From: <ed...@bo...> - 2003-08-23 02:22:17
|
edwin 03/08/22 22:22:11 Modified: openpgp CHANGELOG.TXT openpgp/src/cryptix/openpgp PGPCertificate.java PGPKeyBundle.java openpgp/src/cryptix/openpgp/examples GenerateAndWriteKey.java openpgp/src/cryptix/openpgp/provider PGPCertificateImpl.java PGPKeyBundleImpl.java openpgp/src/cryptix/pki KeyBundle.java Log: PGPCertificate/PGPCertificateImpl - added a getPacket() method KeyBundle/PGPKeyBundle/PGPKeyBundleImpl - added methods to add private (sub) keys without passwords - added methods to add public keys and principals directly, without adding a full Certificate - changed to order of the parameters for addPrivateKey to be consistent with addPrivateSubKey Revision Changes Path 1.20 +16 -5 projects/openpgp/CHANGELOG.TXT Index: CHANGELOG.TXT =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/CHANGELOG.TXT,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- CHANGELOG.TXT 16 Feb 2003 11:08:23 -0000 1.19 +++ CHANGELOG.TXT 23 Aug 2003 02:22:11 -0000 1.20 @@ -1,12 +1,23 @@ ???????? snapshot -- Snapshots are now compiled on JDK 1.2, so that they continue to work on that - version of the JDK. Due to a Sun API change, a library compiled on JDK 1.3 or - higher would not work on JDK 1.2. -- Change the getEncoded() method of a PGP certificate to encode the +Incompatible changes +- Changed the order of the arguments for the addPrivateKey method in KeyBundle + to be more consistent with addPrivateSubKey in PGPKeyBundle. Any application + that generates keys will probably have to be changed as a result of this. +- Changed the getEncoded() method of a PGP Certificate to encode the public key and principal that are signed as well. This is more like what other Certificate implementations do, and it also allows one to construct a KeyBundle from the returned data again. -- Fix the clone() method of PGPKeyBundleImpl. +Bugsfixes/new features +- Snapshots are now compiled on JDK 1.2, so that they continue to work on that + version of the JDK. Due to a Sun API change, a library compiled on JDK 1.3 or + higher would not work on JDK 1.2. +- Added methods to KeyBundle and PGPKeyBundle to allow storage of private keys + without encrypting them. +- Added methods to KeyBundle to add public (sub) keys and principals (userid's) + without adding full certificates, as this is allowed/needed in some cases. +- Included better error messages for when the Unlimited Strength Jurisdiction + Policy Files are not installed. +- Fixed the clone() method of PGPKeyBundleImpl. 20030205 snapshot - API change: added cryptix.pki.ExtendedCertificate, which adds a few common 1.3 +13 -2 projects/openpgp/src/cryptix/openpgp/PGPCertificate.java Index: PGPCertificate.java =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/PGPCertificate.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- PGPCertificate.java 3 Feb 2003 15:04:00 -0000 1.2 +++ PGPCertificate.java 23 Aug 2003 02:22:11 -0000 1.3 @@ -1,4 +1,4 @@ -/* $Id: PGPCertificate.java,v 1.2 2003/02/03 15:04:00 edwin Exp $ +/* $Id: PGPCertificate.java,v 1.3 2003/08/23 02:22:11 edwin Exp $ * * Copyright (C) 1999-2003 The Cryptix Foundation Limited. * All rights reserved. @@ -12,6 +12,8 @@ package cryptix.openpgp; +import cryptix.openpgp.packet.PGPSignaturePacket; + import cryptix.pki.ExtendedCertificate; import cryptix.pki.KeyID; @@ -26,7 +28,7 @@ * * @author Edwin Woudt <ed...@cr...> * @author Ingo Luetkebohle - * @version $Revision: 1.2 $ + * @version $Revision: 1.3 $ */ public abstract class PGPCertificate extends ExtendedCertificate { @@ -46,6 +48,15 @@ // Added abstract methods // .......................................................................... + + + /** + * Return the contained signature packet. + * + * <p>Note: packets are part of the low-level API. Normally you don't need + * to use this method as other options are available.