List of usage examples for org.bouncycastle.bcpg HashAlgorithmTags SHA512
int SHA512
To view the source code for org.bouncycastle.bcpg HashAlgorithmTags SHA512.
Click Source Link
From source file:divconq.pgp.PGPUtil.java
License:Open Source License
public static String getDigestName(int hashAlgorithm) throws PGPException { switch (hashAlgorithm) { case HashAlgorithmTags.SHA1: return "SHA1"; case HashAlgorithmTags.MD2: return "MD2"; case HashAlgorithmTags.MD5: return "MD5"; case HashAlgorithmTags.RIPEMD160: return "RIPEMD160"; case HashAlgorithmTags.SHA256: return "SHA256"; case HashAlgorithmTags.SHA384: return "SHA384"; case HashAlgorithmTags.SHA512: return "SHA512"; case HashAlgorithmTags.SHA224: return "SHA224"; case HashAlgorithmTags.TIGER_192: return "TIGER"; default:/*ww w. j a v a 2 s . co m*/ throw new PGPException("unknown hash algorithm tag in getDigestName: " + hashAlgorithm); } }
From source file:keygenerator.KeyGenerator.java
public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount) throws Exception { // This object generates individual key-pairs. RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); // Boilerplate RSA parameters, no need to change anything // except for the RSA key-size (2048). You can use whatever // key-size makes sense for you -- 4096, etc. kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12)); // First create the master (signing) key with the generator. PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date()); // Then an encryption subkey. PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date()); // Add a self-signature on the id PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); // Create a signature on the encryption subkey. PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); // Add metadata to declare its purpose enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); // Objects used to encrypt the secret key. PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); // bcpg 1.48 exposes this API that includes s2kcount. Earlier // versions use a default of 0x60. PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass);/*from w w w .j a v a 2s.c o m*/ // Finally, create the keyring itself. The constructor // takes parameters that allow it to generate the self // signature. BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen; keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc, signhashgen.generate(), null, signerBuilder, pske); // Add our encryption subkey, together with its signature. keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null); return keyRingGen; }
From source file:org.apache.camel.converter.crypto.PGPDataFormatDynamicTest.java
License:Apache License
protected Map<String, Object> getHeaders() { Map<String, Object> headers = new HashMap<String, Object>(); headers.put(PGPDataFormat.KEY_USERID, "sdude@nowhere.net"); headers.put(PGPDataFormat.KEY_USERIDS, Collections.singletonList("second")); headers.put(PGPDataFormat.SIGNATURE_KEY_USERID, "sdude@nowhere.net"); headers.put(PGPDataFormat.KEY_PASSWORD, "sdude"); headers.put(PGPDataFormat.SIGNATURE_KEY_PASSWORD, "sdude"); headers.put(PGPDataFormat.ENCRYPTION_ALGORITHM, SymmetricKeyAlgorithmTags.AES_128); headers.put(PGPDataFormat.SIGNATURE_HASH_ALGORITHM, HashAlgorithmTags.SHA512); headers.put(PGPDataFormat.COMPRESSION_ALGORITHM, CompressionAlgorithmTags.ZLIB); return headers; }
From source file:org.elasticsearch.plugins.InstallPluginCommandTests.java
License:Apache License
private String signature(final byte[] bytes, final PGPSecretKey secretKey) { try {// w w w. j ava2 s . c o m final PGPPrivateKey privateKey = secretKey.extractPrivateKey( new BcPBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().build()) .build("passphrase".toCharArray())); final PGPSignatureGenerator generator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder( privateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)); generator.init(PGPSignature.BINARY_DOCUMENT, privateKey); final ByteArrayOutputStream output = new ByteArrayOutputStream(); try (BCPGOutputStream pout = new BCPGOutputStream(new ArmoredOutputStream(output)); InputStream is = new ByteArrayInputStream(bytes)) { final byte[] buffer = new byte[1024]; int read; while ((read = is.read(buffer)) != -1) { generator.update(buffer, 0, read); } generator.generate().encode(pout); } return new String(output.toByteArray(), "UTF-8"); } catch (IOException | PGPException e) { throw new RuntimeException(e); } }
From source file:org.m1theo.apt.repo.builder.RepoBuilder.java
License:Open Source License
private static int getDigestCode(String digestName) throws AptRepoException { if ("SHA1".equals(digestName)) { return HashAlgorithmTags.SHA1; } else if ("MD2".equals(digestName)) { return HashAlgorithmTags.MD2; } else if ("MD5".equals(digestName)) { return HashAlgorithmTags.MD5; } else if ("RIPEMD160".equals(digestName)) { return HashAlgorithmTags.RIPEMD160; } else if ("SHA256".equals(digestName)) { return HashAlgorithmTags.SHA256; } else if ("SHA384".equals(digestName)) { return HashAlgorithmTags.SHA384; } else if ("SHA512".equals(digestName)) { return HashAlgorithmTags.SHA512; } else if ("SHA224".equals(digestName)) { return HashAlgorithmTags.SHA224; } else {/*ww w . j a va 2 s . c o m*/ throw new AptRepoException("unknown hash algorithm tag in digestName: " + digestName); } }
