Merge branch 'pgpainless-pgpsecretkeyV6directkeysig'

dghgit · dghgit · commit 13ce3ad6733f · 2026-03-04T11:59:58.000+11:00
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSecretKey.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSecretKey.java
@@ -78,28 +78,28 @@ public PGPSecretKey(
      * @param privKey            the private key component.
      * @param pubKey             the public key component.
      * @param checksumCalculator a calculator for the private key checksum
-     * @param isMasterKey        true if the key is a master key, false otherwise.
+     * @param isPrimaryKey       true if the key is a primary key, false otherwise.
      * @param keyEncryptor       an encryptor for the key if required (null otherwise).
      * @throws PGPException if there is an issue creating the secret key packet.
      */
     public PGPSecretKey(
         PGPPrivateKey privKey,
         PGPPublicKey pubKey,
         PGPDigestCalculator checksumCalculator,
-        boolean isMasterKey,
+        boolean isPrimaryKey,
         PBESecretKeyEncryptor keyEncryptor)
         throws PGPException
     {
-        this.pub = buildPublicKey(isMasterKey, pubKey);
-        this.secret = buildSecretKeyPacket(isMasterKey, privKey, pubKey, keyEncryptor, checksumCalculator);
+        this.pub = buildPublicKey(isPrimaryKey, pubKey);
+        this.secret = buildSecretKeyPacket(isPrimaryKey, privKey, pubKey, keyEncryptor, checksumCalculator);
     }
 
-    private static PGPPublicKey buildPublicKey(boolean isMasterKey, PGPPublicKey pubKey)
+    private static PGPPublicKey buildPublicKey(boolean isPrimaryKey, PGPPublicKey pubKey)
     {
         PublicKeyPacket pubPacket = pubKey.publicPk;
 
         // make sure we can actually do what's wanted
-        if (isMasterKey && !(pubKey.isEncryptionKey() && pubPacket.getAlgorithm() != PublicKeyAlgorithmTags.RSA_GENERAL))
+        if (isPrimaryKey && !(pubKey.isEncryptionKey() && pubPacket.getAlgorithm() != PublicKeyAlgorithmTags.RSA_GENERAL))
         {
             PGPPublicKey mstKey = new PGPPublicKey(pubKey);
             mstKey.publicPk = new PublicKeyPacket(pubPacket.getVersion(), pubPacket.getAlgorithm(), pubPacket.getTime(), pubPacket.getKey());
@@ -113,14 +113,14 @@ private static PGPPublicKey buildPublicKey(boolean isMasterKey, PGPPublicKey pub
         }
     }
 
-    private static SecretKeyPacket buildSecretKeyPacket(boolean isMasterKey, PGPPrivateKey privKey, PGPPublicKey pubKey, PBESecretKeyEncryptor keyEncryptor, PGPDigestCalculator checksumCalculator)
+    private static SecretKeyPacket buildSecretKeyPacket(boolean isPrimaryKey, PGPPrivateKey privKey, PGPPublicKey pubKey, PBESecretKeyEncryptor keyEncryptor, PGPDigestCalculator checksumCalculator)
         throws PGPException
     {
         BCPGObject secKey = (BCPGObject)privKey.getPrivateKeyDataPacket();
 
         if (secKey == null)
         {
-            return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, SymmetricKeyAlgorithmTags.NULL, new byte[0]);
+            return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, SymmetricKeyAlgorithmTags.NULL, new byte[0]);
         }
 
         try
@@ -149,7 +149,7 @@ private static SecretKeyPacket buildSecretKeyPacket(boolean isMasterKey, PGPPriv
                 if (keyEncryptor.getAeadAlgorithm() != 0)
                 {
                     s2kUsage = SecretKeyPacket.USAGE_AEAD;
-                    return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, encAlgorithm, keyEncryptor.getAeadAlgorithm(), s2kUsage, s2k, iv, encData);
+                    return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, encAlgorithm, keyEncryptor.getAeadAlgorithm(), s2kUsage, s2k, iv, encData);
                 }
 
                 if (checksumCalculator != null)
@@ -165,13 +165,13 @@ private static SecretKeyPacket buildSecretKeyPacket(boolean isMasterKey, PGPPriv
                     s2kUsage = SecretKeyPacket.USAGE_CHECKSUM;
                 }
 
