Java 类org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder 实例源码

/**
 * 
 * @param dsaKeyPair - the generated DSA key pair
 * @param elGamalKeyPair - the generated El Gamal key pair
 * @param identity - the given identity of the key pair ring
 * @param passphrase - the secret pass phrase to protect the key pair
 * @return a PGP Key Ring Generate with the El Gamal key pair added as sub key
 * @throws Exception
 */
public static final PGPKeyRingGenerator createPGPKeyRingGenerator(KeyPair dsaKeyPair, KeyPair elGamalKeyPair, String identity, char[] passphrase) throws Exception {
        PGPKeyPair dsaPgpKeyPair = new JcaPGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date());
        PGPKeyPair elGamalPgpKeyPair = new JcaPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elGamalKeyPair, new Date());
        PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1);

        PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(
                        PGPSignature.POSITIVE_CERTIFICATION,
                        dsaPgpKeyPair,
                        identity,
                        sha1Calc,
                        null,
                        null,
                        new JcaPGPContentSignerBuilder(dsaPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1),
                        new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider("BC").build(passphrase)
                        );

        keyRingGen.addSubKey(elGamalPgpKeyPair);
        return keyRingGen;
}

/**
    * @deprecated use method taking PBESecretKeyEncryptor
 */
public PGPSecretKey(
    int                         certificationLevel,
    PGPKeyPair                  keyPair,
    String                      id,
    int                         encAlgorithm,
    char[]                      passPhrase,
    boolean                     useSHA1,
    PGPSignatureSubpacketVector hashedPcks,
    PGPSignatureSubpacketVector unhashedPcks,
    SecureRandom                rand,
    Provider                    provider)
    throws PGPException
{
    this(keyPair.getPrivateKey(), certifiedPublicKey(certificationLevel, keyPair, id, hashedPcks, unhashedPcks, new JcaPGPContentSignerBuilder(keyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1).setProvider(provider)), convertSHA1Flag(useSHA1), true, new JcePBESecretKeyEncryptorBuilder(encAlgorithm, new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1)).setProvider(provider).setSecureRandom(rand).build(passPhrase));
}

/**
 * Create a new key ring generator.
 *
 * @param certificationLevel the certification level for keys on this ring.
 * @param masterKey the master key pair.
 * @param id the id to be associated with the ring.
 * @param encAlgorithm the algorithm to be used to protect secret keys.
 * @param passPhrase the passPhrase to be used to protect secret keys.
 * @param useSHA1 checksum the secret keys with SHA1 rather than the older 16 bit checksum.
 * @param hashedPcks packets to be included in the certification hash.
 * @param unhashedPcks packets to be attached unhashed to the certification.
 * @param rand input secured random
 * @param provider the provider to use for encryption.
 *
 * @throws PGPException
 * @throws NoSuchProviderException
 * @deprecated  use method taking PBESecretKeyEncryptor
 */
public PGPKeyRingGenerator(
    int                            certificationLevel,
    PGPKeyPair                     masterKey,
    String                         id,
    int                            encAlgorithm,
    char[]                         passPhrase,
    boolean                        useSHA1,
    PGPSignatureSubpacketVector    hashedPcks,
    PGPSignatureSubpacketVector    unhashedPcks,
    SecureRandom                   rand,
    Provider                       provider)
    throws PGPException, NoSuchProviderException
{
    this.masterKey = masterKey;
    this.hashedPcks = hashedPcks;
    this.unhashedPcks = unhashedPcks;
    this.keyEncryptor = new JcePBESecretKeyEncryptorBuilder(encAlgorithm).setProvider(provider).setSecureRandom(rand).build(passPhrase);
    this.checksumCalculator = convertSHA1Flag(useSHA1);
    this.keySignerBuilder = new JcaPGPContentSignerBuilder(masterKey.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1);

    keys.add(new PGPSecretKey(certificationLevel, masterKey, id, checksumCalculator, hashedPcks, unhashedPcks, keySignerBuilder, keyEncryptor));
}

public static PGPSecretKeyRing copySecretKeyRingWithNewPassword(byte[] privateKeyData,
        char[] oldPassphrase, char[] newPassphrase) throws PGPException, IOException, KonException {

    // load the secret key ring
    PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, FP_CALC);

    PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build();
    PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProv)
        .setProvider(PGPUtils.PROVIDER)
        .build(oldPassphrase);

    PGPDigestCalculator calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA256);
    PBESecretKeyEncryptor encryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calc)
        .setProvider(PROVIDER).build(newPassphrase);

    try {
        return PGPSecretKeyRing.copyWithNewPassword(secRing, decryptor, encryptor);
    } catch (PGPException ex) {
        // treat this special, cause most like the decryption password was wrong
        throw new KonException(KonException.Error.CHANGE_PASS_COPY, ex);
    }
}

