List of usage examples for org.bouncycastle.openpgp PGPKeyPair getPrivateKey
public PGPPrivateKey getPrivateKey()
From source file:genkeys.java
License:Open Source License
private static SecretKeyPacket secretKeyPacket(KeyPair key, int cipher, boolean useSHA1, S2K s2k, String pass) throws NoSuchProviderException, PGPException { int algorithm; if (key.getPrivate().getAlgorithm() == "RSA") { algorithm = PGPPublicKey.RSA_GENERAL; } else {//from w ww.j ava2 s.c o m algorithm = PGPPublicKey.DSA; } Date time = new Date(); PGPKeyPair keyPair = new PGPKeyPair(algorithm, key.getPublic(), key.getPrivate(), time, "BC"); PublicKeyPacket pubPk = publicKeyPacket(key.getPublic(), algorithm, time); BCPGObject secKey; switch (keyPair.getPublicKey().getAlgorithm()) { case PGPPublicKey.RSA_ENCRYPT: case PGPPublicKey.RSA_SIGN: case PGPPublicKey.RSA_GENERAL: RSAPrivateCrtKey rsK = (RSAPrivateCrtKey) keyPair.getPrivateKey().getKey(); secKey = new RSASecretBCPGKey(rsK.getPrivateExponent(), rsK.getPrimeP(), rsK.getPrimeQ()); break; case PGPPublicKey.DSA: DSAPrivateKey dsK = (DSAPrivateKey) keyPair.getPrivateKey().getKey(); secKey = new DSASecretBCPGKey(dsK.getX()); break; case PGPPublicKey.ELGAMAL_ENCRYPT: case PGPPublicKey.ELGAMAL_GENERAL: ElGamalPrivateKey esK = (ElGamalPrivateKey) keyPair.getPrivateKey().getKey(); secKey = new ElGamalSecretBCPGKey(esK.getX()); break; default: throw new PGPException("unknown key class"); } Cipher c = cipher(cipher); SecretKeyPacket secPk; try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); BCPGOutputStream pOut = new BCPGOutputStream(bOut); pOut.writeObject(secKey); byte[] keyData = bOut.toByteArray(); pOut.write(checksum(useSHA1, keyData, keyData.length)); if (c != null) { SecretKey skey = PGPUtil.makeKeyFromPassPhrase(cipher, s2k, pass.toCharArray(), "BC"); c.init(Cipher.ENCRYPT_MODE, skey, new SecureRandom()); byte[] iv = c.getIV(); byte[] encData = c.doFinal(bOut.toByteArray()); if (useSHA1) { secPk = new SecretKeyPacket(pubPk, cipher, SecretKeyPacket.USAGE_SHA1, s2k, iv, encData); } else { secPk = new SecretKeyPacket(pubPk, cipher, SecretKeyPacket.USAGE_CHECKSUM, s2k, iv, encData); } } else { secPk = new SecretKeyPacket(pubPk, cipher, null, null, bOut.toByteArray()); } } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Exception encrypting key", e); } return secPk; }
From source file:google.registry.keyring.api.ComparatorKeyring.java
License:Open Source License
@VisibleForTesting static boolean compare(@Nullable PGPKeyPair a, @Nullable PGPKeyPair b) { if (a == null || b == null) { return a == null && b == null; }/*from w ww . j a v a 2 s. c o m*/ return compare(a.getPublicKey(), b.getPublicKey()) && compare(a.getPrivateKey(), b.getPrivateKey()); }
From source file:google.registry.keyring.api.ComparatorKeyring.java
License:Open Source License
@VisibleForTesting static String stringify(PGPKeyPair a) { if (a == null) { return "null"; }//from w w w .ja v a2s . c o m return MoreObjects.toStringHelper(PGPKeyPair.class).addValue(stringify(a.getPublicKey())) .addValue(stringify(a.getPrivateKey())).toString(); }
From source file:google.registry.keyring.api.KeySerializer.java
License:Open Source License
