List of usage examples for org.bouncycastle.openpgp PGPSignatureGenerator generateCertification
public PGPSignature generateCertification(PGPPublicKey masterKey, PGPPublicKey pubKey) throws PGPException
From source file:org.kontalk.certgen.PGP.java
License:Open Source License
/** Signs a public key with the given secret key. */ public static PGPPublicKey signPublicKey(PGPKeyPair secret, PGPPublicKey keyToBeSigned, String id, int certification) throws PGPException, IOException, SignatureException { PGPPrivateKey pgpPrivKey = secret.getPrivateKey(); PGPSignatureGenerator sGen = new PGPSignatureGenerator( new JcaPGPContentSignerBuilder(secret.getPublicKey().getAlgorithm(), PGPUtil.SHA512) .setProvider(PROVIDER)); sGen.init(certification, pgpPrivKey); return PGPPublicKey.addCertification(keyToBeSigned, id, sGen.generateCertification(id, keyToBeSigned)); }
From source file:org.kontalk.certgen.PGP.java
License:Open Source License
/** Signs and add the given user attributes to the given public key. */ public static PGPPublicKey signUserAttributes(PGPKeyPair secret, PGPPublicKey keyToBeSigned, PGPUserAttributeSubpacketVector attributes, int certification) throws PGPException, SignatureException { PGPPrivateKey pgpPrivKey = secret.getPrivateKey(); PGPSignatureGenerator sGen = new PGPSignatureGenerator( new JcaPGPContentSignerBuilder(secret.getPublicKey().getAlgorithm(), PGPUtil.SHA1) .setProvider(PROVIDER)); sGen.init(certification, pgpPrivKey); return PGPPublicKey.addCertification(keyToBeSigned, attributes, sGen.generateCertification(attributes, keyToBeSigned)); }
From source file:org.sufficientlysecure.keychain.pgp.PgpCertifyOperation.java
License:Open Source License
public PgpCertifyResult certify(CanonicalizedSecretKey secretKey, CanonicalizedPublicKeyRing publicRing, OperationLog log, int indent, CertifyAction action, Map<ByteBuffer, byte[]> signedHashes, Date creationTimestamp) { if (!secretKey.isMasterKey()) { throw new AssertionError("tried to certify with non-master key, this is a programming error!"); }/*from w w w . j ava 2 s . c om*/ if (publicRing.getMasterKeyId() == secretKey.getKeyId()) { throw new AssertionError("key tried to self-certify, this is a programming error!"); } // create a signatureGenerator from the supplied masterKeyId and passphrase PGPSignatureGenerator signatureGenerator = secretKey.getCertSignatureGenerator(signedHashes); { // supply signatureGenerator with a SubpacketVector PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); if (creationTimestamp != null) { spGen.setSignatureCreationTime(false, creationTimestamp); Log.d(Constants.TAG, "For NFC: set sig creation time to " + creationTimestamp); } PGPSignatureSubpacketVector packetVector = spGen.generate(); signatureGenerator.setHashedSubpackets(packetVector); } // get the master subkey (which we certify for) PGPPublicKey publicKey = publicRing.getPublicKey().getPublicKey(); SecurityTokenSignOperationsBuilder requiredInput = new SecurityTokenSignOperationsBuilder(creationTimestamp, publicKey.getKeyID(), publicKey.getKeyID()); try { if (action.mUserIds != null) { log.add(LogType.MSG_CRT_CERTIFY_UIDS, 2, action.mUserIds.size(), KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId)); // fetch public key ring, add the certification and return it for (String userId : action.mUserIds) { try { PGPSignature sig = signatureGenerator.generateCertification(userId, publicKey); publicKey = PGPPublicKey.addCertification(publicKey, userId, sig); } catch (NfcInteractionNeeded e) { requiredInput.addHash(e.hashToSign, e.hashAlgo); } } } if (action.mUserAttributes != null) { log.add(LogType.MSG_CRT_CERTIFY_UATS, 2, action.mUserAttributes.size(), KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId)); // fetch public key ring, add the certification and return it for (WrappedUserAttribute userAttribute : action.mUserAttributes) { PGPUserAttributeSubpacketVector vector = userAttribute.getVector(); try { PGPSignature sig = signatureGenerator.generateCertification(vector, publicKey); publicKey = PGPPublicKey.addCertification(publicKey, vector, sig); } catch (NfcInteractionNeeded e) { requiredInput.addHash(e.hashToSign, e.hashAlgo); } } } } catch (PGPException e) { Log.e(Constants.TAG, "signing error", e); return new PgpCertifyResult(); } if (!requiredInput.isEmpty()) { return new PgpCertifyResult(requiredInput.build()); } PGPPublicKeyRing ring = PGPPublicKeyRing.insertPublicKey(publicRing.getRing(), publicKey); return new PgpCertifyResult(new UncachedKeyRing(ring)); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static PGPSignature generateUserIdSignature(PGPSignatureGenerator sGen, Date creationTime, PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary, int flags, long expiry) throws IOException, PGPException, SignatureException { PGPSignatureSubpacketGenerator hashedPacketsGen = generateHashedSelfSigSubpackets(creationTime, pKey, primary, flags, expiry);/* w w w.jav a 2 s . c o m*/ sGen.setHashedSubpackets(hashedPacketsGen.generate()); sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey); return