Пример #1
0
  /**
   * Encodes the provided message with the private key and pass phrase set in configuration
   *
   * @param message Message to encode
   * @return Encoded message
   * @throws LRException SIGNING_FAILED if the document cannot be signed, NO_KEY if the key cannot
   *     be obtained
   */
  private String signEnvelopeData(String message) throws LRException {
    // Get an InputStream for the private key
    InputStream privateKeyStream = getPrivateKeyStream(privateKey);

    // Get an OutputStream for the result
    ByteArrayOutputStream result = new ByteArrayOutputStream();
    ArmoredOutputStream aOut = new ArmoredOutputStream(result);

    // Get the pass phrase
    char[] privateKeyPassword = passPhrase.toCharArray();

    try {
      // Get the private key from the InputStream
      PGPSecretKey sk = readSecretKey(privateKeyStream);
      PGPPrivateKey pk = sk.extractPrivateKey(privateKeyPassword, "BC");
      PGPSignatureGenerator pgp =
          new PGPSignatureGenerator(sk.getPublicKey().getAlgorithm(), PGPUtil.SHA256, "BC");
      PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();

      // Clear sign the message
      java.util.Iterator it = sk.getPublicKey().getUserIDs();
      if (it.hasNext()) {
        spGen.setSignerUserID(false, (String) it.next());
        pgp.setHashedSubpackets(spGen.generate());
      }
      aOut.beginClearText(PGPUtil.SHA256);
      pgp.initSign(PGPSignature.CANONICAL_TEXT_DOCUMENT, pk);
      byte[] msg = message.getBytes();
      pgp.update(msg, 0, msg.length);
      aOut.write(msg, 0, msg.length);
      BCPGOutputStream bOut = new BCPGOutputStream(aOut);
      aOut.endClearText();
      pgp.generate().encode(bOut);
      String strResult = result.toString("utf8");
      return strResult;
    } catch (Exception e) {
      throw new LRException(LRException.SIGNING_FAILED);
    } finally {
      try {
        if (privateKeyStream != null) {
          privateKeyStream.close();
        }
        aOut.close();
        result.close();
      } catch (IOException e) {
        // Could not close the streams
      }
    }
  }
  private void createSignature(OutputStream out) throws Exception {
    PGPSecretKey pgpSec = readSecretKey();
    PGPPrivateKey pgpPrivKey =
        pgpSec.extractPrivateKey(
            new JcePBESecretKeyDecryptorBuilder()
                .setProvider(getProvider())
                .build("sdude".toCharArray()));
    PGPSignatureGenerator sGen =
        new PGPSignatureGenerator(
            new JcaPGPContentSignerBuilder(pgpSec.getPublicKey().getAlgorithm(), PGPUtil.SHA1)
                .setProvider(getProvider()));

    sGen.init(PGPSignature.BINARY_DOCUMENT, pgpPrivKey);

    BCPGOutputStream bOut = new BCPGOutputStream(out);

    InputStream fIn = new ByteArrayInputStream("Test Signature".getBytes("UTF-8"));

    int ch;
    while ((ch = fIn.read()) >= 0) {
      sGen.update((byte) ch);
    }

    fIn.close();

    sGen.generate().encode(bOut);
  }
Пример #3
0
  /** Creates a {@link PersonalKey} from private and public key byte buffers. */
  @SuppressWarnings("unchecked")
  public static PersonalKey load(byte[] privateKeyData, char[] passphrase, byte[] bridgeCertData)
      throws KonException, IOException, PGPException, CertificateException,
          NoSuchProviderException {
    PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, PGPUtils.FP_CALC);

    PGPSecretKey authKey = null;
    PGPSecretKey signKey = null;
    PGPSecretKey encrKey = null;

    // assign from key ring
    Iterator<PGPSecretKey> skeys = secRing.getSecretKeys();
    while (skeys.hasNext()) {
      PGPSecretKey key = skeys.next();
      if (key.isMasterKey()) {
        // master key: authentication / legacy: signing
        authKey = key;
      } else {
        // sub keys: encryption and signing / legacy: only encryption
        int keyFlags = PGPUtils.getKeyFlags(key.getPublicKey());
        if ((keyFlags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) signKey = key;
        else encrKey = key;
      }
    }
    // legacy: auth key is actually signing key
    if (signKey == null && authKey != null && authKey.isSigningKey()) {
      LOGGER.info("loading legacy key");
      signKey = authKey;
    }

    if (authKey == null || signKey == null || encrKey == null)
      throw new KonException(
          KonException.Error.LOAD_KEY, new PGPException("could not found all keys in key data"));

    // decrypt private
    PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build();
    PBESecretKeyDecryptor decryptor =
        new JcePBESecretKeyDecryptorBuilder(calcProv)
            .setProvider(PGPUtils.PROVIDER)
            .build(passphrase);
    PGPKeyPair authKeyPair = PGPUtils.decrypt(authKey, decryptor);
    PGPKeyPair signKeyPair = PGPUtils.decrypt(signKey, decryptor);
    PGPKeyPair encryptKeyPair = PGPUtils.decrypt(encrKey, decryptor);

    // X.509 bridge certificate
    X509Certificate bridgeCert = PGPUtils.loadX509Cert(bridgeCertData);

    return new PersonalKey(authKeyPair, signKeyPair, encryptKeyPair, bridgeCert);
  }
Пример #4
0
  /**
   * Create a clear sign signature over the input data. (Not detached)
   *
   * @param input the content to be signed
   * @param keyring the keyring
   * @param keyId the 4 bytes identifier of the key, in hexadecimal format
   * @param passphrase the passphrase to retrieve the private key
   * @param output the output destination of the signature
   */
  public static void clearSign(
      InputStream input, InputStream keyring, String keyId, String passphrase, OutputStream output)
      throws IOException, PGPException, GeneralSecurityException {
    PGPSecretKey secretKey = getSecretKey(keyring, keyId);
    PGPPrivateKey privateKey =
        secretKey.extractPrivateKey(
            new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
                .build(passphrase.toCharArray()));

    int digest = PGPUtil.SHA1;

    PGPSignatureGenerator signatureGenerator =
        new PGPSignatureGenerator(
            new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), digest));
    signatureGenerator.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, privateKey);

    ArmoredOutputStream armoredOutput = new ArmoredOutputStream(output);
    armoredOutput.beginClearText(digest);

    BufferedReader reader = new BufferedReader(new InputStreamReader(input));

    String line;
    while ((line = reader.readLine()) != null) {
      // trailing spaces must be removed for signature calculation (see
      // http://tools.ietf.org/html/rfc4880#section-7.1)
      byte[] data = trim(line).getBytes("UTF-8");

      armoredOutput.write(data);
      armoredOutput.write(EOL);

      signatureGenerator.update(data);
      signatureGenerator.update(EOL);
    }

    armoredOutput.endClearText();

    PGPSignature signature = signatureGenerator.generate();
    signature.encode(new BCPGOutputStream(armoredOutput));

    armoredOutput.close();
  }