/** * Serialize a PGPKeyPair// w w w . j a v a 2s.c o m * * <p>Use this to serialize a PGPPrivateKey as well (pairing it with the corresponding * PGPPublicKey), as private keys can't be serialized on their own. */ public static byte[] serializeKeyPair(PGPKeyPair keyPair) throws IOException, PGPException { try (ByteArrayOutputStream byteStream = new ByteArrayOutputStream()) { // NOTE: We have to close the ArmoredOutputStream before calling the underlying OutputStream's // "toByteArray". Failing to do so would result in a truncated serialization as we took the // byte array before the ArmoredOutputStream wrote all the data. // // Even "flushing" the ArmoredOutputStream isn't enough - as there are parts that are only // written by the ArmoredOutputStream when it is closed: the "-----END PGP PRIVATE KEY // BLOCK-----" (or similar) footer. try (ArmoredOutputStream out = new ArmoredOutputStream(byteStream)) { new PGPSecretKey(keyPair.getPrivateKey(), keyPair.getPublicKey(), new JcaPGPDigestCalculatorProviderBuilder().setProvider("BC").build() .get(HashAlgorithmTags.SHA256), true, null).encode(out); } return byteStream.toByteArray(); } }
From source file:google.registry.rde.GhostrydeTest.java
License:Open Source License
@Test public void testFailure_keyMismatch() throws Exception { RdeKeyringModule keyringModule = new RdeKeyringModule(); byte[] data = "Fanatics have their dreams, wherewith they weave.".getBytes(UTF_8); DateTime mtime = DateTime.parse("1984-12-18T00:30:00Z"); PGPKeyPair dsa1 = keyringModule.get("rde-unittest@registry.test", ENCRYPT); PGPKeyPair dsa2 = keyringModule.get("rde-unittest-dsa@registry.test", ENCRYPT); PGPPublicKey publicKey = dsa1.getPublicKey(); PGPPrivateKey privateKey = dsa2.getPrivateKey(); Ghostryde ghost = new Ghostryde(1024); ByteArrayOutputStream bsOut = new ByteArrayOutputStream(); try (Ghostryde.Encryptor encryptor = ghost.openEncryptor(bsOut, publicKey); Ghostryde.Compressor kompressor = ghost.openCompressor(encryptor); OutputStream output = ghost.openOutput(kompressor, "lol", mtime)) { output.write(data);//from w w w .j av a2 s. c o m } ByteArrayInputStream bsIn = new ByteArrayInputStream(bsOut.toByteArray()); thrown.expect(PGPException.class, "Message was encrypted for keyid a59c132f3589a1d5 but ours is c9598c84ec70b9fd"); try (Ghostryde.Decryptor decryptor = ghost.openDecryptor(bsIn, privateKey)) { ByteStreams.copy(decryptor, ByteStreams.nullOutputStream()); } }
From source file:google.registry.rde.GhostrydeTest.java
License:Open Source License
@Test @Ignore("Intentionally corrupting a PGP key is easier said than done >_>") public void testFailure_keyCorruption() throws Exception { RdeKeyringModule keyringModule = new RdeKeyringModule(); byte[] data = "Fanatics have their dreams, wherewith they weave.".getBytes(UTF_8); DateTime mtime = DateTime.parse("1984-12-18T00:30:00Z"); PGPKeyPair rsa = keyringModule.get("rde-unittest@registry.test", ENCRYPT); PGPPublicKey publicKey = rsa.getPublicKey(); // Make the last byte of the private key off by one. muahahaha byte[] keyData = rsa.getPrivateKey().getPrivateKeyDataPacket().getEncoded(); keyData[keyData.length - 1]++;//from w ww.j a va 2s . c om PGPPrivateKey privateKey = new PGPPrivateKey(rsa.getKeyID(), rsa.getPrivateKey().getPublicKeyPacket(), rsa.getPrivateKey().getPrivateKeyDataPacket()); Ghostryde ghost = new Ghostryde(1024); ByteArrayOutputStream bsOut = new ByteArrayOutputStream(); try (Ghostryde.Encryptor encryptor = ghost.openEncryptor(bsOut, publicKey); Ghostryde.Compressor kompressor = ghost.openCompressor(encryptor); OutputStream output = ghost.openOutput(kompressor, "lol", mtime)) { output.write(data); } ByteArrayInputStream bsIn = new ByteArrayInputStream(bsOut.toByteArray()); try (Ghostryde.Decryptor decryptor = ghost.openDecryptor(bsIn, privateKey)) { ByteStreams.copy(decryptor, ByteStreams.nullOutputStream()); } }
