        assertNotNull(protector.getEncryptor(secretKey.getKeyID()));
+        assertNotNull(protector.getEncryptor(secretKey.getPublicKey()));
-        assertNull(protector.getEncryptor(subKey.getKeyID()));
+        assertNull(protector.getEncryptor(subKey.getPublicKey()));
        assertNull(protector.getDecryptor(subKey.getKeyID()));
    }
--- a/pgpainless-core/src/test/java/org/pgpainless/key/protection/UnprotectedKeysProtectorTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/protection/UnprotectedKeysProtectorTest.java
@ -17,9 +17,4 @@ public class UnprotectedKeysProtectorTest {
    public void testKeyProtectorReturnsNullDecryptor() throws PGPException {
        assertNull(protector.getDecryptor(0L));
    }
    @Test
    public void testKeyProtectorReturnsNullEncryptor() throws PGPException {
        assertNull(protector.getEncryptor(0L));
    }
 }
--- a/pgpainless-core/src/test/java/org/pgpainless/key/util/KeyRingUtilTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/util/KeyRingUtilTest.java
@ -14,13 +14,13 @@ import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVectorGenerator;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.algorithm.OpenPGPKeyVersion;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.generation.KeyRingBuilder;
 import org.pgpainless.key.generation.KeySpec;
 import org.pgpainless.key.generation.type.KeyType;
@ -57,9 +57,9 @@ public class KeyRingUtilTest {
        // create sig
        PGPSignatureGenerator sigGen = new PGPSignatureGenerator(
-                ImplementationFactory.getInstance().getPGPContentSignerBuilder(
+                OpenPGPImplementation.getInstance().pgpContentSignerBuilder(
                        secretKeys.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()
-                ));
+                ), secretKeys.getPublicKey());
        sigGen.init(
                SignatureType.POSITIVE_CERTIFICATION.getCode(),
                UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys()));
--- a/pgpainless-core/src/test/java/org/pgpainless/signature/OnePassSignatureBracketingTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/signature/OnePassSignatureBracketingTest.java
@ -29,6 +29,7 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureList;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
 import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.TestTemplate;
@ -42,7 +43,6 @@ import org.pgpainless.encryption_signing.EncryptionOptions;
 import org.pgpainless.encryption_signing.EncryptionStream;
 import org.pgpainless.encryption_signing.ProducerOptions;
 import org.pgpainless.encryption_signing.SigningOptions;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.key.protection.UnlockSecretKey;
 import org.pgpainless.util.TestAllImplementations;
@ -78,7 +78,7 @@ public class OnePassSignatureBracketingTest {
        ByteArrayInputStream ciphertextIn = new ByteArrayInputStream(out.toByteArray());
        InputStream inputStream = PGPUtil.getDecoderStream(ciphertextIn);
-        PGPObjectFactory objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(inputStream);
+        PGPObjectFactory objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(inputStream);
        PGPOnePassSignatureList onePassSignatures = null;
        PGPSignatureList signatures = null;
@ -95,9 +95,9 @@ public class OnePassSignatureBracketingTest {
                        PGPPublicKeyEncryptedData publicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedData;
                        PGPSecretKey secretKey = key1.getSecretKey(publicKeyEncryptedData.getKeyID());
                        PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKey, SecretKeyRingProtector.unprotectedKeys());
-                        PublicKeyDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance().getPublicKeyDataDecryptorFactory(privateKey);
+                        PublicKeyDataDecryptorFactory decryptorFactory = OpenPGPImplementation.getInstance().publicKeyDataDecryptorFactory(privateKey);
                        InputStream decryptionStream = publicKeyEncryptedData.getDataStream(decryptorFactory);
-                        objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(decryptionStream);
+                        objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(decryptionStream);
                        continue outerloop;
                    }
                }
@ -107,7 +107,7 @@ public class OnePassSignatureBracketingTest {
            } else if (next instanceof PGPCompressedData) {
                PGPCompressedData compressed = (PGPCompressedData) next;
                InputStream decompressor = compressed.getDataStream();
-                objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(decompressor);
+                objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(decompressor);
                continue outerloop;
            } else if (next instanceof PGPLiteralData) {
                continue outerloop;
--- a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureOverUserAttributesTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureOverUserAttributesTest.java
@ -19,12 +19,12 @@ import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVectorGenerator;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.exception.SignatureValidationException;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.TestKeys;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.key.protection.UnlockSecretKey;
