Example usage for org.bouncycastle.bcpg.sig Features FEATURE_MODIFICATION_DETECTION

List of usage examples for org.bouncycastle.bcpg.sig Features FEATURE_MODIFICATION_DETECTION

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.bcpg.sig.*
  5. Features
  6. FEATURE_MODIFICATION_DETECTION

Introduction

In this page you can find the example usage for org.bouncycastle.bcpg.sig Features FEATURE_MODIFICATION_DETECTION.

Prototype

byte FEATURE_MODIFICATION_DETECTION

To view the source code for org.bouncycastle.bcpg.sig Features FEATURE_MODIFICATION_DETECTION.

Click Source Link

Document

Identifier for the modification detection feature

Usage

From source file:keygenerator.KeyGenerator.java

public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount)
        throws Exception {
    // This object generates individual key-pairs.
    RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();

    // Boilerplate RSA parameters, no need to change anything
    // except for the RSA key-size (2048). You can use whatever
    // key-size makes sense for you -- 4096, etc.
    kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12));

    // First create the master (signing) key with the generator.
    PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date());
    // Then an encryption subkey.
    PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date());

    // Add a self-signature on the id
    PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

    // Add signed metadata on the signature.
    // 1) Declare its purpose
    signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER);
    // 2) Set preferences for secondary crypto algorithms to use
    //    when sending messages to this key.
    signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256,
            SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 });
    signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1,
            HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, });
    // 3) Request senders add additional checksums to the
    //    message (useful when verifying unsigned messages.)
    signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);

    // Create a signature on the encryption subkey.
    PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
    // Add metadata to declare its purpose
    enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);

    // Objects used to encrypt the secret key.
    PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);
    PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256);

    // bcpg 1.48 exposes this API that includes s2kcount. Earlier
    // versions use a default of 0x60.
    PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc,
            s2kcount)).build(pass);//from  ww  w . j  a v  a  2  s. co m

    // Finally, create the keyring itself. The constructor
    // takes parameters that allow it to generate the self
    // signature.

    BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder(
            rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1);

    PGPKeyRingGenerator keyRingGen;
    keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc,
            signhashgen.generate(), null, signerBuilder, pske);

    // Add our encryption subkey, together with its signature.
    keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null);
    return keyRingGen;
}

From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java

License:Open Source License

private static PGPSignatureSubpacketGenerator generateHashedSelfSigSubpackets(Date creationTime,
        PGPPublicKey pKey, boolean primary, int flags, long expiry) {

    PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
    {/*from w w  w . jav a2  s.c  om*/
        /*
         * From RFC about critical subpackets:
         * If a subpacket is encountered that is
         * marked critical but is unknown to the evaluating software, the
         * evaluator SHOULD consider the signature to be in error.
         * An evaluator may "recognize" a subpacket, but not implement it.  The
         * purpose of the critical bit is to allow the signer to tell an
         * evaluator that it would prefer a new, unknown feature to generate an
         * error than be ignored.
         */
        /* non-critical subpackets: */
        hashedPacketsGen.setPreferredSymmetricAlgorithms(false,
                PgpSecurityConstants.PREFERRED_SYMMETRIC_ALGORITHMS);
        hashedPacketsGen.setPreferredHashAlgorithms(false, PgpSecurityConstants.PREFERRED_HASH_ALGORITHMS);
        hashedPacketsGen.setPreferredCompressionAlgorithms(false,
                PgpSecurityConstants.PREFERRED_COMPRESSION_ALGORITHMS);
        hashedPacketsGen.setPrimaryUserID(false, primary);

        /* critical subpackets: we consider those important for a modern pgp implementation */
        hashedPacketsGen.setSignatureCreationTime(true, creationTime);
        // Request that senders add the MDC to the message (authenticate unsigned messages)
        hashedPacketsGen.setFeature(true, Features.FEATURE_MODIFICATION_DETECTION);
        hashedPacketsGen.setKeyFlags(true, flags);
        if (expiry > 0) {
            hashedPacketsGen.setKeyExpirationTime(true, expiry - pKey.getCreationTime().getTime() / 1000);
        }
    }

    return hashedPacketsGen;
}

From source file:org.sufficientlysecure.keychain.support.KeyringBuilder.java

License:Open Source License

private static SignaturePacket createSignaturePacket(BigInteger signature) {
    MPInteger[] signatureArray = new MPInteger[] { new MPInteger(signature) };

    int signatureType = PGPSignature.POSITIVE_CERTIFICATION;
    int keyAlgorithm = SignaturePacket.RSA_GENERAL;
    int hashAlgorithm = HashAlgorithmTags.SHA1;