-                return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData);
+                return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData);
             }
             else if (pubKey.getVersion() != PublicKeyPacket.VERSION_6)
             {
                 pOut.write(checksum(null, keyData, keyData.length));
             }
-            return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, encAlgorithm, bOut.toByteArray());
+            return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, encAlgorithm, bOut.toByteArray());
         }
         catch (PGPException e)
         {
@@ -183,9 +183,9 @@ else if (pubKey.getVersion() != PublicKeyPacket.VERSION_6)
         }
     }
 
-    private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, PublicKeyPacket pubKey, int encAlgorithm, byte[] secKeyData)
+    private static SecretKeyPacket generateSecretKeyPacket(boolean isPrimaryKey, PublicKeyPacket pubKey, int encAlgorithm, byte[] secKeyData)
     {
-        if (isMasterKey)
+        if (isPrimaryKey)
         {
             return new SecretKeyPacket(pubKey, encAlgorithm, null, null, secKeyData);
         }
@@ -195,9 +195,9 @@ private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, Publ
         }
     }
 
-    private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, PublicKeyPacket pubKey, int encAlgorithm, int s2kusage, S2K s2k, byte[] iv, byte[] secKeyData)
+    private static SecretKeyPacket generateSecretKeyPacket(boolean isPrimaryKey, PublicKeyPacket pubKey, int encAlgorithm, int s2kusage, S2K s2k, byte[] iv, byte[] secKeyData)
     {
-        if (isMasterKey)
+        if (isPrimaryKey)
         {
             return new SecretKeyPacket(pubKey, encAlgorithm, s2kusage, s2k, iv, secKeyData);
         }
@@ -207,9 +207,9 @@ private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, Publ
         }
     }
 
-    private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, PublicKeyPacket pubKey, int encAlgorithm, int aeadAlgorithm, int s2kUsage, S2K s2K, byte[] iv, byte[] secKeyData)
+    private static SecretKeyPacket generateSecretKeyPacket(boolean isPrimaryKey, PublicKeyPacket pubKey, int encAlgorithm, int aeadAlgorithm, int s2kUsage, S2K s2K, byte[] iv, byte[] secKeyData)
     {
-        if (isMasterKey)
+        if (isPrimaryKey)
         {
             return new SecretKeyPacket(pubKey, encAlgorithm, aeadAlgorithm, s2kUsage, s2K, iv, secKeyData);
         }
@@ -221,8 +221,11 @@ private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, Publ
 
     /**
      * Construct a PGPSecretKey using the passed in private/public key pair and binding it to the passed in id
-     * using a generated certification of certificationLevel.The secret key checksum is calculated using the original
+     * using a generated certification of certificationLevel. The secret key checksum is calculated using the original
      * non-digest based checksum.
+     * <p>
+     * Note: In case of a version 6 OpenPGP key, you need to manually add a direct-key self-signature on the primary
+     * key in order for it to be considered valid.
      *
      * @param certificationLevel         the type of certification to be added.
      * @param keyPair                    the public/private keys to use.
@@ -247,32 +250,32 @@ public PGPSecretKey(
     }
 
     /**
-     * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the master key pair.
+     * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the primary key pair.
      * The secret key checksum is calculated using the passed in checksum calculator.
      *
-     * @param masterKeyPair              the master public/private keys for the new subkey.
+     * @param primaryKeyPair             the primary public/private keys for the new subkey.
      * @param keyPair                    the public/private keys to use.
      * @param checksumCalculator         a calculator for the private key checksum
      * @param certificationSignerBuilder the builder for generating the certification.
      * @param keyEncryptor               an encryptor for the key if required (null otherwise).
      * @throws PGPException if there is an issue creating the secret key packet or the certification.
      */
     public PGPSecretKey(
-        PGPKeyPair masterKeyPair,
+        PGPKeyPair primaryKeyPair,
         PGPKeyPair keyPair,
         PGPDigestCalculator checksumCalculator,
         PGPContentSignerBuilder certificationSignerBuilder,
         PBESecretKeyEncryptor keyEncryptor)
         throws PGPException
     {
-        this(masterKeyPair, keyPair, checksumCalculator, null, null, certificationSignerBuilder, keyEncryptor);
+        this(primaryKeyPair, keyPair, checksumCalculator, null, null, certificationSignerBuilder, keyEncryptor);
     }
 