/**
    * @deprecated use method taking PBESecretKeyEncryptor
 */
public PGPSecretKey(
    int                         certificationLevel,
    PGPKeyPair                  keyPair,
    String                      id,
    int                         encAlgorithm,
    char[]                      passPhrase,
    boolean                     useSHA1,
    PGPSignatureSubpacketVector hashedPcks,
    PGPSignatureSubpacketVector unhashedPcks,
    SecureRandom                rand,
    Provider                    provider)
    throws PGPException
{
    this(keyPair.getPrivateKey(), certifiedPublicKey(certificationLevel, keyPair, id, hashedPcks, unhashedPcks, new JcaPGPContentSignerBuilder(keyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1).setProvider(provider)), convertSHA1Flag(useSHA1), true, new JcePBESecretKeyEncryptorBuilder(encAlgorithm, new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1)).setProvider(provider).setSecureRandom(rand).build(passPhrase));
}

/**
 * Create a new key ring generator.
 *
 * @param certificationLevel the certification level for keys on this ring.
 * @param masterKey the master key pair.
 * @param id the id to be associated with the ring.
 * @param encAlgorithm the algorithm to be used to protect secret keys.
 * @param passPhrase the passPhrase to be used to protect secret keys.
 * @param useSHA1 checksum the secret keys with SHA1 rather than the older 16 bit checksum.
 * @param hashedPcks packets to be included in the certification hash.
 * @param unhashedPcks packets to be attached unhashed to the certification.
 * @param rand input secured random
 * @param provider the provider to use for encryption.
 *
 * @throws PGPException
 * @throws NoSuchProviderException
 * @deprecated  use method taking PBESecretKeyEncryptor
 */
public PGPKeyRingGenerator(
    int                            certificationLevel,
    PGPKeyPair                     masterKey,
    String                         id,
    int                            encAlgorithm,
    char[]                         passPhrase,
    boolean                        useSHA1,
    PGPSignatureSubpacketVector    hashedPcks,
    PGPSignatureSubpacketVector    unhashedPcks,
    SecureRandom                   rand,
    Provider                       provider)
    throws PGPException, NoSuchProviderException
{
    this.masterKey = masterKey;
    this.hashedPcks = hashedPcks;
    this.unhashedPcks = unhashedPcks;
    this.keyEncryptor = new JcePBESecretKeyEncryptorBuilder(encAlgorithm).setProvider(provider).setSecureRandom(rand).build(passPhrase);
    this.checksumCalculator = convertSHA1Flag(useSHA1);
    this.keySignerBuilder = new JcaPGPContentSignerBuilder(masterKey.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1);

    keys.add(new PGPSecretKey(certificationLevel, masterKey, id, checksumCalculator, hashedPcks, unhashedPcks, keySignerBuilder, keyEncryptor));
}

/**
    * @deprecated use method taking PBESecretKeyEncryptor
 */
public PGPSecretKey(
    int                         certificationLevel,
    PGPKeyPair                  keyPair,
    String                      id,
    int                         encAlgorithm,
    char[]                      passPhrase,
    boolean                     useSHA1,
    PGPSignatureSubpacketVector hashedPcks,
    PGPSignatureSubpacketVector unhashedPcks,
    SecureRandom                rand,
    Provider                    provider)
    throws PGPException
{
    this(keyPair.getPrivateKey(), certifiedPublicKey(certificationLevel, keyPair, id, hashedPcks, unhashedPcks, new JcaPGPContentSignerBuilder(keyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1).setProvider(provider)), convertSHA1Flag(useSHA1), true, new JcePBESecretKeyEncryptorBuilder(encAlgorithm, new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1)).setProvider(provider).setSecureRandom(rand).build(passPhrase));
}

/**
 * Create a new key ring generator.
 *
 * @param certificationLevel the certification level for keys on this ring.
 * @param masterKey the master key pair.
 * @param id the id to be associated with the ring.
 * @param encAlgorithm the algorithm to be used to protect secret keys.
 * @param passPhrase the passPhrase to be used to protect secret keys.
 * @param useSHA1 checksum the secret keys with SHA1 rather than the older 16 bit checksum.
 * @param hashedPcks packets to be included in the certification hash.
 * @param unhashedPcks packets to be attached unhashed to the certification.
 * @param rand input secured random
 * @param provider the provider to use for encryption.
 *
 * @throws PGPException
 * @throws NoSuchProviderException
 * @deprecated  use method taking PBESecretKeyEncryptor
 */
public PGPKeyRingGenerator(
    int                            certificationLevel,
    PGPKeyPair                     masterKey,
    String                         id,
    int                            encAlgorithm,
    char[]                         passPhrase,
    boolean                        useSHA1,
    PGPSignatureSubpacketVector    hashedPcks,
    PGPSignatureSubpacketVector    unhashedPcks,
    SecureRandom                   rand,
    Provider                       provider)
    throws PGPException, NoSuchProviderException
{
    this.masterKey = masterKey;
    this.hashedPcks = hashedPcks;
    this.unhashedPcks = unhashedPcks;
    this.keyEncryptor = new JcePBESecretKeyEncryptorBuilder(encAlgorithm).setProvider(provider).setSecureRandom(rand).build(passPhrase);
    this.checksumCalculator = convertSHA1Flag(useSHA1);
    this.keySignerBuilder = new JcaPGPContentSignerBuilder(masterKey.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1);

    keys.add(new PGPSecretKey(certificationLevel, masterKey, id, checksumCalculator, hashedPcks, unhashedPcks, keySignerBuilder, keyEncryptor));
}

