The Stateless OpenPGP Protocol specification describes a shared, standardized command line interface for OpenPGP applications. There is a bunch of such binaries available already, among them PGPainless’ pgpainless-cli, Sequoia-PGP’s sqop, as well as ProtonMails gosop. These tools make it easy to use OpenPGP from the command line, as well as from within bash scripts (all of those are available in Debian testing or in the main repo) and the standardized interface allows users to switch from one backend to the other without the need to rewrite their scripts.
The Java library sop-java provides a set of interface definitions that define a java API that closely mimics the command line interface. These interfaces can be implemented by anyone, such that developers could create a drop-in for sop-java using the OpenPGP library of their choice. One such backend is pgpainless-sop, which implements sop-java using the PGPainless library.
I just released another library named external-sop, which implements sop-java and allows the user to use any SOP CLI application of their choice from within their Java / Kotlin application!
Let’s assume we have a SOP command line application called
example-sop and we want to make use of it within our Java application.
external-sop makes the integration a one-liner:
SOP sop = new ExternalSOP("/usr/bin/example-sop");
Now we can use the resulting
sop object the same way we would use for example a
// generate key byte keyBytes = sop.generateKey() .userId("John Doe <firstname.lastname@example.org>") .withKeyPassword("f00b4r") .generate() .getBytes(); // extract certificate byte certificateBytes = sop.extractCert() .key(keyBytes) .getBytes(); byte plaintext = "Hello, World!\n".getBytes(); // plaintext // encrypt and sign a message byte ciphertext = sop.encrypt() // encrypt for each recipient .withCert(certificateBytes) // Optionally: Sign the message .signWith(keyBytes) .withKeyPassword("f00b4r") // if signing key is protected // provide the plaintext .plaintext(plaintext) .getBytes(); // decrypt and verify a message ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt() .withKey(keyBytes) .verifyWithCert(certificateBytes) .withKeyPassword("f00b4r") // if decryption key is protected .ciphertext(ciphertext) .toByteArrayAndResult(); DecryptionResult result = bytesAndResult.getResult(); byte plaintext = bytesAndResult.getBytes();
external-sop module will be available on Maven Central in a few hours for you to test.