Document cryptography choices in precise detail to allow creation of compatible libraries

[jorabin]

And preferably also to have test suites to verify their correctness

[jorabin]

as discussed elsewhere we need code examples - see https://docs.google.com/document/d/1Zwk85_nFciTZnPFAgkiP2IqyqBbZrfwLlnGDQAnEcbo/edit?disco=AAAA-s0LGWA

In detail it would be really useful to see the soup to nuts of creation of keypairs, signature and encryption of messages, creation of PEM encoded serialization and everything that is needed to allow exchange of messages

[rsinha]

I recommend looking at https://github.com/pgpainless/pgpainless for how to use BouncyCastle to perform OpenPGP sign-then-encrypt. The key sizes and cipher types are documented.

[jorabin]

Thanks, we are aware of this library. What we are looking for is, for example,

is this the right choice: ECDH.fromCurve(EllipticCurve._P256)

is this the right choice: RSA.withLength(RsaLength._8192)

in other words it would be very useful to have worked examples of creating keypairs, reading and writing PEM encoded keys and the encryption/signature and decryption/verification aspects

[rsinha]

We had agreed on the following parameters: 3084 bit Rsa and P256 curve for ECDH. As for PEM encoding, the README.md within pgpainless contains the API description.

Quoting here:

        PGPSecretKeyRing secretKey = ...;
        String armored = PGPainless.asciiArmor(secretKey);
        ByteArrayOutputStream binary = new ByteArrayOutputStream();
        secretKey.encode(binary);

[rsinha]

Can we close this issue as we are no longer using RSA? Moreover, the discussed interfaces have been implemented.

[jorabin]

The JNI interface definitions need to move to api-java and surely we still need documentation as the issue is about replicating what this library does in compatible libraries?