List of usage examples for org.bouncycastle.openpgp PGPSignature getEncoded
public byte[] getEncoded() throws IOException
From source file:exchange.User.java
public String addSignature(String message) throws PGPException, SignatureException, IOException { message = (message.endsWith("#")) ? message.substring(0, message.length() - 1) : message; PGPSignatureGenerator sigGen = new PGPSignatureGenerator( new BcPGPContentSignerBuilder(keyAlgorithm, PGPUtil.SHA256)); sigGen.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privateKey); sigGen.update(message.getBytes());// w w w . j a v a 2 s. com PGPSignature signature = sigGen.generate(); System.out.println(message); return message + msgDelimiter + DatatypeConverter.printBase64Binary(signature.getEncoded()); }
From source file:org.kontalk.xmppserver.pgp.PGPUtils.java
License:Open Source License
public static PGPPublicKeyRing merge(PGPPublicKeyRing oldRing, PGPPublicKeyRing newRing) throws PGPException, IOException { if (!equals(oldRing, newRing)) { throw new PGPKeyValidationException("keys are not equal"); }// ww w .j a v a 2 s .com // remember which certs we already added. this is cheaper than semantic deduplication Set<byte[]> certs = new TreeSet<>(new Comparator<byte[]>() { public int compare(byte[] left, byte[] right) { // check for length equality if (left.length != right.length) { return left.length - right.length; } // compare byte-by-byte for (int i = 0; i < left.length; i++) { if (left[i] != right[i]) { return (left[i] & 0xff) - (right[i] & 0xff); } } // ok they're the same return 0; } }); PGPPublicKeyRing result = oldRing; PGPPublicKeyRing candidate = newRing; // Pre-load all existing certificates for (@SuppressWarnings("unchecked") Iterator<PGPPublicKey> i = result.getPublicKeys(); i.hasNext();) { PGPPublicKey key = i.next(); for (@SuppressWarnings("unchecked") Iterator<PGPSignature> j = key.getSignatures(); j.hasNext();) { PGPSignature cert = j.next(); certs.add(cert.getEncoded()); } } for (@SuppressWarnings("unchecked") Iterator<PGPPublicKey> i = candidate.getPublicKeys(); i.hasNext();) { PGPPublicKey key = i.next(); final PGPPublicKey resultKey = result.getPublicKey(key.getKeyID()); if (resultKey == null) { // otherwise, just insert the public key result = PGPPublicKeyRing.insertPublicKey(result, key); continue; } // Modifiable version of the old key, which we merge stuff into (keep old for comparison) PGPPublicKey modified = resultKey; // Iterate certifications for (@SuppressWarnings("unchecked") Iterator<PGPSignature> j = key.getSignatures(); j.hasNext();) { PGPSignature cert = j.next(); byte[] encoded = cert.getEncoded(); // Known cert, skip it if (certs.contains(encoded)) { continue; } certs.add(encoded); modified = PGPPublicKey.addCertification(modified, cert); } // If this is a subkey, merge it in and stop here if (!key.isMasterKey()) { if (modified != resultKey) { result = PGPPublicKeyRing.insertPublicKey(result, modified); } continue; } // Copy over all user id certificates for (@SuppressWarnings("unchecked") Iterator<byte[]> r = key.getRawUserIDs(); r.hasNext();) { byte[] rawUserId = r.next(); @SuppressWarnings("unchecked") Iterator<PGPSignature> signaturesIt = key.getSignaturesForID(rawUserId); // no signatures for this User ID, skip it if (signaturesIt == null) { continue; } while (signaturesIt.hasNext()) { PGPSignature cert = signaturesIt.next(); byte[] encoded = cert.getEncoded(); // Known cert, skip it if (certs.contains(encoded)) { continue; } certs.add(encoded); modified = PGPPublicKey.addCertification(modified, rawUserId, cert); } } // Copy over all user attribute certificates for (@SuppressWarnings("unchecked") Iterator<PGPUserAttributeSubpacketVector> v = key.getUserAttributes(); v.hasNext();) { PGPUserAttributeSubpacketVector vector = v.next(); @SuppressWarnings("unchecked") Iterator<PGPSignature> signaturesIt = key.getSignaturesForUserAttribute(vector); // no signatures for this user attribute attribute, skip it if (signaturesIt == null) { continue; } while (signaturesIt.hasNext()) { PGPSignature cert = signaturesIt.next(); byte[] encoded = cert.getEncoded(); // Known cert, skip it if (certs.contains(encoded)) { continue; } certs.add(encoded); modified = PGPPublicKey.addCertification(modified, vector, cert); } } // If anything change, save the updated (sub)key if (modified != resultKey) { result = PGPPublicKeyRing.insertPublicKey(result, modified); } } return result; }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyRing.java
