/** * Verify a signature. Only return true if signature matches calculated signature of signedData * and if it was signed by the publicKey * * @param signedData * @param signature * @return */ public boolean verify(InputStream signedData, InputStream signature) { try { signature = PGPUtil.getDecoderStream(signature); JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(signature); PGPSignature sig = ((PGPSignatureList) pgpFact.nextObject()).get(0); PGPPublicKey key = pgpPubRingCollection.getPublicKey(sig.getKeyID()); sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), key); byte[] buff = new byte[1024]; int read = 0; while ((read = signedData.read(buff)) != -1) { sig.update(buff, 0, read); } signedData.close(); return sig.verify(); } catch (Exception ex) { // can we put a logger here please? return false; } }
/** * Verifies that a public key is signed with another public key * * @param keyToVerify the public key to verify * @param id the id we are verifying against the public key * @param keyToVerifyWith the key to verify with * * @return true if verified, false otherwise */ public static boolean verifyPublicKey( PGPPublicKey keyToVerify, String id, PGPPublicKey keyToVerifyWith ) throws PGPException { try { Iterator<PGPSignature> signIterator = keyToVerify.getSignatures(); while ( signIterator.hasNext() ) { PGPSignature signature = signIterator.next(); signature.init( new JcaPGPContentVerifierBuilderProvider().setProvider( provider ), keyToVerifyWith ); if ( signature.verifyCertification( id.getBytes(), keyToVerify ) ) { return true; } } return false; } catch ( Exception e ) { //throw custom exception throw new PGPException( "Error verifying public key", e ); } }
public static boolean verifySignature( ContentAndSignatures contentAndSignatures, PGPPublicKey publicKey ) throws PGPException { Preconditions.checkNotNull( contentAndSignatures ); Preconditions.checkNotNull( publicKey ); try { for ( int i = 0; i < contentAndSignatures.getOnePassSignatureList().size(); i++ ) { PGPOnePassSignature ops = contentAndSignatures.getOnePassSignatureList().get( 0 ); ops.init( new JcaPGPContentVerifierBuilderProvider().setProvider( provider ), publicKey ); ops.update( contentAndSignatures.getDecryptedContent() ); PGPSignature signature = contentAndSignatures.getSignatureList().get( i ); if ( !ops.verify( signature ) ) { return false; } } return true; } catch ( Exception e ) { throw new PGPException( "Error in verifySignature", e ); } }
public static PGPPublicKeyRing removeSignature( PGPPublicKeyRing keyToRemoveFrom, PGPPublicKey keySignatureToRemove ) throws PGPException { try { PGPPublicKey oldKey = keyToRemoveFrom.getPublicKey(); PGPPublicKeyRing newPublicKeyRing = PGPPublicKeyRing.removePublicKey( keyToRemoveFrom, oldKey ); Iterator<PGPSignature> signIterator = oldKey.getSignatures(); while ( signIterator.hasNext() ) { PGPSignature signature = signIterator.next(); signature.init( new JcaPGPContentVerifierBuilderProvider().setProvider( provider ), keySignatureToRemove ); String sigId = PGPKeyUtil.encodeNumericKeyId( oldKey.getKeyID() ); if ( signature.verifyCertification( sigId, oldKey ) ) { PGPPublicKey updatedKey = PGPPublicKey.removeCertification( oldKey, signature ); keyToRemoveFrom = PGPPublicKeyRing.insertPublicKey( newPublicKeyRing, updatedKey ); } } return keyToRemoveFrom; } catch ( Exception e ) { //throw custom exception throw new PGPException( "Error removing signature", e ); } }
private static PGPOnePassSignature getOnePassSignature( PGPPublicKey publicKey, JcaPGPObjectFactory pgpFact ) throws IOException, PGPException { PGPOnePassSignatureList p1 = ( PGPOnePassSignatureList ) pgpFact.nextObject(); PGPOnePassSignature onePassSignature = p1.get( 0 ); onePassSignature.init( new JcaPGPContentVerifierBuilderProvider().setProvider( "BC" ), publicKey ); return onePassSignature; }
