WIP: Decryption using ECDH key

2025-12-06 12:21:15 +01:00 · 2025-09-24 20:04:13 +02:00 · 2025-09-24 20:04:13 +02:00 · f26d91d41f
commit f26d91d41f
parent 06a6302001
7 changed files with 231 additions and 18 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/ConsumerOptions.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/ConsumerOptions.kt
@ -38,7 +38,7 @@ class ConsumerOptions(private val api: PGPainless) {

    private var sessionKey: SessionKey? = null
    private val customDecryptorFactories =
-        mutableMapOf<KeyIdentifier, PublicKeyDataDecryptorFactory>()
+        mutableMapOf<SubkeyIdentifier, PublicKeyDataDecryptorFactory>()
    private val decryptionKeys = mutableMapOf<OpenPGPKey, SecretKeyRingProtector>()
    private val decryptionPassphrases = mutableSetOf<Passphrase>()
    private var missingKeyPassphraseStrategy = MissingKeyPassphraseStrategy.INTERACTIVE
@ -245,7 +245,7 @@ class ConsumerOptions(private val api: PGPainless) {
     * @return options
     */
    fun addCustomDecryptorFactory(factory: CustomPublicKeyDataDecryptorFactory) = apply {
-        customDecryptorFactories[factory.keyIdentifier] = factory
+        customDecryptorFactories[factory.subkeyIdentifier] = factory
    }

    /**
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/CustomPublicKeyDataDecryptorFactory.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/CustomPublicKeyDataDecryptorFactory.kt
@ -4,9 +4,9 @@

 package org.pgpainless.decryption_verification

-import org.bouncycastle.bcpg.KeyIdentifier
 import org.bouncycastle.openpgp.operator.AbstractPublicKeyDataDecryptorFactory
 import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory
+import org.pgpainless.key.SubkeyIdentifier

 /**
 * Custom [PublicKeyDataDecryptorFactory] which can enable customized implementations of message
@ -23,5 +23,5 @@ abstract class CustomPublicKeyDataDecryptorFactory : AbstractPublicKeyDataDecryp
     *
     * @return subkey identifier
     */
-    abstract val keyIdentifier: KeyIdentifier
+    abstract val subkeyIdentifier: SubkeyIdentifier
 }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/HardwareSecurity.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/HardwareSecurity.kt
@ -73,7 +73,7 @@ class HardwareSecurity {
     * decryption of messages to hardware security SDKs.
     */
    open class HardwareDataDecryptorFactory(
-        override val keyIdentifier: KeyIdentifier,
+        override val subkeyIdentifier: SubkeyIdentifier,
        private val callback: DecryptionCallback,
    ) : CustomPublicKeyDataDecryptorFactory() {

@ -110,7 +110,7 @@ class HardwareSecurity {
        ): ByteArray {
            return try {
                callback.decryptSessionKey(
-                    keyIdentifier, keyAlgorithm, secKeyData[0], pkeskVersion)
+                    subkeyIdentifier.keyIdentifier, keyAlgorithm, secKeyData[0], pkeskVersion)
            } catch (e: HardwareSecurityException) {
                throw PGPException("Hardware-backed decryption failed.", e)
            }