Example usage for org.bouncycastle.openpgp PGPSecretKey copyWithNewPassword

List of usage examples for org.bouncycastle.openpgp PGPSecretKey copyWithNewPassword

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.openpgp.*
  5. PGPSecretKey
  6. copyWithNewPassword

Introduction

In this page you can find the example usage for org.bouncycastle.openpgp PGPSecretKey copyWithNewPassword.

Prototype

public static PGPSecretKey copyWithNewPassword(PGPSecretKey key, PBESecretKeyDecryptor oldKeyDecryptor,
        PBESecretKeyEncryptor newKeyEncryptor) throws PGPException

Source Link

Document

Return a copy of the passed in secret key, encrypted using a new password and the passed in algorithm.

Usage

From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java

License:Open Source License

private static PGPSecretKeyRing applyNewPassphrase(PGPSecretKeyRing sKR, PGPPublicKey masterPublicKey,
        Passphrase passphrase, Passphrase newPassphrase, OperationLog log, int indent) throws PGPException {

    PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder().build()
            .get(PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
    PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray());
    // Build key encryptor based on new passphrase
    PBESecretKeyEncryptor keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder(
            PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
            PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(newPassphrase.getCharArray());
    boolean keysModified = false;

    for (PGPSecretKey sKey : new IterableIterator<>(sKR.getSecretKeys())) {
        log.add(LogType.MSG_MF_PASSPHRASE_KEY, indent, KeyFormattingUtils.convertKeyIdToHex(sKey.getKeyID()));

        boolean ok = false;

        try {// w  w  w  .  j av  a  2  s .  c  om
            // try to set new passphrase
            sKey = PGPSecretKey.copyWithNewPassword(sKey, keyDecryptor, keyEncryptorNew);
            ok = true;
        } catch (PGPException e) {

            // if the master key failed && it's not stripped, error!
            if (sKey.getKeyID() == masterPublicKey.getKeyID() && !isDummy(sKey)) {
                log.add(LogType.MSG_MF_ERROR_PASSPHRASE_MASTER, indent + 1);
                return null;
            }

            // being in here means decrypt failed, likely due to a bad passphrase try
            // again with an empty passphrase, maybe we can salvage this
            try {
                log.add(LogType.MSG_MF_PASSPHRASE_EMPTY_RETRY, indent + 1);
                PBESecretKeyDecryptor emptyDecryptor = new JcePBESecretKeyDecryptorBuilder()
                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
                sKey = PGPSecretKey.copyWithNewPassword(sKey, emptyDecryptor, keyEncryptorNew);
                ok = true;
            } catch (PGPException e2) {
                // non-fatal but not ok, handled below
            }
        }

        if (!ok) {
            // for a subkey, it's merely a warning
            log.add(LogType.MSG_MF_PASSPHRASE_FAIL, indent + 1,
                    KeyFormattingUtils.convertKeyIdToHex(sKey.getKeyID()));
            continue;
        }

        sKR = PGPSecretKeyRing.insertSecretKey(sKR, sKey);
        keysModified = true;
    }

    if (!keysModified) {
        // no passphrase was changed
        log.add(LogType.MSG_MF_ERROR_PASSPHRASES_UNCHANGED, indent + 1);
        return null;
    }

    return sKR;

}