List of usage examples for org.bouncycastle.openpgp PGPSignatureSubpacketGenerator setSignatureCreationTime
public void setSignatureCreationTime(boolean isCritical, Date date)
From source file:org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.java
License:Open Source License
public PGPSignatureGenerator getDataSignatureGenerator(int hashAlgo, boolean cleartext, Map<ByteBuffer, byte[]> signedHashes, Date creationTimestamp) throws PgpGeneralException { if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) { throw new PrivateKeyNotUnlockedException(); }/* w w w .j a v a 2s . co m*/ // We explicitly create a signature creation timestamp in this place. // That way, we can inject an artificial one from outside, ie the one // used in previous runs of this function. if (creationTimestamp == null) { // to sign using nfc PgpSignEncrypt is executed two times. // the first time it stops to return the PendingIntent for nfc connection and signing the hash // the second time the signed hash is used. // to get the same hash we cache the timestamp for the second round! creationTimestamp = new Date(); } PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(hashAlgo, signedHashes); int signatureType; if (cleartext) { // for sign-only ascii text (cleartext signature) signatureType = PGPSignature.CANONICAL_TEXT_DOCUMENT; } else { signatureType = PGPSignature.BINARY_DOCUMENT; } try { PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); signatureGenerator.init(signatureType, mPrivateKey); PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); spGen.setSignerUserID(false, mRing.getPrimaryUserIdWithFallback()); spGen.setSignatureCreationTime(false, creationTimestamp); signatureGenerator.setHashedSubpackets(spGen.generate()); return signatureGenerator; } catch (PgpKeyNotFoundException | PGPException e) { // TODO: simply throw PGPException! throw new PgpGeneralException("Error initializing signature!", e); } }
From source file:org.sufficientlysecure.keychain.pgp.PgpCertifyOperation.java
License:Open Source License
public PgpCertifyResult certify(CanonicalizedSecretKey secretKey, CanonicalizedPublicKeyRing publicRing, OperationLog log, int indent, CertifyAction action, Map<ByteBuffer, byte[]> signedHashes, Date creationTimestamp) { if (!secretKey.isMasterKey()) { throw new AssertionError("tried to certify with non-master key, this is a programming error!"); }/*w ww .ja va 2s . c o m*/ if (publicRing.getMasterKeyId() == secretKey.getKeyId()) { throw new AssertionError("key tried to self-certify, this is a programming error!"); } // create a signatureGenerator from the supplied masterKeyId and passphrase PGPSignatureGenerator signatureGenerator = secretKey.getCertSignatureGenerator(signedHashes); { // supply signatureGenerator with a SubpacketVector PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); if (creationTimestamp != null) { spGen.setSignatureCreationTime(false, creationTimestamp); Log.d(Constants.TAG, "For NFC: set sig creation time to " + creationTimestamp); } PGPSignatureSubpacketVector packetVector = spGen.generate(); signatureGenerator.setHashedSubpackets(packetVector); } // get the master subkey (which we certify for) PGPPublicKey publicKey = publicRing.getPublicKey().getPublicKey(); SecurityTokenSignOperationsBuilder requiredInput = new SecurityTokenSignOperationsBuilder(creationTimestamp, publicKey.getKeyID(), publicKey.getKeyID()); try { if (action.mUserIds != null) { log.add(LogType.MSG_CRT_CERTIFY_UIDS, 2, action.mUserIds.size(), KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId)); // fetch public key ring, add the certification and return it for (String userId : action.mUserIds) { try { PGPSignature sig = signatureGenerator.generateCertification(userId, publicKey); publicKey = PGPPublicKey.addCertification(publicKey, userId, sig); } catch (NfcInteractionNeeded e) { requiredInput.addHash(e.hashToSign, e.hashAlgo); } } } if (action.mUserAttributes != null) { log.add(LogType.MSG_CRT_CERTIFY_UATS, 2, action.mUserAttributes.size(), KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId)); // fetch public key ring, add the certification and return it for (WrappedUserAttribute userAttribute : action.mUserAttributes) { PGPUserAttributeSubpacketVector vector = userAttribute.getVector(); try { PGPSignature sig = signatureGenerator.generateCertification(vector, publicKey); publicKey = PGPPublicKey.addCertification(publicKey, vector, sig); } catch (NfcInteractionNeeded e) { requiredInput.addHash(e.hashToSign, e.hashAlgo); } } } } catch (PGPException e) { Log.e(Constants.TAG, "signing error", e); return new PgpCertifyResult(); } if (!requiredInput.isEmpty()) { return new PgpCertifyResult(requiredInput.build()); } PGPPublicKeyRing ring = PGPPublicKeyRing.insertPublicKey(publicRing.getRing(), publicKey); return new PgpCertifyResult(new UncachedKeyRing(ring)); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static PGPSignatureSubpacketGenerator generateHashedSelfSigSubpackets(Date