PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-10 22:31:09 +01:00
Code Issues Releases Wiki Activity

OpenPgpMetadat: identify verified sigs by SubkeyIdentifier

Browse source
This commit is contained in:
Paul Schaub 2021-07-04 13:08:24 +02:00
parent 48314fde40
commit 6a90c4303e
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
10 changed files with 55 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
View file

@ -243,7 +243,7 @@ public final class DecryptionStreamFactory {
// Watch out! This assignment is possibly done multiple times.
encryptedSessionKey = publicKeyEncryptedData;
decryptionKey = UnlockSecretKey.unlockSecretKey(secretKey, options.getSecretKeyProtector(decryptionKeyRing));
resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(secretKey));
resultBuilder.setDecryptionKey(new SubkeyIdentifier(decryptionKeyRing, decryptionKey.getKeyID()));
}
}
@ -265,7 +265,7 @@ public final class DecryptionStreamFactory {
publicKeyEncryptedData.getSymmetricAlgorithm(decryptorFactory); // will only succeed if we have the right secret key
LOGGER.log(LEVEL, "Found correct key " + Long.toHexString(key.getKeyID()) + " for hidden recipient decryption.");
decryptionKey = privateKey;
resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(key));
resultBuilder.setDecryptionKey(new SubkeyIdentifier(ring, decryptionKey.getKeyID()));
encryptedSessionKey = publicKeyEncryptedData;
break outerloop;
} catch (PGPException | ClassCastException e) {

