public KeyPair generateKeyPair() { if (!initialised) { DSAParametersGenerator pGen = new DSAParametersGenerator(); pGen.init(strength, certainty, random); param = new DSAKeyGenerationParameters(random, pGen.generateParameters()); engine.init(param); initialised = true; } AsymmetricCipherKeyPair pair = engine.generateKeyPair(); DSAPublicKeyParameters pub = (DSAPublicKeyParameters)pair.getPublic(); DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)pair.getPrivate(); return new KeyPair(new BCDSAPublicKey(pub), new BCDSAPrivateKey(priv)); }
@Override public AsymmetricCipherKeyPairGenerator createAsymmetricCipherKeyPairGenerator(final boolean initWithDefaults) { final DSAKeyPairGenerator generator = new DSAKeyPairGenerator(); if (initWithDefaults) { /* * How certain do we want to be that the chosen primes are really primes. * <p> * The higher this number, the more tests are done to make sure they are primes (and not composites). * <p> * See: <a href="http://crypto.stackexchange.com/questions/3114/what-is-the-correct-value-for-certainty-in-rsa-key-pair-generation">What is the correct value for “certainty” in RSA key pair generation?</a> * and * <a href="http://crypto.stackexchange.com/questions/3126/does-a-high-exponent-compensate-for-a-low-degree-of-certainty?lq=1">Does a high exponent compensate for a low degree of certainty?</a> */ final int certainty = 12; final SecureRandom random = new SecureRandom(); final DSAParametersGenerator pGen = new DSAParametersGenerator(); pGen.init(4096, certainty, random); final DSAParameters dsaParameters = pGen.generateParameters(); final DSAKeyGenerationParameters dsaKeyGenerationParameters = new DSAKeyGenerationParameters(random, dsaParameters); generator.init(dsaKeyGenerationParameters); } return generator; }
private DSAKeyGenerationParameters createDsaKeyGenerationParameters(final CreatePgpKeyParam createPgpKeyParam) { /* * How certain do we want to be that the chosen primes are really primes. * <p> * The higher this number, the more tests are done to make sure they are primes (and not composites). * <p> * See: <a href="http://crypto.stackexchange.com/questions/3114/what-is-the-correct-value-for-certainty-in-rsa-key-pair-generation">What is the correct value for “certainty” in RSA key pair generation?</a> * and * <a href="http://crypto.stackexchange.com/questions/3126/does-a-high-exponent-compensate-for-a-low-degree-of-certainty?lq=1">Does a high exponent compensate for a low degree of certainty?</a> */ final int certainty = 12; final SecureRandom random = getSecureRandom(); final DSAParametersGenerator pGen = new DSAParametersGenerator(); pGen.init(createPgpKeyParam.getStrength(), certainty, random); final DSAParameters dsaParameters = pGen.generateParameters(); return new DSAKeyGenerationParameters(random, dsaParameters); }
public static DSAParameterSpec getNewDSAParameterSpec(int plength, int qlength, SecureRandom random) { final int certainty = 80; SecureRandom tmpRandom = (random == null) ? new SecureRandom() : random; DSAParametersGenerator paramGen = new DSAParametersGenerator(new SHA512Digest()); DSAParameterGenerationParameters genParams = new DSAParameterGenerationParameters( plength, qlength, certainty, tmpRandom); paramGen.init(genParams); DSAParameters dsaParams = paramGen.generateParameters(); return new DSAParameterSpec(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG()); }
protected AlgorithmParameters engineGenerateParameters() { DSAParametersGenerator pGen = new DSAParametersGenerator(); if ( random != null ) { pGen.init(strength, 20, random); } else { pGen.init(strength, 20, new SecureRandom()); } DSAParameters p = pGen.generateParameters(); AlgorithmParameters params; try { params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME); params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG())); } catch (Exception e) { throw new RuntimeException(e.getMessage()); } return params; }