License:Open Source License
/** This operation merges information from a different keyring, returning a combined * UncachedKeyRing.//from www. j a v a 2s . c o m * * The combined keyring contains the subkeys, user ids and user attributes of both input * keyrings, but it does not necessarily have the canonicalized property. * * @param other The UncachedKeyRing to merge. Must not be empty, and of the same masterKeyId * @return A consolidated UncachedKeyRing with the data of both input keyrings. Same type as * this object, or null on error. * */ public UncachedKeyRing merge(UncachedKeyRing other, OperationLog log, int indent) { // This is logged in the calling method to provide more meta info // log.add(isSecret() ? LogType.MSG_MG_SECRET : LogType.MSG_MG_PUBLIC, // indent, KeyFormattingUtils.convertKeyIdToHex(getMasterKeyId())); indent += 1; long masterKeyId = other.getMasterKeyId(); if (getMasterKeyId() != masterKeyId || !Arrays.equals(getFingerprint(), other.getFingerprint())) { log.add(LogType.MSG_MG_ERROR_HETEROGENEOUS, indent); return null; } // remember which certs we already added. this is cheaper than semantic deduplication Set<byte[]> certs = new TreeSet<>(new Comparator<byte[]>() { public int compare(byte[] left, byte[] right) { // check for length equality if (left.length != right.length) { return left.length - right.length; } // compare byte-by-byte for (int i = 0; i < left.length; i++) { if (left[i] != right[i]) { return (left[i] & 0xff) - (right[i] & 0xff); } } // ok they're the same return 0; } }); try { PGPKeyRing result = mRing; PGPKeyRing candidate = other.mRing; // Pre-load all existing certificates for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(result.getPublicKeys())) { for (PGPSignature cert : new IterableIterator<PGPSignature>(key.getSignatures())) { certs.add(cert.getEncoded()); } } // keep track of the number of new certs we add int newCerts = 0; for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(candidate.getPublicKeys())) { final PGPPublicKey resultKey = result.getPublicKey(key.getKeyID()); if (resultKey == null) { log.add(LogType.MSG_MG_NEW_SUBKEY, indent); // special case: if both rings are secret, copy over the secret key if (isSecret() && other.isSecret()) { PGPSecretKey sKey = ((PGPSecretKeyRing) candidate).getSecretKey(key.getKeyID()); result = PGPSecretKeyRing.insertSecretKey((PGPSecretKeyRing) result, sKey); } else { // otherwise, just insert the public key result = replacePublicKey(result, key); } continue; } // Modifiable version of the old key, which we merge stuff into (keep old for comparison) PGPPublicKey modified = resultKey; // Iterate certifications for (PGPSignature cert : new IterableIterator<PGPSignature>(key.getKeySignatures())) { // Don't merge foreign stuff into secret keys if (cert.getKeyID() != masterKeyId && isSecret()) { continue; } byte[] encoded = cert.getEncoded(); // Known cert, skip it if (certs.contains(encoded)) { continue; } certs.add(encoded); modified = PGPPublicKey.addCertification(modified, cert); newCerts += 1; } // If this is a subkey, merge it in and stop here if (!key.isMasterKey()) { if (modified != resultKey) { result = replacePublicKey(result, modified); } continue; } // Copy over all user id certificates for (byte[] rawUserId : new IterableIterator<byte[]>(key.getRawUserIDs())) { @SuppressWarnings("unchecked") Iterator<PGPSignature> signaturesIt = key.getSignaturesForID(rawUserId); // no signatures for this User ID, skip it if (signaturesIt == null) { continue; } for (PGPSignature cert : new IterableIterator<>(signaturesIt)) { // Don't merge foreign stuff into secret keys if (cert.getKeyID() != masterKeyId && isSecret()) { continue; } byte[] encoded = cert.getEncoded(); // Known cert, skip it if (certs.contains(encoded)) { continue; } newCerts += 1; certs.add(encoded); modified = PGPPublicKey.addCertification(modified, rawUserId, cert); } } // Copy over all user attribute certificates for (PGPUserAttributeSubpacketVector vector : new IterableIterator<PGPUserAttributeSubpacketVector>( key.getUserAttributes())) { @SuppressWarnings("unchecked") Iterator<PGPSignature> signaturesIt = key.getSignaturesForUserAttribute(vector); // no