@ -58,8 +58,9 @@ public class SignatureOverUserAttributesTest {
        PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKey, SecretKeyRingProtector.unprotectedKeys());
        PGPSignatureGenerator generator = new PGPSignatureGenerator(
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                        .getPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()));
+                        .pgpContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()),
                secretKey.getPublicKey());
        generator.init(SignatureType.CASUAL_CERTIFICATION.getCode(), privateKey);
        PGPSignature signature = generator.generateCertification(attribute, publicKey);
@ -78,8 +79,9 @@ public class SignatureOverUserAttributesTest {
        PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKey, SecretKeyRingProtector.unprotectedKeys());
        PGPSignatureGenerator generator = new PGPSignatureGenerator(
-                ImplementationFactory.getInstance()
+                OpenPGPImplementation.getInstance()
-                        .getPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()));
+                        .pgpContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()),
                secretKey.getPublicKey());
        generator.init(SignatureType.CERTIFICATION_REVOCATION.getCode(), privateKey);
        PGPSignature signature = generator.generateCertification(attribute, publicKey);
--- a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureSubpacketsUtilTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureSubpacketsUtilTest.java
@ -33,13 +33,13 @@ import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
 import org.bouncycastle.openpgp.api.OpenPGPCertificate;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.CompressionAlgorithm;
 import org.pgpainless.algorithm.Feature;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.TestKeys;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.key.protection.UnlockSecretKey;
@ -286,7 +286,7 @@ public class SignatureSubpacketsUtilTest {
    private PGPSignatureGenerator getSignatureGenerator(PGPPrivateKey signingKey,
                                        SignatureType signatureType) throws PGPException {
        PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
-                ImplementationFactory.getInstance().getPGPContentSignerBuilder(
+                OpenPGPImplementation.getInstance().pgpContentSignerBuilder(
                        signingKey.getPublicKeyPacket().getAlgorithm(),
                        HashAlgorithm.SHA512.getAlgorithmId()));
        signatureGenerator.init(signatureType.getCode(), signingKey);
--- a/pgpainless-core/src/test/java/org/pgpainless/signature/builder/ThirdPartyCertificationSignatureBuilderTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/signature/builder/ThirdPartyCertificationSignatureBuilderTest.java
@ -9,12 +9,12 @@ import org.bouncycastle.bcpg.sig.Exportable;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.api.OpenPGPCertificate;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.openpgp.api.OpenPGPKey;
 import org.bouncycastle.openpgp.api.OpenPGPSignature;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.signature.subpackets.CertificationSubpackets;
 import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
@ -70,7 +70,7 @@ public class ThirdPartyCertificationSignatureBuilderTest {
        assertFalse(exportable.isExportable());
        // test sig correctness
-        signature.init(ImplementationFactory.getInstance().getPgpContentVerifierBuilderProvider(),
+        signature.init(OpenPGPImplementation.getInstance().pgpContentVerifierBuilderProvider(),
                secretKeys.getPrimaryKey().getPGPPublicKey());
        assertTrue(signature.verifyCertification("Bob", bobsPublicKeys.getPrimaryKey().getPGPPublicKey()));
    }
--- a/pgpainless-core/src/test/java/org/pgpainless/signature/subpackets/SignatureSubpacketsTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/signature/subpackets/SignatureSubpacketsTest.java
@ -39,6 +39,7 @@ import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
 import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@ -49,7 +50,6 @@ import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.algorithm.PublicKeyAlgorithm;
 import org.pgpainless.algorithm.SignatureType;
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.OpenPgpFingerprint;
 import org.pgpainless.key.TestKeys;
 import org.pgpainless.key.protection.UnlockSecretKey;
@ -414,8 +414,9 @@ public class SignatureSubpacketsTest {
        Iterator<PGPSecretKey> secretKeyIterator = secretKeys.iterator();
        PGPSecretKey primaryKey = secretKeyIterator.next();
        PGPSignatureGenerator generator = new PGPSignatureGenerator(
-                ImplementationFactory.getInstance().getPGPContentSignerBuilder(primaryKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId())
+                OpenPGPImplementation.getInstance().pgpContentSignerBuilder(
-        );
+                        primaryKey.getPublicKey().getAlgorithm(), HashAlgorithm.SHA512.getAlgorithmId()),
                primaryKey.getPublicKey());
        PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(primaryKey, (Passphrase) null);
        generator.init(SignatureType.DIRECT_KEY.getCode(), privateKey);
--- a/pgpainless-core/src/test/java/org/pgpainless/util/ArmorUtilsTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/util/ArmorUtilsTest.java
