crypto: consistently use secret key nomenclature

crypto-common/src/main/kotlin/app/passwordstore/crypto/CryptoHandler.kt

@@ -14,13 +14,13 @@ import java.io.OutputStream
 public interface CryptoHandler<Key> {
 
   /**
-   * Decrypt the given [ciphertextStream] using a [privateKey] and [passphrase], and writes the
+   * Decrypt the given [ciphertextStream] using a [secretKey] and [passphrase], and writes the
    * resultant plaintext to [outputStream]. The returned [Result] should be checked to ensure it is
    * **not** an instance of [com.github.michaelbull.result.Err] before the contents of
    * [outputStream] are used.
    */
   public fun decrypt(
-    privateKey: Key,
+    secretKey: Key,
     passphrase: String,
     ciphertextStream: InputStream,
     outputStream: OutputStream,

crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt

@@ -31,13 +31,13 @@ import org.pgpainless.util.Passphrase
 public class PGPainlessCryptoHandler @Inject constructor() : CryptoHandler<PGPKey> {
 
   public override fun decrypt(
-    privateKey: PGPKey,
+    secretKey: PGPKey,
     passphrase: String,
     ciphertextStream: InputStream,
     outputStream: OutputStream,
   ): Result<Unit, CryptoHandlerException> =
     runCatching {
-        val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(privateKey.contents)
+        val pgpSecretKeyRing = PGPainless.readKeyRing().secretKeyRing(secretKey.contents)
         val keyringCollection = PGPSecretKeyRingCollection(listOf(pgpSecretKeyRing))
         val protector =
           PasswordBasedSecretKeyRingProtector.forKey(

crypto-pgpainless/src/test/kotlin/app/passwordstore/crypto/KeyUtilsTest.kt

@@ -2,7 +2,7 @@ package app.passwordstore.crypto
 
 import app.passwordstore.crypto.KeyUtils.tryGetId
 import app.passwordstore.crypto.KeyUtils.tryParseKeyring
-import app.passwordstore.crypto.TestUtils.getArmoredPrivateKeyWithMultipleIdentities
+import app.passwordstore.crypto.TestUtils.getArmoredSecretKeyWithMultipleIdentities
 import kotlin.test.Test
 import kotlin.test.assertEquals
 import kotlin.test.assertIs
@@ -12,7 +12,7 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing
 class KeyUtilsTest {
   @Test
   fun parseKeyWithMultipleIdentities() {
-    val key = PGPKey(getArmoredPrivateKeyWithMultipleIdentities())
+    val key = PGPKey(getArmoredSecretKeyWithMultipleIdentities())
     val keyring = tryParseKeyring(key)
     assertNotNull(keyring)
     assertIs<PGPSecretKeyRing>(keyring)

crypto-pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPKeyManagerTest.kt

@@ -2,7 +2,6 @@ package app.passwordstore.crypto
 
 import app.passwordstore.crypto.GpgIdentifier.KeyId
 import app.passwordstore.crypto.GpgIdentifier.UserId
-import app.passwordstore.crypto.TestUtils.getArmoredPrivateKeyWithMultipleIdentities
 import app.passwordstore.crypto.errors.KeyAlreadyExistsException
 import app.passwordstore.crypto.errors.KeyNotFoundException
 import app.passwordstore.crypto.errors.NoKeysAvailableException
@@ -32,12 +31,12 @@ import org.junit.rules.TemporaryFolder
 class PGPKeyManagerTest {
 
   @get:Rule val temporaryFolder: TemporaryFolder = TemporaryFolder()
-  private val filesDir by unsafeLazy { temporaryFolder.root }
-  private val keysDir by unsafeLazy { File(filesDir, PGPKeyManager.KEY_DIR_NAME) }
   private val dispatcher = StandardTestDispatcher()
   private val scope = TestScope(dispatcher)
+  private val filesDir by unsafeLazy { temporaryFolder.root }
+  private val keysDir by unsafeLazy { File(filesDir, PGPKeyManager.KEY_DIR_NAME) }
   private val keyManager by unsafeLazy { PGPKeyManager(filesDir.absolutePath, dispatcher) }
-  private val privateKey = PGPKey(TestUtils.getArmoredPrivateKey())
+  private val secretKey = PGPKey(TestUtils.getArmoredSecretKey())
   private val publicKey = PGPKey(TestUtils.getArmoredPublicKey())
 
   private fun <T> unsafeLazy(initializer: () -> T) =
@@ -57,7 +56,7 @@ class PGPKeyManagerTest {
   fun addKey() =
     scope.runTest {
       // Check if the key id returned is correct
-      val keyId = keyManager.getKeyId(keyManager.addKey(privateKey).unwrap())
+      val keyId = keyManager.getKeyId(keyManager.addKey(secretKey).unwrap())
       assertEquals(KeyId(CryptoConstants.KEY_ID), keyId)
 
