org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder Java Examples
The following examples show how to use
org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: RydePgpSigningOutputStream.java From nomulus with Apache License 2.0 | 5 votes |
|
/**
* Create a signer that wraps {@code os} and generates a detached signature using
* {@code signingKey}. After closing, you should call {@link #getSignature()} to get the detached
* signature.
*
* @param os is the upstream {@link OutputStream} which is not closed by this object
* @throws RuntimeException to rethrow {@link PGPException}
*/
public RydePgpSigningOutputStream(
@WillNotClose OutputStream os,
PGPKeyPair signingKey) {
super("RydePgpSigningOutputStream", os, false);
try {
signer = new PGPSignatureGenerator(
new BcPGPContentSignerBuilder(RSA_GENERAL, SHA256));
signer.init(BINARY_DOCUMENT, signingKey.getPrivateKey());
} catch (PGPException e) {
throw new RuntimeException(e);
}
addUserInfoToSignature(signingKey.getPublicKey(), signer);
}
Example #2
| Source File: BouncyCastleTest.java From nomulus with Apache License 2.0 | 5 votes |
|
@Test
public void testSignVerify_Detached() throws Exception {
// Load the keys.
PGPPublicKeyRing publicKeyRing = new BcPGPPublicKeyRing(PUBLIC_KEY);
PGPSecretKeyRing privateKeyRing = new BcPGPSecretKeyRing(PRIVATE_KEY);
PGPPublicKey publicKey = publicKeyRing.getPublicKey();
PGPPrivateKey privateKey = extractPrivateKey(privateKeyRing.getSecretKey());
// Sign the data and write signature data to "signatureFile".
// Note: RSA_GENERAL will encrypt AND sign. RSA_SIGN and RSA_ENCRYPT are deprecated.
PGPSignatureGenerator signer = new PGPSignatureGenerator(
new BcPGPContentSignerBuilder(RSA_GENERAL, SHA256));
signer.init(PGPSignature.BINARY_DOCUMENT, privateKey);
addUserInfoToSignature(publicKey, signer);
signer.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
ByteArrayOutputStream output = new ByteArrayOutputStream();
signer.generate().encode(output);
byte[] signatureFileData = output.toByteArray();
logger.atInfo().log(".sig file data: %s", dumpHex(signatureFileData));
// Load algorithm information and signature data from "signatureFileData".
PGPSignature sig;
try (ByteArrayInputStream input = new ByteArrayInputStream(signatureFileData)) {
PGPObjectFactory pgpFact = new BcPGPObjectFactory(input);
PGPSignatureList sigList = (PGPSignatureList) pgpFact.nextObject();
assertThat(sigList.size()).isEqualTo(1);
sig = sigList.get(0);
}
// Use "onePass" and "sig" to verify "publicKey" signed the text.
sig.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
sig.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
assertThat(sig.verify()).isTrue();
// Verify that they DIDN'T sign the text "hello monster".
sig.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
sig.update("hello monster".getBytes(UTF_8));
assertThat(sig.verify()).isFalse();
}
Example #3
| Source File: SigningStream.java From packagedrone with Eclipse Public License 1.0 | 5 votes |
|
protected void testInit () throws IOException
{
if ( this.initialized )
{
return;
}
this.initialized = true;
try
{
this.signatureGenerator = new PGPSignatureGenerator ( new BcPGPContentSignerBuilder ( this.privateKey.getPublicKeyPacket ().getAlgorithm (), this.digestAlgorithm ) );
this.signatureGenerator.init ( PGPSignature.BINARY_DOCUMENT, this.privateKey );
this.armoredOutput = new ArmoredOutputStream ( this.stream );
if ( this.version != null )
{
this.armoredOutput.setHeader ( "Version", this.version );
}
if ( this.inline )
{
this.armoredOutput.beginClearText ( this.digestAlgorithm );
}
}
catch ( final PGPException e )
{
throw new IOException ( e );
}
}
Example #4
| Source File: RsaHeaderSignatureProcessor.java From packagedrone with Eclipse Public License 1.0 | 5 votes |
|
@Override
public void feedHeader ( final ByteBuffer header )
{
try
{
final BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder ( this.privateKey.getPublicKeyPacket ().getAlgorithm (), this.hashAlgorithm );
final PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator ( contentSignerBuilder );
signatureGenerator.init ( PGPSignature.BINARY_DOCUMENT, this.privateKey );
