org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider Java Examples

private PGPPrivateKey getPrivateKey(String passphrase, PGPSecretKey secretKey) throws InvalidPasswordException {
	try {
		PBESecretKeyDecryptor decryptorFactory = new BcPBESecretKeyDecryptorBuilder(
				new BcPGPDigestCalculatorProvider()).build(passphrase.toCharArray());
		PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptorFactory);
		return privateKey;
	} catch (Throwable t) {
		log.warn("Failed to extract private key. Most likely it because of incorrect passphrase provided", t);
		throw new InvalidPasswordException();
	}
}
 

/**
 * Same as {@link #lookupPublicKey} but also retrieves the associated private key.
 *
 * @throws VerifyException if either keys couldn't be found.
 * @see #lookupPublicKey
 */
public static PGPKeyPair lookupKeyPair(
    PGPPublicKeyRingCollection publics,
    PGPSecretKeyRingCollection privates,
    String query,
    KeyRequirement want) {
  PGPPublicKey publicKey = lookupPublicKey(publics, query, want);
  PGPPrivateKey privateKey;
  try {
    PGPSecretKey secret = verifyNotNull(privates.getSecretKey(publicKey.getKeyID()),
        "Keyring missing private key associated with public key id: %x (query '%s')",
        publicKey.getKeyID(), query);
    // We do not support putting a password on the private key so we're just going to
    // put char[0] here.
    privateKey = secret.extractPrivateKey(
        new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
            .build(new char[0]));
  } catch (PGPException e) {
    throw new VerifyException(String.format("Could not load PGP private key for: %s", query), e);
  }
  return new PGPKeyPair(publicKey, privateKey);
}
 

private PGPPrivateKey getPrivateKey(String passphrase, PGPSecretKey secretKey) throws InvalidPasswordException {
	try {
		PBESecretKeyDecryptor decryptorFactory = new BcPBESecretKeyDecryptorBuilder(
				new BcPGPDigestCalculatorProvider()).build(passphrase.toCharArray());
		PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptorFactory);
		return privateKey;
	} catch (Throwable t) {
		log.warn("Failed to extract private key. Most likely it because of incorrect passphrase provided", t);
		throw new InvalidPasswordException();
	}
}
 

/**
 * Builds a secret key decryptor for the specified passphrase.
 */
protected PBESecretKeyDecryptor buildDecryptor(char[] passphraseChars) {
    char[] chars = passphraseChars != null &&
        !Arrays.equals(passphraseChars, NO_PASSPHRASE) ?
        passphraseChars : EMPTY_PASSPHRASE;
    return new BcPBESecretKeyDecryptorBuilder(
        new BcPGPDigestCalculatorProvider()).build(chars);
}
 

/**
 * Builds a PublicKeyKeyEncryptionMethodGenerator
 * for the specified key.
 */
protected PBEKeyEncryptionMethodGenerator buildSymmetricKeyEncryptor()
        throws PGPException {
    HashingAlgorithm kdAlgorithm = getKeyDeriviationAlgorithm();
    int workFactor = getKeyDeriviationWorkFactor();
    log.info("using symmetric encryption with {} hash, work factor {}",
            kdAlgorithm, workFactor);

    return new BcPBEKeyEncryptionMethodGenerator(
        getSymmetricPassphraseChars(),
        new BcPGPDigestCalculatorProvider().get(kdAlgorithm.ordinal()),
        workFactor);
}
 

static PGPKeyPair getKeyPair() throws Exception {
  PGPSecretKey secretKey = getPrivateKeyring().getSecretKey();
  return new PGPKeyPair(
      secretKey.getPublicKey(),
      secretKey.extractPrivateKey(
          new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
          .build(new char[0])));
}
 

private static PGPPrivateKey extractPrivateKey(PGPSecretKey secretKey, String password) {
  try {
    return secretKey.extractPrivateKey(
        new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
            .build(password.toCharArray()));
  } catch (PGPException e) {
    throw new Error(e);
  }
}
 

public static PGPPrivateKey loadPrivateKey ( final InputStream input, final String keyId, final char[] passPhrase ) throws IOException, PGPException
{
    final PGPSecretKey secretKey = loadSecretKey ( input, keyId );
    if ( secretKey == null )
    {
        return null;
    }

    return secretKey.extractPrivateKey ( new BcPBESecretKeyDecryptorBuilder ( new BcPGPDigestCalculatorProvider () ).build ( passPhrase ) );
}
 

