Empty key rings

Question

Empty key rings

Closed this issue 7 years ago · 3 comments

Does it make sense to support empty key rings? If I'm encrypting something, I presumably only need the recipient's public key to do so. Likewise, if I'm decrypting something, I only need my secret key.

This seems to be possible with GPG on the command line. Is my understanding not correct?

Answer 1 · 2017-10-11T19:36:55.000Z

Hi Mark,

empty keyrings can be created by calling KeyringConfigs.forGpgExportedKeys(...).

The following test does exactly that:

  @Test
  public void encryptWithOnlyPubkeyInRing_decryptWithOnlyPrivKeyInring_yieldsOriginalPlaintext()
      throws IOException, PGPException, NoSuchAlgorithmException, SignatureException, NoSuchProviderException {

    final byte[] ciphertext;
    {
      ByteArrayOutputStream result = new ByteArrayOutputStream();
      BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(result);

      final InMemoryKeyring encryptionKeyring = KeyringConfigs
          .forGpgExportedKeys(KeyringConfigCallbacks.withUnprotectedKeys());
      encryptionKeyring.addPublicKey(ExampleMessages.PUBKEY_RECIPIENT.getBytes());

      final OutputStream outputStream = BouncyGPG
          .encryptToStream()
          .withConfig(encryptionKeyring)
          .withAlgorithms(algorithmSuite)
          .toRecipient("recipient@example.com")
          .andDoNotSign()
          .binaryOutput()
          .andWriteTo(bufferedOutputStream);

      final InputStream is = new ByteArrayInputStream(
          ExampleMessages.IMPORTANT_QUOTE_TEXT.getBytes());
      Streams.pipeAll(is, outputStream);
      outputStream.close();
      bufferedOutputStream.close();
      is.close();
      ciphertext = result.toByteArray();
    }

    // Decrypt

    {
      final InMemoryKeyring decryptionKeyring = KeyringConfigs
          .forGpgExportedKeys(KeyringConfigCallbacks.withPassword("recipient"));
      decryptionKeyring.addSecretKey(ExampleMessages.SECRET_KEY_RECIPIENT.getBytes());

      final ByteArrayOutputStream plainBA = new ByteArrayOutputStream();

      final InputStream plainIS = BouncyGPG.decryptAndVerifyStream()
          .withConfig(decryptionKeyring)
          .andIgnoreSignatures()
          .fromEncryptedInputStream(new ByteArrayInputStream(ciphertext));

      Streams.pipeAll(plainIS, plainBA);

      assertArrayEquals(ExampleMessages.IMPORTANT_QUOTE_TEXT.getBytes(), plainBA.toByteArray());
    }
  }

cheers
Jens

Answer 2 · 2017-10-13T21:13:26.000Z

Just tested in my project, works great so far. Is that code among the example code? If not, it should be, super helpful.

Answer 3 · 2017-10-14T08:10:05.000Z

Not yet. I am working on a website with documentation, examples, and best practices. The skeleton can be found here: https://neuhalje.github.io/bouncy-gpg/ As soon as I have the process of writing documentation „stable“ I‘ll make it open for PRs.

…

On 13. Oct 2017, at 23:13, Mark Canlas ***@***.***> wrote: Just tested in my project, works great so far. Is that code among the example code? — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.