public static PGPSecretKeyRing copySecretKeyRingWithNewPassword(byte[] privateKeyData, char[] oldPassphrase, char[] newPassphrase) throws PGPException, IOException, KonException { // load the secret key ring PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, FP_CALC); PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build(); PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProv) .setProvider(PGPUtils.PROVIDER) .build(oldPassphrase); PGPDigestCalculator calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA256); PBESecretKeyEncryptor encryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calc) .setProvider(PROVIDER).build(newPassphrase); try { return PGPSecretKeyRing.copyWithNewPassword(secRing, decryptor, encryptor); } catch (PGPException ex) { // treat this special, cause most like the decryption password was wrong throw new KonException(KonException.Error.CHANGE_PASS_COPY, ex); } }
private static PGPPrivateKey getPgpPrivateKeyOrFail(final long keyId, final char[] passphrase) throws IOException, PGPException { final PGPSecretKey secretKey = getPgpSecretKeyOrFail(keyId); final PGPDigestCalculatorProvider calculatorProvider = new BcPGPDigestCalculatorProvider(); final BcPBESecretKeyDecryptorBuilder secretKeyDecryptorBuilder = new BcPBESecretKeyDecryptorBuilder(calculatorProvider); final PBESecretKeyDecryptor secretKeyDecryptor = secretKeyDecryptorBuilder.build(passphrase); final PGPPrivateKey privateKey = secretKey.extractPrivateKey(secretKeyDecryptor); return privateKey; }
public OpenPGPSignature(OpenPGPSecretKey key) throws PGPException { PGPDigestCalculatorProvider pgpDigestCalculator = new JcaPGPDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); PBESecretKeyDecryptor pbeSecretKeyDecryptor = new JcePBESecretKeyDecryptorBuilder(pgpDigestCalculator).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(key.getPassword()); JcaPGPContentSignerBuilder pgpContentSigner = new JcaPGPContentSignerBuilder(key.getSecretKey().getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1).setProvider(BouncyCastleProvider.PROVIDER_NAME).setDigestProvider(BouncyCastleProvider.PROVIDER_NAME); signature = new PGPSignatureGenerator(pgpContentSigner); PGPPrivateKey privateKey = key.getSecretKey().extractPrivateKey(pbeSecretKeyDecryptor); signature.init(PGPSignature.BINARY_DOCUMENT, privateKey); }
public void test_key(BigInteger keyId, String passphrase) throws Exception { PGPSecretKeyRingCollection secretKeyRing = loadSecretKeyCollection("secring.gpg"); PGPSecretKeyRing secretKey = secretKeyRing.getSecretKeyRing(keyId.longValue()); assertNotNull("Could not locate secret keyring with Id=" + keyId.toString(16), secretKey); PGPSecretKey key = secretKey.getSecretKey(); assertNotNull("Could not locate secret key!", key); try { PGPDigestCalculatorProvider calcProvider = new JcaPGPDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProvider) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(passphrase.toCharArray()); PGPPrivateKey privateKey = key.extractPrivateKey(decryptor); assertTrue(privateKey.getKeyID() == keyId.longValue()); } catch (PGPException e) { throw new PGPException("Password incorrect!", e); } // all fine! }
public PGPDecryptionResult decrypt(InputStream in) throws IOException { PGPDecryptionResult result = new PGPDecryptionResult(); // List<String> receivers = new ArrayList<>(); in = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(in); PGPObjectFactory pgpF = new PGPObjectFactory(in, new JcaKeyFingerprintCalculator()); PGPEncryptedDataList enc; Object o = pgpF.nextObject(); if (o instanceof PGPEncryptedDataList) { enc = (PGPEncryptedDataList) o; } else { enc = (PGPEncryptedDataList) pgpF.nextObject(); } Iterator it = enc.getEncryptedDataObjects(); PGPPublicKeyEncryptedData pbe = null; while (it.hasNext()) { PGPPublicKeyEncryptedData current = (PGPPublicKeyEncryptedData) it.next(); if(current.getKeyID() == secretKey.getKeyID()) { pbe = current; } // receivers.add(Long.toString(current.getKeyID())); } if(pbe == null) return result; try { PGPDigestCalculatorProvider digestCalculatorProvider = new JcaPGPDigestCalculatorProviderBuilder().build(); PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(digestCalculatorProvider) .build(passphrase.toCharArray()); PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptor); InputStream clear = pbe.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(privateKey)); JcaPGPObjectFactory plainFact = new JcaPGPObjectFactory(clear); Object message = plainFact.nextObject(); if(message instanceof PGPCompressedData) { PGPCompressedData cData = (PGPCompressedData)plainFact.nextObject(); InputStream compressedStream = new BufferedInputStream(cData.getDataStream()); JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(compressedStream); message = pgpFact.nextObject(); } if (message instanceof PGPLiteralData) { PGPLiteralData ld = (PGPLiteralData)message; InputStream unc = ld.getInputStream(); ObjectMapper mapper = new ObjectMapper(); result.submission = mapper.readValue(unc, Submission.class); unc.close(); Log.i(result.submission.reply_to); Log.i(Integer.toString(result.submission.receivers.size())); result.decryptedSuccessfully = !pbe.isIntegrityProtected() || pbe.verify(); return result; } } catch (PGPException e) { e.printStackTrace(); } return result; }
public BcPBESecretKeyDecryptorBuilder(PGPDigestCalculatorProvider calculatorProvider) { this.calculatorProvider = calculatorProvider; }
public PGPDigestCalculatorProvider build() throws PGPException { return new PGPDigestCalculatorProvider() { public PGPDigestCalculator get(final int algorithm) throws PGPException { final DigestOutputStream stream; final MessageDigest dig; try { dig = helper.createDigest(algorithm); stream = new DigestOutputStream(dig); } catch (GeneralSecurityException e) { throw new PGPException("exception on setup: " + e, e); } return new PGPDigestCalculator() { public int getAlgorithm() { return algorithm; } public OutputStream getOutputStream() { return stream; } public byte[] getDigest() { return stream.getDigest(); } public void reset() { dig.reset(); } }; } }; }
public JcePBESecretKeyDecryptorBuilder(PGPDigestCalculatorProvider calculatorProvider) { this.calculatorProvider = calculatorProvider; }
public boolean loadKeys() throws IOException, PGPException { secretKey = readSecretKey(new ArmoredInputStream(new FileInputStream("secret.pgp"))); PGPDigestCalculatorProvider digestCalculatorProvider = new JcaPGPDigestCalculatorProviderBuilder().build(); PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(digestCalculatorProvider) .build(passphrase.toCharArray()); PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptor); return secretKey != null; }
/** * Base constructor. * * @param calculatorProvider a digest calculator provider to provide calculators to support the key generation calculation required. */ public JcePBEDataDecryptorFactoryBuilder(PGPDigestCalculatorProvider calculatorProvider) { this.calculatorProvider = calculatorProvider; }