Example usage for org.bouncycastle.openpgp.operator.bc BcPBESecretKeyEncryptorBuilder BcPBESecretKeyEncryptorBuilder

List of usage examples for org.bouncycastle.openpgp.operator.bc BcPBESecretKeyEncryptorBuilder BcPBESecretKeyEncryptorBuilder

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.openpgp.operator.bc.*
  5. BcPBESecretKeyEncryptorBuilder
  6. BcPBESecretKeyEncryptorBuilder

Introduction

In this page you can find the example usage for org.bouncycastle.openpgp.operator.bc BcPBESecretKeyEncryptorBuilder BcPBESecretKeyEncryptorBuilder.

Prototype

public BcPBESecretKeyEncryptorBuilder(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, int s2kCount)

Source Link

Document

Create an SecretKeyEncryptorBuilder with the S2k count different to the default of 0x60, and the S2K digest different from SHA-1.

Usage

From source file:keygenerator.KeyGenerator.java

public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount)
        throws Exception {
    // This object generates individual key-pairs.
    RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();

    // Boilerplate RSA parameters, no need to change anything
    // except for the RSA key-size (2048). You can use whatever
    // key-size makes sense for you -- 4096, etc.
    kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12));

    // First create the master (signing) key with the generator.
    PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date());
    // Then an encryption subkey.
    PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date());

    // Add a self-signature on the id
    PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

    // Add signed metadata on the signature.
    // 1) Declare its purpose
    signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER);
    // 2) Set preferences for secondary crypto algorithms to use
    //    when sending messages to this key.
    signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256,
            SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 });
    signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1,
            HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, });
    // 3) Request senders add additional checksums to the
    //    message (useful when verifying unsigned messages.)
    signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);

    // Create a signature on the encryption subkey.
    PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
    // Add metadata to declare its purpose
    enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);

    // Objects used to encrypt the secret key.
    PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);
    PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256);

    // bcpg 1.48 exposes this API that includes s2kcount. Earlier
    // versions use a default of 0x60.
    PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc,
            s2kcount)).build(pass);/*ww w  .  j a  va  2  s.c  o  m*/

    // Finally, create the keyring itself. The constructor
    // takes parameters that allow it to generate the self
    // signature.

    BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder(
            rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1);

    PGPKeyRingGenerator keyRingGen;
    keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc,
            signhashgen.generate(), null, signerBuilder, pske);

    // Add our encryption subkey, together with its signature.
    keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null);
    return keyRingGen;
}

From source file:org.tramaci.onionmail.PGPKeyGen.java

License:Open Source License

public static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount, int nBits,
        int certainty, Date when) throws Exception {

    RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();
    RSAKeyGenerationParameters kgp = new RSAKeyGenerationParameters(DEFAULT_PUBEXP, new SecureRandom(), nBits,
            certainty);/*from ww  w.ja  v  a2s  . c o  m*/
    kpg.init(kgp);
    PGPKeyPair rsakpSign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), when);
    PGPKeyPair rsakpEnc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), when);
    PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

    signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER);

    signhashgen.setPreferredSymmetricAlgorithms(false,
            new int[] { SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.AES_256,
                    SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.TWOFISH,
                    SymmetricKeyAlgorithmTags.AES_128 });

    signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1,
            HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224 });

    signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);
    PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
    enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);

    PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256);
    PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);

    PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc,
            s2kcount)).build(pass);

    PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakpSign, id,
            sha1Calc, signhashgen.generate(), null,
            new BcPGPContentSignerBuilder(rsakpSign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1),
            pske);

    keyRingGen.addSubKey(rsakpEnc, enchashgen.generate(), null);
    return keyRingGen;
}

From source file:ubicrypt.core.crypto.PGPEC.java

License:Open Source License

private static PBESecretKeyEncryptor skEncryptor(final char[] passPhrase, final int algorithm) {
    PGPDigestCalculator sha256Calc = null;
    try {//  www  .j a v a2  s .c  om
        sha256Calc = new BcPGPDigestCalculatorProvider().get(algorithm);
    } catch (final PGPException e) {
        Throwables.propagate(e);
    }
    // Note: s2kcount is a number between 0 and 0xff that controls the
    // number of times to iterate the password hash before use. More
    // iterations are useful against offline attacks, as it takes more
    // time to check each password. The actual number of iterations is
    // rather complex, and also depends on the hash function in use.
    // Refer to Section 3.7.1.3 in rfc4880.txt. Bigger numbers give
    // you more iterations.  As a rough rule of thumb, when using
    // SHA256 as the hashing function, 0x10 gives you about 64
    // iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0,
    // or about 1 million iterations. The maximum you can go to is
    // 0xff, or about 2 million iterations.  I'll use 0xc0 as a
    // default -- about 130,000 iterations.
    return new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, 0xc0).build(passPhrase);
}