if ( header.hasArray () )
{
signatureGenerator.update ( header.array (), header.position (), header.remaining () );
}
else
{
final byte[] buffer = new byte[header.remaining ()];
header.get ( buffer );
signatureGenerator.update ( buffer );
}
this.value = signatureGenerator.generate ().getEncoded ();
logger.info ( "RSA HEADER: {}", this.value );
}
catch ( final Exception e )
{
throw new RuntimeException ( e );
}
}
Example #5
| Source File: KeyGeneratorServicePgpImpl.java From pgptool with GNU General Public License v3.0 | 4 votes |
|
@Override
public Key createNewKey(CreateKeyParams params) throws FieldValidationException {
try {
Preconditions.checkArgument(params != null, "params must not be null");
assertParamsValid(params);
// Create Master key
KeyPair masterKey = getOrGenerateKeyPair(getMasterKeyParameters());
PGPKeyPair masterKeyBc = new JcaPGPKeyPair(algorithmNameToTag(masterKeyPurpose), masterKey, new Date());
BcPGPContentSignerBuilder keySignerBuilderBc = new BcPGPContentSignerBuilder(
algorithmNameToTag(masterKeyPurpose), hashAlgorithmNameToTag(masterKeySignerHashingAlgorithm));
// Setup seret key encryption
PGPDigestCalculator digestCalc = new BcPGPDigestCalculatorProvider()
.get(hashAlgorithmNameToTag(secretKeyHashingAlgorithm));
BcPBESecretKeyEncryptorBuilder encryptorBuilderBC = new BcPBESecretKeyEncryptorBuilder(
symmetricKeyAlgorithmNameToTag(secretKeyEncryptionAlgorithm), digestCalc);
PBESecretKeyEncryptor keyEncryptorBc = encryptorBuilderBC.build(params.getPassphrase().toCharArray());
// Key pair generator
String userName = params.getFullName() + " <" + params.getEmail() + ">";
PGPKeyRingGenerator keyPairGeneratorBc = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION,
masterKeyBc, userName, digestCalc, null, null, keySignerBuilderBc, keyEncryptorBc);
// Add Sub-key for encryption
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(encryptionKeyAlgorithm, PROVIDER);
if ("ELGAMAL".equals(encryptionKeyAlgorithm)) {
keyPairGenerator.initialize(new DHParameterSpec(dhParamsPrimeModulus, dhParamsBaseGenerator));
} else if ("RSA".equals(encryptionKeyAlgorithm)) {
// Re-using master key size.
keyPairGenerator.initialize(new RSAKeyGenParameterSpec(masterKeySize, RSAKeyGenParameterSpec.F4));
} else {
throw new IllegalArgumentException(
"Hanlding of parameter creation for " + encryptionKeyAlgorithm + " is not implemented");
}
KeyPair encryptionSubKey = keyPairGenerator.generateKeyPair();
PGPKeyPair encryptionSubKeyBc = new JcaPGPKeyPair(algorithmNameToTag(encryptionKeyPurpose),
encryptionSubKey, new Date());
keyPairGeneratorBc.addSubKey(encryptionSubKeyBc);
// TBD-191: Also add a sub-key for signing
// KeyPair signatureSubKey = keyPairGenerator.generateKeyPair();
// PGPKeyPair signatureSubKeyBc = new
// TBD-191: RSA_SIGN must not be hardcoded
// JcaPGPKeyPair(algorithmNameToTag("RSA_SIGN"), signatureSubKey,
// new Date());
// keyPairGeneratorBc.addSubKey(signatureSubKeyBc);
// building ret
return buildKey(keyPairGeneratorBc);
} catch (Throwable t) {
Throwables.throwIfInstanceOf(t, FieldValidationException.class);
throw new RuntimeException("Failed to generate key", t);
}
}
Example #6
| Source File: Encryptor.java From jpgpj with MIT License | 4 votes |
|
/**
* Builds a PGPContentSignerBuilder for the specified algorithms.
*/
protected PGPContentSignerBuilder buildSignerBuilder(int keyAlgorithm, int hashAlgorithm) {
return new BcPGPContentSignerBuilder(keyAlgorithm, hashAlgorithm);
}
Example #7
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 4 votes |
|
private static PGPKeyRingGenerator generateKeyRingGenerator( String id, char[] pass, int s2kcount, int keySize,
KeyPair keyPair ) throws PGPException
{
// This object generates individual key-pairs.
RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();
// Boilerplate RSA parameters, no need to change anything
// except for the RSA key-size (2048). You can use whatever
// key-size makes sense for you -- 4096, etc.
kpg.init( new RSAKeyGenerationParameters( BigInteger.valueOf( 0x10001 ), new SecureRandom(), keySize, 12 ) );
// First create the master (signing) key with the generator.
