/** * Verify a signature. Only return true if signature matches calculated signature of signedData * and if it was signed by the publicKey * * @param signedData * @param signature * @return */ public boolean verify(InputStream signedData, InputStream signature) { try { signature = PGPUtil.getDecoderStream(signature); JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(signature); PGPSignature sig = ((PGPSignatureList) pgpFact.nextObject()).get(0); PGPPublicKey key = pgpPubRingCollection.getPublicKey(sig.getKeyID()); sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), key); byte[] buff = new byte[1024]; int read = 0; while ((read = signedData.read(buff)) != -1) { sig.update(buff, 0, read); } signedData.close(); return sig.verify(); } catch (Exception ex) { // can we put a logger here please? return false; } }
private static byte[] readSign( JcaPGPObjectFactory objectFactory, PGPOnePassSignature onePassSignature ) throws IOException { InputStream is = getInputStream( objectFactory ); ByteArrayOutputStream bos = new ByteArrayOutputStream(); int ch; while ( ( ch = is.read() ) >= 0 ) { onePassSignature.update( ( byte ) ch ); bos.write( ch ); } return bos.toByteArray(); }
private static void doVerify( JcaPGPObjectFactory objectFactory, PGPOnePassSignature onePassSignature ) throws IOException, PGPException { PGPSignatureList signatures = ( PGPSignatureList ) objectFactory.nextObject(); if ( !onePassSignature.verify( signatures.get( 0 ) ) ) { throw new PGPDataValidationException( "Signature verification failed" ); } }
private static PGPOnePassSignature getOnePassSignature( PGPPublicKey publicKey, JcaPGPObjectFactory pgpFact ) throws IOException, PGPException { PGPOnePassSignatureList p1 = ( PGPOnePassSignatureList ) pgpFact.nextObject(); PGPOnePassSignature onePassSignature = p1.get( 0 ); onePassSignature.init( new JcaPGPContentVerifierBuilderProvider().setProvider( "BC" ), publicKey ); return onePassSignature; }
public PGPDecryptionResult decrypt(InputStream in) throws IOException { PGPDecryptionResult result = new PGPDecryptionResult(); // List<String> receivers = new ArrayList<>(); in = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(in); PGPObjectFactory pgpF = new PGPObjectFactory(in, new JcaKeyFingerprintCalculator()); PGPEncryptedDataList enc; Object o = pgpF.nextObject(); if (o instanceof PGPEncryptedDataList) { enc = (PGPEncryptedDataList) o; } else { enc = (PGPEncryptedDataList) pgpF.nextObject(); } Iterator it = enc.getEncryptedDataObjects(); PGPPublicKeyEncryptedData pbe = null; while (it.hasNext()) { PGPPublicKeyEncryptedData current = (PGPPublicKeyEncryptedData) it.next(); if(current.getKeyID() == secretKey.getKeyID()) { pbe = current; } // receivers.add(Long.toString(current.getKeyID())); } if(pbe == null) return result; try { PGPDigestCalculatorProvider digestCalculatorProvider = new JcaPGPDigestCalculatorProviderBuilder().build(); PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(digestCalculatorProvider) .build(passphrase.toCharArray()); PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptor); InputStream clear = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(privateKey)); JcaPGPObjectFactory plainFact = new JcaPGPObjectFactory(clear); Object message = plainFact.nextObject(); if(message instanceof PGPCompressedData) { PGPCompressedData cData = (PGPCompressedData)plainFact.nextObject(); InputStream compressedStream = new BufferedInputStream(cData.getDataStream()); JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(compressedStream); message = pgpFact.nextObject(); } if (message instanceof PGPLiteralData) { PGPLiteralData ld = (PGPLiteralData)message; InputStream unc = ld.getInputStream(); ObjectMapper mapper = new ObjectMapper(); result.submission = mapper.readValue(unc, Submission.class); unc.close(); Log.i(result.submission.reply_to); Log.i(Integer.toString(result.submission.receivers.size())); result.decryptedSuccessfully = !pbe.isIntegrityProtected() || pbe.verify(); return result; } } catch (PGPException e) { e.printStackTrace(); } return result; }
