List of usage examples for org.bouncycastle.openpgp PGPSignature POSITIVE_CERTIFICATION
int POSITIVE_CERTIFICATION
To view the source code for org.bouncycastle.openpgp PGPSignature POSITIVE_CERTIFICATION.
Click Source Link
From source file:SELSKeyGen.java
License:Open Source License
private static void exportKeyPair(OutputStream secretOut, OutputStream publicOut, KeyPair dsaKp, KeyPair elgKp, String identity, char[] passPhrase, boolean armor, int exptimesec) throws IOException, InvalidKeyException, NoSuchProviderException, SignatureException, PGPException { if ((armor) && (secretOut != null)) { secretOut = new ArmoredOutputStream(secretOut); }/*from w w w .java2s. com*/ //Create subpacket vector for expiration time PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator(); int secondsToExpire = exptimesec; subpacketGenerator.setKeyExpirationTime(false, secondsToExpire); subpacketGenerator.setExportable(true, true); PGPSignatureSubpacketVector subpacketVector = subpacketGenerator.generate(); PGPKeyPair dsaKeyPair = new PGPKeyPair(PGPPublicKey.DSA, dsaKp, new Date(), "BC"); PGPKeyPair elgKeyPair = new PGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elgKp, new Date(), "BC"); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaKeyPair, identity, PGPEncryptedData.AES_256, passPhrase, subpacketVector, null, new SecureRandom(), "BC"); keyRingGen.addSubKey(elgKeyPair); if (secretOut != null) { keyRingGen.generateSecretKeyRing().encode(secretOut); secretOut.close(); } if (armor) { publicOut = new ArmoredOutputStream(publicOut); } keyRingGen.generatePublicKeyRing().encode(publicOut); publicOut.close(); }
From source file:com.fuzion.tools.pgp.BCPGPKeyGenTools.java
License:Open Source License
/** * //from w w w . j a v a 2 s .co m * @param dsaKeyPair - the generated DSA key pair * @param elGamalKeyPair - the generated El Gamal key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the El Gamal key pair added as sub key * @throws Exception */ @SuppressWarnings("deprecation") public static final PGPKeyRingGenerator createPGPKeyRingGeneratorForDSAKeyPair(KeyPair dsaKeyPair, KeyPair elGamalKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair dsaPgpKeyPair = new PGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date()); PGPKeyPair elGamalPgpKeyPair = new PGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elGamalKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaPgpKeyPair, identity, sha1Calc, null, null, new JcaPGPContentSignerBuilder(dsaPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider("BC") .build(passphrase)); keyRingGen.addSubKey(elGamalPgpKeyPair); return keyRingGen; }
From source file:com.fuzion.tools.pgp.BCPGPKeyGenTools.java
License:Open Source License
/** * /*from w ww .j av a 2s. c o m*/ * @param signKeyPair - the generated signing RSA key pair * @param encryptKeyPair - the generated encrypting RSA key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the RSA key pair added as sub key * @throws Exception */ @SuppressWarnings("deprecation") public static final PGPKeyRingGenerator createPGPKeyRingGeneratorForRSAKeyPair(KeyPair signKeyPair, KeyPair encryptKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair signPgpKeyPair = new PGPKeyPair(PGPPublicKey.RSA_SIGN, signKeyPair, new Date()); PGPKeyPair encryptPgpKeyPair = new PGPKeyPair(PGPPublicKey.RSA_ENCRYPT, encryptKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, signPgpKeyPair, identity, sha1Calc, null, null, new JcaPGPContentSignerBuilder(signPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider("BC") .build(passphrase)); keyRingGen.addSubKey(encryptPgpKeyPair); return keyRingGen; }
From source file:com.google.e2e.bcdriver.KeyChecker.java
License:Apache License
private static final void maybeAddUserID(List<UserID> uids, PGPPublicKey pk, String uid, StringBuilder errors) throws PGPException, SignatureException, IOException { Iterator<PGPSignature> sigit = Util.getTypedIterator(pk.getSignaturesForID(uid), PGPSignature.class); if (sigit == null) { errors.append(/* w w w . ja v a 2 s .com*/ "Reject name '" + uid + "' for " + nicePk(pk) + " because no self-signatures were found.\n"); return; } // Select the most recent valid signature. PGPSignature validSig = null; long validTs = -1L; while (sigit.hasNext()) { PGPSignature sig = sigit.next(); switch (sig.getSignatureType()) { case PGPSignature.DEFAULT_CERTIFICATION: case PGPSignature.NO_CERTIFICATION: case PGPSignature.CASUAL_CERTIFICATION: case PGPSignature.POSITIVE_CERTIFICATION: case PGPSignature.CERTIFICATION_REVOCATION: if (isGoodUIDSignature(sig, pk, uid, errors)) { long ts = sig.getCreationTime().getTime(); if (ts > validTs) { validTs = ts; validSig = sig; } } break; default: break; } } if (validSig == null) { errors.append("Name '" + uid + "' rejected because no self-signatures were found.\n"); return; } if (validSig.getSignatureType() == PGPSignature.CERTIFICATION_REVOCATION) { errors.append("Name '" + uid + "' rejected because it was revoked.\n"); return; } // Add UID information. uids.add(new UserID(uid, validSig)); }
