Updates to OpenPGP classes and tools

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Updates to OpenPGP classes and tools

Andrew Paterson-2
I have been extending the BCRampage tool again to further enhance its
usefulness. As part of that, I have also extended a couple of OpenPGP
classes. An overview of the changes is as follows:

1. PGPCompressedDataGenerator

I have added a second constructor which allows you to set the
compression level. I did this when I was troubleshooting a problem that
looked to be in the compression code (see PGP2-compatibility below). It
is not actually used in my updated version of BCRampage so you can use
it or not as you wish.


2. PGPPublicKey

I have added a method - isRevoked() - that, as its name implies, checks
to see if the (sub)key has been revoked. This is used in the extended
BCRampage so you will need this unless you comment out the calls to it
in PGPRampageEngine.java or implement an alternative way of doing it.


3. BCRampage

There are extensive changes to the code for this! In fact, I would
suggest that it is not worth trying to do a comparison between old and
new versions of PGPRampageEngine.java as it will be difficult to see the
wood for the trees. The main externally-visible changes are as follows:

a) As well as sign (-s, -sa) and encrypt (-e -ea), there is now a sign
and encrypt (-se, -sea) option.

b) Decrypt will now "decrypt" signed-only messages. Previously, you had
to use the verify (-v) option which required you to know that the file
was only signed, not encrypted (not easy to tell from a quick look at
the file). Of course, verify still works as well.

c) I have added a pseudo PGP2-compatibility flag (-pgp2). This flag
tells BCRampage to produce only old-format packets (where applicable)
and version 3 signatures when signing. I had intended to implement full
PGP2 compatibility but I found that this is impossible with standard
(Sun) Java. The flag is still useful in my application, though, where
full compatibility is not necessary.

Aside: For those that are interested, the problem is with the
compression which uses the standard Sun java.util.zip.Deflater class. I
have been reliably informed that PGP2 uses a non-standard window size of
8K whereas the standard window size is 32K. This means that PGP2 will
incorrectly decompress files over 8K in size (compressed) created by
standard deflation code such as used in the Sun class. As there is no
way of setting the window size in the Java Deflater class (nor should
there be - 32K is the standard size!), it is impossible to make the
output truly PGP2-compatible for files over 8K.

d) The output filename (-o) option now sets the output filename for all
operations.

e) All operations now check to see if the key has been revoked. If so,
an error is generated for encrypt/sign and a warning issued for
decrypt/verify.

f) The username (-u) option for indicating the key to be used for
signing was implemented in the previous version but I neglected to
mention it.

There are still some changes I would like to make (particularly making
it more friendly and robust) but I feel that it is in a reasonably
usable state as it is.

I hope this is useful to someone other than just me!

Regards,
Andrew

All opinions are completely my own - after all, who else would want to
take credit for them?

bcupdate.zip (20K) Download Attachment