/**
* Verify this signature for a {@link SubKey} signed by a {@link MasterKey}.
*
* @param key a subkey
* @param masterKey the signing master key
* @return {@code true} if the signature is valid, {@code false} otherwise
*/
public boolean verifyCertification(SubKey key, MasterKey masterKey) {
try {
signature.initVerify(masterKey.getPublicKey(), "BC");
return signature.verifyCertification(masterKey.getPublicKey(), key.getPublicKey());
} catch (Exception e) {
return false;
}
}
private void initVerify(PGPSignature pgpSignature, PGPPublicKey pgpSigningKey)
throws PGPException, NoSuchProviderException {
try {
pgpSignature.initVerify(pgpSigningKey, "BC");
} catch (NoSuchProviderException e) {
LOGGER.debug(
"No security provider found. Adding bouncy castle. This message can be ignored", e);
Security.addProvider(new BouncyCastleProvider());
pgpSignature.initVerify(pgpSigningKey, "BC");
}
}
/**
* Verify this signature for a self-signed {@link MasterKey}.
*
* @param key a self-signed master key
* @return {@code true} if the signature is valid, {@code false} otherwise
*/
public boolean verifyCertification(MasterKey key) {
try {
signature.initVerify(key.getPublicKey(), "BC");
return signature.verifyCertification(key.getUserID(), key.getPublicKey());
} catch (PGPException e) {
return false;
} catch (SignatureException e) {
return false;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
/**
* Create a clear sign signature over the input data. (Not detached)
*
* @param input the content to be signed
* @param keyring the keyring
* @param keyId the 4 bytes identifier of the key, in hexadecimal format
* @param passphrase the passphrase to retrieve the private key
* @param output the output destination of the signature
*/
public static void clearSign(
InputStream input, InputStream keyring, String keyId, String passphrase, OutputStream output)
throws IOException, PGPException, GeneralSecurityException {
PGPSecretKey secretKey = getSecretKey(keyring, keyId);
PGPPrivateKey privateKey =
secretKey.extractPrivateKey(
new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
.build(passphrase.toCharArray()));
int digest = PGPUtil.SHA1;
PGPSignatureGenerator signatureGenerator =
new PGPSignatureGenerator(
new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), digest));
signatureGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privateKey);
ArmoredOutputStream armoredOutput = new ArmoredOutputStream(output);
armoredOutput.beginClearText(digest);
BufferedReader reader = new BufferedReader(new InputStreamReader(input));
String line;
while ((line = reader.readLine()) != null) {
// trailing spaces must be removed for signature calculation (see
// http://tools.ietf.org/html/rfc4880#section-7.1)
byte[] data = trim(line).getBytes("UTF-8");
armoredOutput.write(data);
armoredOutput.write(EOL);
signatureGenerator.update(data);
signatureGenerator.update(EOL);
}
armoredOutput.endClearText();
PGPSignature signature = signatureGenerator.generate();
signature.encode(new BCPGOutputStream(armoredOutput));
armoredOutput.close();
}
public Boolean check() throws SignatureException {
final PGPPublicKey pgpSigningKey =
readPublicKey(new ByteArrayInputStream(publicKey.getBytes()));
final ArmoredInputStream armoredInputStream;
try {
armoredInputStream = new ArmoredInputStream(new ByteArrayInputStream(signature.getBytes()));
} catch (IOException e) {
throw new SignatureException("Failed to verify signature", e);
}
final PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(armoredInputStream);
try {
final Object nextObject = pgpObjectFactory.nextObject();
PGPSignature pgpSignature = null;
if (nextObject instanceof PGPSignatureList) {
PGPSignatureList list = (PGPSignatureList) nextObject;
if (!list.isEmpty()) {
pgpSignature = list.get(0);
}
}
if (pgpSignature == null) {
return false;
}
initVerify(pgpSignature, pgpSigningKey);
pgpSignature.update(signedData.getBytes());
return pgpSignature.verify();
} catch (IOException
| PGPException
| NoSuchProviderException
| java.security.SignatureException e) {
throw new SignatureException("Failed to verify signature", e);
}
}
/** Returns the key ID of the key that made the signature. */
public long getKeyID() {
return signature.getKeyID();
}
/** Returns the {@link AsymmetricAlgorithm} used to make the signature. */
public AsymmetricAlgorithm getKeyAlgorithm() {
return IntegerEquivalents.fromInt(AsymmetricAlgorithm.class, signature.getKeyAlgorithm());
}
/** Returns the timestamp at which the signature was made. */
public DateTime getCreatedAt() {
return new DateTime(signature.getCreationTime(), DateTimeZone.UTC);
}
/** Returns the {@link HashAlgorithm} used to make the signature. */
public HashAlgorithm getHashAlgorithm() {
return IntegerEquivalents.fromInt(HashAlgorithm.class, signature.getHashAlgorithm());
}
/** Returns the type of signature {@code this} is. */
public SignatureType getSignatureType() {
return IntegerEquivalents.fromInt(SignatureType.class, signature.getSignatureType());
}
/**
* Creates a new {@link KeySignature} given a {@link PGPSignature}.
*
* @param signature a {@link PGPSignature} instance
*/
public KeySignature(PGPSignature signature) {
this.signature = signature;
this.subpackets = signature.getHashedSubPackets();
}