List of usage examples for org.bouncycastle.openpgp PGPKeyRingGenerator PGPKeyRingGenerator
public PGPKeyRingGenerator(int certificationLevel, PGPKeyPair masterKey, String id, PGPDigestCalculator checksumCalculator, PGPSignatureSubpacketVector hashedPcks, PGPSignatureSubpacketVector unhashedPcks, PGPContentSignerBuilder keySignerBuilder, PBESecretKeyEncryptor keyEncryptor) throws PGPException
From source file:com.fuzion.tools.pgp.BCPGPKeyGenTools.java
License:Open Source License
/** * // w w w . ja va 2s.co m * @param dsaKeyPair - the generated DSA key pair * @param elGamalKeyPair - the generated El Gamal key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the El Gamal key pair added as sub key * @throws Exception */ @SuppressWarnings("deprecation") public static final PGPKeyRingGenerator createPGPKeyRingGeneratorForDSAKeyPair(KeyPair dsaKeyPair, KeyPair elGamalKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair dsaPgpKeyPair = new PGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date()); PGPKeyPair elGamalPgpKeyPair = new PGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elGamalKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaPgpKeyPair, identity, sha1Calc, null, null, new JcaPGPContentSignerBuilder(dsaPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider("BC") .build(passphrase)); keyRingGen.addSubKey(elGamalPgpKeyPair); return keyRingGen; }
From source file:com.fuzion.tools.pgp.BCPGPKeyGenTools.java
License:Open Source License
/** * // www. j av a 2 s.c o m * @param signKeyPair - the generated signing RSA key pair * @param encryptKeyPair - the generated encrypting RSA key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the RSA key pair added as sub key * @throws Exception */ @SuppressWarnings("deprecation") public static final PGPKeyRingGenerator createPGPKeyRingGeneratorForRSAKeyPair(KeyPair signKeyPair, KeyPair encryptKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair signPgpKeyPair = new PGPKeyPair(PGPPublicKey.RSA_SIGN, signKeyPair, new Date()); PGPKeyPair encryptPgpKeyPair = new PGPKeyPair(PGPPublicKey.RSA_ENCRYPT, encryptKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, signPgpKeyPair, identity, sha1Calc, null, null, new JcaPGPContentSignerBuilder(signPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider("BC") .build(passphrase)); keyRingGen.addSubKey(encryptPgpKeyPair); return keyRingGen; }
From source file:crypttools.PGPTools.java
License:Open Source License
/** * //from www .j av a 2 s . c om * @param dsaKeyPair - the generated DSA key pair * @param elGamalKeyPair - the generated El Gamal key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the El Gamal key pair added as sub key * @throws Exception */ @SuppressWarnings("deprecation") public static final PGPKeyRingGenerator createPGPKeyRingGenerator(KeyPair dsaKeyPair, KeyPair elGamalKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair dsaPgpKeyPair = new PGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date()); PGPKeyPair elGamalPgpKeyPair = new PGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elGamalKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPContentSignerBuilder pgpCSB = new JcaPGPContentSignerBuilder(dsaPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); PBESecretKeyEncryptor pbeSKE = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc) .setProvider("BC").build(passphrase); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaPgpKeyPair, identity, sha1Calc, null, null, pgpCSB, pbeSKE); keyRingGen.addSubKey(elGamalPgpKeyPair); return keyRingGen; }
From source file:keygenerator.KeyGenerator.java
public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount) throws Exception { // This object generates individual key-pairs. RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); // Boilerplate RSA parameters, no need to change anything // except for the RSA key-size (2048). You can use whatever // key-size makes sense for you -- 4096, etc. kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12)); // First create the master (signing) key with the generator. PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date()); // Then an encryption subkey. PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date()); // Add a self-signature on the id PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); // Create