List of usage examples for org.bouncycastle.openpgp.operator.bc BcPGPContentSignerBuilder BcPGPContentSignerBuilder
public BcPGPContentSignerBuilder(int keyAlgorithm, int hashAlgorithm)
From source file:org.pgptool.gui.encryption.implpgp.KeyGeneratorServicePgpImpl.java
License:Open Source License
@Override public Key createNewKey(CreateKeyParams params) throws FieldValidationException { try {// w w w .j a v a 2 s . c o m Preconditions.checkArgument(params != null, "params must not be null"); assertParamsValid(params); // Create KeyPairs KeyPair dsaKp = getOrGenerateDsaKeyPair(DEFAULT_DSA_KEY_PARAMETERS); KeyPairGenerator elgKpg = KeyPairGenerator.getInstance("ELGAMAL", "BC"); DHParameterSpec elParams = new DHParameterSpec(p, g); elgKpg.initialize(elParams); KeyPair elgKp = elgKpg.generateKeyPair(); // Now let do some crazy stuff (I HAVE NO IDEA WHAT I AM DOING // HERE). BouncyCastle guys are not helping by changing API from // one version to another so often!!!!!!! PGPKeyPair dsaKeyPair = new JcaPGPKeyPair(PGPPublicKey.DSA, dsaKp, new Date()); PGPKeyPair elgKeyPair = new JcaPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elgKp, new Date()); // PGPContentSignerBuilde // JCA // JcaPGPContentSignerBuilder keySignerBuilder = new // JcaPGPContentSignerBuilder( // dsaKeyPair.getPublicKey().getAlgorithm(), // HashAlgorithmTags.SHA256); // BC BcPGPContentSignerBuilder keySignerBuilderBC = new BcPGPContentSignerBuilder( dsaKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA256); // PGPDigestCalculator // JCA // PGPDigestCalculator sha1Calc = new // JcaPGPDigestCalculatorProviderBuilder().build() // .get(HashAlgorithmTags.SHA256); // BC PGPDigestCalculator sha1CalcBC = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); // keyEncryptor // BC BcPBESecretKeyEncryptorBuilder encryptorBuilderBC = new BcPBESecretKeyEncryptorBuilder( PGPEncryptedData.AES_256, sha1CalcBC); PBESecretKeyEncryptor keyEncryptorBC = encryptorBuilderBC.build(params.getPassphrase().toCharArray()); // JCA // JcePBESecretKeyEncryptorBuilder encryptorBuilder = new // JcePBESecretKeyEncryptorBuilder( // PGPEncryptedData.AES_256, sha1Calc).setProvider("BC"); // PBESecretKeyEncryptor keyEncryptor = // encryptorBuilder.build(params.getPassphrase().toCharArray()); // keyRingGen String userName = params.getFullName() + " <" + params.getEmail() + ">"; // JCA // PGPKeyRingGenerator keyRingGen = new // PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, // dsaKeyPair, // userName, sha1Calc, null, null, keySignerBuilder, // keyEncryptor); // BC PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaKeyPair, userName, sha1CalcBC, null, null, keySignerBuilderBC, keyEncryptorBC); keyRingGen.addSubKey(elgKeyPair); // building ret Key ret = buildKey(keyRingGen); return ret; } catch (Throwable t) { Throwables.propagateIfInstanceOf(t, FieldValidationException.class); throw new RuntimeException("Failed to generate key", t); } }
From source file:org.tramaci.onionmail.PGPKeyGen.java
License:Open Source License
public static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount, int nBits, int certainty, Date when) throws Exception { RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); RSAKeyGenerationParameters kgp = new RSAKeyGenerationParameters(DEFAULT_PUBEXP, new SecureRandom(), nBits, certainty);// w ww.jav a 2 s . c om kpg.init(kgp); PGPKeyPair rsakpSign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), when); PGPKeyPair rsakpEnc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), when); PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.TWOFISH, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224 }); signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakpSign, id, sha1Calc, signhashgen.generate(), null, new BcPGPContentSignerBuilder(rsakpSign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), pske); keyRingGen.addSubKey(rsakpEnc, enchashgen.generate(), null); return keyRingGen; }
From source file:org.vafer.jdeb.DebMaker.java
License:Apache License
public void makeDeb() throws PackagingException { BinaryPackageControlFile packageControlFile; try {/*from www . j a va2 s. co m*/ console.info("Creating debian package: " + deb); // If we should sign the package boolean doSign = signPackage; if (doSign) { if (keyring == null || !keyring.exists()) { doSign = false; console.warn("Signing requested, but no keyring supplied"); } if (key == null) { doSign = false; console.warn("Signing requested, but no key supplied"); } if (passphrase == null) { doSign = false; console.warn("Signing requested, but no passphrase supplied"); } FileInputStream keyRingInput = new FileInputStream(keyring); PGPSigner signer = null; try { signer = new PGPSigner(new FileInputStream(keyring), key, passphrase); } finally { keyRingInput.close(); } int digest = PGPUtil.SHA1; PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(signer.getSecretKey().getPublicKey().getAlgorithm(), digest)); signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, signer.getPrivateKey()); packageControlFile = createSignedDeb(Compression.toEnum(compression), signatureGenerator, signer); } else { packageControlFile = createDeb(Compression.toEnum(compression)); } } catch (Exception e) { throw new PackagingException("Failed to create debian package " + deb, e); } makeChangesFiles(packageControlFile); }