     /**
-     * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the master key pair.
+     * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the primary key pair.
      * The secret key checksum is calculated using the passed in checksum calculator.
      *
-     * @param masterKeyPair              the master public/private keys for the new subkey.
+     * @param primaryKeyPair             the primary public/private keys for the new subkey.
      * @param keyPair                    the public/private keys to use.
      * @param checksumCalculator         calculator for PGP key checksums.
      * @param hashedPcks                 the hashed packets to be added to the certification.
@@ -282,7 +285,7 @@ public PGPSecretKey(
      * @throws PGPException if there is an issue creating the secret key packet or the certification.
      */
     public PGPSecretKey(
-        PGPKeyPair masterKeyPair,
+        PGPKeyPair primaryKeyPair,
         PGPKeyPair keyPair,
         PGPDigestCalculator checksumCalculator,
         PGPSignatureSubpacketVector hashedPcks,
@@ -294,9 +297,9 @@ public PGPSecretKey(
         //
         // generate the certification
         //
-        PGPSignatureGenerator sGen = new PGPSignatureGenerator(certificationSignerBuilder, masterKeyPair.getPublicKey());
+        PGPSignatureGenerator sGen = new PGPSignatureGenerator(certificationSignerBuilder, primaryKeyPair.getPublicKey());
 
-        sGen.init(PGPSignature.SUBKEY_BINDING, masterKeyPair.getPrivateKey());
+        sGen.init(PGPSignature.SUBKEY_BINDING, primaryKeyPair.getPrivateKey());
 
         // do some basic checking if we are a signing key.
         if (!keyPair.getPublicKey().isEncryptionKey())
@@ -311,7 +314,7 @@ public PGPSecretKey(
 
                 try
                 {
-                    subGen.addEmbeddedSignature(false, signatureGenerator.generateCertification(masterKeyPair.getPublicKey(), keyPair.getPublicKey()));
+                    subGen.addEmbeddedSignature(false, signatureGenerator.generateCertification(primaryKeyPair.getPublicKey(), keyPair.getPublicKey()));
 
                     hashedPcks = subGen.generate();
                 }
@@ -331,7 +334,7 @@ else if (!hashedPcks.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE))
 
         List<PGPSignature> subSigs = new ArrayList<PGPSignature>();
 
-        subSigs.add(sGen.generateCertification(masterKeyPair.getPublicKey(), keyPair.getPublicKey()));
+        subSigs.add(sGen.generateCertification(primaryKeyPair.getPublicKey(), keyPair.getPublicKey()));
 
         // replace the public key packet structure with a public subkey one.
         PGPPublicKey pubSubKey = new PGPPublicKey(keyPair.getPublicKey(), null, subSigs);
@@ -345,9 +348,12 @@ else if (!hashedPcks.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE))
     /**
      * Construct a PGPSecretKey using the passed in private/public key pair and binding it to the passed in id
      * using a generated certification of certificationLevel.
+     * <p>
+     * Note: In case of a version 6 OpenPGP key, you need to manually add a direct-key self-signature on the primary
+     * key in order for it to be considered valid.
      *
      * @param certificationLevel         the type of certification to be added.
-     * @param keyPair                    the public/private keys to use.
+     * @param keyPair                    the primary public/private keys to use.
      * @param id                         the id to bind to the key.
      * @param checksumCalculator         a calculator for the private key checksum.
      * @param hashedPcks                 the hashed packets to be added to the certification.
@@ -424,9 +430,9 @@ public boolean isSigningKey()
     }
 
     /**
-     * Return true if this is a master key.
+     * Return true if this is a primary key.
      *
-     * @return true if a master key.
+     * @return true if a primary key.
      */
     public boolean isMasterKey()
     {
@@ -436,7 +442,7 @@ public boolean isMasterKey()
     /**
      * Detect if the Secret Key's Private Key is empty or not
      *
-     * @return boolean whether or not the private key is empty
+     * @return boolean whether the private key is empty
      */
     public boolean isPrivateKeyEmpty()
     {

