Examples with PGPSecretKeyRing org.bouncycastle.openpgp.PGPSecretKeyRing used on opensource projects

Example 1 with PGPSecretKeyRing

use of org.bouncycastle.openpgp.PGPSecretKeyRing in project camel by apache.

the class PGPDataFormatTest method readSecretKey.

static PGPSecretKey readSecretKey() throws Exception {
    InputStream input = new ByteArrayInputStream(getSecKeyRing());
    PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(input), new BcKeyFingerprintCalculator());
    @SuppressWarnings("rawtypes") Iterator keyRingIter = pgpSec.getKeyRings();
    while (keyRingIter.hasNext()) {
        PGPSecretKeyRing keyRing = (PGPSecretKeyRing) keyRingIter.next();
        @SuppressWarnings("rawtypes") Iterator keyIter = keyRing.getSecretKeys();
        while (keyIter.hasNext()) {
            PGPSecretKey key = (PGPSecretKey) keyIter.next();
            if (key.isSigningKey()) {
                return key;
            }
        }
    }
    throw new IllegalArgumentException("Can't find signing key in key ring.");
}

Example 2 with PGPSecretKeyRing

use of org.bouncycastle.openpgp.PGPSecretKeyRing in project nifi by apache.

the class OpenPGPKeyBasedEncryptor method getDecryptedPrivateKey.

private static PGPPrivateKey getDecryptedPrivateKey(String provider, String secretKeyringFile, long keyId, char[] passphrase) throws IOException, PGPException {
    // Read in from the secret keyring file
    try (FileInputStream keyInputStream = new FileInputStream(secretKeyringFile)) {
        // Form the SecretKeyRing collection (1.53 way with fingerprint calculator)
        PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(keyInputStream, new BcKeyFingerprintCalculator());
        // The decryptor is identical for all keys
        final PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(provider).build(passphrase);
        // Iterate over all secret keyrings
        Iterator<PGPSecretKeyRing> keyringIterator = pgpSecretKeyRingCollection.getKeyRings();
        PGPSecretKeyRing keyRing;
        PGPSecretKey secretKey;
        while (keyringIterator.hasNext()) {
            keyRing = keyringIterator.next();
            // If keyId exists, get a specific secret key; else, iterate over all
            if (keyId != 0) {
                secretKey = keyRing.getSecretKey(keyId);
                try {
                    return secretKey.extractPrivateKey(decryptor);
                } catch (Exception e) {
                    throw new PGPException("No private key available using passphrase", e);
                }
            } else {
                Iterator<PGPSecretKey> keyIterator = keyRing.getSecretKeys();
                while (keyIterator.hasNext()) {
                    secretKey = keyIterator.next();
                    try {
                        return secretKey.extractPrivateKey(decryptor);
                    } catch (Exception e) {
                    // TODO: Log (expected) failures?
                    }
                }
            }
        }
    }
    // If this point is reached, no private key could be extracted with the given passphrase
    throw new PGPException("No private key available using passphrase");
}

Example 3 with PGPSecretKeyRing

use of org.bouncycastle.openpgp.PGPSecretKeyRing in project Smack by igniterealtime.

the class OpenPgpManager method restoreSecretKeyServerBackup.

