Example usage for org.bouncycastle.openpgp PGPSignatureGenerator PGPSignatureGenerator

List of usage examples for org.bouncycastle.openpgp PGPSignatureGenerator PGPSignatureGenerator

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.openpgp.*
  5. PGPSignatureGenerator
  6. PGPSignatureGenerator

Introduction

In this page you can find the example usage for org.bouncycastle.openpgp PGPSignatureGenerator PGPSignatureGenerator.

Prototype

public PGPSignatureGenerator(PGPContentSignerBuilder contentSignerBuilder)

Source Link

Document

Create a signature generator built on the passed in contentSignerBuilder.

Usage

From source file:org.opentestsystem.delivery.testreg.transformer.GPGEncryptor.java

License:Open Source License

/**
 * Uses the Legion of the Bouncy Castle (aka BouncyCastle) PGP API to encrypt, compress, and sign the input.
 * //  www.j  a v  a2s . c  om
 * The configured landing zone public key is used to encrypt the input. Only the landing zone private key will be
 * able to decrypt.
 * 
 * The configured test registration private key is used to sign the input. This can be verified by the landing zone
 * to prove that this specific test registration instance created the data.
 * 
 * @param input
 *            A byte array
 * @return A byte array comprised of a PGP/GPG compatible binary encrypted and signed output
 */
@Transformer
public Message<File> encryptStream(final File input, final @Header("dwBatchUuid") String dwBatchUuid,
        final @Header("fileSuffix") String fileSuffix, final @Header("recordsSent") int recordsSent,
        final @Header("tempPaths") List<Path> tempPaths,
        final @Header("dwConfigType") DwConfigType dwConfigType) {

    String debugPrefix = dwConfigType + " DW Config: ";

    long curTime = System.currentTimeMillis();
    File tmpEncFile;

    try {

        PGPPublicKey landingZonePubKey = findLandingZonePublicKey(dwConfigType);
        PGPSecretKey testRegSecretKey = findTestRegSecretKey();

        PGPPrivateKey testRegPrivateKey = testRegSecretKey.extractPrivateKey(
                new JcePBESecretKeyDecryptorBuilder().setProvider("BC").build(getPassphrase()));

        // ////////////////////
        // setup encryptor

        PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(
                new JcePGPDataEncryptorBuilder(PGPEncryptedData.AES_256).setWithIntegrityPacket(true)
                        .setSecureRandom(new SecureRandom()).setProvider("BC"));

        encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(landingZonePubKey).setProvider("BC"));

        // This outputstream, encryptedSignedOutputStream is the ultimate target that will contain the encrypted and
        // signed output
        Path tempEncPath = Files.createTempFile(DwBatchHandler.DW_ENC_TMP_PREFIX,
                (dwConfigType == DwConfigType.SBAC ? DwBatchHandler.SBAC_DW_NAME : DwBatchHandler.LOCAL_DW_NAME)
                        + fileSuffix);
        tempPaths.add(tempEncPath);
        tmpEncFile = tempEncPath.toFile();
        FileOutputStream encryptedSignedOutputStream = new FileOutputStream(tmpEncFile);

        LOGGER.debug(debugPrefix + "Created temp encrypted output file " + tmpEncFile.getAbsolutePath());

        OutputStream encryptOutStream = encGen.open(encryptedSignedOutputStream, new byte[BUFFER_SIZE]);

        // ////////////////////////////
        // setup data compression

        PGPCompressedDataGenerator comData = new PGPCompressedDataGenerator(CompressionAlgorithmTags.ZIP);
        OutputStream compressOutStream = comData.open(encryptOutStream);

        // /////////////////////
        // sign encrypted file with test reg private key

        // create a signature generator
        PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
                new JcaPGPContentSignerBuilder(testRegSecretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1)
                        .setProvider("BC"));
        signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, testRegPrivateKey);

        @SuppressWarnings("unchecked")
        Iterator<String> it = testRegSecretKey.getPublicKey().getUserIDs();

        if (it.hasNext()) {
            PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
            spGen.setSignerUserID(false, it.next());
            signatureGenerator.setHashedSubpackets(spGen.generate());
        }

        // setup signature generator to encode the contents of the compressed output stream
        signatureGenerator.generateOnePassVersion(false).encode(compressOutStream);

        // create a PGP Literal Data Generator and open it to wrap the compression output stream
        PGPLiteralDataGenerator lGen = new PGPLiteralDataGenerator();

        OutputStream signedOutStream = lGen.open(compressOutStream, PGPLiteralData.BINARY, "",
                new java.util.Date(), new byte[BUFFER_SIZE]);

        // create an input stream out of the input bytes
        FileInputStream clearInputStream = new FileInputStream(input);

