Use PublicKey and PrivateKey everywhere.

de8a60ea · akwizgran · 0e77a47c · de8a60ea · de8a60ea · de8a60ea
Commit de8a60ea authored Apr 23, 2019 by akwizgran
55 changed files
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/client/ClientHelper.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/client/ClientHelper.java
 package org.briarproject.bramble.api.client;

 import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.data.BdfDictionary;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.db.DbException;
@@ -96,14 +98,18 @@ public interface ClientHelper {

 	BdfList toList(Author a);

-	byte[] sign(String label, BdfList toSign, byte[] privateKey)
+	byte[] sign(String label, BdfList toSign, PrivateKey privateKey)
 			throws FormatException, GeneralSecurityException;

 	void verifySignature(byte[] signature, String label, BdfList signed,
-			byte[] publicKey) throws FormatException, GeneralSecurityException;
+			PublicKey publicKey)
+			throws FormatException, GeneralSecurityException;

 	Author parseAndValidateAuthor(BdfList author) throws FormatException;

+	PublicKey parseAndValidateAgreementPublicKey(byte[] publicKeyBytes)
+		throws FormatException;
+
 	TransportProperties parseAndValidateTransportProperties(
 			BdfDictionary properties) throws FormatException;


--- a/bramble-api/src/main/java/org/briarproject/bramble/api/contact/Contact.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/contact/Contact.java
 package org.briarproject.bramble.api.contact;

+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -8,7 +9,6 @@ import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;

 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.util.StringUtils.toUtf8;

 @Immutable
@@ -21,21 +21,17 @@ public class Contact {
 	@Nullable
 	private final String alias;
 	@Nullable
-	private final byte[] handshakePublicKey;
+	private final PublicKey handshakePublicKey;
 	private final boolean verified;

 	public Contact(ContactId id, Author author, AuthorId localAuthorId,
-			@Nullable String alias, @Nullable byte[] handshakePublicKey,
+			@Nullable String alias, @Nullable PublicKey handshakePublicKey,
 			boolean verified) {
 		if (alias != null) {
 			int aliasLength = toUtf8(alias).length;
 			if (aliasLength == 0 || aliasLength > MAX_AUTHOR_NAME_LENGTH)
 				throw new IllegalArgumentException();
 		}
-		if (handshakePublicKey != null && (handshakePublicKey.length == 0 ||
-				handshakePublicKey.length > MAX_PUBLIC_KEY_LENGTH)) {
-			throw new IllegalArgumentException();
-		}
 		this.id = id;
 		this.author = author;
 		this.localAuthorId = localAuthorId;
@@ -62,7 +58,7 @@ public class Contact {
 	}

 	@Nullable
-	public byte[] getHandshakePublicKey() {
+	public PublicKey getHandshakePublicKey() {
 		return handshakePublicKey;
 	}


--- a/bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContact.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContact.java
 package org.briarproject.bramble.api.contact;

+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;

 import javax.annotation.concurrent.Immutable;
@@ -9,12 +10,12 @@ import javax.annotation.concurrent.Immutable;
 public class PendingContact {

 	private final PendingContactId id;
-	private final byte[] publicKey;
+	private final PublicKey publicKey;
 	private final String alias;
 	private final PendingContactState state;
 	private final long timestamp;

-	public PendingContact(PendingContactId id, byte[] publicKey,
+	public PendingContact(PendingContactId id, PublicKey publicKey,
 			String alias, PendingContactState state, long timestamp) {
 		this.id = id;
 		this.publicKey = publicKey;
@@ -27,7 +28,7 @@ public class PendingContact {
 		return id;
 	}

-	public byte[] getPublicKey() {
+	public PublicKey getPublicKey() {
 		return publicKey;
 	}


--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
@@ -55,7 +55,7 @@ public interface CryptoComponent {
 	 * signature, to prevent it from being repurposed or colliding with a
 	 * signature created for another purpose
 	 */
-	byte[] sign(String label, byte[] toSign, byte[] privateKey)
+	byte[] sign(String label, byte[] toSign, PrivateKey privateKey)
 			throws GeneralSecurityException;