a signature on the encryption subkey. PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); // Add metadata to declare its purpose enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); // Objects used to encrypt the secret key. PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); // bcpg 1.48 exposes this API that includes s2kcount. Earlier // versions use a default of 0x60. PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass);//from w ww . j a va 2 s . co m // Finally, create the keyring itself. The constructor // takes parameters that allow it to generate the self // signature. BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen; keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc, signhashgen.generate(), null, signerBuilder, pske); // Add our encryption subkey, together with its signature. keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null); return keyRingGen; }
From source file:org.kontalk.certgen.PGP.java
License:Open Source License
/** Creates public and secret keyring for a given keypair. */ public static PGPKeyPairRing store(PGPDecryptedKeyPairRing pair, String id, String passphrase) throws PGPException { PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, pair.signKey, id, sha1Calc, null, null,/*from w w w. j a v a2 s .c o m*/ new JcaPGPContentSignerBuilder(pair.signKey.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider(PROVIDER) .build(passphrase.toCharArray())); keyRingGen.addSubKey(pair.encryptKey); PGPSecretKeyRing secRing = keyRingGen.generateSecretKeyRing(); PGPPublicKeyRing pubRing = keyRingGen.generatePublicKeyRing(); return new PGPKeyPairRing(pubRing, secRing); }
From source file:org.pgptool.gui.encryption.implpgp.KeyGeneratorServicePgpImpl.java
License:Open Source License
@Override public Key createNewKey(CreateKeyParams params) throws FieldValidationException { try {//from w w w .j a v a 2s . com Preconditions.checkArgument(params != null, "params must not be null"); assertParamsValid(params); // Create KeyPairs KeyPair dsaKp = getOrGenerateDsaKeyPair(DEFAULT_DSA_KEY_PARAMETERS); KeyPairGenerator elgKpg = KeyPairGenerator.getInstance("ELGAMAL", "BC"); DHParameterSpec elParams = new DHParameterSpec(p, g); elgKpg.initialize(elParams); KeyPair elgKp = elgKpg.generateKeyPair(); // Now let do some crazy stuff (I HAVE NO IDEA WHAT I AM DOING // HERE). BouncyCastle guys are not helping by changing API from // one version to another so often!!!!!!! PGPKeyPair dsaKeyPair = new JcaPGPKeyPair(PGPPublicKey.DSA, dsaKp, new Date()); PGPKeyPair elgKeyPair = new JcaPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elgKp, new Date()); // PGPContentSignerBuilde // JCA // JcaPGPContentSignerBuilder keySignerBuilder = new // JcaPGPContentSignerBuilder( // dsaKeyPair.getPublicKey().getAlgorithm(), // HashAlgorithmTags.SHA256); // BC BcPGPContentSignerBuilder keySignerBuilderBC = new BcPGPContentSignerBuilder( dsaKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA256); // PGPDigestCalculator // JCA // PGPDigestCalculator sha1Calc = new // JcaPGPDigestCalculatorProviderBuilder().build() // .get(HashAlgorithmTags.SHA256); // BC PGPDigestCalculator sha1CalcBC = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); // keyEncryptor // BC BcPBESecretKeyEncryptorBuilder encryptorBuilderBC = new BcPBESecretKeyEncryptorBuilder( PGPEncryptedData.AES_256, sha1CalcBC); PBESecretKeyEncryptor keyEncryptorBC = encryptorBuilderBC.build(params.getPassphrase().toCharArray()); // JCA // JcePBESecretKeyEncryptorBuilder encryptorBuilder = new // JcePBESecretKeyEncryptorBuilder( // PGPEncryptedData.AES_256, sha1Calc).setProvider("BC"); // PBESecretKeyEncryptor keyEncryptor = // encryptorBuilder.build(params.getPassphrase().toCharArray()); // keyRingGen String userName = params.getFullName() + " <" + params.getEmail() + ">"; // JCA // PGPKeyRingGenerator keyRingGen = new // PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, // dsaKeyPair, // userName, sha1Calc, null, null, keySignerBuilder, // keyEncryptor); // BC PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaKeyPair, userName, sha1CalcBC, null, null, keySignerBuilderBC, keyEncryptorBC); keyRingGen.addSubKey(elgKeyPair); // building ret Key ret = buildKey(keyRingGen); return ret; } catch (Throwable t) { Throwables.propagateIfInstanceOf(t, FieldValidationException.class); throw new RuntimeException("Failed to generate key", t); } }