        // read the input and write all data to the signing output stream, also update the signature
        // generator with the same input data
        byte[] buf = new byte[BUFFER_SIZE];
        int len;
        while ((len = clearInputStream.read(buf)) > 0) {
            signedOutStream.write(buf, 0, len);
            signatureGenerator.update(buf, 0, len);
        }

        // close everything and generate the final signature
        signedOutStream.close();
        lGen.close();
        signatureGenerator.generate().encode(compressOutStream);
        compressOutStream.close();
        comData.close();
        encryptOutStream.close();
        encGen.close();
        clearInputStream.close();

        encryptedSignedOutputStream.close();

    } catch (IOException | PGPException | SignatureException e) {
        throw new GPGEncryptionException(debugPrefix + "Failure to encrypt and sign input", e);
    }

    LOGGER.debug(debugPrefix + "Generated encrypted data in " + (System.currentTimeMillis() - curTime));

    return MessageBuilder.withPayload(tmpEncFile).setHeader("dwBatchUuid", dwBatchUuid)
            .setHeader("fileSuffix", fileSuffix).setHeader("recordsSent", recordsSent)
            .setHeader("tempPaths", tempPaths).setHeader("dwConfigType", dwConfigType).build();
}

From source file:org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.java

License:Open Source License

public PGPSignatureGenerator getCertSignatureGenerator(Map<ByteBuffer, byte[]> signedHashes) {
    PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(
            PgpSecurityConstants.CERTIFY_HASH_ALGO, signedHashes);

    if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
        throw new PrivateKeyNotUnlockedException();
    }/*w w w .j ava  2s . co m*/

    PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
    try {
        signatureGenerator.init(PGPSignature.DEFAULT_CERTIFICATION, mPrivateKey);
        return signatureGenerator;
    } catch (PGPException e) {
        Log.e(Constants.TAG, "signing error", e);
        return null;
    }
}

From source file:org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.java

License:Open Source License

public PGPSignatureGenerator getDataSignatureGenerator(int hashAlgo, boolean cleartext,
        Map<ByteBuffer, byte[]> signedHashes, Date creationTimestamp) throws PgpGeneralException {
    if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
        throw new PrivateKeyNotUnlockedException();
    }//from  w  w w.  ja  va2s .co m

    // We explicitly create a signature creation timestamp in this place.
    // That way, we can inject an artificial one from outside, ie the one
    // used in previous runs of this function.
    if (creationTimestamp == null) {
        // to sign using nfc PgpSignEncrypt is executed two times.
        // the first time it stops to return the PendingIntent for nfc connection and signing the hash
        // the second time the signed hash is used.
        // to get the same hash we cache the timestamp for the second round!
        creationTimestamp = new Date();
    }

    PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(hashAlgo, signedHashes);

    int signatureType;
    if (cleartext) {
        // for sign-only ascii text (cleartext signature)
        signatureType = PGPSignature.CANONICAL_TEXT_DOCUMENT;
    } else {
        signatureType = PGPSignature.BINARY_DOCUMENT;
    }

    try {
        PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
        signatureGenerator.init(signatureType, mPrivateKey);

        PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
        spGen.setSignerUserID(false, mRing.getPrimaryUserIdWithFallback());
        spGen.setSignatureCreationTime(false, creationTimestamp);
        signatureGenerator.setHashedSubpackets(spGen.generate());
        return signatureGenerator;
    } catch (PgpKeyNotFoundException | PGPException e) {
        // TODO: simply throw PGPException!
        throw new PgpGeneralException("Error initializing signature!", e);
    }
}

From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java

License:Open Source License

static PGPSignatureGenerator getSignatureGenerator(PGPPublicKey pKey, CryptoInputParcel cryptoInput,
        boolean divertToCard) {

    PGPContentSignerBuilder builder;// w w  w.j  av  a2  s .co  m
    if (divertToCard) {
        // use synchronous "NFC based" SignerBuilder
        builder = new NfcSyncPGPContentSignerBuilder(pKey.getAlgorithm(),
                PgpSecurityConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO, pKey.getKeyID(),
                cryptoInput.getCryptoData()).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
    } else {
        // content signer based on signing key algorithm and chosen hash algorithm
        builder = new JcaPGPContentSignerBuilder(pKey.getAlgorithm(),
                PgpSecurityConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO)
                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
    }

    return new PGPSignatureGenerator(builder);

}

From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyRing.java

License:Open Source License

@VisibleForTesting
public static UncachedKeyRing forTestingOnlyAddDummyLocalSignature(UncachedKeyRing uncachedKeyRing,
        String passphrase) throws Exception {
    PGPSecretKeyRing sKR = (PGPSecretKeyRing) uncachedKeyRing.mRing;

    PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray());
    PGPPrivateKey masterPrivateKey = sKR.getSecretKey().extractPrivateKey(keyDecryptor);
    PGPPublicKey masterPublicKey = uncachedKeyRing.mRing.getPublicKey();

    // add packet with "pin" notation data
    PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
            masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
            PgpSecurityConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO)
                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
    PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
    { // set subpackets
        PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
        hashedPacketsGen.setExportable(false, false);
        hashedPacketsGen.setNotationData(false, true, "dummynotationdata", "some data");
        sGen.setHashedSubpackets(hashedPacketsGen.generate());
    }/* w w w  . ja va2 s.co m*/
    sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey);
    PGPSignature emptySig = sGen.generateCertification(masterPublicKey);

    masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
    sKR = PGPSecretKeyRing.insertSecretKey(sKR,
            PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));

    return new UncachedKeyRing(sKR);
}

From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java

License:Open Source License

private static PGPSignature forgeSignature(PGPSecretKey key, int type,
        PGPSignatureSubpacketGenerator subpackets, PGPPublicKey publicKey) throws Exception {

    PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
    PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);

    PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(publicKey.getAlgorithm(),
            PGPUtil.SHA1).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);

    PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
    sGen.setHashedSubpackets(subpackets.generate());
    sGen.init(type, privateKey);/*from   w  w w .j  a  v a 2  s .  c  om*/
    return sGen.generateCertification(publicKey);

}

From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java

License:Open Source License

private static PGPSignature forgeSignature(PGPSecretKey key, int type,
        PGPSignatureSubpacketGenerator subpackets, String userId, PGPPublicKey publicKey) throws Exception {

    PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
    PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);

    PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(publicKey.getAlgorithm(),
            PGPUtil.SHA1).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);

    PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
    sGen.setHashedSubpackets(subpackets.generate());
    sGen.init(type, privateKey);//from  ww  w. j  a  va2  s .  c  o  m
    return sGen.generateCertification(userId, publicKey);

}

From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java

License:Open Source License

private static PGPSignature forgeSignature(PGPSecretKey key, int type,
        PGPSignatureSubpacketGenerator subpackets, PGPPublicKey publicKey, PGPPublicKey signedKey)
        throws Exception {

    PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
    PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);

    PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(publicKey.getAlgorithm(),
            PGPUtil.SHA1).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);

    PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
    sGen.setHashedSubpackets(subpackets.generate());
    sGen.init(type, privateKey);/*from   www. j av  a  2 s .co  m*/
    return sGen.generateCertification(publicKey, signedKey);

}

From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java

License:Open Source License

private static PGPSignature forgeSignature(PGPSecretKey key, int type,
        PGPSignatureSubpacketGenerator hashedSubs, PGPSignatureSubpacketGenerator unhashedSubs,
        PGPPublicKey publicKey, PGPPublicKey signedKey) throws Exception {

    PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
    PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);

    PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(publicKey.getAlgorithm(),
            PGPUtil.SHA1).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);

    PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
    sGen.setHashedSubpackets(hashedSubs.generate());
    sGen.setUnhashedSubpackets(unhashedSubs.generate());
    sGen.init(type, privateKey);/* w ww . j a v a 2  s .  co m*/
    return sGen.generateCertification(publicKey, signedKey);

}

From source file:org.vafer.jdeb.DebMaker.java

License:Apache License

public void makeDeb() throws PackagingException {
    BinaryPackageControlFile packageControlFile;
    try {/*from  w  w w.j av  a  2 s  . c o m*/
        console.info("Creating debian package: " + deb);

        // If we should sign the package
        boolean doSign = signPackage;

        if (doSign) {

            if (keyring == null || !keyring.exists()) {
                doSign = false;
                console.warn("Signing requested, but no keyring supplied");
            }

            if (key == null) {
                doSign = false;
                console.warn("Signing requested, but no key supplied");
            }

            if (passphrase == null) {
                doSign = false;
                console.warn("Signing requested, but no passphrase supplied");
            }

            FileInputStream keyRingInput = new FileInputStream(keyring);
            PGPSigner signer = null;
            try {
                signer = new PGPSigner(new FileInputStream(keyring), key, passphrase);
            } finally {
                keyRingInput.close();
            }

            int digest = PGPUtil.SHA1;

            PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
                    new BcPGPContentSignerBuilder(signer.getSecretKey().getPublicKey().getAlgorithm(), digest));
            signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, signer.getPrivateKey());

            packageControlFile = createSignedDeb(Compression.toEnum(compression), signatureGenerator, signer);
        } else {
            packageControlFile = createDeb(Compression.toEnum(compression));
        }

    } catch (Exception e) {
        throw new PackagingException("Failed to create debian package " + deb, e);
    }

    makeChangesFiles(packageControlFile);
}