List of usage examples for org.bouncycastle.openpgp PGPPublicKey isRevoked
public boolean isRevoked()
From source file:com.geekcommune.identity.EncryptionUtil.java
License:Open Source License
/** * Encrypt and sign the specified input file. If you pass in a seed, you * will get the same encrypted output for the same file + same seed + same signor. * /*from w ww . j a v a 2s . co m*/ * DANGER! If you use the same seed for multiple different messages, you are * making your key stream vulnerable to hacking, and your encryption is near * meaningless! Make sure to use different seeds for different contents! * * @param seed */ public void encryptAndSignFile(String outputFilename, File inFile, InputStream publicRing, InputStream secretRing, String recipient, String signor, char[] passwd, boolean armor, boolean withIntegrityCheck, boolean oldFormat, byte[] seed) throws PGPException { try { // Get the public keyring PGPPublicKeyRingCollection pubRing = new PGPPublicKeyRingCollection( PGPUtil.getDecoderStream(publicRing)); PGPSecretKeyRingCollection secRing = readSecretKeyRingCollection(secretRing); // Find the recipient's key PGPPublicKey encKey = readPublicKey(pubRing, recipient, true); if (encKey.isRevoked()) { String keyId = Long.toHexString(encKey.getKeyID()).substring(8); throw new PGPException("Encryption key (0x" + keyId + ") has been revoked"); } // Find the signing key PGPPublicKey publicKey; PGPSecretKey secretKey; if (signor != null) { publicKey = readPublicKey(pubRing, signor, false); secretKey = findSecretKey(secRing, publicKey.getKeyID(), true); } else { // Just look for the first signing key on the secret keyring (if any) secretKey = findSigningKey(secRing); publicKey = findPublicKey(pubRing, secretKey.getKeyID(), false); } if (publicKey.isRevoked()) { String keyId = Long.toHexString(publicKey.getKeyID()).substring(8); throw new PGPException("Signing key (0x" + keyId + ") has been revoked"); } PGPPrivateKey privateKey = secretKey.extractPrivateKey(passwd, "BC"); // Sign the data into an in-memory stream ByteArrayOutputStream bOut = new ByteArrayOutputStream(); if (oldFormat) { signDataV3(inFile, bOut, publicKey, privateKey); } else { signData(inFile, bOut, publicKey, privateKey); } SecureRandom secRand = makeSecureRandom(seed); PGPEncryptedDataGenerator cPk = oldFormat ? new PGPEncryptedDataGenerator(PGPEncryptedData.AES_256, secRand, oldFormat, "BC") : new PGPEncryptedDataGenerator(PGPEncryptedData.AES_256, withIntegrityCheck, secRand, "BC"); cPk.addMethod(encKey); byte[] bytes = bOut.toByteArray(); OutputStream out = new FileOutputStream(outputFilename); OutputStream aOut = armor ? new ArmoredOutputStream(out) : out; OutputStream cOut = cPk.open(aOut, bytes.length); cOut.write(bytes); cPk.close(); if (armor) { aOut.close(); } out.close(); } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Error in encryption", e); } }
From source file:com.geekcommune.identity.EncryptionUtil.java
License:Open Source License
/** * Encrypt the specified input file//from ww w .j a v a 2 s . c o m * @param seed */ public void encryptFile(OutputStream out, InputStream in, String inName, long inLength, Date inDate, PGPPublicKey encKey, boolean armor, boolean withIntegrityCheck, boolean oldFormat, char[] passphrase, byte[] seed) throws PGPException { try { if (encKey.isRevoked()) { String keyId = Long.toHexString(encKey.getKeyID()).substring(8); throw new PGPException("Encryption key (0x" + keyId + ") has been revoked"); } // Compress the data into an in-memory stream ByteArrayOutputStream bOut = new ByteArrayOutputStream(); compressData(in, bOut, inName, inLength, inDate, oldFormat, Format.UNCOMPRESSED); // Now encrypt the result SecureRandom secRand = makeSecureRandom(seed); // Now encrypt the result PGPEncryptedDataGenerator cPk = oldFormat ? new PGPEncryptedDataGenerator(PGPEncryptedData.AES_256, secRand, oldFormat, "BC") : new PGPEncryptedDataGenerator(PGPEncryptedData.AES_256, withIntegrityCheck, secRand, "BC"); cPk.addMethod(encKey); byte[] bytes = bOut.toByteArray(); OutputStream aOut = armor ? new ArmoredOutputStream(out) : out; OutputStream cOut = cPk.open(aOut, bytes.length); cOut.write(bytes); cPk.close(); if (armor) { aOut.close(); } out.close(); } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Error in encryption", e); } }