</p> + */ + public abstract PGPSignaturePacket getPacket(); /** 1.4 +10 -2 projects/openpgp/src/cryptix/openpgp/PGPKeyBundle.java Index: PGPKeyBundle.java =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/PGPKeyBundle.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- PGPKeyBundle.java 7 Aug 2001 03:16:33 -0000 1.3 +++ PGPKeyBundle.java 23 Aug 2003 02:22:11 -0000 1.4 @@ -1,4 +1,4 @@ -/* $Id: PGPKeyBundle.java,v 1.3 2001/08/07 03:16:33 edwin Exp $ +/* $Id: PGPKeyBundle.java,v 1.4 2003/08/23 02:22:11 edwin Exp $ * * Copyright (C) 1999-2001 The Cryptix Foundation Limited. * All rights reserved. @@ -28,7 +28,7 @@ * * @author Edwin Woudt <ed...@cr...> * @author Ingo Luetkebohle - * @version $Revision: 1.3 $ + * @version $Revision: 1.4 $ */ public abstract class PGPKeyBundle extends KeyBundle { @@ -81,6 +81,14 @@ PublicKey pubsubkey, char[] passphrase, SecureRandom sr) + throws KeyBundleException; + + + /** + * Adds a private subkey to the keybundle, without encrypting it. + */ + public abstract boolean addPrivateSubKey (PrivateKey privsubkey, + PublicKey pubsubkey) throws KeyBundleException; 1.2 +4 -4 projects/openpgp/src/cryptix/openpgp/examples/GenerateAndWriteKey.java Index: GenerateAndWriteKey.java =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/examples/GenerateAndWriteKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- GenerateAndWriteKey.java 7 Aug 2001 05:22:37 -0000 1.1 +++ GenerateAndWriteKey.java 23 Aug 2003 02:22:11 -0000 1.2 @@ -1,4 +1,4 @@ -/* $Id: GenerateAndWriteKey.java,v 1.1 2001/08/07 05:22:37 edwin Exp $ +/* $Id: GenerateAndWriteKey.java,v 1.2 2003/08/23 02:22:11 edwin Exp $ * * Copyright (C) 1999-2001 The Cryptix Foundation Limited. * All rights reserved. @@ -44,7 +44,7 @@ * Detailed example for generating two PGP keys and writing them to disk. * * @author Edwin Woudt <ed...@cr...> - * @version $Revision: 1.1 $ + * @version $Revision: 1.2 $ */ public class GenerateAndWriteKey { @@ -241,7 +241,7 @@ //********************************************************************** try { - simplePrivateKey.addPrivateKey(pubkey, privkey, + simplePrivateKey.addPrivateKey(privkey, pubkey, "TestingPassphrase".toCharArray(), sr); } catch (KeyBundleException kbe) { @@ -285,7 +285,7 @@ Certificate cert = certbuilder.build(pubkey, userid, privkey, sr); complexPublicKey.addCertificate(cert); complexPrivateKey.addCertificate(cert); - complexPrivateKey.addPrivateKey(pubkey, privkey, + complexPrivateKey.addPrivateKey(privkey, pubkey, "TestingPassphrase".toCharArray(), sr); } catch (Exception e) { 1.5 +14 -2 projects/openpgp/src/cryptix/openpgp/provider/PGPCertificateImpl.java Index: PGPCertificateImpl.java =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/provider/PGPCertificateImpl.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- PGPCertificateImpl.java 16 Feb 2003 11:07:19 -0000 1.4 +++ PGPCertificateImpl.java 23 Aug 2003 02:22:11 -0000 1.5 @@ -1,4 +1,4 @@ -/* $Id: PGPCertificateImpl.java,v 1.4 2003/02/16 11:07:19 edwin Exp $ +/* $Id: PGPCertificateImpl.java,v 1.5 2003/08/23 02:22:11 edwin Exp $ * * Copyright (C) 1999-2001 The Cryptix Foundation Limited. * All rights reserved. @@ -70,7 +70,7 @@ * An OpenPGP Certificate. * * @author Edwin Woudt <ed...@cr...> - * @version $Revision: 1.4 $ + * @version $Revision: 1.5 $ */ public class PGPCertificateImpl extends PGPCertificate { @@ -342,6 +342,18 @@ // Methods from cryptix.openpgp.PGPCertificate // .......................................................................... + + + /** + * Return the contained signature packet. + * + * <p>Note: packets are part of the low-level API. Normally you don't need + * to use this method as other options are available.</p> + */ + public PGPSignaturePacket getPacket() + { + return pkt; + } /** 1.4 +118 -30 projects/openpgp/src/cryptix/openpgp/provider/PGPKeyBundleImpl.java Index: PGPKeyBundleImpl.java =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/openpgp/provider/PGPKeyBundleImpl.