From source file:com.google.gerrit.gpg.GerritPublicKeyChecker.java
License:Apache License
private static boolean isValidCertification(PGPPublicKey key, PGPSignature sig, String userId) throws PGPException { if (sig.getSignatureType() != PGPSignature.DEFAULT_CERTIFICATION && sig.getSignatureType() != PGPSignature.POSITIVE_CERTIFICATION) { return false; }/* ww w. j av a 2 s . c o m*/ if (sig.getKeyID() != key.getKeyID()) { return false; } // TODO(dborowitz): Handle certification revocations: // - Is there a revocation by either this key or another key trusted by the // server? // - Does such a revocation postdate all other valid certifications? sig.init(new BcPGPContentVerifierBuilderProvider(), key); return sig.verifyCertification(userId, key); }
From source file:com.google.gerrit.gpg.PublicKeyChecker.java
License:Apache License
private CheckResult checkWebOfTrust(PGPPublicKey key, PublicKeyStore store, int depth, Set<Fingerprint> seen) { if (trusted == null || store == null) { return CheckResult.OK; // Trust checking not configured. }/*from w w w. j a v a 2 s . c o m*/ Fingerprint fp = new Fingerprint(key.getFingerprint()); if (seen.contains(fp)) { return new CheckResult("Key is trusted in a cycle"); } seen.add(fp); Fingerprint trustedFp = trusted.get(key.getKeyID()); if (trustedFp != null && trustedFp.equals(fp)) { return CheckResult.OK; // Directly trusted. } else if (depth >= maxTrustDepth) { return new CheckResult("No path of depth <= " + maxTrustDepth + " to a trusted key"); } List<CheckResult> signerResults = new ArrayList<>(); @SuppressWarnings("unchecked") Iterator<String> userIds = key.getUserIDs(); while (userIds.hasNext()) { String userId = userIds.next(); @SuppressWarnings("unchecked") Iterator<PGPSignature> sigs = key.getSignaturesForID(userId); while (sigs.hasNext()) { PGPSignature sig = sigs.next(); // TODO(dborowitz): Handle CERTIFICATION_REVOCATION. if (sig.getSignatureType() != PGPSignature.DEFAULT_CERTIFICATION && sig.getSignatureType() != PGPSignature.POSITIVE_CERTIFICATION) { continue; // Not a certification. } PGPPublicKey signer = getSigner(store, sig, userId, key, signerResults); // TODO(dborowitz): Require self certification. if (signer == null || Arrays.equals(signer.getFingerprint(), key.getFingerprint())) { continue; } CheckResult signerResult = checkTrustSubpacket(sig, depth); if (signerResult.isOk()) { signerResult = check(signer, store, depth + 1, false, seen); if (signerResult.isOk()) { return CheckResult.OK; } } signerResults.add(new CheckResult( "Certification by " + keyToString(signer) + " is valid, but key is not trusted")); } } List<String> problems = new ArrayList<>(); problems.add("No path to a trusted key"); for (CheckResult signerResult : signerResults) { problems.addAll(signerResult.getProblems()); } return new CheckResult(problems); }
From source file:com.zwitserloot.ivyplusplus.mavencentral.CreateSigningKey_.java
License:Open Source License
void export(OutputStream privOut, OutputStream pubOut, KeyPair privPair_, KeyPair signPair_, String identity, String passphrase) throws PGPException, NoSuchProviderException, IOException { PGPKeyPair privPair = new PGPKeyPair(PGPPublicKey.DSA, privPair_, new Date()); PGPKeyPair signPair = new PGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, signPair_, new Date()); PGPKeyRingGenerator ringGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, privPair, identity, PGPEncryptedData.AES_256, passphrase.toCharArray(), true, null, null, new SecureRandom(), "BC"); ringGen.addSubKey(signPair);//from w w w . jav a2 s . c o m ringGen.generateSecretKeyRing().encode(privOut); privOut.close(); ringGen.generatePublicKeyRing().encode(pubOut); pubOut.close(); }
From source file:crypttools.PGPTools.java
License:Open Source License