From source file:com.geekcommune.identity.EncryptionUtil.java
License:Open Source License
/** * Sign the specified file/*from w w w . j a v a 2 s .com*/ */ public void signFile(String outputFilename, File inFile, InputStream publicRing, InputStream secretRing, String signor, char[] passwd, boolean armor, boolean oldFormat) throws PGPException { try { PGPPublicKey publicKey; PGPSecretKey secretKey; // Get the public keyring PGPPublicKeyRingCollection pubRing = new PGPPublicKeyRingCollection( PGPUtil.getDecoderStream(publicRing)); PGPSecretKeyRingCollection secRing = readSecretKeyRingCollection(secretRing); // Find the signing key if (signor != null) { publicKey = readPublicKey(pubRing, signor, false); secretKey = findSecretKey(secRing, publicKey.getKeyID(), true); } else { // Just look for the first signing key on the secret keyring (if any) secretKey = findSigningKey(secRing); publicKey = findPublicKey(pubRing, secretKey.getKeyID(), false); } if (publicKey.isRevoked()) { String keyId = Long.toHexString(publicKey.getKeyID()).substring(8); throw new PGPException("Signing key (0x" + keyId + ") has been revoked"); } PGPPrivateKey privateKey = secretKey.extractPrivateKey(passwd, "BC"); OutputStream out = new FileOutputStream(outputFilename); OutputStream aOut = armor ? new ArmoredOutputStream(out) : out; // Sign the data if (oldFormat) { signDataV3(inFile, aOut, publicKey, privateKey); } else { signData(inFile, aOut, publicKey, privateKey); } if (armor) { // close() just finishes and flushes the stream but does not close it aOut.close(); } out.close(); } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Error in signing", e); } }
From source file:com.geekcommune.identity.EncryptionUtil.java
License:Open Source License
/** * Decrypt the specified (PKE) input file. * /*from ww w .j a va 2s . com*/ * Either pubRing and secRing should be null, or pgpSecKey should be null, but not both. * * @param out * @param inFile * @param pubRing * @param secRing * @param pgpSecKey * @param encKey * @param passwd * @param mdcRequired * @throws PGPException */ private void decryptKeyBasedFile(OutputStream out, InputStream inFile, PGPPublicKeyRingCollection pubRing, PGPSecretKeyRingCollection secRing, PGPSecretKey pgpSecKey, char[] passwd, boolean mdcRequired) throws PGPException { try { InputStream fileToDecrypt = PGPUtil.getDecoderStream(inFile); PGPObjectFactory pgpFact = new PGPObjectFactory(fileToDecrypt); Object message = pgpFact.nextObject(); PGPPublicKeyEncryptedData pked = null; // PGPCompressedData cData; // Check for signed only if (!(message instanceof PGPCompressedData)) { // // Encrypted - the first object might be a PGP marker packet. // if (!(message instanceof PGPEncryptedDataList)) { message = pgpFact.nextObject(); if (!(message instanceof PGPEncryptedDataList)) { throw new PGPException("Unrecognised PGP message type: " + message.getClass()); } } PGPEncryptedDataList enc = (PGPEncryptedDataList) message; int count = 0; // find the secret key that is needed while (count != enc.size()) { if (enc.get(count) instanceof PGPPublicKeyEncryptedData) { pked = (PGPPublicKeyEncryptedData) enc.get(count); if (pgpSecKey == null) { pgpSecKey = secRing.getSecretKey(pked.getKeyID()); if (pgpSecKey != null) { break; } } else { if (pgpSecKey.getKeyID() == pked.getKeyID()) { break; } } } count++; } if (pgpSecKey == null) { throw new PGPException("Corresponding secret key not found"); } // Check for revoked key PGPPublicKey encKey = pgpSecKey.getPublicKey(); if (encKey == null) { encKey = findPublicKey(pubRing, pgpSecKey.getKeyID(), true); } if (encKey.isRevoked()) { String keyId = Long.toHexString(encKey.getKeyID()).substring(8); System.out.println("Warning: Encryption key (0x" + keyId + ") has been revoked"); // throw new PGPException("Encryption key (0x"+keyId+") has been revoked"); } InputStream clear = pked.getDataStream(pgpSecKey.extractPrivateKey(passwd, "BC"), "BC"); PGPObjectFactory pgpClearFact = new PGPObjectFactory(clear); message = pgpClearFact.nextObject(); if (message == null) { message = pgpFact.nextObject(); } // // cData = (PGPCompressedData) pgpFact.nextObject(); // } // else { // cData = (PGPCompressedData) message; } if (message instanceof PGPCompressedData) { PGPCompressedData compressedData = (PGPCompressedData) message; pgpFact = new PGPObjectFactory(compressedData.getDataStream()); message = pgpFact.nextObject(); } // Plain file if (message instanceof PGPLiteralData) { PGPLiteralData ld = (PGPLiteralData) message; InputStream dataIn = ld.getInputStream(); int ch; while ((ch = dataIn.read()) >= 0) { out.write(ch); } out.close(); } else if (message instanceof PGPOnePassSignatureList) { // One-pass signature if (!checkOnePassSignature(out, (PGPOnePassSignatureList) message, pgpFact, pubRing)) { throw new PGPException("Signature verification failed"); } System.out.println("Signature verified"); } else if (message instanceof PGPSignatureList) { // Signature list if (!checkSignature(out, (PGPSignatureList) message, pgpFact, pubRing)) { throw new PGPException("Signature verification failed"); } System.out.println("Signature verified"); } else { // what? // System.out.println("Unrecognised message type"); throw new PGPException("Unrecognised PGP message type: " + message.getClass()); } if (pked != null) { if (pked.isIntegrityProtected()) { if (!pked.verify()) { throw new PGPException("Message failed integrity check"); } if (_verbose) { System.out.println("Message integrity check passed"); } } else { if (_verbose) { System.out.println("No message integrity check"); } if (mdcRequired) { throw new PGPException("Missing required message integrity check"); } } } } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Error in decryption", e); } }
From source file:com.geekcommune.identity.EncryptionUtil.java
License:Open Source License
/** * Check the signature in clear-signed data */// www . j a v a 2 s . co m private boolean checkClearsign(InputStream in, PGPPublicKeyRingCollection pgpRings) throws PGPException { try { // // read the input, making sure we ingore the last newline. // ArmoredInputStream aIn = (ArmoredInputStream) in; boolean newLine = false; ByteArrayOutputStream bOut = new ByteArrayOutputStream(); int ch; while ((ch = aIn.read()) >= 0 && aIn.isClearText()) { if (newLine) { bOut.write((byte) '\n'); newLine = false; } if (ch == '\n') { newLine = true; continue; } bOut.write((byte) ch); } PGPObjectFactory pgpFact = new PGPObjectFactory(aIn); PGPSignatureList p3 = (PGPSignatureList) pgpFact.nextObject(); PGPSignature sig = null; PGPPublicKey key = null; int count = 0; while (count < p3.size()) { sig = (PGPSignature) p3.get(count); key = pgpRings.getPublicKey(sig.getKeyID()); if (key != null) { break; } count++; } if (key == null) { throw new PGPException("Corresponding public key not found"); } if (key.isRevoked()) { String keyId = Long.toHexString(key.getKeyID()).substring(8); System.out.println("Warning: Signing key (0x" + keyId + ") has been revoked"); // throw new PGPException("Signing key (0x"+keyId+") has been revoked"); } sig.initVerify(key, "BC"); sig.update(bOut.toByteArray()); return sig.verify(); } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Error in verification", e); } }
From source file:com.geekcommune.identity.EncryptionUtil.java
License:Open Source License
/** * Check a one-pass signature//from ww w.j ava 2 s . c o m */ private boolean checkOnePassSignature(OutputStream out, PGPOnePassSignatureList p1, PGPObjectFactory pgpFact, PGPPublicKeyRingCollection pgpRing) throws PGPException { try { PGPOnePassSignature ops = null; PGPPublicKey key = null; int count = 0; while (count < p1.size()) { ops = p1.get(count); key = pgpRing.getPublicKey(ops.getKeyID()); if (key != null) { break; } count++; } if (key == null) { throw new PGPException("Corresponding public key not found"); } if (key.isRevoked()) { String keyId = Long.toHexString(key.getKeyID()).substring(8); System.out.println("Warning: Signing key (0x" + keyId + ") has been revoked"); // throw new PGPException("Signing key (0x"+keyId+") has been revoked"); } PGPLiteralData ld = (PGPLiteralData) pgpFact.nextObject(); // if (outputFilename == null) { // outputFilename = ld.getFileName(); // } // // FileOutputStream out = new FileOutputStream(outputFilename); InputStream dataIn = ld.getInputStream(); ops.initVerify(key, "BC"); int ch; while ((ch = dataIn.read()) >= 0) { ops.update((byte) ch); out.write(ch); } out.close(); PGPSignatureList p3 = (PGPSignatureList) pgpFact.nextObject(); return ops.verify(p3.get(0)); } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Error in verification", e); } }
