search

justinludwig / jpgpj

Java Pretty Good Privacy Jig
MIT License
74 stars 20 forks source link

Private Keys with No Passphrase #12

Closed esenminer closed 6 years ago

esenminer commented 6 years ago

Thank you for this library. I just wanted to point out an interesting edge case. We are using a private key which has no passphrase and the only way I could get it to find and use the key was by putting in a dummy passphrase. Without the dummy passphrase I see the log output

org.c02e.jpgpj.Decryptor: not using decryption key sec ed XXXXXXX

after I put in a dummy pass phrase

org.c02e.jpgpj.Decryptor:using decryption key sec+ed XXXXXXX

justinludwig commented 6 years ago

Thanks for pointing out this issue! I'm thinking the best way to handle this, since the JPGPJ API already uses an empty string for the passphrase to signal that the private part of the key should be ignored, is to formalize your dummy passphrase technique with a NO_PASSPHRASE constant in the API. That constant would be given in place of the passphrase to signal that the private part of the key should be used, but without a passphrase, like so:

new Decryptor(
    new Key(new File("path/to/my/keys/alice-pub.gpg")),
    new Key(new File("path/to/my/keys/bob-sec.gpg"), Key.NO_PASSPHRASE)
).decrypt(
    new File("path/to/ciphertext.txt.gpg"),
    new File("path/back-to/plaintext.txt")
);

Once I do that, I will update the Setting Passphrases documentation to describe how to handle passphrase-less keys with that technique.

justinludwig commented 6 years ago

I added that constant to the code (plus a setNoPassphrase() helper to the Key and Subkey classes), and then added a No Passphrase section to the Key Rings wiki page to document how to use passphrase-less keys.