Original file line number	Diff line number	Diff line change
`@@ -78,28 +78,28 @@ public PGPSecretKey(`
`78`	`78`	`* @param privKey the private key component.`
`79`	`79`	`* @param pubKey the public key component.`
`80`	`80`	`* @param checksumCalculator a calculator for the private key checksum`
`81`		`- * @param isMasterKey true if the key is a master key, false otherwise.`
	`81`	`+ * @param isPrimaryKey true if the key is a primary key, false otherwise.`
`82`	`82`	`* @param keyEncryptor an encryptor for the key if required (null otherwise).`
`83`	`83`	`* @throws PGPException if there is an issue creating the secret key packet.`
`84`	`84`	`*/`
`85`	`85`	`public PGPSecretKey(`
`86`	`86`	`PGPPrivateKey privKey,`
`87`	`87`	`PGPPublicKey pubKey,`
`88`	`88`	`PGPDigestCalculator checksumCalculator,`
`89`		`- boolean isMasterKey,`
	`89`	`+ boolean isPrimaryKey,`
`90`	`90`	`PBESecretKeyEncryptor keyEncryptor)`
`91`	`91`	`throws PGPException`
`92`	`92`	`{`
`93`		`- this.pub = buildPublicKey(isMasterKey, pubKey);`
`94`		`- this.secret = buildSecretKeyPacket(isMasterKey, privKey, pubKey, keyEncryptor, checksumCalculator);`
	`93`	`+ this.pub = buildPublicKey(isPrimaryKey, pubKey);`
	`94`	`+ this.secret = buildSecretKeyPacket(isPrimaryKey, privKey, pubKey, keyEncryptor, checksumCalculator);`
`95`	`95`	`}`
`96`	`96`
`97`		`- private static PGPPublicKey buildPublicKey(boolean isMasterKey, PGPPublicKey pubKey)`
	`97`	`+ private static PGPPublicKey buildPublicKey(boolean isPrimaryKey, PGPPublicKey pubKey)`
`98`	`98`	`{`
`99`	`99`	`PublicKeyPacket pubPacket = pubKey.publicPk;`
`100`	`100`
`101`	`101`	`// make sure we can actually do what's wanted`
`102`		`- if (isMasterKey && !(pubKey.isEncryptionKey() && pubPacket.getAlgorithm() != PublicKeyAlgorithmTags.RSA_GENERAL))`
	`102`	`+ if (isPrimaryKey && !(pubKey.isEncryptionKey() && pubPacket.getAlgorithm() != PublicKeyAlgorithmTags.RSA_GENERAL))`
`103`	`103`	`{`
`104`	`104`	`PGPPublicKey mstKey = new PGPPublicKey(pubKey);`
`105`	`105`	`mstKey.publicPk = new PublicKeyPacket(pubPacket.getVersion(), pubPacket.getAlgorithm(), pubPacket.getTime(), pubPacket.getKey());`
`@@ -113,14 +113,14 @@ private static PGPPublicKey buildPublicKey(boolean isMasterKey, PGPPublicKey pub`
`113`	`113`	`}`
`114`	`114`	`}`
`115`	`115`
`116`		`- private static SecretKeyPacket buildSecretKeyPacket(boolean isMasterKey, PGPPrivateKey privKey, PGPPublicKey pubKey, PBESecretKeyEncryptor keyEncryptor, PGPDigestCalculator checksumCalculator)`
	`116`	`+ private static SecretKeyPacket buildSecretKeyPacket(boolean isPrimaryKey, PGPPrivateKey privKey, PGPPublicKey pubKey, PBESecretKeyEncryptor keyEncryptor, PGPDigestCalculator checksumCalculator)`
`117`	`117`	`throws PGPException`
`118`	`118`	`{`
`119`	`119`	`BCPGObject secKey = (BCPGObject)privKey.getPrivateKeyDataPacket();`
`120`	`120`
`121`	`121`	`if (secKey == null)`
`122`	`122`	`{`
`123`		`- return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, SymmetricKeyAlgorithmTags.NULL, new byte[0]);`
	`123`	`+ return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, SymmetricKeyAlgorithmTags.NULL, new byte[0]);`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`try`
`@@ -149,7 +149,7 @@ private static SecretKeyPacket buildSecretKeyPacket(boolean isMasterKey, PGPPriv`
`149`	`149`	`if (keyEncryptor.getAeadAlgorithm() != 0)`
`150`	`150`	`{`
`151`	`151`	`s2kUsage = SecretKeyPacket.USAGE_AEAD;`