From source file:org.tramaci.onionmail.PGPKeyGen.java
License:Open Source License
public static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount, int nBits, int certainty, Date when) throws Exception { RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); RSAKeyGenerationParameters kgp = new RSAKeyGenerationParameters(DEFAULT_PUBEXP, new SecureRandom(), nBits, certainty);/* w w w . j ava 2 s . c o m*/ kpg.init(kgp); PGPKeyPair rsakpSign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), when); PGPKeyPair rsakpEnc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), when); PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.TWOFISH, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224 }); signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakpSign, id, sha1Calc, signhashgen.generate(), null, new BcPGPContentSignerBuilder(rsakpSign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), pske); keyRingGen.addSubKey(rsakpEnc, enchashgen.generate(), null); return keyRingGen; }
From source file:portablepgp.core.PGPTools.java
License:Open Source License
/** * * @param dsaKeyPair - the generated DSA key pair * @param elGamalKeyPair - the generated El Gamal key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the El Gamal key pair added as sub * key//from www . ja va 2 s . co m * @throws Exception */ @SuppressWarnings("deprecation") public static final PGPKeyRingGenerator createPGPKeyRingGenerator(KeyPair dsaKeyPair, KeyPair elGamalKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair dsaPgpKeyPair = new JcaPGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date()); PGPKeyPair elGamalPgpKeyPair = new JcaPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elGamalKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaPgpKeyPair, identity, sha1Calc, null, null, new JcaPGPContentSignerBuilder(dsaPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider("BC") .build(passphrase)); keyRingGen.addSubKey(elGamalPgpKeyPair); return keyRingGen; }
From source file:ubicrypt.core.crypto.PGPEC.java
License:Open Source License
private static PGPKeyRingGenerator keyRingGenerator(final PGPKeyPair masterKey, final PBESecretKeyEncryptor encryptor) { // Add a self-signature on the id final PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, // HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); try {/*from w w w.j a va2 s .co m*/ return new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, masterKey, Utils.machineName(), new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1), signhashgen.generate(), null, new BcPGPContentSignerBuilder(PGPPublicKey.ECDSA, HashAlgorithmTags.SHA256), encryptor); } catch (final PGPException e) { Throwables.propagate(e); } return null; }
From source file:uk.co.platosys.dinigma.LockSmith.java
License:Open Source License
/** * * @param keyDirectory the directory in which the private key is to be saved. This could be on a removable drive. * @param lockDirectory the directory in which the Lock(the public key) is to be saved. * @param userName/*from w w w . j a v a 2 s . com*/ * @param passPhrase * @return The key_id of the signing key. * @throws MinigmaException */ public static long createLockset(File keyDirectory, File lockDirectory, String userName, char[] passPhrase) throws MinigmaException, DuplicateNameException { String filename; File lockFile; File keyFile; //test that parameters have been set: if (keyDirectory == null) { throw new MinigmaException("Locksmith - key directory is null"); } if (!keyDirectory.isDirectory()) { throw new MinigmaException("Locksmith: " + keyDirectory.toString() + " is not a directory"); } if (!keyDirectory.canWrite()) { throw new MinigmaException("Locksmith: can't write to " + keyDirectory.toString()); } if (lockDirectory == null) { throw new MinigmaException("Locksmith - lock directory is null"); } if (!lockDirectory.isDirectory()) { throw new MinigmaException("Locksmith: " + keyDirectory.toString() + " is not a directory"); } if (!lockDirectory.canWrite()) { throw new MinigmaException("Locksmith: can't write to " + keyDirectory.toString()); } try { if (Security.getProvider(PROVIDER) == null) { Security.addProvider(new BouncyCastleProvider()); } } catch (Exception e) { throw new