    SignatureSubpacket[] hashedData = new SignatureSubpacket[] {
            new SignatureCreationTime(false, SIGNATURE_DATE),
            new KeyFlags(false, KeyFlags.CERTIFY_OTHER + KeyFlags.SIGN_DATA),
            new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)),
            new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_SYM_ALGS, false,
                    new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192,
                            SymmetricKeyAlgorithmTags.AES_128, SymmetricKeyAlgorithmTags.CAST5,
                            SymmetricKeyAlgorithmTags.TRIPLE_DES }),
            new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_HASH_ALGS, false,
                    new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384,
                            HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224 }),
            new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_COMP_ALGS, false,
                    new int[] { CompressionAlgorithmTags.ZLIB, CompressionAlgorithmTags.BZIP2,
                            CompressionAlgorithmTags.ZIP }),
            new Features(false, Features.FEATURE_MODIFICATION_DETECTION),
            createPreferencesSignatureSubpacket() };
    SignatureSubpacket[] unhashedData = new SignatureSubpacket[] {
            new IssuerKeyID(false, false, KEY_ID.toByteArray()) };
    byte[] fingerPrint = new BigInteger("522c", 16).toByteArray();

    return new SignaturePacket(signatureType, KEY_ID.longValue(), keyAlgorithm, hashAlgorithm, hashedData,
            unhashedData, fingerPrint, signatureArray);
}

From source file:org.tramaci.onionmail.PGPKeyGen.java

License:Open Source License

public static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount, int nBits,
        int certainty, Date when) throws Exception {

    RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();
    RSAKeyGenerationParameters kgp = new RSAKeyGenerationParameters(DEFAULT_PUBEXP, new SecureRandom(), nBits,
            certainty);/*from   ww  w. ja v  a  2 s .c o m*/
    kpg.init(kgp);
    PGPKeyPair rsakpSign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), when);
    PGPKeyPair rsakpEnc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), when);
    PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

    signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER);

    signhashgen.setPreferredSymmetricAlgorithms(false,
            new int[] { SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.AES_256,
                    SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.TWOFISH,
                    SymmetricKeyAlgorithmTags.AES_128 });

    signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1,
            HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224 });

    signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);
    PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
    enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);

    PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256);
    PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);

    PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc,
            s2kcount)).build(pass);

    PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakpSign, id,
            sha1Calc, signhashgen.generate(), null,
            new BcPGPContentSignerBuilder(rsakpSign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1),
            pske);

    keyRingGen.addSubKey(rsakpEnc, enchashgen.generate(), null);
    return keyRingGen;
}

From source file:ubicrypt.core.crypto.PGPEC.java

License:Open Source License

private static PGPKeyRingGenerator keyRingGenerator(final PGPKeyPair masterKey,
        final PBESecretKeyEncryptor encryptor) {
    // Add a self-signature on the id
    final PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

    // Add signed metadata on the signature.
    // 1) Declare its purpose
    signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER);
    // 2) Set preferences for secondary crypto algorithms to use
    //    when sending messages to this key.
    signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256,
            SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 });
    signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256,
            //                        HashAlgorithmTags.SHA1,
            HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, });
    // 3) Request senders add additional checksums to the
    //    message (useful when verifying unsigned messages.)
    signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);

    try {/*from w ww  .ja  va2s . com*/
        return new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, masterKey, Utils.machineName(),
                new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1), signhashgen.generate(), null,
                new BcPGPContentSignerBuilder(PGPPublicKey.ECDSA, HashAlgorithmTags.SHA256), encryptor);
    } catch (final PGPException e) {
        Throwables.propagate(e);
    }
    return null;
}