PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-09 10:19:39 +02:00
Code Issues Releases Wiki Activity

Add PublicKeyAlgorithmPolicy based on rfc9580

Browse source
This commit is contained in:
Paul Schaub 2025-04-08 17:07:16 +02:00
parent 6c0ffcb007
commit 334147c840
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 22 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

27
pgpainless-core/src/main/kotlin/org/pgpainless/policy/Policy.kt
View file

@ -31,7 +31,7 @@ class Policy(
SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022(), SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022(),
SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022(), SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022(),
CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy(), CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy(),
PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy(), PublicKeyAlgorithmPolicy.rfc9580PublicKeyAlgorithmPolicy(),
KeyRingProtectionSettings.secureDefaultSettings(), KeyRingProtectionSettings.secureDefaultSettings(),
NotationRegistry(), NotationRegistry(),
AlgorithmSuite.defaultAlgorithmSuite) AlgorithmSuite.defaultAlgorithmSuite)
@ -334,8 +334,7 @@ class Policy(
companion object { companion object {
/** /**
* Return PGPainless' default public key algorithm policy. This policy is based upon * Return PGPainless' default public key algorithm policy.
* recommendations made by the German Federal Office for Information Security (BSI).
* *
* @return default algorithm policy * @return default algorithm policy
* @deprecated not expressive - might be removed in a future release * @deprecated not expressive - might be removed in a future release
@ -343,8 +342,8 @@ class Policy(
@JvmStatic @JvmStatic
@Deprecated( @Deprecated(
"not expressive - might be removed in a future release", "not expressive - might be removed in a future release",
ReplaceWith("bsi2021PublicKeyAlgorithmPolicy()")) ReplaceWith("rfc9580PublicKeyAlgorithmPolicy()"))
fun defaultPublicKeyAlgorithmPolicy() = bsi2021PublicKeyAlgorithmPolicy() fun defaultPublicKeyAlgorithmPolicy() = rfc9580PublicKeyAlgorithmPolicy()
/** /**
* This policy is based upon recommendations made by the German Federal Office for * This policy is based upon recommendations made by the German Federal Office for
@ -391,6 +390,24 @@ class Policy(
put(PublicKeyAlgorithm.X448, 448) put(PublicKeyAlgorithm.X448, 448)
put(PublicKeyAlgorithm.ED448, 456) put(PublicKeyAlgorithm.ED448, 456)
}) })
/** Public Key Algorithm Policy based upon recommendations from RFC9580. */
fun rfc9580PublicKeyAlgorithmPolicy(): PublicKeyAlgorithmPolicy =
PublicKeyAlgorithmPolicy(
buildMap {
// https://www.rfc-editor.org/rfc/rfc9580.html#section-12.4
put(PublicKeyAlgorithm.RSA_GENERAL, 2000)
// https://www.rfc-editor.org/rfc/rfc9580.html#name-ecc-curves-for-openpgp
put(PublicKeyAlgorithm.EDDSA_LEGACY, 250)
// https://www.rfc-editor.org/rfc/rfc9580.html#name-ecc-curves-for-openpgp
put(PublicKeyAlgorithm.ECDH, 250)
put(PublicKeyAlgorithm.ECDSA, 250)
// https://www.rfc-editor.org/rfc/rfc9580.html#name-eddsa
put(PublicKeyAlgorithm.X25519, 256)
put(PublicKeyAlgorithm.ED25519, 256)
put(PublicKeyAlgorithm.X448, 448)
put(PublicKeyAlgorithm.ED448, 456)
})
} }
} }