Add missing methods for SecretKeyRing protection

2025-09-09 10:19:39 +02:00 · 2025-04-02 20:50:25 +02:00 · 2025-04-02 20:50:25 +02:00 · bab5a4b0bf
commit bab5a4b0bf
parent a8a09b7db7
3 changed files with 18 additions and 0 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/CachingSecretKeyRingProtector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/CachingSecretKeyRingProtector.kt
@ -7,6 +7,8 @@ package org.pgpainless.key.protection
 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.PGPKeyRing
 import org.bouncycastle.openpgp.PGPPublicKey
+import org.bouncycastle.openpgp.api.OpenPGPCertificate
+import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor
 import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor
@ -133,6 +135,12 @@ class CachingSecretKeyRingProtector : SecretKeyRingProtector, SecretKeyPassphras
    fun addPassphrase(key: PGPPublicKey, passphrase: Passphrase) =
        addPassphrase(key.keyIdentifier, passphrase)

+    fun addPassphrase(cert: OpenPGPCertificate, passphrase: Passphrase) =
+        addPassphrase(cert.pgpKeyRing, passphrase)
+
+    fun addPassphrase(key: OpenPGPComponentKey, passphrase: Passphrase) =
+        addPassphrase(key.keyIdentifier, passphrase)
+
    /**
     * Remember the given passphrase for the key with the given fingerprint.
     *
@ -161,6 +169,8 @@ class CachingSecretKeyRingProtector : SecretKeyRingProtector, SecretKeyPassphras
        keyRing.publicKeys.forEach { forgetPassphrase(it) }
    }

+    fun forgetPassphrase(cert: OpenPGPCertificate) = forgetPassphrase(cert.pgpPublicKeyRing)
+
    /**
     * Forget the passphrase of the given public key.
     *
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/SecretKeyRingProtector.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/SecretKeyRingProtector.kt
@ -58,6 +58,10 @@ interface SecretKeyRingProtector : KeyPassphraseProvider {
    @Throws(PGPException::class)
    fun getDecryptor(keyId: Long): PBESecretKeyDecryptor? = getDecryptor(KeyIdentifier(keyId))

+    @Throws(PGPException::class)
+    fun getDecryptor(key: OpenPGPSecretKey): PBESecretKeyDecryptor? =
+        getDecryptor(key.keyIdentifier)
+
    /**
     * Return a decryptor for the key with the given [keyIdentifier]. This method returns null if
     * the key is unprotected.
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/passphrase_provider/SecretKeyPassphraseProvider.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/protection/passphrase_provider/SecretKeyPassphraseProvider.kt
@ -6,11 +6,15 @@ package org.pgpainless.key.protection.passphrase_provider

 import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.PGPSecretKey
+import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
 import org.pgpainless.util.Passphrase

 /** Interface to allow the user to provide a [Passphrase] for an encrypted OpenPGP secret key. */
 interface SecretKeyPassphraseProvider {

+    fun getPassphraseFor(key: OpenPGPComponentKey): Passphrase? =
+        getPassphraseFor(key.keyIdentifier)
+
    /**
     * Return a passphrase for the given secret key. If no record is found, return null. Note: In
     * case of an unprotected secret key, this method must may not return null, but a [Passphrase]