/**
 * Fetch a secret key backup from the server and try to restore a selected secret key from it.
 *
 * @param codeCallback callback for prompting the user to provide the secret backup code.
 * @return fingerprint of the restored secret key
 *
 * @throws InterruptedException if the thread gets interrupted.
 * @throws PubSubException.NotALeafNodeException if the private node is not a {@link LeafNode}.
 * @throws XMPPException.XMPPErrorException in case of an XMPP protocol error.
 * @throws SmackException.NotConnectedException if we are not connected.
 * @throws SmackException.NoResponseException if the server doesn't respond.
 * @throws InvalidBackupCodeException if the user-provided backup code is invalid.
 * @throws SmackException.NotLoggedInException if we are not logged in
 * @throws IOException IO is dangerous
 * @throws MissingUserIdOnKeyException if the key that is to be imported is missing a user-id with our jid
 * @throws NoBackupFoundException if no secret key backup has been found
 * @throws PGPException in case the restored secret key is damaged.
 */
public OpenPgpV4Fingerprint restoreSecretKeyServerBackup(AskForBackupCodeCallback codeCallback) throws InterruptedException, PubSubException.NotALeafNodeException, XMPPException.XMPPErrorException, SmackException.NotConnectedException, SmackException.NoResponseException, InvalidBackupCodeException, SmackException.NotLoggedInException, IOException, MissingUserIdOnKeyException, NoBackupFoundException, PGPException {
    throwIfNoProviderSet();
    throwIfNotAuthenticated();
    SecretkeyElement backup = OpenPgpPubSubUtil.fetchSecretKey(pepManager);
    if (backup == null) {
        throw new NoBackupFoundException();
    }
    OpenPgpSecretKeyBackupPassphrase backupCode = codeCallback.askForBackupCode();
    PGPSecretKeyRing secretKeys = SecretKeyBackupHelper.restoreSecretKeyBackup(backup, backupCode);
    OpenPgpV4Fingerprint fingerprint = new OpenPgpV4Fingerprint(secretKeys);
    provider.getStore().importSecretKey(getJidOrThrow(), secretKeys);
    provider.getStore().importPublicKey(getJidOrThrow(), KeyRingUtils.publicKeyRingFrom(secretKeys));
    getOpenPgpSelf().trust(fingerprint);
    return new OpenPgpV4Fingerprint(secretKeys);
}

Example 4 with PGPSecretKeyRing

use of org.bouncycastle.openpgp.PGPSecretKeyRing in project Smack by igniterealtime.

the class OpenPgpManager method generateAndImportKeyPair.

/**
 * Generate a fresh OpenPGP key pair and import it.
 *
 * @param ourJid our {@link BareJid}.
 * @return {@link OpenPgpV4Fingerprint} of the generated key.
 * @throws NoSuchAlgorithmException if the JVM doesn't support one of the used algorithms.
 * @throws InvalidAlgorithmParameterException if the used algorithm parameters are invalid.
 * @throws NoSuchProviderException if we are missing a cryptographic provider.
 * @throws PGPException PGP is brittle.
 * @throws IOException IO is dangerous.
 */
public OpenPgpV4Fingerprint generateAndImportKeyPair(BareJid ourJid) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException, PGPException, IOException {
    throwIfNoProviderSet();
    OpenPgpStore store = provider.getStore();
    PGPSecretKeyRing keys = generateKeyRing(ourJid);
    importKeyRing(ourJid, keys);
    OpenPgpV4Fingerprint fingerprint = new OpenPgpV4Fingerprint(keys);
    store.setTrust(ourJid, fingerprint, OpenPgpTrustStore.Trust.trusted);
    return fingerprint;
}

Example 5 with PGPSecretKeyRing

use of org.bouncycastle.openpgp.PGPSecretKeyRing in project Smack by igniterealtime.

the class OpenPgpSelf method getAnnouncedPublicKeys.

/**
 * Return a {@link PGPPublicKeyRingCollection} containing only the public keys belonging to our signing key ring.
 * TODO: Add support for public keys of other devices of the owner.
 *
 * @return public keys
 *
 * @throws IOException IO is dangerous.
 * @throws PGPException PGP is brittle.
 */
@Override
public PGPPublicKeyRingCollection getAnnouncedPublicKeys() throws IOException, PGPException {
    PGPSecretKeyRing secretKeys = getSigningKeyRing();
    PGPPublicKeyRing publicKeys = getAnyPublicKeys().getPublicKeyRing(secretKeys.getPublicKey().getKeyID());
    return new PGPPublicKeyRingCollection(Collections.singleton(publicKeys));
}