       // Check if the keys directory have one file
@@ -72,8 +71,8 @@ class PGPKeyManagerTest {
   fun addKeyWithoutReplaceFlag() =
     scope.runTest {
       // Check adding the keys twice
-      keyManager.addKey(privateKey, false).unwrap()
-      val error = keyManager.addKey(privateKey, false).unwrapError()
+      keyManager.addKey(secretKey, false).unwrap()
+      val error = keyManager.addKey(secretKey, false).unwrapError()
 
       assertIs<KeyAlreadyExistsException>(error)
     }
@@ -82,8 +81,8 @@ class PGPKeyManagerTest {
   fun addKeyWithReplaceFlag() =
     scope.runTest {
       // Check adding the keys twice
-      keyManager.addKey(privateKey, true).unwrap()
-      val keyId = keyManager.getKeyId(keyManager.addKey(privateKey, true).unwrap())
+      keyManager.addKey(secretKey, true).unwrap()
+      val keyId = keyManager.getKeyId(keyManager.addKey(secretKey, true).unwrap())
 
       assertEquals(KeyId(CryptoConstants.KEY_ID), keyId)
     }
@@ -92,10 +91,10 @@ class PGPKeyManagerTest {
   fun removeKey() =
     scope.runTest {
       // Add key using KeyManager
-      keyManager.addKey(privateKey).unwrap()
+      keyManager.addKey(secretKey).unwrap()
 
       // Check if the key id returned is correct
-      val keyId = keyManager.getKeyId(keyManager.removeKey(privateKey).unwrap())
+      val keyId = keyManager.getKeyId(keyManager.removeKey(secretKey).unwrap())
       assertEquals(KeyId(CryptoConstants.KEY_ID), keyId)
 
       // Check if the keys directory have 0 files
@@ -107,42 +106,42 @@ class PGPKeyManagerTest {
   fun getKeyById() =
     scope.runTest {
       // Add key using KeyManager
-      keyManager.addKey(privateKey).unwrap()
+      keyManager.addKey(secretKey).unwrap()
 
-      val keyId = keyManager.getKeyId(privateKey)
+      val keyId = keyManager.getKeyId(secretKey)
       assertNotNull(keyId)
-      assertEquals(KeyId(CryptoConstants.KEY_ID), keyManager.getKeyId(privateKey))
+      assertEquals(KeyId(CryptoConstants.KEY_ID), keyManager.getKeyId(secretKey))
 
       // Check returned key id matches the expected id and the created key id
       val returnedKey = keyManager.getKeyById(keyId).unwrap()
-      assertEquals(keyManager.getKeyId(privateKey), keyManager.getKeyId(returnedKey))
+      assertEquals(keyManager.getKeyId(secretKey), keyManager.getKeyId(returnedKey))
     }
 
   @Test
   fun getKeyByFullUserId() =
     scope.runTest {
-      keyManager.addKey(privateKey).unwrap()
+      keyManager.addKey(secretKey).unwrap()
 
       val keyId = "${CryptoConstants.KEY_NAME} <${CryptoConstants.KEY_EMAIL}>"
       val returnedKey = keyManager.getKeyById(UserId(keyId)).unwrap()
-      assertEquals(keyManager.getKeyId(privateKey), keyManager.getKeyId(returnedKey))
+      assertEquals(keyManager.getKeyId(secretKey), keyManager.getKeyId(returnedKey))
     }
 
   @Test
   fun getKeyByEmailUserId() =
     scope.runTest {
-      keyManager.addKey(privateKey).unwrap()
+      keyManager.addKey(secretKey).unwrap()
 
       val keyId = CryptoConstants.KEY_EMAIL
       val returnedKey = keyManager.getKeyById(UserId(keyId)).unwrap()
-      assertEquals(keyManager.getKeyId(privateKey), keyManager.getKeyId(returnedKey))
+      assertEquals(keyManager.getKeyId(secretKey), keyManager.getKeyId(returnedKey))
     }
 
   @Test
   fun getNonExistentKey() =
     scope.runTest {
       // Add key using KeyManager
-      keyManager.addKey(privateKey).unwrap()
+      keyManager.addKey(secretKey).unwrap()
 
       val keyId = KeyId(0x08edf7567183ce44)
 
@@ -169,8 +168,8 @@ class PGPKeyManagerTest {
       assertEquals(0, noKeyList.size)
 
       // Add key using KeyManager
-      keyManager.addKey(privateKey).unwrap()
-      keyManager.addKey(PGPKey(getArmoredPrivateKeyWithMultipleIdentities())).unwrap()
+      keyManager.addKey(secretKey).unwrap()
+      keyManager.addKey(PGPKey(TestUtils.getArmoredSecretKeyWithMultipleIdentities())).unwrap()
 