 	/**
@@ -68,7 +68,7 @@ public interface CryptoComponent {
 	 * @return true if the signature was valid, false otherwise.
 	 */
 	boolean verifySignature(byte[] signature, String label, byte[] signed,
-			byte[] publicKey) throws GeneralSecurityException;
+			PublicKey publicKey) throws GeneralSecurityException;

 	/**
 	 * Returns the hash of the given inputs. The inputs are unambiguously

--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyPair.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyPair.java
@@ -15,6 +15,8 @@ public class KeyPair {
 	private final PrivateKey privateKey;

 	public KeyPair(PublicKey publicKey, PrivateKey privateKey) {
+		if (!publicKey.getKeyType().equals(privateKey.getKeyType()))
+			throw new IllegalArgumentException();
 		this.publicKey = publicKey;
 		this.privateKey = privateKey;
 	}

--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java
@@ -4,6 +4,8 @@ import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
@@ -622,8 +624,8 @@ public interface DatabaseComponent {
 	/**
 	 * Sets the handshake key pair for the identity with the given ID.
 	 */
-	void setHandshakeKeyPair(Transaction txn, AuthorId local, byte[] publicKey,
-			byte[] privateKey) throws DbException;
+	void setHandshakeKeyPair(Transaction txn, AuthorId local,
+			PublicKey publicKey, PrivateKey privateKey) throws DbException;

 	/**
 	 * Sets the reordering window for the given transport key set in the given

--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java
 package org.briarproject.bramble.api.identity;

 import org.briarproject.bramble.api.Nameable;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.util.StringUtils;

 import javax.annotation.concurrent.Immutable;

+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
+import static org.briarproject.bramble.util.StringUtils.toUtf8;

 /**
 * A pseudonym for a user.
@@ -24,14 +25,14 @@ public class Author implements Nameable {
 	private final AuthorId id;
 	private final int formatVersion;
 	private final String name;
-	private final byte[] publicKey;
+	private final PublicKey publicKey;

 	public Author(AuthorId id, int formatVersion, String name,
-			byte[] publicKey) {
-		int nameLength = StringUtils.toUtf8(name).length;
+			PublicKey publicKey) {
+		int nameLength = toUtf8(name).length;
 		if (nameLength == 0 || nameLength > MAX_AUTHOR_NAME_LENGTH)
 			throw new IllegalArgumentException();
-		if (publicKey.length == 0 || publicKey.length > MAX_PUBLIC_KEY_LENGTH)
+		if (!publicKey.getKeyType().equals(KEY_TYPE_SIGNATURE))
 			throw new IllegalArgumentException();
 		this.id = id;
 		this.formatVersion = formatVersion;
@@ -63,7 +64,7 @@ public class Author implements Nameable {
 	/**
 	 * Returns the public key used to verify the pseudonym's signatures.
 	 */
-	public byte[] getPublicKey() {
+	public PublicKey getPublicKey() {
 		return publicKey;
 	}


--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorFactory.java
 package org.briarproject.bramble.api.identity;

+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;

 @NotNullByDefault
@@ -9,12 +10,12 @@ public interface AuthorFactory {
 	 * Creates an author with the current format version and the given name and
 	 * public key.
 	 */
-	Author createAuthor(String name, byte[] publicKey);
+	Author createAuthor(String name, PublicKey publicKey);

 	/**
 	 * Creates an author with the given format version, name and public key.
 	 */
-	Author createAuthor(int formatVersion, String name, byte[] publicKey);
+	Author createAuthor(int formatVersion, String name, PublicKey publicKey);

 	/**
 	 * Creates a local author with the current format version and the given

--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Identity.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Identity.java
 package org.briarproject.bramble.api.identity;

+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;

-import java.util.Arrays;
-
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;

-import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;