public static boolean verifyClearSign( byte[] message, PGPPublicKeyRing pgpRings ) throws IOException, PGPException, SignatureException { ArmoredInputStream aIn = new ArmoredInputStream( new ByteArrayInputStream( message ) ); ByteArrayOutputStream bout = new ByteArrayOutputStream(); // // write out signed section using the local line separator. // note: trailing white space needs to be removed from the end of // each line RFC 4880 Section 7.1 // ByteArrayOutputStream lineOut = new ByteArrayOutputStream(); boolean isFirstLineClearText = aIn.isClearText(); int lookAhead = readInputLine( lineOut, aIn ); if ( lookAhead != -1 && isFirstLineClearText ) { bout.write( lineOut.toByteArray() ); while ( lookAhead != -1 && aIn.isClearText() ) { lookAhead = readInputLine( lineOut, lookAhead, aIn ); bout.write( lineOut.toByteArray() ); } } JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory( aIn ); PGPSignatureList p3 = ( PGPSignatureList ) pgpFact.nextObject(); PGPSignature sig = p3.get( 0 ); PGPPublicKey publicKey = pgpRings.getPublicKey( sig.getKeyID() ); sig.init( new JcaPGPContentVerifierBuilderProvider().setProvider( "BC" ), publicKey ); // // read the input, making sure we ignore the last newline. // InputStream sigIn = new ByteArrayInputStream( bout.toByteArray() ); lookAhead = readInputLine( lineOut, sigIn ); processLine( sig, lineOut.toByteArray() ); if ( lookAhead != -1 ) { do { lookAhead = readInputLine( lineOut, lookAhead, sigIn ); sig.update( ( byte ) '\r' ); sig.update( ( byte ) '\n' ); processLine( sig, lineOut.toByteArray() ); } while ( lookAhead != -1 ); } sigIn.close(); return sig.verify(); }
private static InputStream getInputStream( JcaPGPObjectFactory objectFactory ) throws IOException { PGPLiteralData literalData = ( PGPLiteralData ) objectFactory.nextObject(); return literalData.getInputStream(); }
private static InputStream getInputStream( PGPPrivateKey privateKey, PGPPublicKeyEncryptedData pgpEncData ) throws PGPException, IOException { InputStream is = pgpEncData .getDataStream( new JcePublicKeyDataDecryptorFactoryBuilder().setProvider( "BC" ).build( privateKey ) ); JcaPGPObjectFactory objectFactory = new JcaPGPObjectFactory( is ); Object message = objectFactory.nextObject(); PGPCompressedData compressedData = ( PGPCompressedData ) message; JcaPGPObjectFactory pgpObjectFactory = new JcaPGPObjectFactory( compressedData.getDataStream() ); PGPLiteralData literalData = ( PGPLiteralData ) pgpObjectFactory.nextObject(); return literalData.getInputStream(); }
public String verifySignature(String message) throws PGPInvalidSignatureException, PGPSignatureVerificationException { try { ArmoredInputStream aIn = new ArmoredInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); int ch; while ((ch = aIn.read()) >= 0 && aIn.isClearText()) { bOut.write((byte) ch); } JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(aIn); PGPSignatureList p3 = (PGPSignatureList) pgpFact.nextObject(); checkState(p3 != null && p3.size() >= 1, "No signatures"); PGPSignature sig = p3.get(0); sig.init(new BcPGPContentVerifierBuilderProvider(), publicKey.getSigningKey()); ByteArrayOutputStream lineOut = new ByteArrayOutputStream(); byte[] content = bOut.toByteArray(); InputStream sigIn = new ByteArrayInputStream(content); int lookAhead = readInputLine(lineOut, sigIn); processLine(sig, lineOut.toByteArray()); if (lookAhead != -1) { do { lookAhead = readInputLine(lineOut, lookAhead, sigIn); sig.update((byte) '\r'); sig.update((byte) '\n'); processLine(sig, lineOut.toByteArray()); } while (lookAhead != -1); } if (sig.verify()) { return new String(content, StandardCharsets.UTF_8); } throw new PGPInvalidSignatureException( "Invalid signature, received keyId=" + Long.toHexString(sig.getKeyID()).toUpperCase() ); } catch (IOException | PGPException e) { throw new PGPSignatureVerificationException("Error verifying message", e); } }
public static byte[] verify( byte signedData[], PGPPublicKey publicKey ) throws IOException, PGPException { JcaPGPObjectFactory objectFactory = getObjectFactory( signedData ); PGPOnePassSignature onePassSignature = getOnePassSignature( publicKey, objectFactory ); byte data[] = readSign( objectFactory, onePassSignature ); doVerify( objectFactory, onePassSignature ); return data; }
private static JcaPGPObjectFactory getObjectFactory( byte signedData[] ) throws IOException, PGPException { InputStream in = PGPUtil.getDecoderStream( new ByteArrayInputStream( signedData ) ); JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory( in ); PGPCompressedData compressedData = ( PGPCompressedData ) pgpFact.nextObject(); return new JcaPGPObjectFactory( compressedData.getDataStream() ); }
private static PGPPublicKeyEncryptedData getPGPEncryptedData( byte data[] ) throws IOException { InputStream in = PGPUtil.getDecoderStream( new ByteArrayInputStream( data ) ); JcaPGPObjectFactory objectFactory = new JcaPGPObjectFactory( in ); PGPEncryptedDataList encryptedDataList = ( PGPEncryptedDataList ) objectFactory.nextObject(); Iterator it = encryptedDataList.getEncryptedDataObjects(); return ( PGPPublicKeyEncryptedData ) it.next(); }