@Override
public Key createNewKey(CreateKeyParams params) throws FieldValidationException {
	try {
		Preconditions.checkArgument(params != null, "params must not be null");
		assertParamsValid(params);

		// Create Master key
		KeyPair masterKey = getOrGenerateKeyPair(getMasterKeyParameters());
		PGPKeyPair masterKeyBc = new JcaPGPKeyPair(algorithmNameToTag(masterKeyPurpose), masterKey, new Date());
		BcPGPContentSignerBuilder keySignerBuilderBc = new BcPGPContentSignerBuilder(
				algorithmNameToTag(masterKeyPurpose), hashAlgorithmNameToTag(masterKeySignerHashingAlgorithm));

		// Setup seret key encryption
		PGPDigestCalculator digestCalc = new BcPGPDigestCalculatorProvider()
				.get(hashAlgorithmNameToTag(secretKeyHashingAlgorithm));
		BcPBESecretKeyEncryptorBuilder encryptorBuilderBC = new BcPBESecretKeyEncryptorBuilder(
				symmetricKeyAlgorithmNameToTag(secretKeyEncryptionAlgorithm), digestCalc);
		PBESecretKeyEncryptor keyEncryptorBc = encryptorBuilderBC.build(params.getPassphrase().toCharArray());

		// Key pair generator
		String userName = params.getFullName() + " <" + params.getEmail() + ">";
		PGPKeyRingGenerator keyPairGeneratorBc = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION,
				masterKeyBc, userName, digestCalc, null, null, keySignerBuilderBc, keyEncryptorBc);

		// Add Sub-key for encryption
		KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(encryptionKeyAlgorithm, PROVIDER);
		if ("ELGAMAL".equals(encryptionKeyAlgorithm)) {
			keyPairGenerator.initialize(new DHParameterSpec(dhParamsPrimeModulus, dhParamsBaseGenerator));
		} else if ("RSA".equals(encryptionKeyAlgorithm)) {
			// Re-using master key size.
			keyPairGenerator.initialize(new RSAKeyGenParameterSpec(masterKeySize, RSAKeyGenParameterSpec.F4));
		} else {
			throw new IllegalArgumentException(
					"Hanlding of parameter creation for " + encryptionKeyAlgorithm + " is not implemented");
		}
		KeyPair encryptionSubKey = keyPairGenerator.generateKeyPair();
		PGPKeyPair encryptionSubKeyBc = new JcaPGPKeyPair(algorithmNameToTag(encryptionKeyPurpose),
				encryptionSubKey, new Date());
		keyPairGeneratorBc.addSubKey(encryptionSubKeyBc);

		// TBD-191: Also add a sub-key for signing
		// KeyPair signatureSubKey = keyPairGenerator.generateKeyPair();
		// PGPKeyPair signatureSubKeyBc = new
		// TBD-191: RSA_SIGN must not be hardcoded
		// JcaPGPKeyPair(algorithmNameToTag("RSA_SIGN"), signatureSubKey,
		// new Date());
		// keyPairGeneratorBc.addSubKey(signatureSubKeyBc);

		// building ret
		return buildKey(keyPairGeneratorBc);
	} catch (Throwable t) {
		Throwables.throwIfInstanceOf(t, FieldValidationException.class);
		throw new RuntimeException("Failed to generate key", t);
	}
}
 

/**
 * Builds a symmetric-key decryptor for the specified passphrase.
 */
protected PBEDataDecryptorFactory buildSymmetricKeyDecryptor(char[] passphraseChars) {
    return new BcPBEDataDecryptorFactory(passphraseChars,
        new BcPGPDigestCalculatorProvider());
}
 

private static PGPKeyRingGenerator generateKeyRingGenerator( String id, char[] pass, int s2kcount, int keySize,
                                                             KeyPair keyPair ) throws PGPException
{
    // This object generates individual key-pairs.
    RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();

