List of usage examples for org.bouncycastle.bcpg HashAlgorithmTags SHA384
int SHA384
To view the source code for org.bouncycastle.bcpg HashAlgorithmTags SHA384.
Click Source Link
From source file:divconq.pgp.PGPUtil.java
License:Open Source License
public static String getDigestName(int hashAlgorithm) throws PGPException { switch (hashAlgorithm) { case HashAlgorithmTags.SHA1: return "SHA1"; case HashAlgorithmTags.MD2: return "MD2"; case HashAlgorithmTags.MD5: return "MD5"; case HashAlgorithmTags.RIPEMD160: return "RIPEMD160"; case HashAlgorithmTags.SHA256: return "SHA256"; case HashAlgorithmTags.SHA384: return "SHA384"; case HashAlgorithmTags.SHA512: return "SHA512"; case HashAlgorithmTags.SHA224: return "SHA224"; case HashAlgorithmTags.TIGER_192: return "TIGER"; default:// w w w . ja va 2s .co m throw new PGPException("unknown hash algorithm tag in getDigestName: " + hashAlgorithm); } }
From source file:keygenerator.KeyGenerator.java
public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount) throws Exception { // This object generates individual key-pairs. RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); // Boilerplate RSA parameters, no need to change anything // except for the RSA key-size (2048). You can use whatever // key-size makes sense for you -- 4096, etc. kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12)); // First create the master (signing) key with the generator. PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date()); // Then an encryption subkey. PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date()); // Add a self-signature on the id PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); // Create a signature on the encryption subkey. PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); // Add metadata to declare its purpose enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); // Objects used to encrypt the secret key. PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); // bcpg 1.48 exposes this API that includes s2kcount. Earlier // versions use a default of 0x60. PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass);//from w w w .j a v a2 s. c om // Finally, create the keyring itself. The constructor // takes parameters that allow it to generate the self // signature. BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen; keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc, signhashgen.generate(), null, signerBuilder, pske); // Add our encryption subkey, together with its signature. keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null); return keyRingGen; }
From source file:org.m1theo.apt.repo.builder.RepoBuilder.java
License:Open Source License
private static int getDigestCode(String digestName) throws AptRepoException { if ("SHA1".equals(digestName)) { return HashAlgorithmTags.SHA1; } else if ("MD2".equals(digestName)) { return HashAlgorithmTags.MD2; } else if ("MD5".equals(digestName)) { return HashAlgorithmTags.MD5; } else if ("RIPEMD160".equals(digestName)) { return HashAlgorithmTags.RIPEMD160; } else if ("SHA256".equals(digestName)) { return HashAlgorithmTags.SHA256; } else if ("SHA384".equals(digestName)) { return HashAlgorithmTags.SHA384; } else if ("SHA512".equals(digestName)) { return HashAlgorithmTags.SHA512; } else if ("SHA224".equals(digestName)) { return HashAlgorithmTags.SHA224; } else {//w w w .j a v a 2s. co m throw new AptRepoException("unknown hash algorithm tag in digestName: " + digestName); } }
From source file:org.sufficientlysecure.keychain.remote.SshAuthenticationService.java
License:Open Source License
private int getHashAlgorithm(Intent data) { int hashAlgorithm = data.getIntExtra(SshAuthenticationApi.EXTRA_HASH_ALGORITHM, HASHALGORITHM_NONE); switch (hashAlgorithm) { case SshAuthenticationApi.SHA1: return HashAlgorithmTags.SHA1; case SshAuthenticationApi.RIPEMD160: return HashAlgorithmTags.RIPEMD160; case SshAuthenticationApi.SHA224: return HashAlgorithmTags.SHA224; case SshAuthenticationApi.SHA256: return HashAlgorithmTags.SHA256; case SshAuthenticationApi.SHA384: return HashAlgorithmTags.SHA384; case SshAuthenticationApi.SHA512: return HashAlgorithmTags.SHA512; default:/* w w w . ja va2 s . c om*/ return HASHALGORITHM_NONE; } }
From source file:org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection.java
License:Open Source License
