/** * * @param dsaKeyPair - the generated DSA key pair * @param elGamalKeyPair - the generated El Gamal key pair * @param identity - the given identity of the key pair ring * @param passphrase - the secret pass phrase to protect the key pair * @return a PGP Key Ring Generate with the El Gamal key pair added as sub key * @throws Exception */ public static final PGPKeyRingGenerator createPGPKeyRingGenerator(KeyPair dsaKeyPair, KeyPair elGamalKeyPair, String identity, char[] passphrase) throws Exception { PGPKeyPair dsaPgpKeyPair = new JcaPGPKeyPair(PGPPublicKey.DSA, dsaKeyPair, new Date()); PGPKeyPair elGamalPgpKeyPair = new JcaPGPKeyPair(PGPPublicKey.ELGAMAL_ENCRYPT, elGamalKeyPair, new Date()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1); PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator( PGPSignature.POSITIVE_CERTIFICATION, dsaPgpKeyPair, identity, sha1Calc, null, null, new JcaPGPContentSignerBuilder(dsaPgpKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha1Calc).setProvider("BC").build(passphrase) ); keyRingGen.addSubKey(elGamalPgpKeyPair); return keyRingGen; }
public static PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket, BlockCipher engine, byte[] key) { final BufferedBlockCipher c = createStreamCipher(false, engine, withIntegrityPacket, key); return new PGPDataDecryptor() { public InputStream getInputStream(InputStream in) { return new CipherInputStream(in, c); } public int getBlockSize() { return c.getBlockSize(); } public PGPDigestCalculator getIntegrityCalculator() { return new SHA1PGPDigestCalculator(); } }; }
private static byte[] KDF(PGPDigestCalculator digCalc, ECPoint s, int keyLen, byte[] param) throws IOException { byte[] ZB = s.getXCoord().getEncoded(); OutputStream dOut = digCalc.getOutputStream(); dOut.write(0x00); dOut.write(0x00); dOut.write(0x00); dOut.write(0x01); dOut.write(ZB); dOut.write(param); byte[] digest = digCalc.getDigest(); byte[] key = new byte[keyLen]; System.arraycopy(digest, 0, key, 0, key.length); return key; }
/** * Create a new key ring generator. * * @param certificationLevel * @param masterKey * @param id * @param checksumCalculator * @param hashedPcks * @param unhashedPcks * @param keySignerBuilder * @param keyEncryptor * @throws PGPException */ public PGPKeyRingGenerator( int certificationLevel, PGPKeyPair masterKey, String id, PGPDigestCalculator checksumCalculator, PGPSignatureSubpacketVector hashedPcks, PGPSignatureSubpacketVector unhashedPcks, PGPContentSignerBuilder keySignerBuilder, PBESecretKeyEncryptor keyEncryptor) throws PGPException { this.masterKey = masterKey; this.keyEncryptor = keyEncryptor; this.checksumCalculator = checksumCalculator; this.keySignerBuilder = keySignerBuilder; this.hashedPcks = hashedPcks; this.unhashedPcks = unhashedPcks; keys.add(new PGPSecretKey(certificationLevel, masterKey, id, checksumCalculator, hashedPcks, unhashedPcks, keySignerBuilder, keyEncryptor)); }
/** * @deprecated use method taking PGPKeyPair */ public PGPSecretKey( int certificationLevel, int algorithm, PublicKey pubKey, PrivateKey privKey, Date time, String id, PGPDigestCalculator checksumCalculator, PGPSignatureSubpacketVector hashedPcks, PGPSignatureSubpacketVector unhashedPcks, PGPContentSignerBuilder certificationSignerBuilder, PBESecretKeyEncryptor keyEncryptor) throws PGPException { this(certificationLevel, new PGPKeyPair(algorithm, pubKey, privKey, time), id, checksumCalculator, hashedPcks, unhashedPcks, certificationSignerBuilder, keyEncryptor); }
public static PGPSecretKeyRing copySecretKeyRingWithNewPassword(byte[] privateKeyData, char[] oldPassphrase, char[] newPassphrase) throws PGPException, IOException, KonException { // load the secret key ring PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, FP_CALC); PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build(); PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProv) .setProvider(PGPUtils.PROVIDER) .build(oldPassphrase); PGPDigestCalculator calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA256); PBESecretKeyEncryptor encryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calc) .setProvider(PROVIDER).build(newPassphrase); try { return PGPSecretKeyRing.copyWithNewPassword(secRing, decryptor, encryptor); } catch (PGPException ex) { // treat this special, cause most like the decryption password was wrong throw new KonException(KonException.Error.CHANGE_PASS_COPY, ex); } }
public void keygen( String identity) throws IOException, InvalidKeyException, NoSuchProviderException, SignatureException, PGPException, NoSuchAlgorithmException { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC"); kpg.initialize(1024); KeyPair kp = kpg.generateKeyPair(); OutputStream secretOut = new ArmoredOutputStream(new FileOutputStream("secret.pgp")); OutputStream publicOut = new ArmoredOutputStream(new FileOutputStream("public.pgp")); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1); PGPKeyPair keyPair = new JcaPGPKeyPair(PGPPublicKey.RSA_GENERAL, kp, new Date()); secretKey = new PGPSecretKey(PGPSignature.DEFAULT_CERTIFICATION, keyPair, identity, sha1Calc, null, null, new JcaPGPContentSignerBuilder(keyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.CAST5, sha1Calc).setProvider("BC").build(passphrase.toCharArray())); secretKey.encode(secretOut); secretOut.close(); PGPPublicKey key = secretKey.getPublicKey(); key.encode(publicOut); publicOut.close(); }