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- PGPKeyBundleImpl.java 14 Feb 2003 12:37:32 -0000 1.3 +++ PGPKeyBundleImpl.java 23 Aug 2003 02:22:11 -0000 1.4 @@ -1,4 +1,4 @@ -/* $Id: PGPKeyBundleImpl.java,v 1.3 2003/02/14 12:37:32 edwin Exp $ +/* $Id: PGPKeyBundleImpl.java,v 1.4 2003/08/23 02:22:11 edwin Exp $ * * Copyright (C) 1999-2001 The Cryptix Foundation Limited. * All rights reserved. @@ -68,7 +68,7 @@ * * @author Edwin Woudt <ed...@cr...> * @author Ingo Luetkebohle - * @version $Revision: 1.3 $ + * @version $Revision: 1.4 $ */ public class PGPKeyBundleImpl extends PGPKeyBundle { @@ -144,12 +144,12 @@ if (privpkt != null) { if (privSubkeys.size() != subkeys.size()) { - throw new RuntimeException( + throw new KeyBundleException( "Not all private subkeys present."); } } else { if (privSubkeys.size() != 0) { - throw new RuntimeException( + throw new KeyBundleException( "There are private subkeys present, but no private "+ "main key."); } @@ -172,7 +172,7 @@ baos.write(subject.getEncoded()); it2 = ((Vector)principalsToCertificates.get(subject)).iterator(); while (it2.hasNext()) { - baos.write(((PGPCertificate)it2.next()).getEncoded()); + ((PGPCertificate)it2.next()).getPacket().encode(baos); } } @@ -193,8 +193,6 @@ } catch (IOException ioe) { throw new KeyBundleException(""+ioe); - } catch (CertificateEncodingException cee) { - throw new KeyBundleException(""+cee); } } @@ -272,12 +270,76 @@ /** + * Adds a principal. + * + * <p>Note: there is no need to call this method explicitly when + * addCertificate is used.</p> + */ + public boolean addPrincipal (Principal princ) + throws KeyBundleException + { + if (!(princ instanceof PGPPrincipal)) { + throw new KeyBundleException("Invalid principal type"); + } + + if (! principals.contains(princ)) { + principals.add(princ); + return true; + } + + return false; + } + + + /** + * Adds a public key. + * + * <p>Note: there is no need to call this method explicitly when + * addCertificate is used.</p> + */ + public boolean addPublicKey (PublicKey pubkey) + throws KeyBundleException + { + if (!(pubkey instanceof PGPPublicKey)) { + throw new KeyBundleException("Invalid public key type"); + } + + if (mainkey == null) { + mainkey = (PGPPublicKey)pubkey; + return true; + } else { + throw new KeyBundleException( + "KeyBundle can only contain one main key."); + } + } + + + /** * Adds a private key, encrypting it with a passphrase. */ - public boolean addPrivateKey (PublicKey pubkey, PrivateKey privkey, + public boolean addPrivateKey (PrivateKey privkey, PublicKey pubkey, char[] passphrase, SecureRandom sr) throws KeyBundleException { + addPrivateKey(privkey, pubkey); + + int s2kid = 3; // Iterated & Salted ### FIXME + int cipherid = 3; // CAST5 ### FIXME + int hashid = 2; // SHA-1 ### FIXME + privpkt.encrypt(passphrase, s2kid, cipherid, hashid, sr, + PGPAlgorithmFactory.getDefaultInstance()); + privpkt.forgetSecretData(); + + return true; + } + + + /** + * Adds a private key, without encrypting it. + */ + public boolean addPrivateKey (PrivateKey privkey, PublicKey pubkey) + throws KeyBundleException + { if (! (privkey instanceof PGPPrivateKey)) { throw new KeyBundleException("Invalid private key type"); } @@ -314,13 +376,6 @@ PGPSecretKeyPacket pkt = (PGPSecretKeyPacket)pgpprivkey.getPacket(); privpkt = (PGPSecretKeyPacket)pkt.clone(); - int s2kid = 3; // Iterated & Salted ### FIXME - int cipherid = 3; // CAST5 ### FIXME - int hashid = 2; // SHA-1 ### FIXME - privpkt.encrypt(passphrase, s2kid, cipherid, hashid, sr, - PGPAlgorithmFactory.getDefaultInstance()); - privpkt.forgetSecretData(); - return true; } @@ -682,6 +737,53 @@ char[] passphrase, SecureRandom sr) throws KeyBundleException { + PGPSecretSubKeyPacket pkt = + addPrivateSubKeyHelper(privsubkey, pubsubkey); + + if (privSubkeys.containsKey(pubsubkey)) { + return