private byte[] prepareDsi(byte[] hash, int hashAlgo) throws IOException { byte[] dsi;/* w ww.ja v a2s . c o m*/ Log.i(Constants.TAG, "Hash: " + hashAlgo); switch (hashAlgo) { case HashAlgorithmTags.SHA1: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 10!"); } dsi = Arrays.concatenate(Hex.decode("3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes + "0605" + "2B0E03021A" // OID of SHA1 + "0500" // TLV coding of ZERO + "0414"), hash); // 0x14 are 20 hash bytes break; case HashAlgorithmTags.RIPEMD160: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 20!"); } dsi = Arrays.concatenate(Hex.decode("3021300906052B2403020105000414"), hash); break; case HashAlgorithmTags.SHA224: if (hash.length != 28) { throw new IOException("Bad hash length (" + hash.length + ", expected 28!"); } dsi = Arrays.concatenate(Hex.decode("302D300D06096086480165030402040500041C"), hash); break; case HashAlgorithmTags.SHA256: if (hash.length != 32) { throw new IOException("Bad hash length (" + hash.length + ", expected 32!"); } dsi = Arrays.concatenate(Hex.decode("3031300D060960864801650304020105000420"), hash); break; case HashAlgorithmTags.SHA384: if (hash.length != 48) { throw new IOException("Bad hash length (" + hash.length + ", expected 48!"); } dsi = Arrays.concatenate(Hex.decode("3041300D060960864801650304020205000430"), hash); break; case HashAlgorithmTags.SHA512: if (hash.length != 64) { throw new IOException("Bad hash length (" + hash.length + ", expected 64!"); } dsi = Arrays.concatenate(Hex.decode("3051300D060960864801650304020305000440"), hash); break; default: throw new IOException("Not supported hash algo!"); } return dsi; }
From source file:org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper.java
License:Open Source License
/** * Call COMPUTE DIGITAL SIGNATURE command and returns the MPI value * * @param hash the hash for signing//from w w w .j a v a2 s. c o m * @return a big integer representing the MPI for the given hash */ public byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException { if (!mPw1ValidatedForSignature) { verifyPin(0x81); // (Verify PW1 with mode 81 for signing) } byte[] dsi; Log.i(Constants.TAG, "Hash: " + hashAlgo); switch (hashAlgo) { case HashAlgorithmTags.SHA1: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 10!"); } dsi = Arrays.concatenate(Hex.decode("3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes + "0605" + "2B0E03021A" // OID of SHA1 + "0500" // TLV coding of ZERO + "0414"), hash); // 0x14 are 20 hash bytes break; case HashAlgorithmTags.RIPEMD160: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 20!"); } dsi = Arrays.concatenate(Hex.decode("3021300906052B2403020105000414"), hash); break; case HashAlgorithmTags.SHA224: if (hash.length != 28) { throw new IOException("Bad hash length (" + hash.length + ", expected 28!"); } dsi = Arrays.concatenate(Hex.decode("302D300D06096086480165030402040500041C"), hash); break; case HashAlgorithmTags.SHA256: if (hash.length != 32) { throw new IOException("Bad hash length (" + hash.length + ", expected 32!"); } dsi = Arrays.concatenate(Hex.decode("3031300D060960864801650304020105000420"), hash); break; case HashAlgorithmTags.SHA384: if (hash.length != 48) { throw new IOException("Bad hash length (" + hash.length + ", expected 48!"); } dsi = Arrays.concatenate(Hex.decode("3041300D060960864801650304020205000430"), hash); break; case HashAlgorithmTags.SHA512: if (hash.length != 64) { throw new IOException("Bad hash length (" + hash.length + ", expected 64!"); } dsi = Arrays.concatenate(Hex.decode("3051300D060960864801650304020305000440"), hash); break; default: throw new IOException("Not supported hash algo!"); } // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37) CommandAPDU command = new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, dsi, MAX_APDU_NE_EXT); ResponseAPDU response = communicate(command); if (response.getSW() != APDU_SW_SUCCESS) { throw new CardException("Failed to sign", response.getSW()); } if (!mOpenPgpCapabilities.isPw1ValidForMultipleSignatures()) { mPw1ValidatedForSignature = false; } byte[] signature = response.getData(); // Make sure the signature we received is actually the expected number of bytes long! if (signature.length != 128 && signature.length != 256 && signature.length != 384 && signature.length != 512) { throw new IOException("Bad signature length! Expected 128/256/384/512 bytes, got " + signature.length); } return signature; }
From source file:org.sufficientlysecure.keychain.support.KeyringBuilder.java
License:Open Source License
private static SignaturePacket createSignaturePacket(BigInteger signature) { MPInteger[] signatureArray = new MPInteger[] { new MPInteger(signature) }; int signatureType = PGPSignature.POSITIVE_CERTIFICATION; int keyAlgorithm = SignaturePacket.RSA_GENERAL; int hashAlgorithm = HashAlgorithmTags.SHA1; SignatureSubpacket[] hashedData = new SignatureSubpacket[] { new SignatureCreationTime(false, SIGNATURE_DATE), new KeyFlags(false, KeyFlags.CERTIFY_OTHER + KeyFlags.SIGN_DATA), new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)), new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_SYM_ALGS, false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128, SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.TRIPLE_DES }), new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_HASH_ALGS, false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224 }), new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_COMP_ALGS, false, new int[] { CompressionAlgorithmTags.ZLIB, CompressionAlgorithmTags.BZIP2, CompressionAlgorithmTags.ZIP }), new Features(false, Features.FEATURE_MODIFICATION_DETECTION), createPreferencesSignatureSubpacket() }; SignatureSubpacket[] unhashedData = new SignatureSubpacket[] { new IssuerKeyID(false, false, KEY_ID.toByteArray()) }; byte[] fingerPrint = new BigInteger("522c", 16).toByteArray(); return new SignaturePacket(signatureType, KEY_ID.longValue(), keyAlgorithm, hashAlgorithm, hashedData, unhashedData, fingerPrint, signatureArray); }