From source file:org.vafer.jdeb.maven.DebMaker.java
License:Apache License
public void makeDeb() throws PackagingException { if (control == null || !control.isDirectory()) { throw new PackagingException("\"" + control + "\" is not a valid 'control' directory)"); }// w ww . j ava 2 s . c om if (changesIn != null) { if (!changesIn.isFile() || !changesIn.canRead()) { throw new PackagingException("The 'changesIn' setting needs to point to a readable file. " + changesIn + " was not found/readable."); } if (changesOut == null) { throw new PackagingException("A 'changesIn' without a 'changesOut' does not make much sense."); } if (!isPossibleOutput(changesOut)) { throw new PackagingException("Cannot write the output for 'changesOut' to " + changesOut); } if (changesSave != null && !isPossibleOutput(changesSave)) { throw new PackagingException("Cannot write the output for 'changesSave' to " + changesSave); } } else { if (changesOut != null || changesSave != null) { throw new PackagingException( "The 'changesOut' or 'changesSave' settings may only be used when there is a 'changesIn' specified."); } } if (!"gzip".equals(compression) && !"bzip2".equals(compression) && !"none".equals(compression)) { throw new PackagingException("The compression method '" + compression + "' is not supported"); } if (deb == null) { throw new PackagingException("You need to specify where the deb file is supposed to be created."); } final File[] controlFiles = control.listFiles(); final DataProducer[] data = new DataProducer[dataProducers.size()]; dataProducers.toArray(data); final Processor processor = new Processor(console, variableResolver); final PackageDescriptor packageDescriptor; try { console.info("Creating debian package: " + deb); if (signPackage) { if (keyring == null || !keyring.exists()) { throw new PackagingException("Signing requested, but no keyring supplied"); } if (key == null) { throw new PackagingException("Signing requested, but no key supplied"); } if (passphrase == null) { throw new PackagingException("Signing requested, but no passphrase supplied"); } FileInputStream keyRingInput = new FileInputStream(keyring); PGPSecretKey secretKey = null; try { secretKey = SigningUtils.getSecretKey(keyRingInput, key); } finally { keyRingInput.close(); } int digest = PGPUtil.SHA1; PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), digest)); signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, SigningUtils.getPrivateKey(secretKey, passphrase)); packageDescriptor = processor.createSignedDeb(controlFiles, data, deb, compression, signatureGenerator); } else { packageDescriptor = processor.createDeb(controlFiles, data, deb, compression); } } catch (Exception e) { throw new PackagingException("Failed to create debian package " + deb, e); } final TextfileChangesProvider changesProvider; try { if (changesOut == null) { return; } console.info("Creating changes file: " + changesOut); // for now only support reading the changes form a textfile provider changesProvider = new TextfileChangesProvider(new FileInputStream(changesIn), packageDescriptor); processor.createChanges(packageDescriptor, changesProvider, (keyring != null) ? new FileInputStream(keyring) : null, key, passphrase, new FileOutputStream(changesOut)); } catch (Exception e) { throw new PackagingException("Failed to create debian changes file " + changesOut, e); } try { if (changesSave == null) { return; } console.info("Saving changes to file: " + changesSave); changesProvider.save(new FileOutputStream(changesSave)); } catch (Exception e) { throw new PackagingException("Failed to save debian changes file " + changesSave, e); } }
From source file:org.vafer.jdeb.signing.DebMakerTestCase.java
License:Apache License
