List of usage examples for org.bouncycastle.openpgp.operator.bc BcPGPContentSignerBuilder BcPGPContentSignerBuilder
public BcPGPContentSignerBuilder(int keyAlgorithm, int hashAlgorithm)
From source file:keygenerator.KeyGenerator.java
public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount) throws Exception { // This object generates individual key-pairs. RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); // Boilerplate RSA parameters, no need to change anything // except for the RSA key-size (2048). You can use whatever // key-size makes sense for you -- 4096, etc. kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12)); // First create the master (signing) key with the generator. PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date()); // Then an encryption subkey. PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date()); // Add a self-signature on the id PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); // Create a signature on the encryption subkey. PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); // Add metadata to declare its purpose enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); // Objects used to encrypt the secret key. PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); // bcpg 1.48 exposes this API that includes s2kcount. Earlier // versions use a default of 0x60. PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass);//ww w . j a v a2 s . c o m // Finally, create the keyring itself. The constructor // takes parameters that allow it to generate the self // signature. BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen; keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc, signhashgen.generate(), null, signerBuilder, pske); // Add our encryption subkey, together with its signature. keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null); return keyRingGen; }
From source file:org.eclipse.packagedrone.repo.signing.pgp.internal.AbstractSecretKeySigningService.java
License:Open Source License
@Override public void sign(final InputStream in, final OutputStream out, final boolean inline) throws Exception { final int digest = HashAlgorithmTags.SHA1; final PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(this.privateKey.getPublicKeyPacket().getAlgorithm(), digest)); if (inline) { signatureGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, this.privateKey); } else {//from w w w. j a v a2 s . co m signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, this.privateKey); } final ArmoredOutputStream armoredOutput = new ArmoredOutputStream(out); armoredOutput.setHeader("Version", VersionInformation.VERSIONED_PRODUCT); if (inline) { armoredOutput.beginClearText(digest); final LineNumberReader lnr = new LineNumberReader(new InputStreamReader(in, StandardCharsets.UTF_8)); String line; while ((line = lnr.readLine()) != null) { if (lnr.getLineNumber() > 1) { signatureGenerator.update(NL_DATA); } final byte[] data = trimTrailing(line).getBytes(StandardCharsets.UTF_8); if (inline) { armoredOutput.write(data); armoredOutput.write(NL_DATA); } signatureGenerator.update(data); } armoredOutput.endClearText(); } else { final byte[] buffer = new byte[4096]; int rc; while ((rc = in.read(buffer)) >= 0) { signatureGenerator.update(buffer, 0, rc); } } final PGPSignature signature = signatureGenerator.generate(); signature.encode(new BCPGOutputStream(armoredOutput)); armoredOutput.close(); }
From source file:org.eclipse.packagedrone.repo.signing.pgp.SigningStream.java
License:Open Source License
protected void testInit() throws IOException { if (this.initialized) { return;/*from ww w . j av a2 s . co m*/ } this.initialized = true; try { final int digest = HashAlgorithmTags.SHA1; this.signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(this.privateKey.getPublicKeyPacket().getAlgorithm(), digest)); this.signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, this.privateKey); this.armoredOutput = new ArmoredOutputStream(this.stream); this.armoredOutput.setHeader("Version", VersionInformation.VERSIONED_PRODUCT); if (this.inline) { this.armoredOutput.beginClearText(digest); } } catch (final PGPException e) { throw new IOException(e); } }
From source file:org.eclipse.packagedrone.utils.rpm.signature.RsaHeaderSignatureProcessor.java
License:Open Source License