From source file:org.sufficientlysecure.keychain.operations.AuthenticationOperationTest.java
License:Open Source License
@Test public void testAuthenticate() throws Exception { byte[] challenge = "dies ist ein challenge ".getBytes(); byte[] signature; KeyRepository keyRepository = KeyRepository.create(RuntimeEnvironment.application); long masterKeyId = mStaticRing.getMasterKeyId(); Long authSubKeyId = keyRepository.getCachedPublicKeyRing(masterKeyId).getSecretAuthenticationId(); { // sign challenge AuthenticationOperation op = new AuthenticationOperation(RuntimeEnvironment.application, keyRepository); AuthenticationData.Builder authData = AuthenticationData.builder(); authData.setAuthenticationMasterKeyId(masterKeyId); authData.setAuthenticationSubKeyId(authSubKeyId); authData.setHashAlgorithm(HashAlgorithmTags.SHA512); // ArrayList<Long> allowedKeyIds = new ArrayList<>(1); // allowedKeyIds.add(mStaticRing.getMasterKeyId()); // authData.setAllowedAuthenticationKeyIds(allowedKeyIds); AuthenticationParcel authenticationParcel = AuthenticationParcel .createAuthenticationParcel(authData.build(), challenge); CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel(); inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId); AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel); Assert.assertTrue("authentication must succeed", result.success()); signature = result.getSignature(); }/* www . j av a 2s .c o m*/ { // verify signature CanonicalizedPublicKey canonicalizedPublicKey = keyRepository.getCanonicalizedPublicKeyRing(masterKeyId) .getPublicKey(authSubKeyId); PublicKey publicKey = canonicalizedPublicKey.getJcaPublicKey(); Signature signatureVerifier = Signature.getInstance("SHA512withECDSA"); signatureVerifier.initVerify(publicKey); signatureVerifier.update(challenge); boolean isSignatureValid = signatureVerifier.verify(signature); Assert.assertTrue("signature must be valid", isSignatureValid); } }
From source file:org.sufficientlysecure.keychain.operations.AuthenticationOperationTest.java
License:Open Source License
@Test public void testAccessControl() throws Exception { byte[] challenge = "dies ist ein challenge ".getBytes(); KeyRepository keyRepository = KeyRepository.create(RuntimeEnvironment.application); long masterKeyId = mStaticRing.getMasterKeyId(); Long authSubKeyId = keyRepository.getCachedPublicKeyRing(masterKeyId).getSecretAuthenticationId(); { // sign challenge - should succeed with selected key allowed AuthenticationOperation op = new AuthenticationOperation(RuntimeEnvironment.application, keyRepository); AuthenticationData.Builder authData = AuthenticationData.builder(); authData.setAuthenticationMasterKeyId(masterKeyId); authData.setAuthenticationSubKeyId(authSubKeyId); authData.setHashAlgorithm(HashAlgorithmTags.SHA512); ArrayList<Long> allowedKeyIds = new ArrayList<>(1); allowedKeyIds.add(mStaticRing.getMasterKeyId()); authData.setAllowedAuthenticationKeyIds(allowedKeyIds); AuthenticationParcel authenticationParcel = AuthenticationParcel .createAuthenticationParcel(authData.build(), challenge); CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel(); inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId); AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel); Assert.assertTrue("authentication must succeed with selected key allowed", result.success()); }//from www . j av a2 s . co m { // sign challenge - should fail with selected key disallowed AuthenticationOperation op = new AuthenticationOperation(RuntimeEnvironment.application, keyRepository); AuthenticationData.Builder authData = AuthenticationData.builder(); authData.setAuthenticationMasterKeyId(masterKeyId); authData.setAuthenticationSubKeyId(authSubKeyId); authData.setHashAlgorithm(HashAlgorithmTags.SHA512); ArrayList<Long> allowedKeyIds = new ArrayList<>(1); authData.setAllowedAuthenticationKeyIds(allowedKeyIds); AuthenticationParcel authenticationParcel = AuthenticationParcel .createAuthenticationParcel(authData.build(), challenge); CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel(); inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId); AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel); Assert.assertFalse("authentication must fail with selected key disallowed", result.success()); } }
From source file:org.sufficientlysecure.keychain.remote.SshAuthenticationService.java
License:Open Source License