39
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMetadata.java
View file

@ -32,13 +32,14 @@ import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.StreamEncoding;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.signature.DetachedSignature;
import org.pgpainless.signature.OnePassSignature;
public class OpenPgpMetadata {
private final Set<Long> recipientKeyIds;
private final OpenPgpV4Fingerprint decryptionFingerprint;
private final SubkeyIdentifier decryptionKey;
private final List<OnePassSignature> onePassSignatures;
private final List<DetachedSignature> detachedSignatures;
private final SymmetricKeyAlgorithm symmetricKeyAlgorithm;
@ -46,7 +47,7 @@ public class OpenPgpMetadata {
private final FileInfo fileInfo;
public OpenPgpMetadata(Set<Long> recipientKeyIds,
OpenPgpV4Fingerprint decryptionFingerprint,
SubkeyIdentifier decryptionKey,
SymmetricKeyAlgorithm symmetricKeyAlgorithm,
CompressionAlgorithm algorithm,
List<OnePassSignature> onePassSignatures,
@ -54,7 +55,7 @@ public class OpenPgpMetadata {
FileInfo fileInfo) {
this.recipientKeyIds = Collections.unmodifiableSet(recipientKeyIds);
this.decryptionFingerprint = decryptionFingerprint;
this.decryptionKey = decryptionKey;
this.symmetricKeyAlgorithm = symmetricKeyAlgorithm;
this.compressionAlgorithm = algorithm;
this.detachedSignatures = Collections.unmodifiableList(detachedSignatures);
@ -70,8 +71,8 @@ public class OpenPgpMetadata {
return symmetricKeyAlgorithm != SymmetricKeyAlgorithm.NULL && !getRecipientKeyIds().isEmpty();
}
public OpenPgpV4Fingerprint getDecryptionFingerprint() {
return decryptionFingerprint;
public SubkeyIdentifier getDecryptionKey() {
return decryptionKey;
}
public SymmetricKeyAlgorithm getSymmetricKeyAlgorithm() {
@ -97,26 +98,22 @@ public class OpenPgpMetadata {
return !getSignatures().isEmpty();
}
public Map<OpenPgpV4Fingerprint, PGPSignature> getVerifiedSignatures() {
Map<OpenPgpV4Fingerprint, PGPSignature> verifiedSignatures = new ConcurrentHashMap<>();
public Map<SubkeyIdentifier, PGPSignature> getVerifiedSignatures() {
Map<SubkeyIdentifier, PGPSignature> verifiedSignatures = new ConcurrentHashMap<>();
for (DetachedSignature detachedSignature : detachedSignatures) {
if (detachedSignature.isVerified()) {
verifiedSignatures.put(detachedSignature.getSigningKeyIdentifier().getSubkeyFingerprint(), detachedSignature.getSignature());
verifiedSignatures.put(detachedSignature.getSigningKeyIdentifier(), detachedSignature.getSignature());
}
}
for (OnePassSignature onePassSignature : onePassSignatures) {
if (onePassSignature.isVerified()) {
verifiedSignatures.put(onePassSignature.getFingerprint(), onePassSignature.getSignature());
verifiedSignatures.put(onePassSignature.getSigningKey(), onePassSignature.getSignature());
}
}
return verifiedSignatures;
}
public Set<OpenPgpV4Fingerprint> getVerifiedSignatureKeyFingerprints() {
return getVerifiedSignatures().keySet();
}
public boolean isVerified() {
return !getVerifiedSignatures().isEmpty();
}
@ -132,7 +129,13 @@ public class OpenPgpMetadata {
}
public boolean containsVerifiedSignatureFrom(OpenPgpV4Fingerprint fingerprint) {
return getVerifiedSignatureKeyFingerprints().contains(fingerprint);
for (SubkeyIdentifier verifiedSigningKey : getVerifiedSignatures().keySet()) {
if (verifiedSigningKey.getPrimaryKeyFingerprint().equals(fingerprint) ||
verifiedSigningKey.getSubkeyFingerprint().equals(fingerprint)) {
return true;
}
}
return false;
}
public static class Signature {
@ -235,7 +238,7 @@ public class OpenPgpMetadata {
public static class Builder {
private final Set<Long> recipientFingerprints = new HashSet<>();
private OpenPgpV4Fingerprint decryptionFingerprint;
private SubkeyIdentifier decryptionKey;
private final List<DetachedSignature> detachedSignatures = new ArrayList<>();
private final List<OnePassSignature> onePassSignatures = new ArrayList<>();
private SymmetricKeyAlgorithm symmetricKeyAlgorithm = SymmetricKeyAlgorithm.NULL;
@ -247,8 +250,8 @@ public class OpenPgpMetadata {
return this;
}
public Builder setDecryptionFingerprint(OpenPgpV4Fingerprint fingerprint) {
this.decryptionFingerprint = fingerprint;
public Builder setDecryptionKey(SubkeyIdentifier decryptionKey) {
this.decryptionKey = decryptionKey;
return this;
}
@ -280,7 +283,7 @@ public class OpenPgpMetadata {
}
public OpenPgpMetadata build() {
return new OpenPgpMetadata(recipientFingerprints, decryptionFingerprint,
return new OpenPgpMetadata(recipientFingerprints, decryptionKey,
symmetricKeyAlgorithm, compressionAlgorithm,
onePassSignatures, detachedSignatures, fileInfo);
}

5
pgpainless-core/src/main/java/org/pgpainless/key/SubkeyIdentifier.java
View file

@ -18,6 +18,7 @@ package org.pgpainless.key;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
/**
* Tuple class used to identify a subkey by fingerprints of the primary key of the subkeys key ring,
@ -62,6 +63,10 @@ public class SubkeyIdentifier {
this.subkeyFingerprint = subkeyFingerprint;
}
public SubkeyIdentifier(PGPSecretKeyRing secretKeys) {
this(secretKeys, secretKeys.getPublicKey().getKeyID());
}
public @Nonnull OpenPgpV4Fingerprint getFingerprint() {
return getSubkeyFingerprint();
}

5
pgpainless-core/src/main/java/org/pgpainless/signature/OnePassSignature.java
View file

@ -20,6 +20,7 @@ import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.SubkeyIdentifier;
/**
* Tuple-class that bundles together a {@link PGPOnePassSignature} object, a {@link PGPPublicKeyRing}
@ -66,8 +67,8 @@ public class OnePassSignature {
*
* @return signing key fingerprint
*/
public OpenPgpV4Fingerprint getFingerprint() {
return new OpenPgpV4Fingerprint(verificationKeys.getPublicKey(onePassSignature.getKeyID()));
public SubkeyIdentifier getSigningKey() {
return new SubkeyIdentifier(verificationKeys, onePassSignature.getKeyID());
}
/**