From source file:google.registry.rde.RdeKeyringModule.java
License:Open Source License
@Provides public Keyring get() { PGPPublicKeyRingCollection publics;//from w w w . j a va 2s .c o m PGPSecretKeyRingCollection privates; try (InputStream publicInput = PGP_PUBLIC_KEYRING.openStream(); InputStream privateInput = PGP_PRIVATE_KEYRING.openStream()) { publics = new BcPGPPublicKeyRingCollection(PGPUtil.getDecoderStream(publicInput)); privates = new BcPGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateInput)); } catch (PGPException e) { throw new RuntimeException("Failed to load PGP keyrings from jar", e); } catch (IOException e) { throw new RuntimeException(e); } final PGPKeyPair rdeStagingKey = PgpHelper.lookupKeyPair(publics, privates, STAGING_KEY_EMAIL, ENCRYPT); final PGPKeyPair rdeSigningKey = PgpHelper.lookupKeyPair(publics, privates, SIGNING_KEY_EMAIL, SIGN); final PGPPublicKey rdeReceiverKey = PgpHelper.lookupPublicKey(publics, RECEIVER_KEY_EMAIL, ENCRYPT); final PGPKeyPair brdaSigningKey = rdeSigningKey; final PGPPublicKey brdaReceiverKey = rdeReceiverKey; final String sshPublic; final String sshPrivate; try { sshPublic = RdeTestData.loadUtf8("registry-unittest.id_rsa.pub"); sshPrivate = RdeTestData.loadUtf8("registry-unittest.id_rsa"); } catch (IOException e) { throw new RuntimeException("Failed to load SSH keys from jar", e); } return new Keyring() { @Override public PGPPublicKey getRdeStagingEncryptionKey() { return rdeStagingKey.getPublicKey(); } @Override public PGPPrivateKey getRdeStagingDecryptionKey() { return rdeStagingKey.getPrivateKey(); } @Override public String getRdeSshClientPublicKey() { return sshPublic; } @Override public String getRdeSshClientPrivateKey() { return sshPrivate; } @Override public PGPKeyPair getRdeSigningKey() { return rdeSigningKey; } @Override public PGPPublicKey getRdeReceiverKey() { return rdeReceiverKey; } @Override public String getMarksdbSmdrlLogin() { return MARKSDB_SMDRL_LOGIN; } @Override public String getMarksdbLordnPassword() { return MARKSDB_LORDN_PASSWORD; } @Override public String getMarksdbDnlLogin() { return MARKSDB_DNL_LOGIN; } @Override public String getJsonCredential() { throw new UnsupportedOperationException(); } @Override public String getIcannReportingPassword() { return ICANN_REPORTING_PASSWORD; } @Override public PGPKeyPair getBrdaSigningKey() { return brdaSigningKey; } @Override public PGPPublicKey getBrdaReceiverKey() { return brdaReceiverKey; } @Override public String getBraintreePrivateKey() { throw new UnsupportedOperationException(); } @Override public void close() { } }; }
From source file:google.registry.rde.RydePgpSigningOutputStream.java
License:Open Source License
/** * Create a signer that wraps {@code os} and generates a detached signature using * {@code signingKey}. After closing, you should call {@link #getSignature()} to get the detached * signature./*from w w w .j a va 2s . c o m*/ * * @param os is the upstream {@link OutputStream} which is not closed by this object * @throws RuntimeException to rethrow {@link PGPException} */ public RydePgpSigningOutputStream(@WillNotClose OutputStream os, PGPKeyPair signingKey) { super(os, false, -1); try { signer = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(RSA_GENERAL, SHA256)); signer.init(BINARY_DOCUMENT, signingKey.getPrivateKey()); } catch (PGPException e) { throw new RuntimeException(e); } addUserInfoToSignature(signingKey.getPublicKey(), signer); }
