org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder Java Examples
The following examples show how to use
org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 6 votes |
|
/**
* ***********************************************
*/
private static PGPPrivateKey getPrivateKey( final PGPSecretKeyRingCollection keys, final long id,
final String secretPwd )
{
try
{
final PGPSecretKey key = keys.getSecretKey( id );
if ( key != null )
{
return key.extractPrivateKey( new JcePBESecretKeyDecryptorBuilder().setProvider( provider )
.build( secretPwd.toCharArray() ) );
}
}
catch ( final Exception e )
{
// Don't print the passphrase but do print null if thats what it was
final String passphraseMessage = ( secretPwd == null ) ? "null" : "supplied";
LOG.warn( "Unable to extract key " + id + " using " + passphraseMessage + " passphrase: {}",
e.getMessage() );
}
return null;
}
Example #2
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 6 votes |
|
public static X509Certificate getX509CertificateFromPgpKeyPair( PGPPublicKey pgpPublicKey,
PGPSecretKey pgpSecretKey, String secretPwd,
String issuer, String subject, Date dateOfIssue,
Date dateOfExpiry, BigInteger serial )
throws PGPException, CertificateException, IOException
{
JcaPGPKeyConverter c = new JcaPGPKeyConverter();
PublicKey publicKey = c.getPublicKey( pgpPublicKey );
PrivateKey privateKey = c.getPrivateKey( pgpSecretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( provider ).build( secretPwd.toCharArray() ) ) );
X509v3CertificateBuilder certBuilder =
new X509v3CertificateBuilder( new X500Name( issuer ), serial, dateOfIssue, dateOfExpiry,
new X500Name( subject ), SubjectPublicKeyInfo.getInstance( publicKey.getEncoded() ) );
byte[] certBytes = certBuilder.build( new JCESigner( privateKey, "SHA256withRSA" ) ).getEncoded();
CertificateFactory certificateFactory = CertificateFactory.getInstance( "X.509" );
return ( X509Certificate ) certificateFactory.generateCertificate( new ByteArrayInputStream( certBytes ) );
}
Example #3
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 6 votes |
|
/**
* ***********************************************
*/
public static PGPPrivateKey getPrivateKey( final PGPSecretKey secretKey, final String secretPwd )
{
Preconditions.checkNotNull( secretKey );
Preconditions.checkNotNull( secretPwd );
try
{
return secretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( provider ).build( secretPwd.toCharArray() ) );
}
catch ( Exception e )
{
LOG.error( "Unable to extract key {}: {}", secretKey.getKeyID(), e.getMessage() );
}
return null;
}
Example #4
| Source File: AptSigningFacet.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
public byte[] signExternal(final String input) throws IOException {
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try {
PGPSecretKey signKey = readSecretKey();
PGPPrivateKey privKey = signKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider("BC").build(config.passphrase.toCharArray()));
PGPSignatureGenerator sigGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(signKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256).setProvider("BC"));
sigGenerator.init(PGPSignature.BINARY_DOCUMENT, privKey);
try (ArmoredOutputStream aOut = new ArmoredOutputStream(buffer)) {
BCPGOutputStream bOut = new BCPGOutputStream(aOut);
sigGenerator.update(input.getBytes(Charsets.UTF_8));
sigGenerator.generate().encode(bOut);
}
}
catch (PGPException ex) {
throw new RuntimeException(ex);
}
return buffer.toByteArray();
}
Example #5
| Source File: PGPUtils.java From desktopclient-java with GNU General Public License v3.0 | 6 votes |
|
public static PGPSecretKeyRing copySecretKeyRingWithNewPassword(byte[] privateKeyData,
char[] oldPassphrase, char[] newPassphrase) throws PGPException, IOException, KonException {
// load the secret key ring
PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, FP_CALC);
PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build();
PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProv)
.setProvider(PGPUtils.PROVIDER)
.build(oldPassphrase);
PGPDigestCalculator calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA256);
PBESecretKeyEncryptor encryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calc)
.setProvider(PROVIDER).build(newPassphrase);
try {
return PGPSecretKeyRing.copyWithNewPassword(secRing, decryptor, encryptor);
} catch (PGPException ex) {
// treat this special, cause most like the decryption password was wrong
throw new KonException(KonException.Error.CHANGE_PASS_COPY, ex);
}
}
Example #6
| Source File: PGPKeyHelper.java From peer-os with Apache License 2.0 | 5 votes |
|
public static PGPPrivateKey readPrivateKey( InputStream is, String password ) throws PGPException, IOException
{
PGPSecretKey secretKey = readSecretKey( is );
return secretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( "BC" ).build( password.toCharArray() ) );
}
Example #7
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 5 votes |
|
public static byte[] signAndEncrypt( final byte[] message, final PGPSecretKey secretKey, final String secretPwd,
final PGPPublicKey publicKey, final boolean armored ) throws PGPException
{
try
{
final ByteArrayOutputStream out = new ByteArrayOutputStream();
final PGPEncryptedDataGenerator encryptedDataGenerator = new PGPEncryptedDataGenerator(
new JcePGPDataEncryptorBuilder( SymmetricKeyAlgorithmTags.AES_256 ).setWithIntegrityPacket( true )
.setSecureRandom(
new SecureRandom() )
.setProvider( provider ) );
encryptedDataGenerator.addMethod(
new JcePublicKeyKeyEncryptionMethodGenerator( publicKey ).setSecureRandom( new SecureRandom() )
.setProvider( provider ) );
final OutputStream theOut = armored ? new ArmoredOutputStream( out ) : out;
final OutputStream encryptedOut = encryptedDataGenerator.open( theOut, new byte[4096] );
final PGPCompressedDataGenerator compressedDataGenerator =
new PGPCompressedDataGenerator( CompressionAlgorithmTags.ZIP );
final OutputStream compressedOut = compressedDataGenerator.open( encryptedOut, new byte[4096] );
final PGPPrivateKey privateKey = secretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( provider ).build( secretPwd.toCharArray() ) );
final PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1 )
.setProvider( provider ) );
signatureGenerator.init( PGPSignature.BINARY_DOCUMENT, privateKey );
final Iterator<?> it = secretKey.getPublicKey().getUserIDs();
if ( it.hasNext() )
{
final PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
spGen.setSignerUserID( false, ( String ) it.next() );
signatureGenerator.setHashedSubpackets( spGen.generate() );
}
signatureGenerator.generateOnePassVersion( false ).encode( compressedOut );
final PGPLiteralDataGenerator literalDataGenerator = new PGPLiteralDataGenerator();
final OutputStream literalOut = literalDataGenerator
.open( compressedOut, PGPLiteralData.BINARY, "filename", new Date(), new byte[4096] );
final InputStream in = new ByteArrayInputStream( message );
final byte[] buf = new byte[4096];
for ( int len; ( len = in.read( buf ) ) > 0; )
{
literalOut.write( buf, 0, len );
signatureGenerator.update( buf, 0, len );
}
in.close();
literalDataGenerator.close();
signatureGenerator.generate().encode( compressedOut );
compressedDataGenerator.close();
encryptedDataGenerator.close();
theOut.close();
return out.toByteArray();
}
catch ( Exception e )
{
throw new PGPException( "Error in signAndEncrypt", e );
}
}
Example #8
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 5 votes |
|
/**
* Signs a public key
*
* @param publicKeyRing a public key ring containing the single public key to sign
* @param id the id we are certifying against the public key
* @param secretKey the signing key
* @param secretKeyPassword the signing key password
*
* @return a public key ring with the signed public key
*/