 @Immutable
 @NotNullByDefault
@@ -15,15 +15,24 @@ public class Identity {

 	private final LocalAuthor localAuthor;
 	@Nullable
-	private final byte[] handshakePublicKey, handshakePrivateKey;
+	private final PublicKey handshakePublicKey;
+	@Nullable
+	private final PrivateKey handshakePrivateKey;
 	private final long created;

 	public Identity(LocalAuthor localAuthor,
-			@Nullable byte[] handshakePublicKey,
-			@Nullable byte[] handshakePrivateKey, long created) {
+			@Nullable PublicKey handshakePublicKey,
+			@Nullable PrivateKey handshakePrivateKey, long created) {
 		if (handshakePublicKey != null) {
-			int keyLength = handshakePublicKey.length;
-			if (keyLength == 0 || keyLength > MAX_AGREEMENT_PUBLIC_KEY_BYTES)
+			if (handshakePrivateKey == null)
+				throw new IllegalArgumentException();
+			if (!handshakePublicKey.getKeyType().equals(KEY_TYPE_AGREEMENT))
+				throw new IllegalArgumentException();
+		}
+		if (handshakePrivateKey != null) {
+			if (handshakePublicKey == null)
+				throw new IllegalArgumentException();
+			if (!handshakePrivateKey.getKeyType().equals(KEY_TYPE_AGREEMENT))
 				throw new IllegalArgumentException();
 		}
 		this.localAuthor = localAuthor;
@@ -57,7 +66,7 @@ public class Identity {
 	 * Returns the public key used for handshaking, or null if no key exists.
 	 */
 	@Nullable
-	public byte[] getHandshakePublicKey() {
+	public PublicKey getHandshakePublicKey() {
 		return handshakePublicKey;
 	}

@@ -65,7 +74,7 @@ public class Identity {
 	 * Returns the private key used for handshaking, or null if no key exists.
 	 */
 	@Nullable
-	public byte[] getHandshakePrivateKey() {
+	public PrivateKey getHandshakePrivateKey() {
 		return handshakePrivateKey;
 	}

@@ -76,21 +85,4 @@ public class Identity {
 	public long getTimeCreated() {
 		return created;
 	}
-
-	@Override
-	public int hashCode() {
-		return localAuthor.getId().hashCode();
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		if (o instanceof Identity) {
-			Identity i = (Identity) o;
-			return created == i.created &&
-					localAuthor.equals(i.localAuthor) &&
-					Arrays.equals(handshakePublicKey, i.handshakePublicKey) &&
-					Arrays.equals(handshakePrivateKey, i.handshakePrivateKey);
-		}
-		return false;
-	}
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/IdentityManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/IdentityManager.java
 package org.briarproject.bramble.api.identity;

 import org.briarproject.bramble.api.crypto.CryptoExecutor;
+import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
@@ -41,9 +42,6 @@ public interface IdentityManager {
 	 * Returns the cached handshake keys or loads them from the database.
 	 * <p/>
 	 * Read-only.
-	 *
-	 * @return A two-element array containing the public key in the first
-	 * element and the private key in the second
 	 */
-	byte[][] getHandshakeKeys(Transaction txn) throws DbException;
+	KeyPair getHandshakeKeys(Transaction txn) throws DbException;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/LocalAuthor.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/LocalAuthor.java
 package org.briarproject.bramble.api.identity;

+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;

 import javax.annotation.concurrent.Immutable;

+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
+
 /**
 * A pseudonym for the local user.
 */
@@ -11,18 +15,20 @@ import javax.annotation.concurrent.Immutable;
 @NotNullByDefault
 public class LocalAuthor extends Author {

-	private final byte[] privateKey;
+	private final PrivateKey privateKey;

 	public LocalAuthor(AuthorId id, int formatVersion, String name,
-			byte[] publicKey, byte[] privateKey) {
+			PublicKey publicKey, PrivateKey privateKey) {
 		super(id, formatVersion, name, publicKey);
+		if (!privateKey.getKeyType().equals(KEY_TYPE_SIGNATURE))
+			throw new IllegalArgumentException();
 		this.privateKey = privateKey;
 	}