@Override public void feedHeader(final ByteBuffer header) { try {// w w w . j av a 2 s . c om final BcPGPContentSignerBuilder contentSignerBuilder = new BcPGPContentSignerBuilder( this.privateKey.getPublicKeyPacket().getAlgorithm(), this.hashAlgorithm); final PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, this.privateKey); if (header.hasArray()) { signatureGenerator.update(header.array(), header.position(), header.remaining()); } else { final byte[] buffer = new byte[header.remaining()]; header.get(buffer); signatureGenerator.update(buffer); } this.value = signatureGenerator.generate().getEncoded(); logger.info("RSA HEADER: {}", this.value); } catch (final Exception e) { throw new RuntimeException(e); } }
From source file:org.eclipse.packagedrone.utils.security.pgp.SigningStream.java
License:Open Source License
protected void testInit() throws IOException { if (this.initialized) { return;/*from w ww.j a va 2 s. c o m*/ } this.initialized = true; try { this.signatureGenerator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder( this.privateKey.getPublicKeyPacket().getAlgorithm(), this.digestAlgorithm)); this.signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, this.privateKey); this.armoredOutput = new ArmoredOutputStream(this.stream); if (this.version != null) { this.armoredOutput.setHeader("Version", this.version); } if (this.inline) { this.armoredOutput.beginClearText(this.digestAlgorithm); } } catch (final PGPException e) { throw new IOException(e); } }
From source file:org.elasticsearch.plugins.InstallPluginCommandTests.java
License:Apache License
private String signature(final byte[] bytes, final PGPSecretKey secretKey) { try {/* w w w . j ava2 s . c o m*/ final PGPPrivateKey privateKey = secretKey.extractPrivateKey( new BcPBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().build()) .build("passphrase".toCharArray())); final PGPSignatureGenerator generator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder( privateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)); generator.init(PGPSignature.BINARY_DOCUMENT, privateKey); final ByteArrayOutputStream output = new ByteArrayOutputStream(); try (BCPGOutputStream pout = new BCPGOutputStream(new ArmoredOutputStream(output)); InputStream is = new ByteArrayInputStream(bytes)) { final byte[] buffer = new byte[1024]; int read; while ((read = is.read(buffer)) != -1) { generator.update(buffer, 0, read); } generator.generate().encode(pout); } return new String(output.toByteArray(), "UTF-8"); } catch (IOException | PGPException e) { throw new RuntimeException(e); } }
From source file:org.gradle.plugins.signing.signatory.pgp.PgpSignatory.java
License:Apache License
public PGPSignatureGenerator createSignatureGenerator() { try {//from w w w. j a v a 2s . c o m PGPSignatureGenerator generator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1)); generator.init(PGPSignature.BINARY_DOCUMENT, privateKey); return generator; } catch (PGPException e) { throw new UncheckedException(e); } }
From source file:org.kontalk.crypto.Coder.java
License:Open Source License
/** * Creates encrypted and signed message body. * Errors that may occur are saved to the message. * @param message// w w w . j av a 2 s .c om * @return the encrypted and signed text. */ public static Optional<byte[]> processOutMessage(OutMessage message) { if (message.getCoderStatus().getEncryption() != Encryption.DECRYPTED) { LOGGER.warning("message does not want to be encrypted"); return Optional.empty(); } LOGGER.info("encrypting message..."); // get keys KeysResult keys = getKeys(message.getUser()); if (keys.myKey == null || keys.otherKey == null) { message.setSecurityErrors(keys.errors); return Optional.empty(); } // secure the message against the most basic attacks using Message/CPIM String from = keys.myKey.getUserId(); String to = keys.otherKey.userID + "; "; String mime = "text/plain"; // TODO encrypt more possible content String text = message.getContent().getPlainText(); CPIMMessage cpim = new CPIMMessage(from, to, new Date(), mime, text); byte[] plainText; try { plainText = cpim.toByteArray(); } catch (UnsupportedEncodingException ex) { LOGGER.log(Level.WARNING, "UTF-8 not supported", ex); plainText = cpim.toString().getBytes(); } // setup data encryptor & generator BcPGPDataEncryptorBuilder encryptor = new BcPGPDataEncryptorBuilder(PGPEncryptedData.AES_192); encryptor.setWithIntegrityPacket(true); encryptor.setSecureRandom(new SecureRandom()); // add public key recipients PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(encryptor); //for (PGPPublicKey rcpt : mRecipients) encGen.