List of usage examples for org.bouncycastle.openpgp PGPSecretKey copyWithNewPassword
public static PGPSecretKey copyWithNewPassword(PGPSecretKey key, PBESecretKeyDecryptor oldKeyDecryptor, PBESecretKeyEncryptor newKeyEncryptor) throws PGPException
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static PGPSecretKeyRing applyNewPassphrase(PGPSecretKeyRing sKR, PGPPublicKey masterPublicKey, Passphrase passphrase, Passphrase newPassphrase, OperationLog log, int indent) throws PGPException { PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO); PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray()); // Build key encryptor based on new passphrase PBESecretKeyEncryptor keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder( PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc, PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT) .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(newPassphrase.getCharArray()); boolean keysModified = false; for (PGPSecretKey sKey : new IterableIterator<>(sKR.getSecretKeys())) { log.add(LogType.MSG_MF_PASSPHRASE_KEY, indent, KeyFormattingUtils.convertKeyIdToHex(sKey.getKeyID())); boolean ok = false; try {// w w w . j av a 2 s . c om // try to set new passphrase sKey = PGPSecretKey.copyWithNewPassword(sKey, keyDecryptor, keyEncryptorNew); ok = true; } catch (PGPException e) { // if the master key failed && it's not stripped, error! if (sKey.getKeyID() == masterPublicKey.getKeyID() && !isDummy(sKey)) { log.add(LogType.MSG_MF_ERROR_PASSPHRASE_MASTER, indent + 1); return null; } // being in here means decrypt failed, likely due to a bad passphrase try // again with an empty passphrase, maybe we can salvage this try { log.add(LogType.MSG_MF_PASSPHRASE_EMPTY_RETRY, indent + 1); PBESecretKeyDecryptor emptyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); sKey = PGPSecretKey.copyWithNewPassword(sKey, emptyDecryptor, keyEncryptorNew); ok = true; } catch (PGPException e2) { // non-fatal but not ok, handled below } } if (!ok) { // for a subkey, it's merely a warning log.add(LogType.MSG_MF_PASSPHRASE_FAIL, indent + 1, KeyFormattingUtils.convertKeyIdToHex(sKey.getKeyID())); continue; } sKR = PGPSecretKeyRing.insertSecretKey(sKR, sKey); keysModified = true; } if (!keysModified) { // no passphrase was changed log.add(LogType.MSG_MF_ERROR_PASSPHRASES_UNCHANGED, indent + 1); return null; } return sKR; }