MinigmaException("Locksmith: problem adding security provider", e); } // KeyPairGenerator generator; KeyPair dsaKeyPair; KeyPair elgKeyPair; BigInteger g; BigInteger p; File lockFolder; File keyFolder; PGPKeyPair pgpSigKeyPair; PGPKeyPair pgpEncKeyPair; PGPKeyRingGenerator pgpKeyRingGenerator; PGPPublicKeyRing pgpPublicKeyRing; PGPSecretKeyRing pgpSecretKeyRing; try { //the DSA key for signing generator = KeyPairGenerator.getInstance(SIGNATURE_ALGORITHM, PROVIDER); generator.initialize(1024); dsaKeyPair = generator.generateKeyPair(); } catch (Exception e) { throw new MinigmaException("Locksmith: failed to generate dsa key pair", e); } try { //the strong ElGamal key for encrypting generator = KeyPairGenerator.getInstance(ASYMMETRIC_ALGORITHM, PROVIDER); g = new BigInteger( "153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16); p = new BigInteger( "9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16); AlgorithmParameterSpec elGamalParameters = new ElGamalParameterSpec(p, g); generator.initialize(elGamalParameters); elgKeyPair = generator.generateKeyPair(); } catch (Exception e) { throw new MinigmaException("Locksmith: failed to generate elgamal key pair", e); } try { filename = FileTools.removeFunnyCharacters(userName); lockFolder = new File(lockDirectory, Minigma.LOCK_DIRNAME); if (!lockFolder.exists()) { if (!lockFolder.mkdirs()) { throw new MinigmaException("Can't create lock folder"); } } lockFile = new File(lockFolder, filename); if (lockFile.exists()) { throw new DuplicateNameException("lockfile with name " + lockFile.getName() + " already exists"); } keyFolder = new File(keyDirectory, Minigma.KEY_DIRNAME); if (!keyFolder.exists()) { if (!keyFolder.mkdirs()) { throw new MinigmaException("Can't create key folder"); } } keyFile = new File(keyFolder, filename); if (lockFile.exists()) { throw new DuplicateNameException("keyfile with name " + keyFile.getName() + " already exists"); } } catch (Exception exc) { throw new MinigmaException("Locksmith: error setting up key files", exc); } try { pgpSigKeyPair = new JcaPGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date()); } catch (Exception e) { throw new MinigmaException("Locksmith: failed to generate pgp-dsa key pair", e); } try { pgpEncKeyPair = new JcaPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elgKeyPair, new Date()); } catch (Exception e) { throw new MinigmaException("Locksmith: failed to generate pgp-elgamal key pair", e); } PGPDigestCalculator pgpDigestCalculator = null; PGPContentSignerBuilder pgpContentSignerBuilder = null; PBESecretKeyEncryptor pbeSecretKeyEncryptor = null; try { pgpDigestCalculator = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1); pgpContentSignerBuilder = new JcaPGPContentSignerBuilder(SIGNATURE_ALGORITHM_TAG, HashAlgorithmTags.SHA512); pbeSecretKeyEncryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, pgpDigestCalculator).setProvider(PROVIDER).build(passPhrase); } catch (Exception e) { throw new MinigmaException("failed to initialise KRG components", e); } try { pgpKeyRingGenerator = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, //certification level pgpSigKeyPair, //master key userName, // id pgpDigestCalculator, //PGPDigestCalculator null, //PGPSignatureSubpacketsVector hashed packets null, //PGPSignatureSubpacketsVector unhashed packets pgpContentSignerBuilder, //PGPContentSignerBuilder pbeSecretKeyEncryptor//PBESecretKeyEncryptor ); } catch (PGPException e) { throw new MinigmaException("Locksmith: failed to create PGP-keyring generator", e); } try { pgpKeyRingGenerator.addSubKey(pgpEncKeyPair); } catch (Exception e) { throw new MinigmaException("Locksmith: failed to add elgamal subkey to ring", e); } try { ArmoredOutputStream secOut = new ArmoredOutputStream(new FileOutputStream(keyFile)); pgpSecretKeyRing = pgpKeyRingGenerator.generateSecretKeyRing(); pgpSecretKeyRing.encode(secOut); secOut.close(); } catch (Exception e) { throw new MinigmaException("Locksmith: failed to encode secret key output", e); } try { ArmoredOutputStream pubOut = new ArmoredOutputStream(new FileOutputStream(lockFile)); pgpPublicKeyRing = pgpKeyRingGenerator.generatePublicKeyRing(); pgpPublicKeyRing.encode(pubOut); pubOut.close(); } catch (Exception e) { throw new MinigmaException("Locksmith: failed to encode pubring output", e); } return pgpSigKeyPair.getKeyID(); }