public static PGPPublicKeyRing signPublicKey( PGPPublicKeyRing publicKeyRing, String id, PGPSecretKey secretKey,
String secretKeyPassword ) throws PGPException
{
try
{
PGPPublicKey oldKey = publicKeyRing.getPublicKey();
PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( provider )
.build( secretKeyPassword.toCharArray() ) );
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1 ) );
signatureGenerator.init( PGPSignature.DEFAULT_CERTIFICATION, pgpPrivKey );
PGPSignature signature = signatureGenerator.generateCertification( id, oldKey );
PGPPublicKey newKey = PGPPublicKey.addCertification( oldKey, signature );
PGPPublicKeyRing newPublicKeyRing = PGPPublicKeyRing.removePublicKey( publicKeyRing, oldKey );
return PGPPublicKeyRing.insertPublicKey( newPublicKeyRing, newKey );
}
catch ( Exception e )
{
//throw custom exception
throw new PGPException( "Error signing public key", e );
}
}
Example #9
| Source File: AptSigningFacet.java From nexus-repository-apt with Eclipse Public License 1.0 | 5 votes |
|
public byte[] signInline(String input) throws IOException, PGPException {
PGPSecretKey signKey = readSecretKey();
PGPPrivateKey privKey = signKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider("BC").build(config.passphrase.toCharArray()));
PGPSignatureGenerator sigGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(signKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256).setProvider("BC"));
sigGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privKey);
@SuppressWarnings("unchecked")
Iterator<String> userIds = signKey.getUserIDs();
if (userIds.hasNext()) {
PGPSignatureSubpacketGenerator sigSubpacketGenerator = new PGPSignatureSubpacketGenerator();
sigSubpacketGenerator.setSignerUserID(false, userIds.next());
sigGenerator.setHashedSubpackets(sigSubpacketGenerator.generate());
}
String[] lines = input.split("\r?\n");
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try (ArmoredOutputStream aOut = new ArmoredOutputStream(buffer)) {
aOut.beginClearText(PGPUtil.SHA256);
boolean firstLine = true;
for (String line : lines) {
String sigLine = (firstLine ? "" : "\r\n") + line.replaceAll("\\s*$", "");
sigGenerator.update(sigLine.getBytes(Charsets.UTF_8));
aOut.write((line + "\n").getBytes(Charsets.UTF_8));
firstLine = false;
}
aOut.endClearText();
BCPGOutputStream bOut = new BCPGOutputStream(aOut);
sigGenerator.generate().encode(bOut);
}
return buffer.toByteArray();
}
Example #10
| Source File: AptSigningFacet.java From nexus-repository-apt with Eclipse Public License 1.0 | 5 votes |
|
public byte[] signExternal(String input) throws IOException, PGPException {
PGPSecretKey signKey = readSecretKey();
PGPPrivateKey privKey = signKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider("BC").build(config.passphrase.toCharArray()));
PGPSignatureGenerator sigGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(signKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256).setProvider("BC"));
sigGenerator.init(PGPSignature.BINARY_DOCUMENT, privKey);
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try (ArmoredOutputStream aOut = new ArmoredOutputStream(buffer)) {
BCPGOutputStream bOut = new BCPGOutputStream(aOut);
sigGenerator.update(input.getBytes(Charsets.UTF_8));
sigGenerator.generate().encode(bOut);
}
return buffer.toByteArray();
}
Example #11
| Source File: AptSigningFacet.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
public byte[] signInline(final String input) throws IOException {
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try {
PGPSecretKey signKey = readSecretKey();
PGPPrivateKey privKey = signKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider("BC").build(config.passphrase.toCharArray()));
PGPSignatureGenerator sigGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(signKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256).setProvider("BC"));
sigGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privKey);