`152`		`- return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, encAlgorithm, keyEncryptor.getAeadAlgorithm(), s2kUsage, s2k, iv, encData);`
	`152`	`+ return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, encAlgorithm, keyEncryptor.getAeadAlgorithm(), s2kUsage, s2k, iv, encData);`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`if (checksumCalculator != null)`
`@@ -165,13 +165,13 @@ private static SecretKeyPacket buildSecretKeyPacket(boolean isMasterKey, PGPPriv`
`165`	`165`	`s2kUsage = SecretKeyPacket.USAGE_CHECKSUM;`
`166`	`166`	`}`
`167`	`167`
`168`		`- return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData);`
	`168`	`+ return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData);`
`169`	`169`	`}`
`170`	`170`	`else if (pubKey.getVersion() != PublicKeyPacket.VERSION_6)`
`171`	`171`	`{`
`172`	`172`	`pOut.write(checksum(null, keyData, keyData.length));`
`173`	`173`	`}`
`174`		`- return generateSecretKeyPacket(isMasterKey, pubKey.publicPk, encAlgorithm, bOut.toByteArray());`
	`174`	`+ return generateSecretKeyPacket(isPrimaryKey, pubKey.publicPk, encAlgorithm, bOut.toByteArray());`
`175`	`175`	`}`
`176`	`176`	`catch (PGPException e)`
`177`	`177`	`{`
`@@ -183,9 +183,9 @@ else if (pubKey.getVersion() != PublicKeyPacket.VERSION_6)`
`183`	`183`	`}`
`184`	`184`	`}`
`185`	`185`
`186`		`- private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, PublicKeyPacket pubKey, int encAlgorithm, byte[] secKeyData)`
	`186`	`+ private static SecretKeyPacket generateSecretKeyPacket(boolean isPrimaryKey, PublicKeyPacket pubKey, int encAlgorithm, byte[] secKeyData)`
`187`	`187`	`{`
`188`		`- if (isMasterKey)`
	`188`	`+ if (isPrimaryKey)`
`189`	`189`	`{`
`190`	`190`	`return new SecretKeyPacket(pubKey, encAlgorithm, null, null, secKeyData);`
`191`	`191`	`}`
`@@ -195,9 +195,9 @@ private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, Publ`
`195`	`195`	`}`
`196`	`196`	`}`
`197`	`197`
`198`		`- private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, PublicKeyPacket pubKey, int encAlgorithm, int s2kusage, S2K s2k, byte[] iv, byte[] secKeyData)`
	`198`	`+ private static SecretKeyPacket generateSecretKeyPacket(boolean isPrimaryKey, PublicKeyPacket pubKey, int encAlgorithm, int s2kusage, S2K s2k, byte[] iv, byte[] secKeyData)`
`199`	`199`	`{`
`200`		`- if (isMasterKey)`
	`200`	`+ if (isPrimaryKey)`
`201`	`201`	`{`
`202`	`202`	`return new SecretKeyPacket(pubKey, encAlgorithm, s2kusage, s2k, iv, secKeyData);`
`203`	`203`	`}`
`@@ -207,9 +207,9 @@ private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, Publ`
`207`	`207`	`}`
`208`	`208`	`}`
`209`	`209`
`210`		`- private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, PublicKeyPacket pubKey, int encAlgorithm, int aeadAlgorithm, int s2kUsage, S2K s2K, byte[] iv, byte[] secKeyData)`
	`210`	`+ private static SecretKeyPacket generateSecretKeyPacket(boolean isPrimaryKey, PublicKeyPacket pubKey, int encAlgorithm, int aeadAlgorithm, int s2kUsage, S2K s2K, byte[] iv, byte[] secKeyData)`
`211`	`211`	`{`
`212`		`- if (isMasterKey)`
	`212`	`+ if (isPrimaryKey)`
`213`	`213`	`{`
`214`	`214`	`return new SecretKeyPacket(pubKey, encAlgorithm, aeadAlgorithm, s2kUsage, s2K, iv, secKeyData);`
`215`	`215`	`}`
`@@ -221,8 +221,11 @@ private static SecretKeyPacket generateSecretKeyPacket(boolean isMasterKey, Publ`
`221`	`221`
`222`	`222`	`/**`
`223`	`223`	`* Construct a PGPSecretKey using the passed in private/public key pair and binding it to the passed in id`