From source file:org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenNfcActivity.java
License:Open Source License
/** * Call COMPUTE DIGITAL SIGNATURE command and returns the MPI value * * @param hash the hash for signing//from w w w . jav a2 s .c om * @return a big integer representing the MPI for the given hash */ public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException { if (!mPw1ValidatedForSignature) { nfcVerifyPin(0x81); // (Verify PW1 with mode 81 for signing) } // dsi, including Lc String dsi; Log.i(Constants.TAG, "Hash: " + hashAlgo); switch (hashAlgo) { case HashAlgorithmTags.SHA1: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 10!"); } dsi = "23" // Lc + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes + "0605" + "2B0E03021A" // OID of SHA1 + "0500" // TLV coding of ZERO + "0414" + getHex(hash); // 0x14 are 20 hash bytes break; case HashAlgorithmTags.RIPEMD160: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 20!"); } dsi = "233021300906052B2403020105000414" + getHex(hash); break; case HashAlgorithmTags.SHA224: if (hash.length != 28) { throw new IOException("Bad hash length (" + hash.length + ", expected 28!"); } dsi = "2F302D300D06096086480165030402040500041C" + getHex(hash); break; case HashAlgorithmTags.SHA256: if (hash.length != 32) { throw new IOException("Bad hash length (" + hash.length + ", expected 32!"); } dsi = "333031300D060960864801650304020105000420" + getHex(hash); break; case HashAlgorithmTags.SHA384: if (hash.length != 48) { throw new IOException("Bad hash length (" + hash.length + ", expected 48!"); } dsi = "433041300D060960864801650304020205000430" + getHex(hash); break; case HashAlgorithmTags.SHA512: if (hash.length != 64) { throw new IOException("Bad hash length (" + hash.length + ", expected 64!"); } dsi = "533051300D060960864801650304020305000440" + getHex(hash); break; default: throw new IOException("Not supported hash algo!"); } // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37) String apdu = "002A9E9A" // CLA, INS, P1, P2 + dsi // digital signature input + "00"; // Le String response = nfcCommunicate(apdu); // split up response into signature and status String status = response.substring(response.length() - 4); String signature = response.substring(0, response.length() - 4); // while we are getting 0x61 status codes, retrieve more data while (status.substring(0, 2).equals("61")) { Log.d(Constants.TAG, "requesting more data, status " + status); // Send GET RESPONSE command response = nfcCommunicate("00C00000" + status.substring(2)); status = response.substring(response.length() - 4); signature += response.substring(0, response.length() - 4); } Log.d(Constants.TAG, "final response:" + status); if (!mPw1ValidForMultipleSignatures) { mPw1ValidatedForSignature = false; } if (!"9000".equals(status)) { throw new CardException("Bad NFC response code: " + status, parseCardStatus(response)); } // Make sure the signature we received is actually the expected number of bytes long! if (signature.length() != 256 && signature.length() != 512) { throw new IOException("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2); } return Hex.decode(signature); }
From source file:org.tramaci.onionmail.PGPKeyGen.java
License:Open Source License
public static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount, int nBits, int certainty, Date when) throws Exception { RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); RSAKeyGenerationParameters kgp = new RSAKeyGenerationParameters(DEFAULT_PUBEXP, new SecureRandom(), nBits, certainty);// w ww .ja v a2 s.c o m kpg.init(kgp); PGPKeyPair rsakpSign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), when); PGPKeyPair rsakpEnc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), when); PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.TWOFISH, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224 }); signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakpSign, id, sha1Calc, signhashgen.generate(), null, new BcPGPContentSignerBuilder(rsakpSign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), pske); keyRingGen.addSubKey(rsakpEnc, enchashgen.generate(), null); return keyRingGen; }
From source file:ubicrypt.core.crypto.PGPEC.java
License:Open Source License
private static PGPKeyRingGenerator keyRingGenerator(final PGPKeyPair masterKey, final PBESecretKeyEncryptor encryptor) { // Add a self-signature on the id final PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, // HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); try {//from w ww. j a v a2 s.co m return new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, masterKey, Utils.machineName(), new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1), signhashgen.generate(), null, new BcPGPContentSignerBuilder(PGPPublicKey.ECDSA, HashAlgorithmTags.SHA256), encryptor); } catch (final PGPException e) { Throwables.propagate(e); } return null; }