Iterator<String> userIds = signKey.getUserIDs();
if (userIds.hasNext()) {
PGPSignatureSubpacketGenerator sigSubpacketGenerator = new PGPSignatureSubpacketGenerator();
sigSubpacketGenerator.setSignerUserID(false, userIds.next());
sigGenerator.setHashedSubpackets(sigSubpacketGenerator.generate());
}
String[] lines = input.split("\r?\n");
try (ArmoredOutputStream aOut = new ArmoredOutputStream(buffer)) {
aOut.beginClearText(PGPUtil.SHA256);
boolean firstLine = true;
for (String line : lines) {
String sigLine = (firstLine ? "" : "\r\n") + line.replaceAll("\\s*$", "");
sigGenerator.update(sigLine.getBytes(Charsets.UTF_8));
aOut.write((line + "\n").getBytes(Charsets.UTF_8));
firstLine = false;
}
aOut.endClearText();
BCPGOutputStream bOut = new BCPGOutputStream(aOut);
sigGenerator.generate().encode(bOut);
}
}
catch (PGPException ex) {
throw new RuntimeException(ex);
}
return buffer.toByteArray();
}
Example #12
| Source File: GPGFileDecryptor.java From incubator-gobblin with Apache License 2.0 | 5 votes |
|
/**
* Private util function that finds the private key from keyring collection based on keyId and passPhrase
* @param pgpSec keyring collection
* @param keyID keyID for this encryption file
* @param passPhrase passPhrase for this encryption file
* @throws PGPException
*/
private PGPPrivateKey findSecretKey(PGPSecretKeyRingCollection pgpSec, long keyID, String passPhrase)
throws PGPException {
PGPSecretKey pgpSecKey = pgpSec.getSecretKey(keyID);
if (pgpSecKey == null) {
return null;
}
return pgpSecKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder()
.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(passPhrase.toCharArray()));
}
Example #13
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 4 votes |
|
public static byte[] sign( byte[] message, PGPSecretKey secretKey, String secretPwd, boolean armor )
throws PGPException
{
try
{
ByteArrayOutputStream out = new ByteArrayOutputStream();
OutputStream theOut = armor ? new ArmoredOutputStream( out ) : out;
PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( provider ).build( secretPwd.toCharArray() ) );
PGPSignatureGenerator sGen = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1 )
.setProvider( provider ) );
sGen.init( PGPSignature.BINARY_DOCUMENT, pgpPrivKey );
Iterator it = secretKey.getPublicKey().getUserIDs();
if ( it.hasNext() )
{
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
spGen.setSignerUserID( false, ( String ) it.next() );
sGen.setHashedSubpackets( spGen.generate() );
}
PGPCompressedDataGenerator cGen = new PGPCompressedDataGenerator( PGPCompressedData.ZLIB );
BCPGOutputStream bOut = new BCPGOutputStream( cGen.open( theOut ) );
sGen.generateOnePassVersion( false ).encode( bOut );
PGPLiteralDataGenerator lGen = new PGPLiteralDataGenerator();
OutputStream lOut =
lGen.open( bOut, PGPLiteralData.BINARY, "filename", new Date(), new byte[4096] ); //
InputStream fIn = new ByteArrayInputStream( message );
int ch;
while ( ( ch = fIn.read() ) >= 0 )
{
lOut.write( ch );
sGen.update( ( byte ) ch );
}
lGen.close();
sGen.generate().encode( bOut );
cGen.close();
theOut.close();
return out.toByteArray();
}
catch ( Exception e )
{
throw new PGPException( "Error in sign", e );
}
}
Example #14
| Source File: PGPEncryptionUtil.java From peer-os with Apache License 2.0 | 4 votes |
|
public static byte[] clearSign( byte[] message, PGPSecretKey pgpSecKey, char[] pass, String digestName )
throws IOException, PGPException, SignatureException
{
ByteArrayOutputStream out = new ByteArrayOutputStream();
int digest;
if ( "SHA256".equals( digestName ) )
{
digest = PGPUtil.SHA256;
}
else if ( "SHA384".equals( digestName ) )
{
digest = PGPUtil.SHA384;
}
else if ( "SHA512".equals( digestName ) )
{
digest = PGPUtil.SHA512;
}
else if ( "MD5".equals( digestName ) )
{
digest = PGPUtil.MD5;
}
else if ( "RIPEMD160".equals( digestName ) )
{
digest = PGPUtil.RIPEMD160;
}
else
{
digest = PGPUtil.SHA1;
}