       // Check if KeyManager returns one key
       val singleKeyList = keyManager.getAllKeys().unwrap()
@@ -180,7 +179,7 @@ class PGPKeyManagerTest {
   @Test
   fun getMultipleIdentityKeyWithAllIdentities() {
     scope.runTest {
-      val key = PGPKey(getArmoredPrivateKeyWithMultipleIdentities())
+      val key = PGPKey(TestUtils.getArmoredSecretKeyWithMultipleIdentities())
       keyManager.addKey(key).unwrap()
 
       val johnKey = keyManager.getKeyById(UserId("john@doe.org")).unwrap()
@@ -191,9 +190,9 @@ class PGPKeyManagerTest {
   }
 
   @Test
-  fun replacePrivateKeyWithPublicKey() {
+  fun replaceSecretKeyWithPublicKey() {
     scope.runTest {
-      assertIs<Ok<PGPKey>>(keyManager.addKey(privateKey))
+      assertIs<Ok<PGPKey>>(keyManager.addKey(secretKey))
       assertIs<Err<KeyAlreadyExistsException>>(keyManager.addKey(publicKey))
     }
   }
@@ -202,7 +201,7 @@ class PGPKeyManagerTest {
   fun replacePublicKeyWithSecretKey() {
     scope.runTest {
       assertIs<Ok<PGPKey>>(keyManager.addKey(publicKey))
-      assertIs<Ok<PGPKey>>(keyManager.addKey(privateKey))
+      assertIs<Ok<PGPKey>>(keyManager.addKey(secretKey))
     }
   }
 
@@ -222,8 +221,8 @@ class PGPKeyManagerTest {
   @Test
   fun replaceSecretKeyWithSecretKey() {
     scope.runTest {
-      assertIs<Ok<PGPKey>>(keyManager.addKey(privateKey))
-      assertIs<Err<KeyAlreadyExistsException>>(keyManager.addKey(privateKey))
+      assertIs<Ok<PGPKey>>(keyManager.addKey(secretKey))
+      assertIs<Err<KeyAlreadyExistsException>>(keyManager.addKey(secretKey))
     }
   }
 }

crypto-pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt

@@ -22,8 +22,8 @@ import org.junit.runner.RunWith
 @Suppress("Unused") // Test runner handles it internally
 enum class EncryptionKey(val keySet: List<PGPKey>) {
   PUBLIC(listOf(PGPKey(TestUtils.getArmoredPublicKey()))),
-  SECRET(listOf(PGPKey(TestUtils.getArmoredPrivateKey()))),
-  ALL(listOf(PGPKey(TestUtils.getArmoredPublicKey()), PGPKey(TestUtils.getArmoredPrivateKey()))),
+  SECRET(listOf(PGPKey(TestUtils.getArmoredSecretKey()))),
+  ALL(listOf(PGPKey(TestUtils.getArmoredPublicKey()), PGPKey(TestUtils.getArmoredSecretKey()))),
 }
 
 @RunWith(TestParameterInjector::class)
@@ -31,7 +31,7 @@ class PGPainlessCryptoHandlerTest {
 
   @TestParameter private lateinit var encryptionKey: EncryptionKey
   private val cryptoHandler = PGPainlessCryptoHandler()
-  private val privateKey = PGPKey(TestUtils.getArmoredPrivateKey())
+  private val secretKey = PGPKey(TestUtils.getArmoredSecretKey())
 
   @Test
   fun encryptAndDecrypt() {
@@ -46,7 +46,7 @@ class PGPainlessCryptoHandlerTest {
     val plaintextStream = ByteArrayOutputStream()
     val decryptRes =
       cryptoHandler.decrypt(
-        privateKey,
+        secretKey,
         CryptoConstants.KEY_PASSPHRASE,
         ciphertextStream.toByteArray().inputStream(),
         plaintextStream,
@@ -68,7 +68,7 @@ class PGPainlessCryptoHandlerTest {
     val plaintextStream = ByteArrayOutputStream()
     val result =
       cryptoHandler.decrypt(
-        privateKey,
+        secretKey,
         "very incorrect passphrase",
         ciphertextStream.toByteArray().inputStream(),
         plaintextStream,

crypto-pgpainless/src/test/kotlin/app/passwordstore/crypto/TestUtils.kt

@@ -7,10 +7,10 @@
 package app.passwordstore.crypto
 
 object TestUtils {
-  fun getArmoredPrivateKey() = this::class.java.classLoader.getResource("private_key").readBytes()
+  fun getArmoredSecretKey() = this::class.java.classLoader.getResource("secret_key").readBytes()
   fun getArmoredPublicKey() = this::class.java.classLoader.getResource("public_key").readBytes()
-  fun getArmoredPrivateKeyWithMultipleIdentities() =
-    this::class.java.classLoader.getResource("private_key_multiple_identities").readBytes()
+  fun getArmoredSecretKeyWithMultipleIdentities() =
+    this::class.java.classLoader.getResource("secret_key_multiple_identities").readBytes()
   fun getArmoredPublicKeyWithMultipleIdentities() =
     this::class.java.classLoader.getResource("public_key_multiple_identities").readBytes()
 }