Adopt changes from SOP-Java and add test for using incapable keys

2025-09-10 18:59:39 +02:00 · 2022-06-10 17:43:51 +02:00 · 2022-06-10 17:43:51 +02:00 · 53df487e59
commit 53df487e59
parent 0b69e18715
7 changed files with 137 additions and 41 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
@ -21,6 +21,7 @@ import java.util.regex.Pattern;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;

+import org.bouncycastle.bcpg.S2K;
 import org.bouncycastle.bcpg.sig.PrimaryUserID;
 import org.bouncycastle.bcpg.sig.RevocationReason;
 import org.bouncycastle.openpgp.PGPKeyRing;
@ -1039,6 +1040,32 @@ public class KeyRingInfo {
        return !getEncryptionSubkeys(purpose).isEmpty();
    }

+    public boolean isUsableForSigning() {
+        List<PGPPublicKey> signingKeys = getSigningSubkeys();
+        for (PGPPublicKey pk : signingKeys) {
+            PGPSecretKey sk = getSecretKey(pk.getKeyID());
+            if (sk == null) {
+                // Missing secret key
+                continue;
+            }
+            S2K s2K = sk.getS2K();
+            // Unencrypted key
+            if (s2K == null) {
+                return true;
+            }
+
+            // Secret key on smart-card
+            int s2kType = s2K.getType();
+            if (s2kType >= 100 && s2kType <= 110) {
+                continue;
+            }
+            // protected secret key
+            return true;
+        }
+        // No usable secret key found
+        return false;
+    }
+
    private KeyAccessor getKeyAccessor(@Nullable String userId, long keyID) {
        if (getPublicKey(keyID) == null) {
            throw new NoSuchElementException("No subkey with key id " + Long.toHexString(keyID) + " found on this key.");