PGPPrivateKey pgpPrivKey =
pgpSecKey.extractPrivateKey( new JcePBESecretKeyDecryptorBuilder().setProvider( "BC" ).build( pass ) );
PGPSignatureGenerator sGen = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder( pgpSecKey.getPublicKey().getAlgorithm(), digest ).setProvider( "BC" ) );
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
sGen.init( PGPSignature.CANONICAL_TEXT_DOCUMENT, pgpPrivKey );
Iterator it = pgpSecKey.getPublicKey().getUserIDs();
if ( it.hasNext() )
{
spGen.setSignerUserID( false, ( String ) it.next() );
sGen.setHashedSubpackets( spGen.generate() );
}
InputStream fIn = new ByteArrayInputStream( message );
ArmoredOutputStream aOut = new ArmoredOutputStream( out );
aOut.beginClearText( digest );
//
// note the last \n/\r/\r\n in the file is ignored
//
ByteArrayOutputStream lineOut = new ByteArrayOutputStream();
int lookAhead = readInputLine( lineOut, fIn );
processLine( aOut, sGen, lineOut.toByteArray() );
if ( lookAhead != -1 )
{
do
{
lookAhead = readInputLine( lineOut, lookAhead, fIn );
sGen.update( ( byte ) '\r' );
sGen.update( ( byte ) '\n' );
processLine( aOut, sGen, lineOut.toByteArray() );
}
while ( lookAhead != -1 );
}
fIn.close();
aOut.endClearText();
BCPGOutputStream bOut = new BCPGOutputStream( aOut );
sGen.generate().encode( bOut );
aOut.close();
return out.toByteArray();
}
Example #15
| Source File: PersonalKey.java From desktopclient-java with GNU General Public License v3.0 | 4 votes |
|
/** Creates a {@link PersonalKey} from private keyring data. */
@SuppressWarnings("unchecked")
public static PersonalKey load(byte[] privateKeyData,
char[] passphrase,
byte[] bridgeCertData)
throws KonException, IOException, PGPException, CertificateException, NoSuchProviderException {
PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, PGPUtils.FP_CALC);
PGPSecretKey authKey = null;
PGPSecretKey signKey = null;
PGPSecretKey encrKey = null;
// assign from key ring
Iterator<PGPSecretKey> skeys = secRing.getSecretKeys();
while (skeys.hasNext()) {
PGPSecretKey key = skeys.next();
if (key.isMasterKey()) {
// master key: authentication / legacy: signing
authKey = key;
} else if (PGPUtils.isSigningKey(key.getPublicKey())) {
// sub keys: encryption and signing / legacy: only encryption
signKey = key;
} else if (key.getPublicKey().isEncryptionKey()) {
encrKey = key;
}
}
// legacy: auth key is actually signing key
if (signKey == null && authKey != null && authKey.isSigningKey()) {
LOGGER.info("legacy key");
signKey = authKey;
}
if (authKey == null || signKey == null || encrKey == null) {
LOGGER.warning("something could not be found, "
+"sign="+signKey+ ", auth="+authKey+", encr="+encrKey);
throw new KonException(KonException.Error.LOAD_KEY,
new PGPException("could not find all keys in key data"));
}
// decrypt private keys
PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder()
.setProvider(PGPUtils.PROVIDER)
.build(passphrase);
PGPKeyPair authKeyPair = PGPUtils.decrypt(authKey, decryptor);
PGPKeyPair signKeyPair = PGPUtils.decrypt(signKey, decryptor);
PGPKeyPair encryptKeyPair = PGPUtils.decrypt(encrKey, decryptor);
// user ID
Iterator<?> uidIt = authKey.getUserIDs();
if (!uidIt.hasNext())
throw new KonException(KonException.Error.LOAD_KEY,
new PGPException("no UID in key"));
String uid = (String) uidIt.next();
// X.509 bridge certificate
X509Certificate bridgeCert;
if (bridgeCertData != null) {
bridgeCert = PGPUtils.loadX509Cert(bridgeCertData);
} else {
// public key ring
ByteArrayOutputStream out = new ByteArrayOutputStream();
authKeyPair.getPublicKey().encode(out);
signKeyPair.getPublicKey().encode(out);
encryptKeyPair.getPublicKey().encode(out);
byte[] publicKeyRingData = out.toByteArray();
PGPPublicKeyRing pubKeyRing = new BcPGPPublicKeyRing(publicKeyRingData);
// re-create cert
bridgeCert = createX509Certificate(authKeyPair, pubKeyRing);
}
return new PersonalKey(authKeyPair, signKeyPair, encryptKeyPair, bridgeCert, uid);
}
