org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor Java Examples

The following examples show how to use org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: EncryptionServicePgpImpl.java    From pgptool with GNU General Public License v3.0 6 votes vote down vote up 
private PGPPrivateKey getPrivateKey(String passphrase, PGPSecretKey secretKey) throws InvalidPasswordException {
	try {
		PBESecretKeyDecryptor decryptorFactory = new BcPBESecretKeyDecryptorBuilder(
				new BcPGPDigestCalculatorProvider()).build(passphrase.toCharArray());
		PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptorFactory);
		return privateKey;
	} catch (Throwable t) {
		log.warn("Failed to extract private key. Most likely it because of incorrect passphrase provided", t);
		throw new InvalidPasswordException();
	}
}
Example #2
Source File: PGPUtils.java    From desktopclient-java with GNU General Public License v3.0 6 votes vote down vote up 
public static PGPSecretKeyRing copySecretKeyRingWithNewPassword(byte[] privateKeyData,
        char[] oldPassphrase, char[] newPassphrase) throws PGPException, IOException, KonException {

    // load the secret key ring
    PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, FP_CALC);

    PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build();
    PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProv)
        .setProvider(PGPUtils.PROVIDER)
        .build(oldPassphrase);

    PGPDigestCalculator calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA256);
    PBESecretKeyEncryptor encryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calc)
        .setProvider(PROVIDER).build(newPassphrase);

    try {
        return PGPSecretKeyRing.copyWithNewPassword(secRing, decryptor, encryptor);
    } catch (PGPException ex) {
        // treat this special, cause most like the decryption password was wrong
        throw new KonException(KonException.Error.CHANGE_PASS_COPY, ex);
    }
}
Example #3
Source File: KeyFilesOperationsPgpImpl.java    From pgptool with GNU General Public License v3.0 5 votes vote down vote up 
private PGPPrivateKey getPrivateKey(String passphrase, PGPSecretKey secretKey) throws InvalidPasswordException {
	try {
		PBESecretKeyDecryptor decryptorFactory = new BcPBESecretKeyDecryptorBuilder(
				new BcPGPDigestCalculatorProvider()).build(passphrase.toCharArray());
		PGPPrivateKey privateKey = secretKey.extractPrivateKey(decryptorFactory);
		return privateKey;
	} catch (Throwable t) {
		log.warn("Failed to extract private key. Most likely it because of incorrect passphrase provided", t);
		throw new InvalidPasswordException();
	}
}
Example #4
Source File: Subkey.java    From jpgpj with MIT License 5 votes vote down vote up 
/**
 * Builds a secret key decryptor for the specified passphrase.
 */
protected PBESecretKeyDecryptor buildDecryptor(char[] passphraseChars) {
    char[] chars = passphraseChars != null &&
        !Arrays.equals(passphraseChars, NO_PASSPHRASE) ?
        passphraseChars : EMPTY_PASSPHRASE;
    return new BcPBESecretKeyDecryptorBuilder(
        new BcPGPDigestCalculatorProvider()).build(chars);
}
Example #5
Source File: PGPUtils.java    From desktopclient-java with GNU General Public License v3.0 5 votes vote down vote up 
static PGPKeyPair decrypt(PGPSecretKey secretKey, PBESecretKeyDecryptor dec) throws KonException {
    try {
        return new PGPKeyPair(secretKey.getPublicKey(), secretKey.extractPrivateKey(dec));
    } catch (PGPException ex) {
        LOGGER.log(Level.WARNING, "failed", ex);
        throw new KonException(KonException.Error.LOAD_KEY_DECRYPT, ex);
    }
}
Example #6
Source File: KeySerializer.java    From nomulus with Apache License 2.0 4 votes vote down vote up 
private static PBESecretKeyDecryptor createSecretKeyDecryptor() {
  // There shouldn't be a passphrase on the key
  return new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
      .build(new char[0]);
}
Example #7
Source File: PersonalKey.java    From desktopclient-java with GNU General Public License v3.0 4 votes vote down vote up 
/** Creates a {@link PersonalKey} from private keyring data. */
@SuppressWarnings("unchecked")
public static PersonalKey load(byte[] privateKeyData,
        char[] passphrase,
        byte[] bridgeCertData)
        throws KonException, IOException, PGPException, CertificateException, NoSuchProviderException {
    PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, PGPUtils.FP_CALC);

    PGPSecretKey authKey = null;
    PGPSecretKey signKey = null;
    PGPSecretKey encrKey = null;

    // assign from key ring
    Iterator<PGPSecretKey> skeys = secRing.getSecretKeys();
    while (skeys.hasNext()) {
        PGPSecretKey key = skeys.next();
        if (key.isMasterKey()) {
            // master key: authentication / legacy: signing
            authKey = key;
        } else if (PGPUtils.isSigningKey(key.getPublicKey())) {
            // sub keys: encryption and signing / legacy: only encryption
            signKey = key;
        } else if (key.getPublicKey().isEncryptionKey()) {
            encrKey = key;
        }
    }
    // legacy: auth key is actually signing key
    if (signKey == null && authKey != null && authKey.isSigningKey()) {
        LOGGER.info("legacy key");
        signKey = authKey;
    }

    if (authKey == null || signKey == null || encrKey == null) {
        LOGGER.warning("something could not be found, "
                +"sign="+signKey+ ", auth="+authKey+", encr="+encrKey);
        throw new KonException(KonException.Error.LOAD_KEY,
                new PGPException("could not find all keys in key data"));
    }

    // decrypt private keys
    PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder()
            .setProvider(PGPUtils.PROVIDER)
            .build(passphrase);
    PGPKeyPair authKeyPair = PGPUtils.decrypt(authKey, decryptor);
    PGPKeyPair signKeyPair = PGPUtils.decrypt(signKey, decryptor);
    PGPKeyPair encryptKeyPair = PGPUtils.decrypt(encrKey, decryptor);

    // user ID
    Iterator<?> uidIt = authKey.getUserIDs();
    if (!uidIt.hasNext())
        throw new KonException(KonException.Error.LOAD_KEY,
                new PGPException("no UID in key"));
    String uid = (String) uidIt.next();

    // X.509 bridge certificate
    X509Certificate bridgeCert;
    if (bridgeCertData != null) {
        bridgeCert = PGPUtils.loadX509Cert(bridgeCertData);
    } else {
        // public key ring
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        authKeyPair.getPublicKey().encode(out);
        signKeyPair.getPublicKey().encode(out);
        encryptKeyPair.getPublicKey().encode(out);
        byte[] publicKeyRingData = out.toByteArray();
        PGPPublicKeyRing pubKeyRing = new BcPGPPublicKeyRing(publicKeyRingData);

        // re-create cert
        bridgeCert = createX509Certificate(authKeyPair, pubKeyRing);
    }

    return new PersonalKey(authKeyPair, signKeyPair, encryptKeyPair, bridgeCert, uid);
}