 	/**
 	 * Returns the private key used to generate the pseudonym's signatures.
 	 */
-	public byte[] getPrivateKey() {
+	public PrivateKey getPrivateKey() {
 		return privateKey;
 	}
 }
--- a/bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java
+++ b/bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java
@@ -5,7 +5,13 @@ import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
+import org.briarproject.bramble.api.crypto.AgreementPublicKey;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.SignaturePrivateKey;
+import org.briarproject.bramble.api.crypto.SignaturePublicKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.Identity;
@@ -32,9 +38,9 @@ import java.util.concurrent.atomic.AtomicInteger;
 import static java.util.Arrays.asList;
 import static org.briarproject.bramble.api.contact.PendingContactState.WAITING_FOR_CONNECTION;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
 import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.api.plugin.TransportId.MAX_TRANSPORT_ID_LENGTH;
 import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
 import static org.briarproject.bramble.api.sync.ClientId.MAX_CLIENT_ID_LENGTH;
@@ -101,10 +107,28 @@ public class TestUtils {
 		return new SecretKey(getRandomBytes(SecretKey.LENGTH));
 	}

+	public static PublicKey getSignaturePublicKey() {
+		byte[] key = getRandomBytes(MAX_SIGNATURE_PUBLIC_KEY_BYTES);
+		return new SignaturePublicKey(key);
+	}
+
+	public static PrivateKey getSignaturePrivateKey() {
+		return new SignaturePrivateKey(getRandomBytes(123));
+	}
+
+	public static PublicKey getAgreementPublicKey() {
+		byte[] key = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
+		return new AgreementPublicKey(key);
+	}
+
+	public static PrivateKey getAgreementPrivateKey() {
+		return new AgreementPrivateKey(getRandomBytes(123));
+	}
+
 	public static Identity getIdentity() {
 		LocalAuthor localAuthor = getLocalAuthor();
-		byte[] handshakePub = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
-		byte[] handshakePriv = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
+		PublicKey handshakePub = getAgreementPublicKey();
+		PrivateKey handshakePriv = getAgreementPrivateKey();
 		return new Identity(localAuthor, handshakePub, handshakePriv,
 				timestamp);
 	}
@@ -113,8 +137,8 @@ public class TestUtils {
 		AuthorId id = new AuthorId(getRandomId());
 		int nameLength = 1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH);
 		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		byte[] privateKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
+		PublicKey publicKey = getSignaturePublicKey();
+		PrivateKey privateKey = getSignaturePrivateKey();
 		return new LocalAuthor(id, FORMAT_VERSION, name, publicKey, privateKey);
 	}

@@ -122,7 +146,7 @@ public class TestUtils {
 		AuthorId id = new AuthorId(getRandomId());
 		int nameLength = 1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH);
 		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
+		PublicKey publicKey = getSignaturePublicKey();
 		return new Author(id, FORMAT_VERSION, name, publicKey);
 	}

@@ -155,7 +179,7 @@ public class TestUtils {

 	public static PendingContact getPendingContact(int nameLength) {
 		PendingContactId id = new PendingContactId(getRandomId());
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
+		PublicKey publicKey = getAgreementPublicKey();
 		String alias = getRandomString(nameLength);
 		return new PendingContact(id, publicKey, alias, WAITING_FOR_CONNECTION,
 				timestamp);
@@ -179,7 +203,7 @@ public class TestUtils {
 			boolean verified) {
 		return new Contact(c, remote, local,
 				getRandomString(MAX_AUTHOR_NAME_LENGTH),
-				getRandomBytes(MAX_PUBLIC_KEY_LENGTH), verified);
+				getAgreementPublicKey(), verified);
 	}

 	public static double getMedian(Collection<? extends Number> samples) {

--- a/bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java
@@ -3,6 +3,9 @@ package org.briarproject.bramble.client;
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.client.ClientHelper;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyParser;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.data.BdfDictionary;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.data.BdfReader;
@@ -305,14 +308,15 @@ class ClientHelperImpl implements ClientHelper {
 	}

 	@Override
-	public byte[] sign(String label, BdfList toSign, byte[] privateKey)
+	public byte[] sign(String label, BdfList toSign, PrivateKey privateKey)
 			throws FormatException, GeneralSecurityException {
 		return crypto.sign(label, toByteArray(toSign), privateKey);
 	}