signatures for this user attribute attribute, skip it if (signaturesIt == null) { continue; } for (PGPSignature cert : new IterableIterator<>(signaturesIt)) { // Don't merge foreign stuff into secret keys if (cert.getKeyID() != masterKeyId && isSecret()) { continue; } byte[] encoded = cert.getEncoded(); // Known cert, skip it if (certs.contains(encoded)) { continue; } newCerts += 1; certs.add(encoded); modified = PGPPublicKey.addCertification(modified, vector, cert); } } // If anything change, save the updated (sub)key if (modified != resultKey) { result = replacePublicKey(result, modified); } } if (newCerts > 0) { log.add(LogType.MSG_MG_FOUND_NEW, indent, Integer.toString(newCerts)); } else { log.add(LogType.MSG_MG_UNCHANGED, indent); } return new UncachedKeyRing(result); } catch (IOException e) { log.add(LogType.MSG_MG_ERROR_ENCODE, indent); return null; } }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
@Test public void testRevocationRedundant() throws Exception { PGPSignature revocation = forgeSignature(secretKey, PGPSignature.KEY_REVOCATION, subHashedPacketsGen, secretKey.getPublicKey());/*w ww.j a va 2 s .c o m*/ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, revocation.getEncoded(), 1); // try to add the same packet again, it should be rejected in all positions injectEverywhere(modified, revocation.getEncoded()); // an older (but different!) revocation should be rejected as well subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() - 1000 * 1000)); revocation = forgeSignature(secretKey, PGPSignature.KEY_REVOCATION, subHashedPacketsGen, secretKey.getPublicKey()); injectEverywhere(modified, revocation.getEncoded()); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
@Test public void testUidRedundant() throws Exception { // an older uid certificate should be rejected subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() - 1000 * 1000)); PGPSignature revocation = forgeSignature(secretKey, PGPSignature.DEFAULT_CERTIFICATION, subHashedPacketsGen, "twi", secretKey.getPublicKey()); injectEverywhere(ring, revocation.getEncoded()); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
@Test public void testUidRevocationOutdated() throws Exception { // an older uid revocation cert should be rejected subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() - 1000 * 1000)); PGPSignature revocation = forgeSignature(secretKey, PGPSignature.CERTIFICATION_REVOCATION, subHashedPacketsGen, "twi", secretKey.getPublicKey()); injectEverywhere(ring, revocation.getEncoded()); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
@Test public void testUidRevocationRedundant() throws Exception { PGPSignature revocation = forgeSignature(secretKey, PGPSignature.CERTIFICATION_REVOCATION, subHashedPacketsGen, "twi", secretKey.getPublicKey()); // add that revocation to the base, and check if the redundant one will be rejected as well UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, revocation.getEncoded(), 2); injectEverywhere(modified, revocation.getEncoded()); // an older (but different!) uid revocation should be rejected as well subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() - 1000 * 1000)); revocation = forgeSignature(secretKey, PGPSignature.CERTIFICATION_REVOCATION, subHashedPacketsGen, "twi", secretKey.getPublicKey());/* w w w .j ava 2 s . c o m*/ injectEverywhere(modified, revocation.getEncoded()); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
@Test public void testSubkeyBindingNoPKB() throws Exception { UncachedPublicKey pKey = KeyringTestingHelper.getNth(ring.getPublicKeys(), 1); PGPSignature sig; subHashedPacketsGen.setKeyFlags(false, KeyFlags.SIGN_DATA); {// w ww . j a v a 2 s .c om // forge a (newer) signature, which has the sign flag but no primary key binding sig PGPSignatureSubpacketGenerator unhashedSubs = new PGPSignatureSubpacketGenerator(); // just add any random signature, because why not unhashedSubs.setEmbeddedSignature(false, forgeSignature(secretKey, PGPSignature.POSITIVE_CERTIFICATION, subHashedPacketsGen, secretKey.getPublicKey())); sig = forgeSignature(secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen, unhashedSubs, secretKey.getPublicKey(), pKey.getPublicKey()); // inject in the right position UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, sig.getEncoded(), 8); // canonicalize, and check