GPG signature verification via BouncyCastle
Add a GpgSignatureVerifier interface, plus a factory to create
instances thereof that is provided via the ServiceLoader mechanism.
Implement the new interface for BouncyCastle. A verifier maintains
an internal LRU cache of previously found public keys to speed up
verifying multiple objects (tag or commits). Mergetags are not handled.
Provide a new VerifySignatureCommand in org.eclipse.jgit.api together
with a factory method Git.verifySignature(). The command can verify
signatures on tags or commits, and can be limited to accept only tags
or commits. Provide a new public WrongObjectTypeException thrown when
the command is limited to either tags or commits and a name resolves
to some other object kind.
In jgit.pgm, implement "git tag -v", "git log --show-signature", and
"git show --show-signature". The output is similar to command-line
gpg invoked via git, but not identical. In particular, lines are not
prefixed by "gpg:" but by "bc:".
Trust levels for public keys are read from the keys' trust packets,
not from GPG's internal trust database. A trust packet may or may
not be set. Command-line GPG produces more warning lines depending
on the trust level, warning about keys with a trust level below
"full".
There are no unit tests because JGit still doesn't have any setup to
do signing unit tests; this would require at least a faked .gpg
directory with pre-created key rings and keys, and a way to make the
BouncyCastle classes use that directory instead of the default. See
bug 547538 and also bug 544847.
Tested manually with a small test repository containing signed and
unsigned commits and tags, with signatures made with different keys
and made by command-line git using GPG 2.2.25 and by JGit using
BouncyCastle 1.65.
Bug: 547751
Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago GPG signature verification via BouncyCastle
Add a GpgSignatureVerifier interface, plus a factory to create
instances thereof that is provided via the ServiceLoader mechanism.
Implement the new interface for BouncyCastle. A verifier maintains
an internal LRU cache of previously found public keys to speed up
verifying multiple objects (tag or commits). Mergetags are not handled.
Provide a new VerifySignatureCommand in org.eclipse.jgit.api together
with a factory method Git.verifySignature(). The command can verify
signatures on tags or commits, and can be limited to accept only tags
or commits. Provide a new public WrongObjectTypeException thrown when
the command is limited to either tags or commits and a name resolves
to some other object kind.
In jgit.pgm, implement "git tag -v", "git log --show-signature", and
"git show --show-signature". The output is similar to command-line
gpg invoked via git, but not identical. In particular, lines are not
prefixed by "gpg:" but by "bc:".
Trust levels for public keys are read from the keys' trust packets,
not from GPG's internal trust database. A trust packet may or may
not be set. Command-line GPG produces more warning lines depending
on the trust level, warning about keys with a trust level below
"full".
There are no unit tests because JGit still doesn't have any setup to
do signing unit tests; this would require at least a faked .gpg
directory with pre-created key rings and keys, and a way to make the
BouncyCastle classes use that directory instead of the default. See
bug 547538 and also bug 544847.
Tested manually with a small test repository containing signed and
unsigned commits and tags, with signatures made with different keys
and made by command-line git using GPG 2.2.25 and by JGit using
BouncyCastle 1.65.
Bug: 547751
Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago |
123456789101112131415161718192021222324252627282930313233343536 |
- corrupt25519Key=Ed25519/Curve25519 public key has wrong length: {0}
- credentialPassphrase=Passphrase
- cryptCipherError=Cannot create cipher to decrypt: {0}
- cryptWrongDecryptedLength=Decrypted key has wrong length; expected {0} bytes, got only {1} bytes
- gpgFailedToParseSecretKey=Failed to parse secret key file {0}. Is the entered passphrase correct?
- gpgNoCredentialsProvider=missing credentials provider
- gpgNoKeygrip=Cannot find key {0}: cannot determine key grip
- gpgNoKeyring=neither pubring.kbx nor secring.gpg files found
- gpgNoKeyInLegacySecring=no matching secret key found in legacy secring.gpg for key or user id: {0}
- gpgNoPublicKeyFound=Unable to find a public-key with key or user id: {0}
- gpgNoSecretKeyForPublicKey=unable to find associated secret key for public key: {0}
- gpgNoSuchAlgorithm=Cannot decrypt encrypted secret key: encryption algorithm {0} is not available
- gpgNotASigningKey=Secret key ({0}) is not suitable for signing
- gpgKeyInfo=GPG Key (fingerprint {0})
- gpgSigningCancelled=Signing was cancelled
- nonSignatureError=Signature does not decode into a signature object
- secretKeyTooShort=Secret key file corrupt; only {0} bytes read
- sexprHexNotClosed=Hex number in s-expression not closed
- sexprHexOdd=Hex number in s-expression has an odd number of digits
- sexprStringInvalidEscape=Invalid escape {0} in s-expression
- sexprStringInvalidEscapeAtEnd=Invalid s-expression: quoted string ends with escape character
- sexprStringInvalidHexEscape=Invalid hex escape in s-expression
- sexprStringInvalidOctalEscape=Invalid octal escape in s-expression
- sexprStringNotClosed=String in s-expression not closed
- sexprUnhandled=Unhandled token {0} in s-expression
- signatureInconsistent=Inconsistent signature; key ID {0} does not match issuer fingerprint {1}
- signatureKeyLookupError=Error occurred while looking for public key
- signatureNoKeyInfo=No way to determine a public key from the signature
- signatureNoPublicKey=No public key found to verify the signature
- signatureParseError=Signature cannot be parsed
- signatureVerificationError=Signature verification failed
- unableToSignCommitNoSecretKey=Unable to sign commit. Signing key not available.
- uncompressed25519Key=Cannot handle ed25519 public key with uncompressed data: {0}
- unknownCurve=Unknown curve {0}
- unknownCurveParameters=Curve {0} does not have a prime field
- unknownKeyType=Unknown key type {0}
|