PGPKeyPair rsakp_sign = new BcPGPKeyPair( PGPPublicKey.RSA_GENERAL, kpg.generateKeyPair(), new Date() );
// Then an encryption subkey.
PGPKeyPair rsakp_enc = new BcPGPKeyPair( PGPPublicKey.RSA_GENERAL, kpg.generateKeyPair(), new Date() );
keyPair.setPrimaryKeyId( Long.toHexString( rsakp_sign.getKeyID() ) );
keyPair.setPrimaryKeyFingerprint( BytesToHex( rsakp_sign.getPublicKey().getFingerprint() ) );
keyPair.setSubKeyId( Long.toHexString( rsakp_enc.getKeyID() ) );
keyPair.setSubKeyFingerprint( BytesToHex( rsakp_enc.getPublicKey().getFingerprint() ) );
// Add a self-signature on the id
PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();
// Add signed metadata on the signature.
// 1) Declare its purpose
signhashgen.setKeyFlags( false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER );
// 2) Set preferences for secondary crypto algorithms to use
// when sending messages to this key.
signhashgen.setPreferredSymmetricAlgorithms( false, new int[] {
SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128,
SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.TRIPLE_DES
} );
signhashgen.setPreferredHashAlgorithms( false, new int[] {
HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512,
HashAlgorithmTags.SHA224,
} );
signhashgen.setPreferredCompressionAlgorithms( false, new int[] {
CompressionAlgorithmTags.ZLIB, CompressionAlgorithmTags.BZIP2, CompressionAlgorithmTags.ZIP
} );
// 3) Request senders add additional checksums to the
// message (useful when verifying unsigned messages.)
signhashgen.setFeature( false, Features.FEATURE_MODIFICATION_DETECTION );
// Create a signature on the encryption subkey.
PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
// Add metadata to declare its purpose
enchashgen.setKeyFlags( false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE );
// Objects used to encrypt the secret key.
PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get( HashAlgorithmTags.SHA1 );
// bcpg 1.48 exposes this API that includes s2kcount. Earlier
// versions use a default of 0x60.
PBESecretKeyEncryptor pske =
( new BcPBESecretKeyEncryptorBuilder( PGPEncryptedData.CAST5, sha1Calc, s2kcount ) ).build( pass );
// Finally, create the keyring itself. The constructor
// takes parameters that allow it to generate the self
// signature.
PGPKeyRingGenerator keyRingGen =
new PGPKeyRingGenerator( PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc,
signhashgen.generate(), null,
new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(),
HashAlgorithmTags.SHA1 ), pske );
// Add our encryption subkey, together with its signature.
keyRingGen.addSubKey( rsakp_enc, enchashgen.generate(), null );
return keyRingGen;
}
Example #8
| Source File: AbstractSecretKeySigningService.java From packagedrone with Eclipse Public License 1.0 | 4 votes |
|
@Override
public void sign ( final InputStream in, final OutputStream out, final boolean inline ) throws Exception
{
final int digest = HashAlgorithmTags.SHA1;
final PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator ( new BcPGPContentSignerBuilder ( this.privateKey.getPublicKeyPacket ().getAlgorithm (), digest ) );
if ( inline )
{
signatureGenerator.init ( PGPSignature.CANONICAL_TEXT_DOCUMENT, this.privateKey );
}
else
{
signatureGenerator.init ( PGPSignature.BINARY_DOCUMENT, this.privateKey );
}
final ArmoredOutputStream armoredOutput = new ArmoredOutputStream ( out );
armoredOutput.setHeader ( "Version", VersionInformation.VERSIONED_PRODUCT );
if ( inline )
{
armoredOutput.beginClearText ( digest );
final LineNumberReader lnr = new LineNumberReader ( new InputStreamReader ( in, StandardCharsets.UTF_8 ) );
String line;
while ( ( line = lnr.readLine () ) != null )
{
if ( lnr.getLineNumber () > 1 )
{
signatureGenerator.update ( NL_DATA );
}
final byte[] data = trimTrailing ( line ).getBytes ( StandardCharsets.UTF_8 );
if ( inline )
{
armoredOutput.write ( data );
armoredOutput.write ( NL_DATA );
}
signatureGenerator.update ( data );
}
armoredOutput.endClearText ();
}
else
{
final byte[] buffer = new byte[4096];
int rc;
while ( ( rc = in.read ( buffer ) ) >= 0 )
{
signatureGenerator.update ( buffer, 0, rc );
}
}
final PGPSignature signature = signatureGenerator.generate ();
signature.encode ( new BCPGOutputStream ( armoredOutput ) );
armoredOutput.close ();
}
Example #9
| Source File: Encryptor.java From desktopclient-java with GNU General Public License v3.0 | 4 votes |
|
/**
* Encrypt, sign and write input stream data to output stream.
