Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High-Level OpenPGP API #1911

Draft
wants to merge 26 commits into
base: main
Choose a base branch
from
Draft

High-Level OpenPGP API #1911

wants to merge 26 commits into from

Conversation

vanitasvitae
Copy link
Contributor

@vanitasvitae vanitasvitae commented Nov 15, 2024
edited
Loading

This PR contains a high-level API for OpenPGP, which simplifies the following tasks:

  • Message Creation
    • OpenPGPMessageGenerator sets up an OpenPGPMessageOutputStream based on user configuration
  • Message Consumption
    • OpenPGPMessageProcessor processes encrypted / signed / compressed OpenPGP messages and emits the plaintext along with metadata
  • Certificate / Key Evaluation
    • OpenPGPCertificate acts as high-level API pendant to PGPPublicKeyRing, evaluating expiration / revocation / key signatures and allows the user to get verified information about the cert
    • OpenPGPKey provides similar high-level API pendant to PGPSecretKeyRing

I decided to use a common OpenPGP* naming scheme for the new HighLevel API classes and also decided to make use of general terminology from the book "OpenPGP for application developers" (https://openpgp.dev).

This PR is still pretty much very early work in progress (as is #1857, which will eventually integrate with this API), but I want you to be able to comment on it during the development phase already :)

@vanitasvitae vanitasvitae marked this pull request as draft November 15, 2024 23:28
@vanitasvitae vanitasvitae mentioned this pull request Nov 27, 2024
Draft
@vanitasvitae vanitasvitae force-pushed the valiadateAPI branch 3 times, most recently from c5856b5 to b096e10 Compare December 3, 2024 11:48
@vanitasvitae
Copy link
Contributor Author

This PR is now based on #1926

@vanitasvitae
Copy link
Contributor Author

This PR contains #1931 and may need to be rebased if the other patch is merged.

@vanitasvitae
PGPKeyPair: Add utility method to convert key to subkey
35283b1
@vanitasvitae
PGPSecretKeyRing: Add utility method to convert secret key ring to pu…
a3d64de 
…blic key ring
@vanitasvitae
PGPSignatureSubpacketGenerator: Add generics to the packet list
3e6accb
@vanitasvitae
PGPSignatureSubpackeGenerator: Add overloads for methods that should …
f816c0d 
…set critical packets

Some signature subpackets are required by the spec to be set as critical.
This patch adds overloaded methods for adding those packets with criticality set to true by default
@vanitasvitae
PGPSignatureSubpacketGenerator: Add method to remove all packets of a…
8419fe3 
… certain type
@vanitasvitae
PGPSignatureSubpacketVector: Add generics to the subpacket list
6921a26
@vanitasvitae
Document OpenPGP-related Cryptlib and GNU OIDs
357de4f
@vanitasvitae
PGPKeyRingGenerator: Add method to sanitize key pairs
75cbc81 
This method can be used to make sure, that for example a v6 key cannot use ElGamal
@vanitasvitae
PGPKeyRingGenerator: Various improvements
ad62a8d 
* Rename masterKey -> primaryKey
* Add generics to list structures
* sanitize primary and subkeys
* properly instantiate signature generators by passing key version
@vanitasvitae
Add PublicKeyUtils
cb8da65 
This class contains methods for checking properties of public key algorithms
@vanitasvitae
Add missing javadoc
2f3696a
@vanitasvitae
Introcude superclass AEADSecretKeyEncryptorBuilder
2e9c0ff 
Both the BcAEADSecretKeyEncryptorBuilder and JcaAEADSecretKeyEncryptorBuilder did not share
a common super type. This patch added AEADSecretKeyEncryptorBuilder for this purpose.
@vanitasvitae
Introduce PBESecretKeyEncryptorFactory
8c4c7fa 
The purpose of this class is to have a common factory type which can be shared by both
classic CFB-based secret key encryptors, as well as newly introduced AEAD-based secret
key encryptor classes.
Both types can as always be implemented with Bc and JcaJce
@vanitasvitae
Introduce PGPContentSignerBuilderProvider
c69bf64 
The purpose of this class is to act as a common interface for providers for PGPContentSignerBuilders
@vanitasvitae
Introduce PGPKeyPairGenerator
ec32dd8 
This class provides an easy API for generating different asymmetric keys which can be used to
construct OpenPGP keys.
This patch introduces both the PGPKeyPairGenerator itself, as well as an abstract
PGPKeyPairGeneratorProvider and two concrete implementations for BC and JCAJCE.
It also adds a test
@vanitasvitae
Properly allow reencryption of secret key using AEAD
74a70ab 
Contains the fix from bcgit#1882
@vanitasvitae
Operator changes
4560098
@vanitasvitae
KeyIdentifier changes
fe8e520
@vanitasvitae
PGPEncryptedDataGenerator: Allow extraction of session-key
5338586
@vanitasvitae
PGPEncryptedDataList: Expose encrypted data packet
96eee24
@vanitasvitae
PGPSignature: Add isRevocation, isHardRevocation methods
a7ee5ef
@vanitasvitae
Fix typo in isNotNull error message
bcbdff6
@vanitasvitae
API
a974c1d
@vanitasvitae
Adapt KeyIdentifier changes
35667a1
@vanitasvitae
Fix symmetric v6 message encryption
bfec434 
Commits 7d95b08 and ea31631
introduced an error where the plain session key was passed in the wrong format
causing the session-key wrapper to fail due to an invalid block size.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ligefeiBouncycastle ligefeiBouncycastle Awaiting requested review from ligefeiBouncycastle

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@vanitasvitae