 	@Override
 	public void verifySignature(byte[] signature, String label, BdfList signed,
-			byte[] publicKey) throws FormatException, GeneralSecurityException {
+			PublicKey publicKey)
+			throws FormatException, GeneralSecurityException {
 		if (!crypto.verifySignature(signature, label, toByteArray(signed),
 				publicKey)) {
 			throw new GeneralSecurityException("Invalid signature");
@@ -327,11 +331,29 @@ class ClientHelperImpl implements ClientHelper {
 		if (formatVersion != FORMAT_VERSION) throw new FormatException();
 		String name = author.getString(1);
 		checkLength(name, 1, MAX_AUTHOR_NAME_LENGTH);
-		byte[] publicKey = author.getRaw(2);
-		checkLength(publicKey, 1, MAX_PUBLIC_KEY_LENGTH);
+		byte[] publicKeyBytes = author.getRaw(2);
+		checkLength(publicKeyBytes, 1, MAX_PUBLIC_KEY_LENGTH);
+		KeyParser parser = crypto.getSignatureKeyParser();
+		PublicKey publicKey;
+		try {
+			publicKey = parser.parsePublicKey(publicKeyBytes);
+		} catch (GeneralSecurityException e) {
+			throw new FormatException();
+		}
 		return authorFactory.createAuthor(formatVersion, name, publicKey);
 	}

+	@Override
+	public PublicKey parseAndValidateAgreementPublicKey(byte[] publicKeyBytes)
+			throws FormatException {
+		KeyParser parser = crypto.getAgreementKeyParser();
+		try {
+			return parser.parsePublicKey(publicKeyBytes);
+		} catch (GeneralSecurityException e) {
+			throw new FormatException();
+		}
+	}
+
 	@Override
 	public TransportProperties parseAndValidateTransportProperties(
 			BdfDictionary properties) throws FormatException {

--- a/bramble-core/src/main/java/org/briarproject/bramble/contact/PendingContactFactoryImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/contact/PendingContactFactoryImpl.java
@@ -39,8 +39,8 @@ class PendingContactFactoryImpl implements PendingContactFactory {
 		PublicKey publicKey = parseHandshakeLink(link);
 		PendingContactId id = getPendingContactId(publicKey);
 		long timestamp = clock.currentTimeMillis();
-		return new PendingContact(id, publicKey.getEncoded(), alias,
-				WAITING_FOR_CONNECTION, timestamp);
+		return new PendingContact(id, publicKey, alias, WAITING_FOR_CONNECTION,
+				timestamp);
 	}

 	private PublicKey parseHandshakeLink(String link) throws FormatException {

--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java
@@ -36,6 +36,7 @@ import javax.inject.Inject;

 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
@@ -200,21 +201,22 @@ class CryptoComponentImpl implements CryptoComponent {
 	}

 	@Override
-	public byte[] sign(String label, byte[] toSign, byte[] privateKey)
+	public byte[] sign(String label, byte[] toSign, PrivateKey privateKey)
 			throws GeneralSecurityException {
-		PrivateKey key = signatureKeyParser.parsePrivateKey(privateKey);
 		Signature sig = new EdSignature();
-		sig.initSign(key);
+		sig.initSign(privateKey);
 		updateSignature(sig, label, toSign);
 		return sig.sign();
 	}

 	@Override
 	public boolean verifySignature(byte[] signature, String label,
-			byte[] signed, byte[] publicKey) throws GeneralSecurityException {
-		PublicKey key = signatureKeyParser.parsePublicKey(publicKey);
+			byte[] signed, PublicKey publicKey)
+			throws GeneralSecurityException {
+		if (!publicKey.getKeyType().equals(KEY_TYPE_SIGNATURE))
+			throw new IllegalArgumentException();
 		Signature sig = new EdSignature();
-		sig.initVerify(key);
+		sig.initVerify(publicKey);
 		updateSignature(sig, label, signed);
 		return sig.verify(signature);
 	}

--- a/bramble-core/src/main/java/org/briarproject/bramble/db/Database.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/Database.java
@@ -5,6 +5,8 @@ import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.contact.PendingContactState;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DataTooNewException;
 import org.briarproject.bramble.api.db.DataTooOldException;
@@ -689,8 +691,8 @@ interface Database<T> {
 	/**
 	 * Sets the handshake key pair for the identity with the given ID.
 	 */
-	void setHandshakeKeyPair(T txn, AuthorId local, byte[] publicKey,
-			byte[] privateKey) throws DbException;
+	void setHandshakeKeyPair(T txn, AuthorId local, PublicKey publicKey,
+			PrivateKey privateKey) throws DbException;

 	/**
 	 * Marks the given message as shared.