public void generateTest() throws Exception { char[] passPhrase = "hello".toCharArray(); DSAParametersGenerator dsaPGen = new DSAParametersGenerator(); dsaPGen.init(512, 10, new SecureRandom()); DSAKeyPairGenerator dsaKpg = new DSAKeyPairGenerator(); dsaKpg.init(new DSAKeyGenerationParameters(new SecureRandom(), dsaPGen.generateParameters())); // // this takes a while as the key generator has to generate some DSA params // before it generates the key. // AsymmetricCipherKeyPair dsaKp = dsaKpg.generateKeyPair(); ElGamalKeyPairGenerator elgKpg = new ElGamalKeyPairGenerator(); BigInteger g = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16); BigInteger p = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16); ElGamalParameters elParams = new ElGamalParameters(p, g); elgKpg.init(new ElGamalKeyGenerationParameters(new SecureRandom(), elParams)); // // this is quicker because we are using pregenerated parameters. // AsymmetricCipherKeyPair elgKp = elgKpg.generateKeyPair(); PGPKeyPair dsaKeyPair = new BcPGPKeyPair(PGPPublicKey.DSA, dsaKp, new Date()); PGPKeyPair elgKeyPair = new BcPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elgKp, new Date()); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaKeyPair, "test", null, null, null, new BcPGPContentSignerBuilder(PGPPublicKey.DSA, HashAlgorithmTags.SHA1), new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256).build(passPhrase)); keyRingGen.addSubKey(elgKeyPair); PGPSecretKeyRing keyRing = keyRingGen.generateSecretKeyRing(); keyRing.getSecretKey().extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(passPhrase)); PGPPublicKeyRing pubRing = keyRingGen.generatePublicKeyRing(); PGPPublicKey vKey = null; PGPPublicKey sKey = null; Iterator it = pubRing.getPublicKeys(); while (it.hasNext()) { PGPPublicKey pk = (PGPPublicKey)it.next(); if (pk.isMasterKey()) { vKey = pk; } else { sKey = pk; } } Iterator sIt = sKey.getSignatures(); while (sIt.hasNext()) { PGPSignature sig = (PGPSignature)sIt.next(); if (sig.getKeyID() == vKey.getKeyID() && sig.getSignatureType() == PGPSignature.SUBKEY_BINDING) { sig.init(new BcPGPContentVerifierBuilderProvider(), vKey); if (!sig.verifyCertification(vKey, sKey)) { fail("failed to verify sub-key signature."); } } } }
public void generateSha1Test() throws Exception { char[] passPhrase = "hello".toCharArray(); DSAParametersGenerator dsaPGen = new DSAParametersGenerator(); dsaPGen.init(512, 10, new SecureRandom()); DSAKeyPairGenerator dsaKpg = new DSAKeyPairGenerator(); dsaKpg.init(new DSAKeyGenerationParameters(new SecureRandom(), dsaPGen.generateParameters())); // // this takes a while as the key generator has to generate some DSA params // before it generates the key. // AsymmetricCipherKeyPair dsaKp = dsaKpg.generateKeyPair(); ElGamalKeyPairGenerator elgKpg = new ElGamalKeyPairGenerator(); BigInteger g = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16); BigInteger p = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16); ElGamalParameters elParams = new ElGamalParameters(p, g); elgKpg.init(new ElGamalKeyGenerationParameters(new SecureRandom(), elParams)); // // this is quicker because we are using pregenerated parameters. // AsymmetricCipherKeyPair elgKp = elgKpg.generateKeyPair(); PGPKeyPair dsaKeyPair = new BcPGPKeyPair(PGPPublicKey.DSA, dsaKp, new Date()); PGPKeyPair elgKeyPair = new BcPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elgKp, new Date()); PGPDigestCalculator chkSumCalc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, dsaKeyPair, "test", chkSumCalc, null, null, new BcPGPContentSignerBuilder(PGPPublicKey.DSA, HashAlgorithmTags.SHA1), new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256).build(passPhrase)); keyRingGen.addSubKey(elgKeyPair); PGPSecretKeyRing keyRing = keyRingGen.generateSecretKeyRing(); keyRing.getSecretKey().extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(passPhrase)); PGPPublicKeyRing pubRing = keyRingGen.generatePublicKeyRing(); PGPPublicKey vKey = null; PGPPublicKey sKey = null; Iterator it = pubRing.getPublicKeys(); while (it.hasNext()) { PGPPublicKey pk = (PGPPublicKey)it.next(); if (pk.isMasterKey()) { vKey = pk; } else { sKey = pk; } } Iterator sIt = sKey.getSignatures(); while (sIt.hasNext()) { PGPSignature sig = (PGPSignature)sIt.next(); if (sig.getKeyID() == vKey.getKeyID() && sig.getSignatureType() == PGPSignature.SUBKEY_BINDING) { sig.init(new BcPGPContentVerifierBuilderProvider(), vKey); if (!sig.verifyCertification(vKey, sKey)) { fail("failed to verify sub-key signature."); } } } }