@ -26,6 +26,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.Assertions;
@ -35,7 +36,6 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.TestKeys;
 import org.pgpainless.key.generation.KeySpec;
 import org.pgpainless.key.generation.type.ecc.EllipticCurve;
@ -257,9 +257,9 @@ public class ArmorUtilsTest {
                "-----END PGP MESSAGE-----";
        InputStream inputStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(armored.getBytes(StandardCharsets.UTF_8)));
-        PGPObjectFactory factory = ImplementationFactory.getInstance().getPGPObjectFactory(inputStream);
+        PGPObjectFactory factory = OpenPGPImplementation.getInstance().pgpObjectFactory(inputStream);
        PGPCompressedData compressed = (PGPCompressedData) factory.nextObject();
-        factory = ImplementationFactory.getInstance().getPGPObjectFactory(compressed.getDataStream());
+        factory = OpenPGPImplementation.getInstance().pgpObjectFactory(compressed.getDataStream());
        PGPLiteralData literal = (PGPLiteralData) factory.nextObject();
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        assertEquals("_CONSOLE", literal.getFileName());
--- a/pgpainless-core/src/test/java/org/pgpainless/util/TestAllImplementations.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/util/TestAllImplementations.java
@ -9,18 +9,18 @@ import java.util.Collections;
 import java.util.List;
 import java.util.stream.Stream;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.openpgp.api.bc.BcOpenPGPImplementation;
 import org.bouncycastle.openpgp.api.jcajce.JcaOpenPGPImplementation;
 import org.junit.jupiter.api.extension.BeforeTestExecutionCallback;
 import org.junit.jupiter.api.extension.Extension;
 import org.junit.jupiter.api.extension.ExtensionContext;
 import org.junit.jupiter.api.extension.TestTemplateInvocationContext;
 import org.junit.jupiter.api.extension.TestTemplateInvocationContextProvider;
 import org.pgpainless.implementation.BcImplementationFactory;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.implementation.JceImplementationFactory;
 /**
- * InvocationContextProvider that sets different {@link ImplementationFactory} implementations before running annotated
+ * InvocationContextProvider that sets different {@link org.bouncycastle.openpgp.api.OpenPGPImplementation}
- * tests.
+ * before running annotated tests.
 *
 * Example test annotation:
 * {@code
@ -35,9 +35,9 @@ import org.pgpainless.implementation.JceImplementationFactory;
 */
 public class TestAllImplementations implements TestTemplateInvocationContextProvider {
-    private static final List<ImplementationFactory> IMPLEMENTATIONS = Arrays.asList(
+    private static final List<OpenPGPImplementation> IMPLEMENTATIONS = Arrays.asList(
-            new BcImplementationFactory(),
+            new BcOpenPGPImplementation(),
-            new JceImplementationFactory()
+            new JcaOpenPGPImplementation()
    );
    @Override
@ -49,16 +49,16 @@ public class TestAllImplementations implements TestTemplateInvocationContextProv
    public Stream<TestTemplateInvocationContext> provideTestTemplateInvocationContexts(ExtensionContext context) {
        return IMPLEMENTATIONS.stream()
-                .map(implementationFactory -> new TestTemplateInvocationContext() {
+                .map(implementation -> new TestTemplateInvocationContext() {
                    @Override
                    public String getDisplayName(int invocationIndex) {
-                        return context.getDisplayName() + " with " + implementationFactory.getClass().getSimpleName();
+                        return context.getDisplayName() + " with " + implementation.getClass().getSimpleName();
                    }
                    @Override
                    public List<Extension> getAdditionalExtensions() {
                        return Collections.singletonList(
-                                (BeforeTestExecutionCallback) ctx -> ImplementationFactory.setFactoryImplementation(implementationFactory)
+                                (BeforeTestExecutionCallback) ctx -> OpenPGPImplementation.setInstance(implementation)
                        );
                    }
                });
--- a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/InlineDetachImpl.kt
+++ b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/InlineDetachImpl.kt
@ -13,11 +13,11 @@ import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPLiteralData
 import org.bouncycastle.openpgp.PGPOnePassSignatureList
 import org.bouncycastle.openpgp.PGPSignatureList
 import org.bouncycastle.openpgp.api.OpenPGPImplementation
 import org.bouncycastle.util.io.Streams
 import org.pgpainless.decryption_verification.OpenPgpInputStream
 import org.pgpainless.decryption_verification.cleartext_signatures.ClearsignedMessageUtil
 import org.pgpainless.exception.WrongConsumingMethodException
 import org.pgpainless.implementation.ImplementationFactory
 import org.pgpainless.util.ArmoredOutputStreamFactory
 import sop.ReadyWithResult
 import sop.Signatures
@ -72,8 +72,7 @@ class InlineDetachImpl : InlineDetach {
                    }
                    // handle binary OpenPGP data
-                    var objectFactory =
+                    var objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(pgpIn)
                        ImplementationFactory.getInstance().getPGPObjectFactory(pgpIn)
                    var next: Any?