From source file:com.geekcommune.identity.EncryptionUtil.java
License:Open Source License
/** * Check a signature/* w ww . j a v a2 s. co m*/ */ private boolean checkSignature(OutputStream out, PGPSignatureList sigList, PGPObjectFactory pgpFact, PGPPublicKeyRingCollection pgpRing) throws PGPException { try { PGPSignature sig = null; PGPPublicKey key = null; int count = 0; while (count < sigList.size()) { sig = sigList.get(count); key = pgpRing.getPublicKey(sig.getKeyID()); if (key != null) { break; } count++; } if (key == null) { throw new PGPException("Corresponding public key not found"); } if (key.isRevoked()) { String keyId = Long.toHexString(key.getKeyID()).substring(8); System.out.println("Warning: Signing key (0x" + keyId + ") has been revoked"); // throw new PGPException("Signing key (0x"+keyId+") has been revoked"); } PGPLiteralData ld = (PGPLiteralData) pgpFact.nextObject(); // if (outputFilename == null) { // outputFilename = ld.getFileName(); // } // // FileOutputStream out = new FileOutputStream(outputFilename); InputStream dataIn = ld.getInputStream(); sig.initVerify(key, "BC"); int ch; while ((ch = dataIn.read()) >= 0) { sig.update((byte) ch); out.write(ch); } out.close(); return sig.verify(); } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Error in verification", e); } }
From source file:com.github.jpks.core.service.impl.PublicKeyReaderServiceImpl.java
License:Apache License
private PublicKeyImpl convert(final PGPPublicKey pgpPublicKey) { PublicKeyImpl key = new PublicKeyImpl(); key.setUserIds(new ArrayList<UserIdImpl>()); key.setKeyId(Long.toHexString(pgpPublicKey.getKeyID()).toUpperCase()); key.setAlgo(pgpPublicKey.getAlgorithm()); key.setKeyLen(pgpPublicKey.getBitStrength()); key.setCreationDate(pgpPublicKey.getCreationTime()); key.setMaster(pgpPublicKey.isMasterKey()); key.setRevoked(pgpPublicKey.isRevoked()); Iterator userIDs = pgpPublicKey.getUserIDs(); while (userIDs.hasNext()) { String userUd = (String) userIDs.next(); UserIdImpl userId = convert(userUd); userId.setCreationDate(pgpPublicKey.getCreationTime()); key.addUserId(userId);//from w w w. j a v a 2s. com } return key; }
From source file:com.google.gerrit.gpg.PublicKeyChecker.java
License:Apache License
private CheckResult check(PGPPublicKey key, PublicKeyStore store, int depth, boolean expand, Set<Fingerprint> seen) { List<String> problems = new ArrayList<>(); if (key.isRevoked()) { // TODO(dborowitz): isRevoked is overeager: // http://www.bouncycastle.org/jira/browse/BJB-45 problems.add("Key is revoked"); }/*ww w . ja v a 2s. c o m*/ long validSecs = key.getValidSeconds(); if (validSecs != 0) { long createdSecs = key.getCreationTime().getTime() / 1000; long nowSecs = System.currentTimeMillis() / 1000; if (nowSecs - createdSecs > validSecs) { problems.add("Key is expired"); } } checkCustom(key, problems); CheckResult trustResult = checkWebOfTrust(key, store, depth, seen); if (expand) { problems.addAll(trustResult.getProblems()); } else if (!trustResult.isOk()) { problems.add("Key is not trusted"); } return new CheckResult(problems); }
From source file:com.google.gerrit.server.git.gpg.PublicKeyChecker.java
License:Apache License
/** * Check a public key./* www. j a va 2s .co m*/ * * @param key the public key. * @param expectedKeyId the key ID that the caller expects. */ public final CheckResult check(PGPPublicKey key, long expectedKeyId) { List<String> problems = new ArrayList<>(); if (key.getKeyID() != expectedKeyId) { problems.add("Public key does not match ID " + keyIdToString(expectedKeyId)); } if (key.isRevoked()) { // TODO(dborowitz): isRevoked is overeager: // http://www.bouncycastle.org/jira/browse/BJB-45 problems.add("Key is revoked"); } long validSecs = key.getValidSeconds(); if (validSecs != 0) { long createdSecs = key.getCreationTime().getTime() / 1000; long nowSecs = System.currentTimeMillis() / 1000; if (nowSecs - createdSecs > validSecs) { problems.add("Key is expired"); } } checkCustom(key, expectedKeyId, problems); return new CheckResult(problems); }