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(keys.otherKey.encryptKey)); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayInputStream in = new ByteArrayInputStream(plainText); try { // catch all io and pgp exceptions OutputStream encryptedOut = encGen.open(out, new byte[BUFFER_SIZE]); // setup compressed data generator PGPCompressedDataGenerator compGen = new PGPCompressedDataGenerator(PGPCompressedData.ZIP); OutputStream compressedOut = compGen.open(encryptedOut, new byte[BUFFER_SIZE]); // setup signature generator int algo = keys.myKey.getPublicEncryptionKey().getAlgorithm(); PGPSignatureGenerator sigGen = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(algo, HashAlgorithmTags.SHA1)); sigGen.init(PGPSignature.BINARY_DOCUMENT, keys.myKey.getPrivateEncryptionKey()); PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); spGen.setSignerUserID(false, keys.myKey.getUserId()); sigGen.setUnhashedSubpackets(spGen.generate()); sigGen.generateOnePassVersion(false).encode(compressedOut); // Initialize literal data generator PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator(); OutputStream literalOut = literalGen.open(compressedOut, PGPLiteralData.BINARY, "", new Date(), new byte[BUFFER_SIZE]); // read the "in" stream, compress, encrypt and write to the "out" stream // this must be done if clear data is bigger than the buffer size // but there are other ways to optimize... byte[] buf = new byte[BUFFER_SIZE]; int len; while ((len = in.read(buf)) > 0) { literalOut.write(buf, 0, len); try { sigGen.update(buf, 0, len); } catch (SignatureException ex) { LOGGER.log(Level.WARNING, "can't read data for signature", ex); message.setSecurityErrors(EnumSet.of(Error.INVALID_SIGNATURE_DATA)); return Optional.empty(); } } in.close(); literalGen.close(); // generate the signature, compress, encrypt and write to the "out" stream try { sigGen.generate().encode(compressedOut); } catch (SignatureException ex) { LOGGER.log(Level.WARNING, "can't create signature", ex); message.setSecurityErrors(EnumSet.of(Error.INVALID_SIGNATURE_DATA)); return Optional.empty(); } compGen.close(); encGen.close(); } catch (IOException | PGPException ex) { LOGGER.log(Level.WARNING, "can't encrypt message", ex); message.setSecurityErrors(EnumSet.of(Error.UNKNOWN_ERROR)); return Optional.empty(); } LOGGER.info("encryption successful"); return Optional.of(out.toByteArray()); }
From source file:org.m1theo.apt.repo.signing.PGPSigner.java
License:Apache License
/** * Creates a clear sign signature over the input data. (Not detached) * * @param input the content to be signed * @param output the output destination of the signature *///from ww w .j ava 2s . c om public void clearSign(InputStream input, OutputStream output) throws IOException, PGPException, GeneralSecurityException { PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(privateKey.getPublicKeyPacket().getAlgorithm(), digest)); signatureGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privateKey); ArmoredOutputStream armoredOutput = new ArmoredOutputStream(output); armoredOutput.beginClearText(digest); LineIterator iterator = new LineIterator(new InputStreamReader(input)); while (iterator.hasNext()) { String line = iterator.nextLine(); // trailing spaces must be removed for signature calculation (see http://tools.ietf.org/html/rfc4880#section-7.1) byte[] data = trim(line).getBytes("UTF-8"); armoredOutput.write(data); armoredOutput.write(EOL); signatureGenerator.update(data); if (iterator.hasNext()) { signatureGenerator.update(EOL); } } armoredOutput.endClearText(); PGPSignature signature = signatureGenerator.generate(); signature.encode(new BCPGOutputStream(armoredOutput)); armoredOutput.close(); }
From source file:org.m1theo.apt.repo.signing.PGPSigner.java
License:Apache License
/** * Creates a detached clear sign signature over the input data. * * @param input the content to be signed * @param output the output destination of the signature *//*w w w . java 2 s . c om*/ public void clearSignDetached(InputStream input, OutputStream output) throws IOException, PGPException, GeneralSecurityException { PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(privateKey.getPublicKeyPacket().getAlgorithm(), digest)); signatureGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privateKey); ArmoredOutputStream armoredOutput = new ArmoredOutputStream(output); LineIterator iterator = new LineIterator(new InputStreamReader(input)); while (iterator.hasNext()) { String line = iterator.nextLine(); // trailing spaces must be removed for signature calculation (see http://tools.ietf.org/html/rfc4880#section-7.1) byte[] data = trim(line).getBytes("UTF-8"); signatureGenerator.update(data); if (iterator.hasNext()) { signatureGenerator.update(EOL); } } PGPSignature signature = signatureGenerator.generate(); signature.encode(new BCPGOutputStream(armoredOutput)); armoredOutput.close(); }