    // Boilerplate RSA parameters, no need to change anything
    // except for the RSA key-size (2048). You can use whatever
    // key-size makes sense for you -- 4096, etc.
    kpg.init( new RSAKeyGenerationParameters( BigInteger.valueOf( 0x10001 ), new SecureRandom(), keySize, 12 ) );

    // First create the master (signing) key with the generator.
    PGPKeyPair rsakp_sign = new BcPGPKeyPair( PGPPublicKey.RSA_GENERAL, kpg.generateKeyPair(), new Date() );
    // Then an encryption subkey.
    PGPKeyPair rsakp_enc = new BcPGPKeyPair( PGPPublicKey.RSA_GENERAL, kpg.generateKeyPair(), new Date() );

    keyPair.setPrimaryKeyId( Long.toHexString( rsakp_sign.getKeyID() ) );
    keyPair.setPrimaryKeyFingerprint( BytesToHex( rsakp_sign.getPublicKey().getFingerprint() ) );
    keyPair.setSubKeyId( Long.toHexString( rsakp_enc.getKeyID() ) );
    keyPair.setSubKeyFingerprint( BytesToHex( rsakp_enc.getPublicKey().getFingerprint() ) );

    // Add a self-signature on the id
    PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

    // Add signed metadata on the signature.
    // 1) Declare its purpose
    signhashgen.setKeyFlags( false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER );
    // 2) Set preferences for secondary crypto algorithms to use
    //    when sending messages to this key.
    signhashgen.setPreferredSymmetricAlgorithms( false, new int[] {
            SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128,
            SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.TRIPLE_DES
    } );
    signhashgen.setPreferredHashAlgorithms( false, new int[] {
            HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512,
            HashAlgorithmTags.SHA224,
    } );
    signhashgen.setPreferredCompressionAlgorithms( false, new int[] {
            CompressionAlgorithmTags.ZLIB, CompressionAlgorithmTags.BZIP2, CompressionAlgorithmTags.ZIP
    } );
    // 3) Request senders add additional checksums to the
    //    message (useful when verifying unsigned messages.)
    signhashgen.setFeature( false, Features.FEATURE_MODIFICATION_DETECTION );

    // Create a signature on the encryption subkey.
    PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
    // Add metadata to declare its purpose
    enchashgen.setKeyFlags( false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE );

    // Objects used to encrypt the secret key.
    PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get( HashAlgorithmTags.SHA1 );

    // bcpg 1.48 exposes this API that includes s2kcount. Earlier
    // versions use a default of 0x60.
    PBESecretKeyEncryptor pske =
            ( new BcPBESecretKeyEncryptorBuilder( PGPEncryptedData.CAST5, sha1Calc, s2kcount ) ).build( pass );
    // Finally, create the keyring itself. The constructor
    // takes parameters that allow it to generate the self
    // signature.
    PGPKeyRingGenerator keyRingGen =
            new PGPKeyRingGenerator( PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc,
                    signhashgen.generate(), null,
                    new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(),
                            HashAlgorithmTags.SHA1 ), pske );

    // Add our encryption subkey, together with its signature.
    keyRingGen.addSubKey( rsakp_enc, enchashgen.generate(), null );
    return keyRingGen;
}
 

private static PBESecretKeyDecryptor createSecretKeyDecryptor() {
  // There shouldn't be a passphrase on the key
  return new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
      .build(new char[0]);
}
 

private static PGPPrivateKey extractPrivateKey(PGPSecretKey secretKey) throws PGPException {
  return secretKey.extractPrivateKey(
      new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
          .build(PASSWORD));
}
 

public AbstractSecretKeySigningService ( final PGPSecretKey secretKey, final String passphrase ) throws PGPException
{
    this.secretKey = secretKey;
    this.privateKey = this.secretKey.extractPrivateKey ( new BcPBESecretKeyDecryptorBuilder ( new BcPGPDigestCalculatorProvider () ).build ( passphrase.toCharArray () ) );
}