protected PGPOnePassSignature getSignature(Exchange exchange, PGPOnePassSignatureList signatureList) throws Exception { if (SIGNATURE_VERIFICATION_OPTION_IGNORE.equals(getSignatureVerificationOption())) { return null; } if (SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.equals(getSignatureVerificationOption())) { throw new PGPException( "PGP message contains a signature although a signature is not expected. Either change the configuration of the PGP decryptor or send a PGP message with no signature."); } List<String> allowedUserIds = determineSignaturenUserIds(exchange); for (int i = 0; i < signatureList.size(); i++) { PGPOnePassSignature signature = signatureList.get(i); // Determine public key from signature keyId PGPPublicKey sigPublicKey = publicKeyAccessor.getPublicKey(exchange, signature.getKeyID(), allowedUserIds); if (sigPublicKey == null) { continue; } // choose that signature for which a public key exists! signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(getProvider()), sigPublicKey); return signature; } if (signatureList.isEmpty()) { return null; } else { throw new IllegalArgumentException("Cannot verify the PGP signature: No public key found for the key ID(s) contained in the PGP signature(s). " + "Either the received PGP message contains a signature from an unexpected sender or the Public Keyring does not contain the public key of the sender."); } }
/** * @deprecated use init(PGPContentVerifierBuilderProvider, PGPPublicKey) */ public void initVerify( PGPPublicKey pubKey, Provider provider) throws PGPException { init(new JcaPGPContentVerifierBuilderProvider().setProvider(provider), pubKey); }
public void performTest() throws Exception { PGPUtil.setDefaultProvider("BC"); // // Read the public key // PGPPublicKeyRing pubKeyRing = new PGPPublicKeyRing(testPubKey, new JcaKeyFingerprintCalculator()); for (Iterator it = pubKeyRing.getPublicKey().getSignatures(); it.hasNext();) { PGPSignature certification = (PGPSignature)it.next(); certification.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pubKeyRing.getPublicKey()); if (!certification.verifyCertification((String)pubKeyRing.getPublicKey().getUserIDs().next(), pubKeyRing.getPublicKey())) { fail("self certification does not verify"); } } // // Read the private key // PGPSecretKeyRing secretKeyRing = new PGPSecretKeyRing(testPrivKey, new JcaKeyFingerprintCalculator()); generateAndSign(); }
private void doBasicKeyRingCheck(PGPPublicKeyRing pubKeyRing) throws PGPException, SignatureException { for (Iterator it = pubKeyRing.getPublicKeys(); it.hasNext();) { PGPPublicKey pubKey = (PGPPublicKey)it.next(); if (pubKey.isMasterKey()) { if (pubKey.isEncryptionKey()) { fail("master key showed as encryption key!"); } } else { if (!pubKey.isEncryptionKey()) { fail("sub key not encryption key!"); } for (Iterator sigIt = pubKeyRing.getPublicKey().getSignatures(); sigIt.hasNext();) { PGPSignature certification = (PGPSignature)sigIt.next(); certification.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pubKeyRing.getPublicKey()); if (!certification.verifyCertification((String)pubKeyRing.getPublicKey().getUserIDs().next(), pubKeyRing.getPublicKey())) { fail("subkey certification does not verify"); } } } } }
/** * Verify this signature for a self-signed {@link MasterKey}. * * @param key a self-signed master key * @return {@code true} if the signature is valid, {@code false} otherwise */ public boolean verifyCertification(MasterKey key) { final PGPPublicKey publicKey = key.getPublicKey(); try { signature.init(new JcaPGPContentVerifierBuilderProvider(), publicKey); return signature.verifyCertification(key.getUserID(), publicKey); } catch (PGPException | SignatureException e) { return false; } }
/** * Verify this signature for a {@link SubKey} signed by a {@link MasterKey}. * * @param key a subkey * @param masterKey the signing master key * @return {@code true} if the signature is valid, {@code false} otherwise */ public boolean verifyCertification(SubKey key, MasterKey masterKey) { try { signature.init(new JcaPGPContentVerifierBuilderProvider(), masterKey.getPublicKey()); return signature.verifyCertification(masterKey.getPublicKey(), key.getPublicKey()); } catch (PGPException | SignatureException e) { return false; } }
