diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt index c5768e99..7cfb7ed2 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt @@ -48,8 +48,9 @@ class PGPainless( @JvmOverloads fun generateKey( version: OpenPGPKeyVersion = OpenPGPKeyVersion.v4, - creationTime: Date = Date() - ): KeyRingTemplates = KeyRingTemplates(version, creationTime) + creationTime: Date = Date(), + policy: Policy = algorithmPolicy + ): KeyRingTemplates = KeyRingTemplates(version, creationTime, policy) @JvmOverloads fun buildKey( @@ -98,8 +99,10 @@ class PGPainless( */ @JvmStatic @JvmOverloads - fun buildKeyRing(version: OpenPGPKeyVersion = OpenPGPKeyVersion.v4) = - KeyRingBuilder(version, getInstance().implementation) + fun buildKeyRing( + version: OpenPGPKeyVersion = OpenPGPKeyVersion.v4, + policy: Policy = getInstance().algorithmPolicy + ) = KeyRingBuilder(version, getInstance().implementation, policy) /** * Read an existing OpenPGP key ring. diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt index 104eac59..35b1485a 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt @@ -27,7 +27,8 @@ import org.pgpainless.util.Passphrase class KeyRingBuilder( private val version: OpenPGPKeyVersion, - private val implementation: OpenPGPImplementation + private val implementation: OpenPGPImplementation, + private val policy: Policy = PGPainless.getInstance().algorithmPolicy ) : KeyRingBuilderInterface { private var primaryKeySpec: KeySpec? = null @@ -37,13 +38,13 @@ class KeyRingBuilder( private var expirationDate: Date? = Date(System.currentTimeMillis() + (5 * MILLIS_IN_YEAR)) override fun setPrimaryKey(keySpec: KeySpec): KeyRingBuilder = apply { - verifyKeySpecCompliesToPolicy(keySpec, PGPainless.getPolicy()) + verifyKeySpecCompliesToPolicy(keySpec, policy) verifyPrimaryKeyCanCertify(keySpec) this.primaryKeySpec = keySpec } override fun addSubkey(keySpec: KeySpec): KeyRingBuilder = apply { - verifyKeySpecCompliesToPolicy(keySpec, PGPainless.getPolicy()) + verifyKeySpecCompliesToPolicy(keySpec, policy) subKeySpecs.add(keySpec) } @@ -83,11 +84,11 @@ class KeyRingBuilder( private fun keyIsCertificationCapable(keySpec: KeySpec) = keySpec.keyType.canCertify override fun build(): OpenPGPKey { - val checksumCalculator = OpenPGPImplementation.getInstance().checksumCalculator() + val checksumCalculator = implementation.checksumCalculator() // generate primary key requireNotNull(primaryKeySpec) { "Primary Key spec required." } - val certKey = generateKeyPair(primaryKeySpec!!, version) + val certKey = generateKeyPair(primaryKeySpec!!, version, implementation) val secretKeyEncryptor = buildSecretKeyEncryptor(certKey.publicKey) val secretKeyDecryptor = buildSecretKeyDecryptor() @@ -168,7 +169,7 @@ class KeyRingBuilder( private fun addSubKeys(primaryKey: PGPKeyPair, ringGenerator: PGPKeyRingGenerator) { for (subKeySpec in subKeySpecs) { - val subKey = generateKeyPair(subKeySpec, version) + val subKey = generateKeyPair(subKeySpec, version, implementation) if (subKeySpec.isInheritedSubPackets) { ringGenerator.addSubKey(subKey) } else { @@ -209,20 +210,19 @@ class KeyRingBuilder( } private fun buildContentSigner(certKey: PGPKeyPair): PGPContentSignerBuilder { - val hashAlgorithm = - PGPainless.getPolicy().certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm - return OpenPGPImplementation.getInstance() - .pgpContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId) + val hashAlgorithm = policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm + return implementation.pgpContentSignerBuilder( + certKey.publicKey.algorithm, hashAlgorithm.algorithmId) } private fun buildSecretKeyEncryptor( publicKey: PGPPublicKey, ): PBESecretKeyEncryptor? { check(passphrase.isValid) { "Passphrase was cleared." } - val protectionSettings = PGPainless.getPolicy().keyProtectionSettings + val protectionSettings = policy.keyProtectionSettings return if (passphrase.isEmpty) null else - OpenPGPImplementation.getInstance() + implementation .pbeSecretKeyEncryptorFactory( protectionSettings.aead, protectionSettings.encryptionAlgorithm.algorithmId, @@ -234,7 +234,7 @@ class KeyRingBuilder( check(passphrase.isValid) { "Passphrase was cleared." } return if (passphrase.isEmpty) null else - OpenPGPImplementation.getInstance() + implementation .pbeSecretKeyDecryptorBuilderProvider() .provide() .build(passphrase.getChars()) @@ -248,12 +248,11 @@ class KeyRingBuilder( fun generateKeyPair( spec: KeySpec, version: OpenPGPKeyVersion, + implementation: OpenPGPImplementation = PGPainless.getInstance().implementation, creationTime: Date = spec.keyCreationDate ?: Date() ): PGPKeyPair { val gen = - OpenPGPImplementation.getInstance() - .pgpKeyPairGeneratorProvider() - .get(version.numeric, creationTime) + implementation.pgpKeyPairGeneratorProvider().get(version.numeric, creationTime) return spec.keyType.generateKeyPair(gen) } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingTemplates.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingTemplates.kt index 7ee032ae..94d79769 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingTemplates.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingTemplates.kt @@ -6,6 +6,7 @@ package org.pgpainless.key.generation import java.util.* import org.bouncycastle.openpgp.api.OpenPGPKey +import org.pgpainless.PGPainless import org.pgpainless.PGPainless.Companion.buildKeyRing import org.pgpainless.algorithm.KeyFlag import org.pgpainless.algorithm.OpenPGPKeyVersion @@ -14,11 +15,13 @@ import org.pgpainless.key.generation.type.KeyType import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve import org.pgpainless.key.generation.type.rsa.RsaLength import org.pgpainless.key.generation.type.xdh_legacy.XDHLegacySpec +import org.pgpainless.policy.Policy import org.pgpainless.util.Passphrase class KeyRingTemplates( private val version: OpenPGPKeyVersion, - private val creationTime: Date = Date() + private val creationTime: Date = Date(), + private val policy: Policy = PGPainless.getInstance().algorithmPolicy ) { /** @@ -36,12 +39,17 @@ class KeyRingTemplates( length: RsaLength, passphrase: Passphrase = Passphrase.emptyPassphrase() ): OpenPGPKey = - buildKeyRing(version) + buildKeyRing(version, policy) .apply { - setPrimaryKey(getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER)) - addSubkey(getBuilder(KeyType.RSA(length), KeyFlag.SIGN_DATA)) + setPrimaryKey( + getBuilder(KeyType.RSA(length), KeyFlag.CERTIFY_OTHER) + .setKeyCreationDate(creationTime)) addSubkey( - getBuilder(KeyType.RSA(length), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)) + getBuilder(KeyType.RSA(length), KeyFlag.SIGN_DATA) + .setKeyCreationDate(creationTime)) + addSubkey( + getBuilder(KeyType.RSA(length), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) + .setKeyCreationDate(creationTime)) setPassphrase(passphrase) if (userId != null) { addUserId(userId) @@ -87,10 +95,11 @@ class KeyRingTemplates( .apply { setPrimaryKey( getBuilder( - KeyType.RSA(length), - KeyFlag.CERTIFY_OTHER, - KeyFlag.SIGN_DATA, - KeyFlag.ENCRYPT_COMMS)) + KeyType.RSA(length), + KeyFlag.CERTIFY_OTHER, + KeyFlag.SIGN_DATA, + KeyFlag.ENCRYPT_COMMS) + .setKeyCreationDate(creationTime)) setPassphrase(passphrase) if (userId != null) { addUserId(userId.toString()) @@ -138,9 +147,12 @@ class KeyRingTemplates( else KeyType.XDH_LEGACY(XDHLegacySpec._X25519) return buildKeyRing(version) .apply { - setPrimaryKey(getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)) + setPrimaryKey( + getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA) + .setKeyCreationDate(creationTime)) addSubkey( - getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS)) + getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS) + .setKeyCreationDate(creationTime)) setPassphrase(passphrase) if (userId != null) { addUserId(userId.toString()) @@ -188,10 +200,14 @@ class KeyRingTemplates( else KeyType.XDH_LEGACY(XDHLegacySpec._X25519) return buildKeyRing(version) .apply { - setPrimaryKey(getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER)) + setPrimaryKey( + getBuilder(signingKeyType, KeyFlag.CERTIFY_OTHER) + .setKeyCreationDate(creationTime)) addSubkey( - getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)) - addSubkey(getBuilder(signingKeyType, KeyFlag.SIGN_DATA)) + getBuilder(encryptionKeyType, KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE) + .setKeyCreationDate(creationTime)) + addSubkey( + getBuilder(signingKeyType, KeyFlag.SIGN_DATA).setKeyCreationDate(creationTime)) setPassphrase(passphrase) if (userId != null) { addUserId(userId) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt index 4346dc74..b834dfa9 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt @@ -266,8 +266,8 @@ class SecretKeyRingEditor(var key: OpenPGPKey, override val referenceTime: Date callback: SelfSignatureSubpackets.Callback?, protector: SecretKeyRingProtector ): SecretKeyRingEditorInterface { - val version = OpenPGPKeyVersion.from(secretKeyRing.getPublicKey().version) - val keyPair = KeyRingBuilder.generateKeyPair(keySpec, OpenPGPKeyVersion.v4, referenceTime) + val version = OpenPGPKeyVersion.from(secretKeyRing.publicKey.version) + val keyPair = KeyRingBuilder.generateKeyPair(keySpec, version) val subkeyProtector = PasswordBasedSecretKeyRingProtector.forKeyId(keyPair.keyIdentifier, subkeyPassphrase) val keyFlags = KeyFlag.fromBitmask(keySpec.subpackets.keyFlags).toMutableList()