PGPSecretKey( PGPPrivateKey privKey, PGPPublicKey pubKey, PGPDigestCalculator checksumCalculator, PBESecretKeyEncryptor keyEncryptor) throws PGPException { this(privKey, pubKey, checksumCalculator, false, keyEncryptor); }
/** * Construct a PGPSecretKey using the passed in private key and public key. This constructor will not add any * certifications but assumes that pubKey already has what is required. * * @param privKey the private key component. * @param pubKey the public key component. * @param checksumCalculator a calculator for the private key checksum * @param isMasterKey true if the key is a master key, false otherwise. * @param keyEncryptor an encryptor for the key if required (null otherwise). * @throws PGPException if there is an issue creating the secret key packet. */ public PGPSecretKey( PGPPrivateKey privKey, PGPPublicKey pubKey, PGPDigestCalculator checksumCalculator, boolean isMasterKey, PBESecretKeyEncryptor keyEncryptor) throws PGPException { this.pub = pubKey; this.secret = buildSecretKeyPacket(isMasterKey, privKey, pubKey, keyEncryptor, checksumCalculator); }
public PGPDigestCalculator get(final int algorithm) throws PGPException { final Digest dig = BcImplProvider.createDigest(algorithm); final DigestOutputStream stream = new DigestOutputStream(dig); return new PGPDigestCalculator() { public int getAlgorithm() { return algorithm; } public OutputStream getOutputStream() { return stream; } public byte[] getDigest() { return stream.getDigest(); } public void reset() { dig.reset(); } }; }
public PGPDigestCalculator getIntegrityCalculator() { if (withIntegrityPacket) { return new SHA1PGPDigestCalculator(); } return null; }
/** * Create an SecretKeyEncryptorBuilder with the S2k count different to the default of 0x60, and the S2K digest * different from SHA-1. * * @param encAlgorithm encryption algorithm to use. * @param s2kDigestCalculator digest calculator to use. * @param s2kCount iteration count to use for S2K function. */ public BcPBESecretKeyEncryptorBuilder(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, int s2kCount) { this.encAlgorithm = encAlgorithm; this.s2kDigestCalculator = s2kDigestCalculator; if (s2kCount < 0 || s2kCount > 0xff) { throw new IllegalArgumentException("s2KCount value outside of range 0 to 255."); } this.s2kCount = s2kCount; }
public SecretKey generateKeyPair(final String id, final char[] pass) throws CryptoException { try { // This object generates individual key-pairs. final RSAKeyPairGenerator kpg = new RSAKeyPairGenerator(); kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12)); // First create the master (signing) key with the generator. final PGPKeyPair keyPair = new BcPGPKeyPair(PGPPublicKey.RSA_GENERAL, kpg.generateKeyPair(), new Date()); // Add a self-signature on the id final PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator(); signhashgen.setKeyFlags(true, KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA | KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); signhashgen.setPreferredCompressionAlgorithms(false, new int[] { CompressionAlgorithmTags.ZIP }); signhashgen.setPreferredHashAlgorithms(false, new int[] { HashAlgorithmTags.SHA1 }); signhashgen.setPreferredSymmetricAlgorithms(false, new int[] { SymmetricKeyAlgorithmTags.AES_256 }); signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION); // Create a signature on the encryption subkey. final PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator(); enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); // Objects used to encrypt the secret key. // Finally, create the keyring itself. The constructor // takes parameters that allow it to generate the self // signature. final PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1); final PBESecretKeyEncryptor secretKeyEncryptor = new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_128, sha1Calc).build(pass); final BcPGPContentSignerBuilder contentSigner = new BcPGPContentSignerBuilder(keyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); final PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, keyPair, id, sha1Calc, signhashgen.generate(), null, contentSigner, secretKeyEncryptor); // return new SimpleKeyPair(new BcPGPPublicKey(publicKeyRing.getPublicKey()), return new BcPGPSecretKey(keyRingGen.generateSecretKeyRing().getSecretKey()); } catch (final Exception e) { throw new CryptoException(e); } }
public PGPSecretKey( int certificationLevel, PGPKeyPair keyPair, String id, PGPDigestCalculator checksumCalculator, PGPSignatureSubpacketVector hashedPcks, PGPSignatureSubpacketVector unhashedPcks, PGPContentSignerBuilder certificationSignerBuilder, PBESecretKeyEncryptor keyEncryptor) throws PGPException { this(keyPair.getPrivateKey(), certifiedPublicKey(certificationLevel, keyPair, id, hashedPcks, unhashedPcks, certificationSignerBuilder), checksumCalculator, true, keyEncryptor); }
/** * Create an SecretKeyEncryptorBuilder with the S2k count different to the default of 0x60, and the S2K digest * different from SHA-1. * * @param encAlgorithm encryption algorithm to use. * @param s2kDigestCalculator digest calculator to use. * @param s2kCount iteration count to use for S2K function. */ public JcePBESecretKeyEncryptorBuilder(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, int s2kCount) { this.encAlgorithm = encAlgorithm; this.s2kDigestCalculator = s2kDigestCalculator; if (s2kCount < 0 || s2kCount > 0xff) { throw new IllegalArgumentException("s2KCount value outside of range 0 to 255."); } this.s2kCount = s2kCount; }