if we lose the bad signature CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0); Assert.assertFalse("subkey binding signature should be gone after canonicalization", KeyringTestingHelper.diffKeyrings(ring.getEncoded(), canonicalized.getEncoded(), onlyA, onlyB)); } { // now try one with a /bad/ primary key binding signature PGPSignatureSubpacketGenerator unhashedSubs = new PGPSignatureSubpacketGenerator(); // this one is signed by the primary key itself, not the subkey - but it IS primary binding unhashedSubs.setEmbeddedSignature(false, forgeSignature(secretKey, PGPSignature.PRIMARYKEY_BINDING, subHashedPacketsGen, secretKey.getPublicKey(), pKey.getPublicKey())); sig = forgeSignature(secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen, unhashedSubs, secretKey.getPublicKey(), pKey.getPublicKey()); // inject in the right position UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, sig.getEncoded(), 8); // canonicalize, and check if we lose the bad signature CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0); Assert.assertFalse("subkey binding signature should be gone after canonicalization", KeyringTestingHelper.diffKeyrings(ring.getEncoded(), canonicalized.getEncoded(), onlyA, onlyB)); } }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
@Test public void testSubkeyBindingRedundant() throws Exception { UncachedPublicKey pKey = KeyringTestingHelper.getNth(ring.getPublicKeys(), 2); subHashedPacketsGen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS); PGPSignature sig2 = forgeSignature(secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen, secretKey.getPublicKey(), pKey.getPublicKey()); subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() - 1000 * 1000)); PGPSignature sig1 = forgeSignature(secretKey, PGPSignature.SUBKEY_REVOCATION, subHashedPacketsGen, secretKey.getPublicKey(), pKey.getPublicKey()); subHashedPacketsGen = new PGPSignatureSubpacketGenerator(); subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() - 100 * 1000)); PGPSignature sig3 = forgeSignature(secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen, secretKey.getPublicKey(), pKey.getPublicKey()); UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, sig1.getEncoded(), 10); modified = KeyringTestingHelper.injectPacket(modified, sig2.getEncoded(), 11); modified = KeyringTestingHelper.injectPacket(modified, sig1.getEncoded(), 12); modified = KeyringTestingHelper.injectPacket(modified, sig3.getEncoded(), 13); // canonicalize, and check if we lose the bad signature CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0); Assert.assertTrue("subkey binding signature should be gone after canonicalization", KeyringTestingHelper.diffKeyrings(modified.getEncoded(), canonicalized.getEncoded(), onlyA, onlyB)); Assert.assertEquals("canonicalized keyring should have lost two packets", 3, onlyA.size()); Assert.assertEquals("canonicalized keyring should have no extra packets", 0, onlyB.size()); Assert.assertEquals("first missing packet should be the subkey", PacketTags.SIGNATURE, onlyA.get(0).tag); Assert.assertEquals("second missing packet should be a signature", PacketTags.SIGNATURE, onlyA.get(1).tag); Assert.assertEquals("second missing packet should be a signature", PacketTags.SIGNATURE, onlyA.get(2).tag); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
private static void injectEverytype(PGPSecretKey secretKey, UncachedKeyRing ring, PGPSignatureSubpacketGenerator subHashedPacketsGen, boolean breakSig) throws Exception { for (int sigtype : sigtypes_direct) { PGPSignature sig = forgeSignature(secretKey, sigtype, subHashedPacketsGen, secretKey.getPublicKey()); byte[] encoded = sig.getEncoded(); if (breakSig) { encoded[encoded.length - 10] += 1; }/* ww w .ja v a 2s . c o m*/ injectEverywhere(ring, encoded); } for (int sigtype : sigtypes_uid) { PGPSignature sig = forgeSignature(secretKey, sigtype, subHashedPacketsGen, "twi", secretKey.getPublicKey()); byte[] encoded = sig.getEncoded(); if (breakSig) { encoded[encoded.length - 10] += 1; } injectEverywhere(ring, encoded); } for (int sigtype : sigtypes_subkey) { PGPSignature sig = forgeSignature(secretKey, sigtype, subHashedPacketsGen, secretKey.getPublicKey(), secretKey.getPublicKey()); byte[] encoded = sig.getEncoded(); if (breakSig) { encoded[encoded.length - 10] += 1; } injectEverywhere(ring, encoded); } }