--- a/bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java
@@ -7,6 +7,8 @@ import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.contact.event.ContactAddedEvent;
 import org.briarproject.bramble.api.contact.event.ContactRemovedEvent;
 import org.briarproject.bramble.api.contact.event.ContactVerifiedEvent;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.CommitAction;
 import org.briarproject.bramble.api.db.CommitAction.Visitor;
@@ -1037,7 +1039,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {

 	@Override
 	public void setHandshakeKeyPair(Transaction transaction, AuthorId local,
-			byte[] publicKey, byte[] privateKey) throws DbException {
+			PublicKey publicKey, PrivateKey privateKey) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
 		if (!db.containsIdentity(txn, local))

--- a/bramble-core/src/main/java/org/briarproject/bramble/db/JdbcDatabase.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/JdbcDatabase.java
@@ -5,7 +5,13 @@ import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.contact.PendingContactState;
+import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
+import org.briarproject.bramble.api.crypto.AgreementPublicKey;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.SignaturePrivateKey;
+import org.briarproject.bramble.api.crypto.SignaturePublicKey;
 import org.briarproject.bramble.api.db.DataTooNewException;
 import org.briarproject.bramble.api.db.DataTooOldException;
 import org.briarproject.bramble.api.db.DbClosedException;
@@ -677,7 +683,7 @@ abstract class JdbcDatabase implements Database<Connection> {
 			ps.setBytes(1, remote.getId().getBytes());
 			ps.setInt(2, remote.getFormatVersion());
 			ps.setString(3, remote.getName());
-			ps.setBytes(4, remote.getPublicKey());
+			ps.setBytes(4, remote.getPublicKey().getEncoded());
 			ps.setBytes(5, local.getBytes());
 			ps.setBoolean(6, verified);
 			int affected = ps.executeUpdate();
@@ -887,12 +893,12 @@ abstract class JdbcDatabase implements Database<Connection> {
 			ps.setBytes(1, local.getId().getBytes());
 			ps.setInt(2, local.getFormatVersion());
 			ps.setString(3, local.getName());
-			ps.setBytes(4, local.getPublicKey());
-			ps.setBytes(5, local.getPrivateKey());
+			ps.setBytes(4, local.getPublicKey().getEncoded());
+			ps.setBytes(5, local.getPrivateKey().getEncoded());
 			if (i.getHandshakePublicKey() == null) ps.setNull(6, BINARY);
-			else ps.setBytes(6, i.getHandshakePublicKey());
+			else ps.setBytes(6, i.getHandshakePublicKey().getEncoded());
 			if (i.getHandshakePrivateKey() == null) ps.setNull(7, BINARY);
-			else ps.setBytes(7, i.getHandshakePrivateKey());
+			else ps.setBytes(7, i.getHandshakePrivateKey().getEncoded());
 			ps.setLong(8, i.getTimeCreated());
 			int affected = ps.executeUpdate();
 			if (affected != 1) throw new DbStateException();
@@ -1068,7 +1074,7 @@ abstract class JdbcDatabase implements Database<Connection> {
 					+ " VALUES (?, ?, ?, ?, ?)";
 			ps = txn.prepareStatement(sql);
 			ps.setBytes(1, p.getId().getBytes());
-			ps.setBytes(2, p.getPublicKey());
+			ps.setBytes(2, p.getPublicKey().getEncoded());
 			ps.setString(3, p.getAlias());
 			ps.setInt(4, p.getState().getValue());
 			ps.setLong(5, p.getTimestamp());
@@ -1444,14 +1450,16 @@ abstract class JdbcDatabase implements Database<Connection> {
 			int formatVersion = rs.getInt(2);
 			String name = rs.getString(3);
 			String alias = rs.getString(4);