/**
 * Re-encrypts the key set with a new passphrase and returns it in locked
 * form.
 *
 * @param oldPassphrase the old passphrase
 * @param newPassphrase the new passphrase
 * @return {@code this}, re-encrypted with {@code newPassphrase}
 * @throws CryptographicException if {@code oldPassphrase} is incorrect
 */
public KeySet relock(char[] oldPassphrase, char[] newPassphrase, SecureRandom random) throws CryptographicException {
    try {
        final PBESecretKeyDecryptor decryptor =
                new JcePBESecretKeyDecryptorBuilder()
                        .build(oldPassphrase);
        final PBESecretKeyEncryptor encryptor =
                new JcePBESecretKeyEncryptorBuilder(SymmetricAlgorithm.DEFAULT.value())
                        .setSecureRandom(random)
                        .build(newPassphrase);
        final PGPSecretKey masterSecretKey = PGPSecretKey.copyWithNewPassword(
                getUnlockedMasterKey().getSecretKey(),
                decryptor,
                encryptor
        );
        final PGPSecretKey subSecretKey = PGPSecretKey.copyWithNewPassword(
                getUnlockedSubKey().getSecretKey(),
                decryptor,
                encryptor
        );

        final MasterKey newMasterKey = new MasterKey(masterSecretKey);
        final SubKey newSubKey = new SubKey(subSecretKey, newMasterKey);

        return new KeySet(newMasterKey, newSubKey);
    } catch (PGPException e) {
        throw new CryptographicException(e);
    }
}

/**
 * Return a copy of the passed in secret key, encrypted using a new
 * password and the passed in algorithm.
 *
 * @param key the PGPSecretKey to be copied.
 * @param oldPassPhrase the current password for key.
 * @param newPassPhrase the new password for the key.
 * @param newEncAlgorithm the algorithm to be used for the encryption.
 * @param rand source of randomness.
 * @param provider the provider to use
 * @deprecated use method taking PBESecretKeyDecryptor and PBESecretKeyEncryptor
 */
public static PGPSecretKey copyWithNewPassword(
    PGPSecretKey    key,
    char[]          oldPassPhrase,
    char[]          newPassPhrase,
    int             newEncAlgorithm,
    SecureRandom    rand,
    Provider        provider)
    throws PGPException
{
    return copyWithNewPassword(key, new JcePBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider(provider).build()).setProvider(provider).build(oldPassPhrase), new JcePBESecretKeyEncryptorBuilder(newEncAlgorithm).setProvider(provider).setSecureRandom(rand).build(newPassPhrase));
}

/**
 * Return a copy of the passed in secret key, encrypted using a new
 * password and the passed in algorithm.
 *
 * @param key the PGPSecretKey to be copied.
 * @param oldPassPhrase the current password for key.
 * @param newPassPhrase the new password for the key.
 * @param newEncAlgorithm the algorithm to be used for the encryption.
 * @param rand source of randomness.
 * @param provider the provider to use
 * @deprecated use method taking PBESecretKeyDecryptor and PBESecretKeyEncryptor
 */
public static PGPSecretKey copyWithNewPassword(
    PGPSecretKey    key,
    char[]          oldPassPhrase,
    char[]          newPassPhrase,
    int             newEncAlgorithm,
    SecureRandom    rand,
    Provider        provider)
    throws PGPException
{
    return copyWithNewPassword(key, new JcePBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider(provider).build()).setProvider(provider).build(oldPassPhrase), new JcePBESecretKeyEncryptorBuilder(newEncAlgorithm).setProvider(provider).setSecureRandom(rand).build(newPassPhrase));
}

/**
 * Return a copy of the passed in secret key, encrypted using a new
 * password and the passed in algorithm.
 *
 * @param key the PGPSecretKey to be copied.
 * @param oldPassPhrase the current password for key.
 * @param newPassPhrase the new password for the key.
 * @param newEncAlgorithm the algorithm to be used for the encryption.
 * @param rand source of randomness.
 * @param provider the provider to use
 * @deprecated use method taking PBESecretKeyDecryptor and PBESecretKeyEncryptor
 */
public static PGPSecretKey copyWithNewPassword(
    PGPSecretKey    key,
    char[]          oldPassPhrase,
    char[]          newPassPhrase,
    int             newEncAlgorithm,
    SecureRandom    rand,
    Provider        provider)
    throws PGPException
{
    return copyWithNewPassword(key, new JcePBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider(provider).build()).setProvider(provider).build(oldPassPhrase), new JcePBESecretKeyEncryptorBuilder(newEncAlgorithm).setProvider(provider).setSecureRandom(rand).build(newPassPhrase));
}