sGen.generateCertification(userId, pKey); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static PGPSignature generateUserAttributeSignature(PGPSignatureGenerator sGen, Date creationTime, PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, PGPUserAttributeSubpacketVector vector, int flags, long expiry) throws IOException, PGPException, SignatureException { PGPSignatureSubpacketGenerator hashedPacketsGen = generateHashedSelfSigSubpackets(creationTime, pKey, false, flags, expiry);/*ww w . j a v a 2s . com*/ sGen.setHashedSubpackets(hashedPacketsGen.generate()); sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey); return sGen.generateCertification(vector, pKey); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static PGPSignature generateRevocationSignature(PGPSignatureGenerator sGen, Date creationTime, PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId) throws IOException, PGPException, SignatureException { PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator(); // we use the tag NO_REASON since gnupg does not care about the tag while verifying // signatures with a revoked key, the warning is the same subHashedPacketsGen.setRevocationReason(true, RevocationReasonTags.NO_REASON, ""); subHashedPacketsGen.setSignatureCreationTime(true, creationTime); sGen.setHashedSubpackets(subHashedPacketsGen.generate()); sGen.init(PGPSignature.CERTIFICATION_REVOCATION, masterPrivateKey); return sGen.generateCertification(userId, pKey); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
static PGPSignature generateSubkeyBindingSignature(PGPSignatureGenerator sGen, Date creationTime, PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey, PGPSignatureGenerator subSigGen, PGPPrivateKey subPrivateKey, PGPPublicKey pKey, int flags, long expiry) throws IOException, PGPException, SignatureException { PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator(); // If this key can sign, we need a primary key binding signature if ((flags & KeyFlags.SIGN_DATA) > 0) { // cross-certify signing keys PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator(); subHashedPacketsGen.setSignatureCreationTime(false, creationTime); subSigGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey); subSigGen.setHashedSubpackets(subHashedPacketsGen.generate()); PGPSignature certification = subSigGen.generateCertification(masterPublicKey, pKey); unhashedPacketsGen.setEmbeddedSignature(true, certification); }// w w w . j a v a 2 s . co m PGPSignatureSubpacketGenerator hashedPacketsGen; { hashedPacketsGen = new PGPSignatureSubpacketGenerator(); hashedPacketsGen.setSignatureCreationTime(true, creationTime); hashedPacketsGen.setKeyFlags(true, flags); if (expiry > 0) { hashedPacketsGen.setKeyExpirationTime(true, expiry - pKey.getCreationTime().getTime() / 1000); } } sGen.init(PGPSignature.SUBKEY_BINDING, masterPrivateKey); sGen.setHashedSubpackets(hashedPacketsGen.generate()); sGen.setUnhashedSubpackets(unhashedPacketsGen.generate()); return sGen.generateCertification(masterPublicKey, pKey); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
private static PGPSignature forgeSignature(PGPSecretKey key, int type, PGPSignatureSubpacketGenerator subpackets, String userId, PGPPublicKey publicKey) throws Exception { PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor); PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(publicKey.getAlgorithm(), PGPUtil.SHA1).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder); sGen.setHashedSubpackets(subpackets.generate()); sGen.init(type, privateKey);//from w ww . ja va2s . co m return sGen.generateCertification(userId, publicKey); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
private static PGPSignature forgeSignature(PGPSecretKey key, int type, PGPSignatureSubpacketGenerator subpackets, PGPPublicKey publicKey, PGPPublicKey signedKey) throws Exception { PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor); PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(publicKey.getAlgorithm(), PGPUtil.SHA1).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder); sGen.setHashedSubpackets(subpackets.generate()); sGen.init(type, privateKey);/*from w ww . j a v a2s .co m*/ return sGen.generateCertification(publicKey, signedKey); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
private static PGPSignature forgeSignature(PGPSecretKey key, int type, PGPSignatureSubpacketGenerator hashedSubs, PGPSignatureSubpacketGenerator unhashedSubs, PGPPublicKey publicKey, PGPPublicKey signedKey) throws Exception { PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor); PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(publicKey.getAlgorithm(), PGPUtil.SHA1).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder); sGen.setHashedSubpackets(hashedSubs.generate()); sGen.setUnhashedSubpackets(unhashedSubs.generate()); sGen.init(type, privateKey);/*from w ww. ja v a2 s .co m*/ return sGen.generateCertification(publicKey, signedKey); }