false; + } + + PGPSecretSubKeyPacket clone = (PGPSecretSubKeyPacket)pkt.clone(); + + int s2kid = 3; // Iterated & Salted ### FIXME + int cipherid = 3; // CAST5 ### FIXME + int hashid = 2; // SHA-1 ### FIXME + clone.encrypt(passphrase, s2kid, cipherid, hashid, sr, + PGPAlgorithmFactory.getDefaultInstance()); + clone.forgetSecretData(); + + privSubkeys.put(pubsubkey, clone); + + return true; + } + + + /** + * Adds a private subkey to the keybundle, without encrypting it. + */ + public boolean addPrivateSubKey (PrivateKey privsubkey, + PublicKey pubsubkey) + throws KeyBundleException + { + PGPSecretSubKeyPacket pkt = + addPrivateSubKeyHelper(privsubkey, pubsubkey); + + if (privSubkeys.containsKey(pubsubkey)) { + return false; + } + + PGPSecretSubKeyPacket clone = (PGPSecretSubKeyPacket)pkt.clone(); + privSubkeys.put(pubsubkey, clone); + + return true; + } + + + private PGPSecretSubKeyPacket addPrivateSubKeyHelper(PrivateKey privsubkey, + PublicKey pubsubkey) + throws KeyBundleException + { if (! (privsubkey instanceof PGPPrivateKey)) { throw new KeyBundleException("Invalid private key type"); } @@ -693,10 +795,6 @@ throw new KeyBundleException("Public key not found"); } - if (privSubkeys.containsKey(pubsubkey)) { - return false; - } - PGPKeyPacket one = ((PGPPrivateKey)privsubkey).getPacket().clonePublic(); PGPKeyPacket two = ((PGPPublicKey)pubsubkey).getPacket(); @@ -712,18 +810,8 @@ PGPSecretSubKeyPacket pkt = (PGPSecretSubKeyPacket)pgpprivkey.getPacket(); - PGPSecretSubKeyPacket clone = (PGPSecretSubKeyPacket)pkt.clone(); - int s2kid = 3; // Iterated & Salted ### FIXME - int cipherid = 3; // CAST5 ### FIXME - int hashid = 2; // SHA-1 ### FIXME - clone.encrypt(passphrase, s2kid, cipherid, hashid, sr, - PGPAlgorithmFactory.getDefaultInstance()); - clone.forgetSecretData(); - - privSubkeys.put(pubsubkey, clone); - - return true; + return pkt; } 1.3 +31 -4 projects/openpgp/src/cryptix/pki/KeyBundle.java Index: KeyBundle.java =================================================================== RCS file: /home/cryptix-cvs/cvsroot/projects/openpgp/src/cryptix/pki/KeyBundle.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- KeyBundle.java 4 Aug 2001 21:47:22 -0000 1.2 +++ KeyBundle.java 23 Aug 2003 02:22:11 -0000 1.3 @@ -1,4 +1,4 @@ -/* $Id: KeyBundle.java,v 1.2 2001/08/04 21:47:22 edwin Exp $ +/* $Id: KeyBundle.java,v 1.3 2003/08/23 02:22:11 edwin Exp $ * * Copyright (C) 1999-2001 The Cryptix Foundation Limited. * All rights reserved. @@ -45,7 +45,7 @@ * * @author Edwin Woudt <ed...@cr...> * @author Ingo Luetkebohle - * @version $Revision: 1.2 $ + * @version $Revision: 1.3 $ */ public abstract class KeyBundle { @@ -182,15 +182,42 @@ * the public key and the principal, so that the implementation of the * keybundle can add these automatically when needed.</p> */ - public abstract boolean addCertificate (Certificate cert) + public abstract boolean addCertificate(Certificate cert) throws KeyBundleException; /** + * Adds a principal. + * + * <p>Note: there is no need to call this method explicitly when + * addCertificate is used.</p> + */ + public abstract boolean addPrincipal (Principal princ) + throws KeyBundleException; + + + /** + * Adds a public key. + * + * <p>Note: there is no need to call this method explicitly when + * addCertificate is used.</p> + */ + public abstract boolean addPublicKey (PublicKey pubkey) + throws KeyBundleException; + + + /** * Adds a private key, encrypting it with a passphrase. */ - public abstract boolean addPrivateKey (PublicKey pubkey, PrivateKey privkey, + public abstract boolean addPrivateKey (PrivateKey privkey, PublicKey pubkey, char[] passphrase, SecureRandom sr) + throws KeyBundleException; + + + /** + * Adds a private key, without encrypting it. + */ + public abstract boolean addPrivateKey (PrivateKey privkey, PublicKey pubkey) throws KeyBundleException; |