From source file:google.registry.testing.FakeKeyringModule.java
License:Open Source License
@Provides public Keyring get() { PGPPublicKeyRingCollection publics;/*from w ww . j ava2s. c o m*/ PGPSecretKeyRingCollection privates; try (InputStream publicInput = PGP_PUBLIC_KEYRING.openStream(); InputStream privateInput = PGP_PRIVATE_KEYRING.openStream()) { publics = new BcPGPPublicKeyRingCollection(PGPUtil.getDecoderStream(publicInput)); privates = new BcPGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateInput)); } catch (PGPException e) { throw new RuntimeException("Failed to load PGP keyrings from jar", e); } catch (IOException e) { throw new RuntimeException(e); } final PGPKeyPair rdeStagingKey = PgpHelper.lookupKeyPair(publics, privates, STAGING_KEY_EMAIL, ENCRYPT); final PGPKeyPair rdeSigningKey = PgpHelper.lookupKeyPair(publics, privates, SIGNING_KEY_EMAIL, SIGN); final PGPPublicKey rdeReceiverKey = PgpHelper.lookupPublicKey(publics, RECEIVER_KEY_EMAIL, ENCRYPT); final PGPKeyPair brdaSigningKey = rdeSigningKey; final PGPPublicKey brdaReceiverKey = rdeReceiverKey; final String sshPublic = readResourceUtf8(FakeKeyringModule.class, "testdata/registry-unittest.id_rsa.pub"); final String sshPrivate = readResourceUtf8(FakeKeyringModule.class, "testdata/registry-unittest.id_rsa"); return new Keyring() { @Override public PGPPublicKey getRdeStagingEncryptionKey() { return rdeStagingKey.getPublicKey(); } @Override public PGPPrivateKey getRdeStagingDecryptionKey() { return rdeStagingKey.getPrivateKey(); } @Override public String getRdeSshClientPublicKey() { return sshPublic; } @Override public String getRdeSshClientPrivateKey() { return sshPrivate; } @Override public PGPKeyPair getRdeSigningKey() { return rdeSigningKey; } @Override public PGPPublicKey getRdeReceiverKey() { return rdeReceiverKey; } @Override public String getMarksdbSmdrlLogin() { return MARKSDB_SMDRL_LOGIN; } @Override public String getMarksdbLordnPassword() { return MARKSDB_LORDN_PASSWORD; } @Override public String getMarksdbDnlLogin() { return MARKSDB_DNL_LOGIN; } @Override public String getJsonCredential() { return JSON_CREDENTIAL; } @Override public String getIcannReportingPassword() { return ICANN_REPORTING_PASSWORD; } @Override public PGPKeyPair getBrdaSigningKey() { return brdaSigningKey; } @Override public PGPPublicKey getBrdaReceiverKey() { return brdaReceiverKey; } @Override public String getBraintreePrivateKey() { return BRAINTREE_PRIVATE_KEY; } @Override public void close() { } }; }
From source file:org.kontalk.certgen.PGP.java
License:Open Source License
/** Signs a public key with the given secret key. */ public static PGPPublicKey signPublicKey(PGPKeyPair secret, PGPPublicKey keyToBeSigned, String id, int certification) throws PGPException, IOException, SignatureException { PGPPrivateKey pgpPrivKey = secret.getPrivateKey(); PGPSignatureGenerator sGen = new PGPSignatureGenerator( new JcaPGPContentSignerBuilder(secret.getPublicKey().getAlgorithm(), PGPUtil.SHA512) .setProvider(PROVIDER)); sGen.init(certification, pgpPrivKey); return PGPPublicKey.addCertification(keyToBeSigned, id, sGen.generateCertification(id, keyToBeSigned)); }