PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-09 10:19:39 +02:00
Code Issues Releases Wiki Activity

SOP generate-key: Add rfc9580 profile

Browse source
This commit is contained in:
Paul Schaub 2025-05-27 19:27:19 +02:00
parent a575f46867
commit e45b551ab3
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 25 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

29
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/GenerateKeyImpl.kt
View file

@ -13,6 +13,7 @@ import org.bouncycastle.openpgp.PGPException
import org.bouncycastle.openpgp.api.OpenPGPKey import org.bouncycastle.openpgp.api.OpenPGPKey
import org.pgpainless.PGPainless import org.pgpainless.PGPainless
import org.pgpainless.algorithm.KeyFlag import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.algorithm.OpenPGPKeyVersion
import org.pgpainless.bouncycastle.extensions.asciiArmor import org.pgpainless.bouncycastle.extensions.asciiArmor
import org.pgpainless.bouncycastle.extensions.encode import org.pgpainless.bouncycastle.extensions.encode
import org.pgpainless.key.generation.KeyRingBuilder import org.pgpainless.key.generation.KeyRingBuilder
@ -36,8 +37,14 @@ class GenerateKeyImpl(private val api: PGPainless) : GenerateKey {
Profile( Profile(
"draft-koch-eddsa-for-openpgp-00", "Generate EdDSA / ECDH keys using Curve25519") "draft-koch-eddsa-for-openpgp-00", "Generate EdDSA / ECDH keys using Curve25519")
@JvmField val RSA4096_PROFILE = Profile("rfc4880", "Generate 4096-bit RSA keys") @JvmField val RSA4096_PROFILE = Profile("rfc4880", "Generate 4096-bit RSA keys")
@JvmField val RFC9580_PROFILE = Profile("rfc9580", "Generate OpenPGP v6 keys")
@JvmField val SUPPORTED_PROFILES = listOf(CURVE25519_PROFILE, RSA4096_PROFILE) @JvmField
val SUPPORTED_PROFILES =
listOf(
CURVE25519_PROFILE.withAliases("default", "compatibility"),
RSA4096_PROFILE,
RFC9580_PROFILE.withAliases("performance", "security"))
} }
private val userIds = mutableSetOf<String>() private val userIds = mutableSetOf<String>()
@ -71,7 +78,7 @@ class GenerateKeyImpl(private val api: PGPainless) : GenerateKey {
override fun profile(profile: String): GenerateKey = apply { override fun profile(profile: String): GenerateKey = apply {
this.profile = this.profile =
SUPPORTED_PROFILES.find { it.name == profile }?.name SUPPORTED_PROFILES.find { it.name == profile || it.aliases.contains(profile) }?.name
?: throw SOPGPException.UnsupportedProfile("generate-key", profile) ?: throw SOPGPException.UnsupportedProfile("generate-key", profile)
} }
@ -92,7 +99,7 @@ class GenerateKeyImpl(private val api: PGPainless) : GenerateKey {
val keyBuilder: KeyRingBuilder = val keyBuilder: KeyRingBuilder =
when (profile) { when (profile) {
CURVE25519_PROFILE.name -> CURVE25519_PROFILE.name ->
api.buildKey() api.buildKey(OpenPGPKeyVersion.v4)
.setPrimaryKey( .setPrimaryKey(
KeySpec.getBuilder( KeySpec.getBuilder(
KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519),
@ -110,7 +117,7 @@ class GenerateKeyImpl(private val api: PGPainless) : GenerateKey {
} }
} }
RSA4096_PROFILE.name -> { RSA4096_PROFILE.name -> {
api.buildKey() api.buildKey(OpenPGPKeyVersion.v4)
.setPrimaryKey( .setPrimaryKey(
KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.CERTIFY_OTHER)) KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.CERTIFY_OTHER))
.addSubkey( .addSubkey(
@ -125,6 +132,20 @@ class GenerateKeyImpl(private val api: PGPainless) : GenerateKey {
} }
} }
} }
RFC9580_PROFILE.name -> {
api.buildKey(OpenPGPKeyVersion.v6)
.setPrimaryKey(KeySpec.getBuilder(KeyType.Ed25519(), KeyFlag.CERTIFY_OTHER))
.addSubkey(KeySpec.getBuilder(KeyType.Ed25519(), KeyFlag.SIGN_DATA))
.apply {
if (!signingOnly) {
addSubkey(
KeySpec.getBuilder(
KeyType.X25519(),
KeyFlag.ENCRYPT_COMMS,
KeyFlag.ENCRYPT_STORAGE))
}
}
}
else -> throw SOPGPException.UnsupportedProfile("generate-key", profile) else -> throw SOPGPException.UnsupportedProfile("generate-key", profile)
} }