public void testCreation() throws Exception { File control = new File(getClass().getResource("../deb/control/control").toURI()); File archive1 = new File(getClass().getResource("../deb/data.tgz").toURI()); File archive2 = new File(getClass().getResource("../deb/data.tar.bz2").toURI()); File archive3 = new File(getClass().getResource("../deb/data.zip").toURI()); File directory = new File(getClass().getResource("../deb/data").toURI()); final InputStream ring = getClass().getClassLoader().getResourceAsStream("org/vafer/gpg/secring.gpg"); DataProducer[] data = new DataProducer[] { new DataProducerArchive(archive1, null, null, null), new DataProducerArchive(archive2, null, null, null), new DataProducerArchive(archive3, null, null, null), new DataProducerDirectory(directory, null, new String[] { "**/.svn/**" }, null), new DataProducerLink("/link/path-element.ext", "/link/target-element.ext", true, null, null, null) };// ww w .j ava 2s . co m int digest = PGPUtil.SHA1; PGPSigner signer = new PGPSigner(ring, "2E074D8F", "test"); PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(signer.getSecretKey().getPublicKey().getAlgorithm(), digest)); signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, signer.getPrivateKey()); for (int i = 0; i <= 1; i++) { File deb = File.createTempFile("jdeb", ".deb"); DebMaker maker = new DebMaker(new NullConsole(), Arrays.asList(data), null); maker.setControl(new File(getClass().getResource("../deb/control").toURI())); maker.setDeb(deb); if (i == 0) maker.setSignMethod("debsig-verify"); else maker.setSignMethod("dpkg-sig"); BinaryPackageControlFile packageControlFile = maker.createSignedDeb(Compression.GZIP, signatureGenerator, signer); assertTrue(packageControlFile.isValid()); final Map<String, TarArchiveEntry> filesInDeb = new HashMap<String, TarArchiveEntry>(); ArchiveWalker.walkData(deb, new ArchiveVisitor<TarArchiveEntry>() { public void visit(TarArchiveEntry entry, byte[] content) throws IOException { filesInDeb.put(entry.getName(), entry); } }, Compression.GZIP); assertTrue("_gpgorigin wasn't found in the package", ArchiveWalker.arArchiveContains(deb, "_gpgorigin")); assertTrue("debian-binary wasn't found in the package", ArchiveWalker.arArchiveContains(deb, "debian-binary")); assertTrue("control.tar.gz wasn't found in the package", ArchiveWalker.arArchiveContains(deb, "control.tar.gz")); assertTrue("testfile wasn't found in the package", filesInDeb.containsKey("./test/testfile")); assertTrue("testfile2 wasn't found in the package", filesInDeb.containsKey("./test/testfile2")); assertTrue("testfile3 wasn't found in the package", filesInDeb.containsKey("./test/testfile3")); assertTrue("testfile4 wasn't found in the package", filesInDeb.containsKey("./test/testfile4")); assertTrue("/link/path-element.ext wasn't found in the package", filesInDeb.containsKey("./link/path-element.ext")); assertEquals("/link/path-element.ext has wrong link target", "/link/target-element.ext", filesInDeb.get("./link/path-element.ext").getLinkName()); if (i == 0) { FileUtils.copyFile(deb, new File("./target/test_debsig-verify.deb")); } else { FileUtils.copyFile(deb, new File("./target/test_dpkg-sig.deb")); } assertTrue("Cannot delete the file " + deb, deb.delete()); } }
From source file:org.vafer.jdeb.signing.PGPSigner.java
License:Apache License
/** * Creates a clear sign signature over the input data. (Not detached) * * @param input the content to be signed * @param output the output destination of the signature */// ww w .jav a 2 s .c o m public void clearSign(InputStream input, OutputStream output) throws IOException, PGPException, GeneralSecurityException { int digest = PGPUtil.SHA1; PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(privateKey.getPublicKeyPacket().getAlgorithm(), digest)); signatureGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privateKey); ArmoredOutputStream armoredOutput = new ArmoredOutputStream(output); armoredOutput.beginClearText(digest); LineIterator iterator = new LineIterator(new InputStreamReader(input)); while (iterator.hasNext()) { String line = iterator.nextLine(); // trailing spaces must be removed for signature calculation (see http://tools.ietf.org/html/rfc4880#section-7.1) byte[] data = trim(line).getBytes("UTF-8"); armoredOutput.write(data); armoredOutput.write(EOL); signatureGenerator.update(data); if (iterator.hasNext()) { signatureGenerator.update(EOL); } } armoredOutput.endClearText(); PGPSignature signature = signatureGenerator.generate(); signature.encode(new BCPGOutputStream(armoredOutput)); armoredOutput.close(); }
From source file:ubicrypt.core.crypto.PGPEC.java
License:Open Source License
private static PGPKeyRingGenerator keyRingGenerator(final PGPKeyPair masterKey, final PBESecretKeyEncryptor encryptor) { // Add a self-signature on the id final PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, // HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); try {//from w ww .j a va 2s. c o m return new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, masterKey, Utils.machineName(), new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1), signhashgen.generate(), null, new BcPGPContentSignerBuilder(PGPPublicKey.ECDSA, HashAlgorithmTags.SHA256), encryptor); } catch (final PGPException e) { Throwables.propagate(e); } return null; }