`224`		`- * using a generated certification of certificationLevel.The secret key checksum is calculated using the original`
	`224`	`+ * using a generated certification of certificationLevel. The secret key checksum is calculated using the original`
`225`	`225`	`* non-digest based checksum.`
	`226`	`+ * <p>`
	`227`	`+ * Note: In case of a version 6 OpenPGP key, you need to manually add a direct-key self-signature on the primary`
	`228`	`+ * key in order for it to be considered valid.`
`226`	`229`	`*`
`227`	`230`	`* @param certificationLevel the type of certification to be added.`
`228`	`231`	`* @param keyPair the public/private keys to use.`
`@@ -247,32 +250,32 @@ public PGPSecretKey(`
`247`	`250`	`}`
`248`	`251`
`249`	`252`	`/**`
`250`		`- * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the master key pair.`
	`253`	`+ * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the primary key pair.`
`251`	`254`	`* The secret key checksum is calculated using the passed in checksum calculator.`
`252`	`255`	`*`
`253`		`- * @param masterKeyPair the master public/private keys for the new subkey.`
	`256`	`+ * @param primaryKeyPair the primary public/private keys for the new subkey.`
`254`	`257`	`* @param keyPair the public/private keys to use.`
`255`	`258`	`* @param checksumCalculator a calculator for the private key checksum`
`256`	`259`	`* @param certificationSignerBuilder the builder for generating the certification.`
`257`	`260`	`* @param keyEncryptor an encryptor for the key if required (null otherwise).`
`258`	`261`	`* @throws PGPException if there is an issue creating the secret key packet or the certification.`
`259`	`262`	`*/`
`260`	`263`	`public PGPSecretKey(`
`261`		`- PGPKeyPair masterKeyPair,`
	`264`	`+ PGPKeyPair primaryKeyPair,`
`262`	`265`	`PGPKeyPair keyPair,`
`263`	`266`	`PGPDigestCalculator checksumCalculator,`
`264`	`267`	`PGPContentSignerBuilder certificationSignerBuilder,`
`265`	`268`	`PBESecretKeyEncryptor keyEncryptor)`
`266`	`269`	`throws PGPException`
`267`	`270`	`{`
`268`		`- this(masterKeyPair, keyPair, checksumCalculator, null, null, certificationSignerBuilder, keyEncryptor);`
	`271`	`+ this(primaryKeyPair, keyPair, checksumCalculator, null, null, certificationSignerBuilder, keyEncryptor);`
`269`	`272`	`}`
`270`	`273`
`271`	`274`	`/**`
`272`		`- * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the master key pair.`
	`275`	`+ * Construct a PGPSecretKey sub-key using the passed in private/public key pair and binding it to the primary key pair.`
`273`	`276`	`* The secret key checksum is calculated using the passed in checksum calculator.`
`274`	`277`	`*`
`275`		`- * @param masterKeyPair the master public/private keys for the new subkey.`
	`278`	`+ * @param primaryKeyPair the primary public/private keys for the new subkey.`
`276`	`279`	`* @param keyPair the public/private keys to use.`
`277`	`280`	`* @param checksumCalculator calculator for PGP key checksums.`
`278`	`281`	`* @param hashedPcks the hashed packets to be added to the certification.`
`@@ -282,7 +285,7 @@ public PGPSecretKey(`
`282`	`285`	`* @throws PGPException if there is an issue creating the secret key packet or the certification.`
`283`	`286`	`*/`
`284`	`287`	`public PGPSecretKey(`
`285`		`- PGPKeyPair masterKeyPair,`
	`288`	`+ PGPKeyPair primaryKeyPair,`
`286`	`289`	`PGPKeyPair keyPair,`
`287`	`290`	`PGPDigestCalculator checksumCalculator,`
`288`	`291`	`PGPSignatureSubpacketVector hashedPcks,`