* Input and output stream are closed.
*/
private static void encryptAndSign(
InputStream plainInput, OutputStream encryptedOutput,
PersonalKey myKey, List<PGPUtils.PGPCoderKey> receiverKeys)
throws IOException, PGPException {
// setup data encryptor & generator
BcPGPDataEncryptorBuilder encryptor = new BcPGPDataEncryptorBuilder(PGPEncryptedData.AES_192);
encryptor.setWithIntegrityPacket(true);
encryptor.setSecureRandom(new SecureRandom());
// add public key recipients
PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(encryptor);
receiverKeys.forEach(key ->
encGen.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key.encryptKey)));
OutputStream encryptedOut = encGen.open(encryptedOutput, new byte[BUFFER_SIZE]);
// setup compressed data generator
PGPCompressedDataGenerator compGen = new PGPCompressedDataGenerator(PGPCompressedData.ZIP);
OutputStream compressedOut = compGen.open(encryptedOut, new byte[BUFFER_SIZE]);
// setup signature generator
int algo = myKey.getSigningAlgorithm();
PGPSignatureGenerator sigGen = new PGPSignatureGenerator(
new BcPGPContentSignerBuilder(algo, HashAlgorithmTags.SHA256));
sigGen.init(PGPSignature.BINARY_DOCUMENT, myKey.getPrivateSigningKey());
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
spGen.setSignerUserID(false, myKey.getUserId());
sigGen.setUnhashedSubpackets(spGen.generate());
sigGen.generateOnePassVersion(false).encode(compressedOut);
// Initialize literal data generator
PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator();
OutputStream literalOut = literalGen.open(
compressedOut,
PGPLiteralData.BINARY,
"",
new Date(),
new byte[BUFFER_SIZE]);
// read the "in" stream, compress, encrypt and write to the "out" stream
// this must be done if clear data is bigger than the buffer size
// but there are other ways to optimize...
byte[] buf = new byte[BUFFER_SIZE];
int len;
while ((len = plainInput.read(buf)) > 0) {
literalOut.write(buf, 0, len);
sigGen.update(buf, 0, len);
}
literalGen.close();
// generate the signature, compress, encrypt and write to the "out" stream
sigGen.generate().encode(compressedOut);
compGen.close();
encGen.close();
}
Example #10
| Source File: BouncyCastleTest.java From nomulus with Apache License 2.0 | 3 votes |
|
@Test
public void testSignVerify_OnePass() throws Exception {
// Load the keys.
PGPPublicKeyRing publicKeyRing = new BcPGPPublicKeyRing(PUBLIC_KEY);
PGPSecretKeyRing privateKeyRing = new BcPGPSecretKeyRing(PRIVATE_KEY);
PGPPublicKey publicKey = publicKeyRing.getPublicKey();
PGPPrivateKey privateKey = extractPrivateKey(privateKeyRing.getSecretKey());
// Sign the data and write signature data to "signatureFile".
PGPSignatureGenerator signer = new PGPSignatureGenerator(
new BcPGPContentSignerBuilder(RSA_GENERAL, SHA256));
signer.init(PGPSignature.BINARY_DOCUMENT, privateKey);
addUserInfoToSignature(publicKey, signer);
ByteArrayOutputStream output = new ByteArrayOutputStream();
signer.generateOnePassVersion(false).encode(output);
signer.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
signer.generate().encode(output);
byte[] signatureFileData = output.toByteArray();
logger.atInfo().log(".sig file data: %s", dumpHex(signatureFileData));
// Load algorithm information and signature data from "signatureFileData".
PGPSignature sig;
PGPOnePassSignature onePass;
try (ByteArrayInputStream input = new ByteArrayInputStream(signatureFileData)) {
PGPObjectFactory pgpFact = new BcPGPObjectFactory(input);
PGPOnePassSignatureList onePassList = (PGPOnePassSignatureList) pgpFact.nextObject();
PGPSignatureList sigList = (PGPSignatureList) pgpFact.nextObject();
assertThat(onePassList.size()).isEqualTo(1);
assertThat(sigList.size()).isEqualTo(1);
onePass = onePassList.get(0);
sig = sigList.get(0);
}
// Use "onePass" and "sig" to verify "publicKey" signed the text.
onePass.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
onePass.update(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8));
assertThat(onePass.verify(sig)).isTrue();
// Verify that they DIDN'T sign the text "hello monster".
onePass.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
onePass.update("hello monster".getBytes(UTF_8));
assertThat(onePass.verify(sig)).isFalse();
}