                    while (objectFactory.nextObject().also { next = it } != null) {
@ -95,8 +94,8 @@ class InlineDetachImpl : InlineDetach {
                            // Decompress compressed data
                            try {
                                objectFactory =
-                                    ImplementationFactory.getInstance()
+                                    OpenPGPImplementation.getInstance()
-                                        .getPGPObjectFactory((next as PGPCompressedData).dataStream)
+                                        .pgpObjectFactory((next as PGPCompressedData).dataStream)
                            } catch (e: PGPException) {
                                throw SOPGPException.BadData(
                                    "Cannot decompress PGPCompressedData", e)
--- a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/MatchMakingSecretKeyRingProtector.kt
+++ b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/MatchMakingSecretKeyRingProtector.kt
@ -6,6 +6,7 @@ package org.pgpainless.sop
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
 import org.bouncycastle.openpgp.PGPSecretKeyRing
 import org.bouncycastle.openpgp.api.OpenPGPKey
@ -82,8 +83,8 @@ class MatchMakingSecretKeyRingProtector : SecretKeyRingProtector {
    override fun getDecryptor(keyIdentifier: KeyIdentifier): PBESecretKeyDecryptor? =
        protector.getDecryptor(keyIdentifier)
-    override fun getEncryptor(keyIdentifier: KeyIdentifier): PBESecretKeyEncryptor? =
+    override fun getEncryptor(key: PGPPublicKey): PBESecretKeyEncryptor? =
-        protector.getEncryptor(keyIdentifier)
+        protector.getEncryptor(key)
    override fun getKeyPassword(p0: OpenPGPKey.OpenPGPSecretKey): CharArray? =
        protector.getKeyPassword(p0)
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/InlineDetachTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/InlineDetachTest.java
@ -22,10 +22,10 @@ import org.bouncycastle.openpgp.PGPObjectFactory;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureList;
 import org.bouncycastle.openpgp.api.OpenPGPImplementation;
 import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.OpenPgpV4Fingerprint;
 import sop.ByteArrayAndResult;
 import sop.SOP;
@ -153,13 +153,13 @@ public class InlineDetachTest {
        ByteArrayOutputStream literalDataAndSignatures = new ByteArrayOutputStream();
        ArmoredInputStream armorIn = new ArmoredInputStream(new ByteArrayInputStream(inlineSigned));
-        PGPObjectFactory objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(armorIn);
+        PGPObjectFactory objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(armorIn);
        Object next;
        while ((next = objectFactory.nextObject()) != null) {
            if (next instanceof PGPCompressedData) {
                PGPCompressedData compressedData = (PGPCompressedData) next;
                try {
-                    objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(compressedData.getDataStream());
+                    objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(compressedData.getDataStream());
                } catch (PGPException e) {
                    throw new SOPGPException.BadData("Cannot decompress compressed data", e);
                }
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/MatchMakingSecretKeyRingProtectorTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/MatchMakingSecretKeyRingProtectorTest.java
@ -96,13 +96,13 @@ public class MatchMakingSecretKeyRingProtectorTest {
        MatchMakingSecretKeyRingProtector protector = new MatchMakingSecretKeyRingProtector();
        protector.addSecretKey(unprotectedKey);
        assertTrue(protector.hasPassphraseFor(unprotectedKey.getPublicKey().getKeyID()));
-        assertNull(protector.getEncryptor(unprotectedKey.getPublicKey().getKeyID()));
+        assertNull(protector.getEncryptor(unprotectedKey.getPublicKey()));
        assertNull(protector.getDecryptor(unprotectedKey.getPublicKey().getKeyID()));
        PGPSecretKeyRing protectedKey = PGPainless.readKeyRing().secretKeyRing(PROTECTED_KEY);
        protector.addSecretKey(protectedKey);
        protector.addPassphrase(Passphrase.fromPassword(PASSWORD));
-        assertNotNull(protector.getEncryptor(protectedKey.getPublicKey().getKeyID()));
+        assertNotNull(protector.getEncryptor(protectedKey.getPublicKey()));
        assertNotNull(protector.getDecryptor(protectedKey.getPublicKey().getKeyID()));
    }
 }