public void performTest() { BigInteger r = new BigInteger("68076202252361894315274692543577577550894681403"); BigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365"); DSAParametersGenerator pGen = new DSAParametersGenerator(); pGen.init(512, 80, random); DSAParameters params = pGen.generateParameters(); DSAValidationParameters pValid = params.getValidationParameters(); if (pValid.getCounter() != 105) { fail("Counter wrong"); } if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ())) { fail("p or q wrong"); } DSAKeyPairGenerator dsaKeyGen = new DSAKeyPairGenerator(); DSAKeyGenerationParameters genParam = new DSAKeyGenerationParameters(keyRandom, params); dsaKeyGen.init(genParam); AsymmetricCipherKeyPair pair = dsaKeyGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), keyRandom); DSASigner dsa = new DSASigner(); dsa.init(true, param); byte[] message = BigIntegers.asUnsignedByteArray(new BigInteger("968236873715988614170569073515315707566766479517")); BigInteger[] sig = dsa.generateSignature(message); if (!r.equals(sig[0])) { fail("r component wrong.", r, sig[0]); } if (!s.equals(sig[1])) { fail("s component wrong.", s, sig[1]); } dsa.init(false, pair.getPublic()); if (!dsa.verifySignature(message, sig[0], sig[1])) { fail("verification fails"); } dsa2Test1(); dsa2Test2(); dsa2Test3(); dsa2Test4(); }
/** * we generate a self signed certificate for the sake of testing - DSA */ public void checkCreation2() throws Exception { // // set up the keys // AsymmetricKeyParameter privKey; AsymmetricKeyParameter pubKey; AsymmetricCipherKeyPairGenerator kpg = new DSAKeyPairGenerator(); BigInteger r = new BigInteger("68076202252361894315274692543577577550894681403"); BigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365"); DSAParametersGenerator pGen = new DSAParametersGenerator(); pGen.init(512, 80, new SecureRandom()); DSAParameters params = pGen.generateParameters(); DSAKeyGenerationParameters genParam = new DSAKeyGenerationParameters(new SecureRandom(), params); kpg.init(genParam); AsymmetricCipherKeyPair pair = kpg.generateKeyPair(); privKey = (AsymmetricKeyParameter)pair.getPrivate(); pubKey = (AsymmetricKeyParameter)pair.getPublic(); // // distinguished name table. // X500NameBuilder builder = createStdBuilder(); // // extensions // // // create the certificate - version 3 // AlgorithmIdentifier sigAlgId = sigAlgFinder.find("SHA1withDSA"); AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId); ContentSigner sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey); X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey); X509CertificateHolder cert = certGen.build(sigGen); assertTrue(cert.isValidOn(new Date())); assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey))); // // create the certificate - version 1 // sigAlgId = sigAlgFinder.find("SHA1withDSA"); digAlgId = digAlgFinder.find(sigAlgId); sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey); X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey); cert = certGen1.build(sigGen); assertTrue(cert.isValidOn(new Date())); assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey))); ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); CertificateFactory fact = CertificateFactory.getInstance("X.509"); X509Certificate x509cert = (X509Certificate)fact.generateCertificate(bIn); //System.out.println(cert); }
public void performTest() { BigInteger r = new BigInteger("68076202252361894315274692543577577550894681403"); BigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365"); DSAParametersGenerator pGen = new DSAParametersGenerator(); pGen.init(512, 20, random); DSAParameters params = pGen.generateParameters(); DSAValidationParameters pValid = params.getValidationParameters(); if (pValid.getCounter() != 105) { fail("Counter wrong"); } if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ())) { fail("p or q wrong"); } DSAKeyPairGenerator dsaKeyGen = new DSAKeyPairGenerator(); DSAKeyGenerationParameters genParam = new DSAKeyGenerationParameters(keyRandom, params); dsaKeyGen.init(genParam); AsymmetricCipherKeyPair pair = dsaKeyGen.generateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), keyRandom); DSASigner dsa = new DSASigner(); dsa.init(true, param); byte[] message = BigIntegers.asUnsignedByteArray(new BigInteger("968236873715988614170569073515315707566766479517")); BigInteger[] sig = dsa.generateSignature(message); if (!r.equals(sig[0])) { fail("r component wrong.", r, sig[0]); } if (!s.equals(sig[1])) { fail("s component wrong.", s, sig[1]); } dsa.init(false, pair.getPublic()); if (!dsa.verifySignature(message, sig[0], sig[1])) { fail("verification fails"); } //dsa2Test1(); //dsa2Test2(); //dsa2Test3(); //dsa2Test4(); }