/** * /*w w w . ja v a2s .c o m*/ * @param dsaKeyPair - the generated DSA key pair * @param elGamalKeyPair - the generated El Gamal key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the El Gamal key pair added as sub key * @throws Exception */ @SuppressWarnings("deprecation") public static final PGPKeyRingGenerator createPGPKeyRingGenerator(KeyPair dsaKeyPair, KeyPair elGamalKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair dsaPgpKeyPair = new PGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date()); PGPKeyPair elGamalPgpKeyPair = new PGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elGamalKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build() .get(HashAlgorithmTags.SHA1); PGPContentSignerBuilder pgpCSB = new JcaPGPContentSignerBuilder(dsaPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); PBESecretKeyEncryptor pbeSKE = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc) .setProvider("BC").build(passphrase); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaPgpKeyPair, identity, sha1Calc, null, null, pgpCSB, pbeSKE); keyRingGen.addSubKey(elGamalPgpKeyPair); return keyRingGen; }
From source file:keygenerator.KeyGenerator.java
public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount) throws Exception { // This object generates individual key-pairs. RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); // Boilerplate RSA parameters, no need to change anything // except for the RSA key-size (2048). You can use whatever // key-size makes sense for you -- 4096, etc. kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12)); // First create the master (signing) key with the generator. PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date()); // Then an encryption subkey. PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date()); // Add a self-signature on the id PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); // Add signed metadata on the signature. // 1) Declare its purpose signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); // 2) Set preferences for secondary crypto algorithms to use // when sending messages to this key. signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128 }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224, }); // 3) Request senders add additional checksums to the // message (useful when verifying unsigned messages.) signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); // Create a signature on the encryption subkey. PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); // Add metadata to declare its purpose enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); // Objects used to encrypt the secret key. PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256); // bcpg 1.48 exposes this API that includes s2kcount. Earlier // versions use a default of 0x60. PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass);/*from ww w. j a v a 2 s. c om*/ // Finally, create the keyring itself. The constructor // takes parameters that allow it to generate the self // signature. BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen; keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc, signhashgen.generate(), null, signerBuilder, pske); // Add our encryption subkey, together with its signature. keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null); return keyRingGen; }
From source file:net.pgp2p.cryptoservice.PGPManager.java
License:Open Source License
/** * If the pubring and secring doesn't exist in the informed directory, * they can be created with this method. * //from w ww.ja v a2 s .co m * @param String identity - the identification of the keypair (Ex.: "John Doe <john.doe@example.com>") * @param char[] password - the password that will protect the secring. */ private void createPGPKeyring(String identity, char[] password) { PGPKeyPair keyPair = createPGPKeyPair(); PGPKeyRingGenerator keyRingGenerator = null; try { keyRingGenerator = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, keyPair, identity, PGPEncryptedData.AES_256, password, true, null, null, new SecureRandom(), "BC"); } catch (NoSuchProviderException nspe) { nspe.printStackTrace(); } catch (PGPException pe) { pe.printStackTrace(); } try { OutputStream secring = new FileOutputStream( this.keyRingPath + System.getProperty("file.separator") + SECRING_FILE); //secring = new ArmoredOutputStream(secring); OutputStream pubring = new FileOutputStream( this.keyRingPath + System.getProperty("file.separator") + PUBRING_FILE); //pubring = new ArmoredOutputStream(pubring); keyRingGenerator.generateSecretKeyRing().encode(secring); keyRingGenerator.generatePublicKeyRing().encode(pubring); } catch (FileNotFoundException fnfe) { fnfe.printStackTrace(); } catch (IOException ioe) { ioe.printStackTrace(); } }