creationTime, PGPPublicKey pKey, boolean primary, int flags, long expiry) { PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator(); {/* w ww .ja v a 2 s .c om*/ /* * From RFC about critical subpackets: * If a subpacket is encountered that is * marked critical but is unknown to the evaluating software, the * evaluator SHOULD consider the signature to be in error. * An evaluator may "recognize" a subpacket, but not implement it. The * purpose of the critical bit is to allow the signer to tell an * evaluator that it would prefer a new, unknown feature to generate an * error than be ignored. */ /* non-critical subpackets: */ hashedPacketsGen.setPreferredSymmetricAlgorithms(false, PgpSecurityConstants.PREFERRED_SYMMETRIC_ALGORITHMS); hashedPacketsGen.setPreferredHashAlgorithms(false, PgpSecurityConstants.PREFERRED_HASH_ALGORITHMS); hashedPacketsGen.setPreferredCompressionAlgorithms(false, PgpSecurityConstants.PREFERRED_COMPRESSION_ALGORITHMS); hashedPacketsGen.setPrimaryUserID(false, primary); /* critical subpackets: we consider those important for a modern pgp implementation */ hashedPacketsGen.setSignatureCreationTime(true, creationTime); // Request that senders add the MDC to the message (authenticate unsigned messages) hashedPacketsGen.setFeature(true, Features.FEATURE_MODIFICATION_DETECTION); hashedPacketsGen.setKeyFlags(true, flags); if (expiry > 0) { hashedPacketsGen.setKeyExpirationTime(true, expiry - pKey.getCreationTime().getTime() / 1000); } } return hashedPacketsGen; }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static PGPSignature generateRevocationSignature(PGPSignatureGenerator sGen, Date creationTime, PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId) throws IOException, PGPException, SignatureException { PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator(); // we use the tag NO_REASON since gnupg does not care about the tag while verifying // signatures with a revoked key, the warning is the same subHashedPacketsGen.setRevocationReason(true, RevocationReasonTags.NO_REASON, ""); subHashedPacketsGen.setSignatureCreationTime(true, creationTime); sGen.setHashedSubpackets(subHashedPacketsGen.generate()); sGen.init(PGPSignature.CERTIFICATION_REVOCATION, masterPrivateKey); return sGen.generateCertification(userId, pKey); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static PGPSignature generateRevocationSignature(PGPSignatureGenerator sGen, Date creationTime, PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey, PGPPublicKey pKey) throws IOException, PGPException, SignatureException { PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator(); // we use the tag NO_REASON since gnupg does not care about the tag while verifying // signatures with a revoked key, the warning is the same subHashedPacketsGen.setRevocationReason(true, RevocationReasonTags.NO_REASON, ""); subHashedPacketsGen.setSignatureCreationTime(true, creationTime); sGen.setHashedSubpackets(subHashedPacketsGen.generate()); // Generate key revocation or subkey revocation, depending on master/subkey-ness if (masterPublicKey.getKeyID() == pKey.getKeyID()) { sGen.init(PGPSignature.KEY_REVOCATION, masterPrivateKey); return sGen.generateCertification(masterPublicKey); } else {// www. j a v a 2s . c om sGen.init(PGPSignature.SUBKEY_REVOCATION, masterPrivateKey); return sGen.generateCertification(masterPublicKey, pKey); } }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
static PGPSignature generateSubkeyBindingSignature(PGPSignatureGenerator sGen, Date creationTime, PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey, PGPSignatureGenerator subSigGen, PGPPrivateKey subPrivateKey, PGPPublicKey pKey, int flags, long expiry) throws IOException, PGPException, SignatureException { PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator(); // If this key can sign, we need a primary key binding signature if ((flags & KeyFlags.SIGN_DATA) > 0) { // cross-certify signing keys PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator(); subHashedPacketsGen.setSignatureCreationTime(false, creationTime); subSigGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey); subSigGen.setHashedSubpackets(subHashedPacketsGen.generate()); PGPSignature certification = subSigGen.generateCertification(masterPublicKey, pKey); unhashedPacketsGen.setEmbeddedSignature(true, certification); }//from w w w. j a v a2 s . c om PGPSignatureSubpacketGenerator hashedPacketsGen; { hashedPacketsGen = new PGPSignatureSubpacketGenerator(); hashedPacketsGen.setSignatureCreationTime(true, creationTime); hashedPacketsGen.setKeyFlags(true, flags); if (expiry > 0) { hashedPacketsGen.setKeyExpirationTime(true, expiry - pKey.getCreationTime().getTime() / 1000); } } sGen.init(PGPSignature.SUBKEY_BINDING, masterPrivateKey); sGen.setHashedSubpackets(hashedPacketsGen.generate()); sGen.setUnhashedSubpackets(unhashedPacketsGen.generate()); return sGen.generateCertification(masterPublicKey, pKey); }