public static boolean verifyClearSign( byte[] message, PGPPublicKeyRing pgpRings ) throws IOException, PGPException, SignatureException { ArmoredInputStream aIn = new ArmoredInputStream( new ByteArrayInputStream( message ) ); ByteArrayOutputStream bout = new ByteArrayOutputStream(); // // write out signed section using the local line separator. // note: trailing white space needs to be removed from the end of // each line RFC 4880 Section 7.1 // ByteArrayOutputStream lineOut = new ByteArrayOutputStream(); boolean isFirstLineClearText = aIn.isClearText(); int lookAhead = readInputLine( lineOut, aIn ); if ( lookAhead != -1 && isFirstLineClearText ) { bout.write( lineOut.toByteArray() ); while ( lookAhead != -1 && aIn.isClearText() ) { lookAhead = readInputLine( lineOut, lookAhead, aIn ); bout.write( lineOut.toByteArray() ); } } JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory( aIn ); PGPSignatureList p3 = ( PGPSignatureList ) pgpFact.nextObject(); PGPSignature sig = p3.get( 0 ); PGPPublicKey publicKey = pgpRings.getPublicKey( sig.getKeyID() ); sig.init( new JcaPGPContentVerifierBuilderProvider().setProvider( "BC" ), publicKey ); // // read the input, making sure we ignore the last newline. // InputStream sigIn = new ByteArrayInputStream( bout.toByteArray() ); lookAhead = readInputLine( lineOut, sigIn ); processLine( sig, lineOut.toByteArray() ); if ( lookAhead != -1 ) { do { lookAhead = readInputLine( lineOut, lookAhead, sigIn ); sig.update( ( byte ) '\r' ); sig.update( ( byte ) '\n' ); processLine( sig, lineOut.toByteArray() ); } while ( lookAhead != -1 ); } sigIn.close(); return sig.verify(); }
private void verifySignature( byte[] encodedSig, int hashAlgorithm, PGPPublicKey pubKey, byte[] original) throws IOException, PGPException, NoSuchProviderException, SignatureException { PGPObjectFactory pgpFact = new PGPObjectFactory(encodedSig); PGPOnePassSignatureList p1 = (PGPOnePassSignatureList)pgpFact.nextObject(); PGPOnePassSignature ops = p1.get(0); PGPLiteralData p2 = (PGPLiteralData)pgpFact.nextObject(); InputStream dIn = p2.getInputStream(); ops.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pubKey); int ch; while ((ch = dIn.read()) >= 0) { ops.update((byte)ch); } PGPSignatureList p3 = (PGPSignatureList)pgpFact.nextObject(); PGPSignature sig = p3.get(0); Date creationTime = sig.getCreationTime(); Date now = new Date(); // Check creationTime is recent if (creationTime.after(now) || creationTime.before(new Date(now.getTime() - 10 * 60 * 1000))) { fail("bad creation time in signature: " + creationTime); } if (sig.getKeyID() != pubKey.getKeyID()) { fail("key id mismatch in signature"); } if (!ops.verify(sig)) { fail("Failed generated signature check - " + hashAlgorithm); } sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), pubKey); for (int i = 0; i != original.length; i++) { sig.update(original[i]); } sig.update(original); if (!sig.verify()) { fail("Failed generated signature check against original data"); } }
/** * Initialise the signature object for verification. * * @param pubKey * @param provider * @throws PGPException * @deprecated use init() method. */ public void initVerify( PGPPublicKey pubKey, Provider provider) throws PGPException { init(new JcaPGPContentVerifierBuilderProvider().setProvider(provider), pubKey); }
/** * Initialise the signature object for verification. * * @param pubKey * @param provider * @throws NoSuchProviderException * @throws PGPException * @deprecated use init() method. */ public void initVerify( PGPPublicKey pubKey, Provider provider) throws PGPException { init(new JcaPGPContentVerifierBuilderProvider().setProvider(provider), pubKey); }