`@@ -294,9 +297,9 @@ public PGPSecretKey(`
`294`	`297`	`//`
`295`	`298`	`// generate the certification`
`296`	`299`	`//`
`297`		`- PGPSignatureGenerator sGen = new PGPSignatureGenerator(certificationSignerBuilder, masterKeyPair.getPublicKey());`
	`300`	`+ PGPSignatureGenerator sGen = new PGPSignatureGenerator(certificationSignerBuilder, primaryKeyPair.getPublicKey());`
`298`	`301`
`299`		`- sGen.init(PGPSignature.SUBKEY_BINDING, masterKeyPair.getPrivateKey());`
	`302`	`+ sGen.init(PGPSignature.SUBKEY_BINDING, primaryKeyPair.getPrivateKey());`
`300`	`303`
`301`	`304`	`// do some basic checking if we are a signing key.`
`302`	`305`	`if (!keyPair.getPublicKey().isEncryptionKey())`
`@@ -311,7 +314,7 @@ public PGPSecretKey(`
`311`	`314`
`312`	`315`	`try`
`313`	`316`	`{`
`314`		`- subGen.addEmbeddedSignature(false, signatureGenerator.generateCertification(masterKeyPair.getPublicKey(), keyPair.getPublicKey()));`
	`317`	`+ subGen.addEmbeddedSignature(false, signatureGenerator.generateCertification(primaryKeyPair.getPublicKey(), keyPair.getPublicKey()));`
`315`	`318`
`316`	`319`	`hashedPcks = subGen.generate();`
`317`	`320`	`}`
`@@ -331,7 +334,7 @@ else if (!hashedPcks.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE))`
`331`	`334`
`332`	`335`	`List<PGPSignature> subSigs = new ArrayList<PGPSignature>();`
`333`	`336`
`334`		`- subSigs.add(sGen.generateCertification(masterKeyPair.getPublicKey(), keyPair.getPublicKey()));`
	`337`	`+ subSigs.add(sGen.generateCertification(primaryKeyPair.getPublicKey(), keyPair.getPublicKey()));`
`335`	`338`
`336`	`339`	`// replace the public key packet structure with a public subkey one.`
`337`	`340`	`PGPPublicKey pubSubKey = new PGPPublicKey(keyPair.getPublicKey(), null, subSigs);`
`@@ -345,9 +348,12 @@ else if (!hashedPcks.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE))`
`345`	`348`	`/**`
`346`	`349`	`* Construct a PGPSecretKey using the passed in private/public key pair and binding it to the passed in id`
`347`	`350`	`* using a generated certification of certificationLevel.`
	`351`	`+ * <p>`
	`352`	`+ * Note: In case of a version 6 OpenPGP key, you need to manually add a direct-key self-signature on the primary`
	`353`	`+ * key in order for it to be considered valid.`
`348`	`354`	`*`
`349`	`355`	`* @param certificationLevel the type of certification to be added.`
`350`		`- * @param keyPair the public/private keys to use.`
	`356`	`+ * @param keyPair the primary public/private keys to use.`
`351`	`357`	`* @param id the id to bind to the key.`
`352`	`358`	`* @param checksumCalculator a calculator for the private key checksum.`
`353`	`359`	`* @param hashedPcks the hashed packets to be added to the certification.`
`@@ -424,9 +430,9 @@ public boolean isSigningKey()`
`424`	`430`	`}`
`425`	`431`
`426`	`432`	`/**`
`427`		`- * Return true if this is a master key.`
	`433`	`+ * Return true if this is a primary key.`
`428`	`434`	`*`
`429`		`- * @return true if a master key.`
	`435`	`+ * @return true if a primary key.`
`430`	`436`	`*/`
`431`	`437`	`public boolean isMasterKey()`
`432`	`438`	`{`
`@@ -436,7 +442,7 @@ public boolean isMasterKey()`
`436`	`442`	`/**`
`437`	`443`	`* Detect if the Secret Key's Private Key is empty or not`
`438`	`444`	`*`
`439`		`- * @return boolean whether or not the private key is empty`
	`445`	`+ * @return boolean whether the private key is empty`
`440`	`446`	`*/`
`441`	`447`	`public boolean isPrivateKeyEmpty()`
`442`	`448`	`{`