private int getHashAlgorithm(Intent data) { int hashAlgorithm = data.getIntExtra(SshAuthenticationApi.EXTRA_HASH_ALGORITHM, HASHALGORITHM_NONE); switch (hashAlgorithm) { case SshAuthenticationApi.SHA1: return HashAlgorithmTags.SHA1; case SshAuthenticationApi.RIPEMD160: return HashAlgorithmTags.RIPEMD160; case SshAuthenticationApi.SHA224: return HashAlgorithmTags.SHA224; case SshAuthenticationApi.SHA256: return HashAlgorithmTags.SHA256; case SshAuthenticationApi.SHA384: return HashAlgorithmTags.SHA384; case SshAuthenticationApi.SHA512: return HashAlgorithmTags.SHA512; default://from w w w . j a va2s.co m return HASHALGORITHM_NONE; } }
From source file:org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection.java
License:Open Source License
private byte[] prepareDsi(byte[] hash, int hashAlgo) throws IOException { byte[] dsi;//from www .j a v a2s. c o m Log.i(Constants.TAG, "Hash: " + hashAlgo); switch (hashAlgo) { case HashAlgorithmTags.SHA1: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 10!"); } dsi = Arrays.concatenate(Hex.decode("3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes + "0605" + "2B0E03021A" // OID of SHA1 + "0500" // TLV coding of ZERO + "0414"), hash); // 0x14 are 20 hash bytes break; case HashAlgorithmTags.RIPEMD160: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 20!"); } dsi = Arrays.concatenate(Hex.decode("3021300906052B2403020105000414"), hash); break; case HashAlgorithmTags.SHA224: if (hash.length != 28) { throw new IOException("Bad hash length (" + hash.length + ", expected 28!"); } dsi = Arrays.concatenate(Hex.decode("302D300D06096086480165030402040500041C"), hash); break; case HashAlgorithmTags.SHA256: if (hash.length != 32) { throw new IOException("Bad hash length (" + hash.length + ", expected 32!"); } dsi = Arrays.concatenate(Hex.decode("3031300D060960864801650304020105000420"), hash); break; case HashAlgorithmTags.SHA384: if (hash.length != 48) { throw new IOException("Bad hash length (" + hash.length + ", expected 48!"); } dsi = Arrays.concatenate(Hex.decode("3041300D060960864801650304020205000430"), hash); break; case HashAlgorithmTags.SHA512: if (hash.length != 64) { throw new IOException("Bad hash length (" + hash.length + ", expected 64!"); } dsi = Arrays.concatenate(Hex.decode("3051300D060960864801650304020305000440"), hash); break; default: throw new IOException("Not supported hash algo!"); } return dsi; }
From source file:org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper.java
License:Open Source License
/** * Call COMPUTE DIGITAL SIGNATURE command and returns the MPI value * * @param hash the hash for signing// w ww . ja v a 2 s .c o m * @return a big integer representing the MPI for the given hash */ public byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException { if (!mPw1ValidatedForSignature) { verifyPin(0x81); // (Verify PW1 with mode 81 for signing) } byte[] dsi; Log.i(Constants.TAG, "Hash: " + hashAlgo); switch (hashAlgo) { case HashAlgorithmTags.SHA1: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 10!"); } dsi = Arrays.concatenate(Hex.decode("3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes + "0605" + "2B0E03021A" // OID of SHA1 + "0500" // TLV coding of ZERO + "0414"), hash); // 0x14 are 20 hash bytes break; case HashAlgorithmTags.RIPEMD160: if (hash.length != 20) { throw new IOException("Bad hash length (" + hash.length + ", expected 20!"); } dsi = Arrays.concatenate(Hex.decode("3021300906052B2403020105000414"), hash); break; case HashAlgorithmTags.SHA224: if (hash.length != 28) { throw new IOException("Bad hash length (" + hash.length + ", expected 28!"); } dsi = Arrays.concatenate(Hex.decode("302D300D06096086480165030402040500041C"), hash); break; case HashAlgorithmTags.SHA256: if (hash.length != 32) { throw new IOException("Bad hash length (" + hash.length + ", expected 32!"); } dsi = Arrays.concatenate(Hex.decode("3031300D060960864801650304020105000420"), hash); break; case HashAlgorithmTags.SHA384: if (hash.length != 48) { throw new IOException("Bad hash length (" + hash.length + ", expected 48!"); } dsi = Arrays.concatenate(Hex.decode("3041300D060960864801650304020205000430"), hash); break; case HashAlgorithmTags.SHA512: if (hash.length != 64) { throw new IOException("Bad hash length (" + hash.length + ", expected 64!"); } dsi = Arrays.concatenate(Hex.decode("3051300D060960864801650304020305000440"), hash); break; default: throw new IOException("Not supported hash algo!"); } // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37) CommandAPDU command = new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, dsi, MAX_APDU_NE_EXT); ResponseAPDU response = communicate(command); if (response.getSW() != APDU_SW_SUCCESS) { throw new CardException("Failed to sign", response.getSW()); } if (!mOpenPgpCapabilities.isPw1ValidForMultipleSignatures()) { mPw1ValidatedForSignature = false; } byte[] signature = response.getData(); // Make sure the signature we received is actually the expected number of bytes long! if (signature.length != 128 && signature.length != 256 && signature.length != 384 && signature.length != 512) { throw new IOException("Bad signature length! Expected 128/256/384/512 bytes, got " + signature.length); } return signature; }