java 使用 bouncycastle 签署 public pgp 密钥
java sign public pgp key with bouncycastle
我有一个疑问..
据推测,我必须使用 bouncycastle api 签署一个 pgp public 密钥。
现在:根据我的理解,用另一个密钥签名意味着最终向这个 public 密钥添加一个 "certificate"。
因此没有任何其他方法,我在图书馆盲目搜索。
到目前为止,我唯一的发现是 PGPSignatureGenerator 中的 generateCertification 方法。但是这种方法会在主 PgpPublicKey 和另一个 PgpPublicKey 之间生成证书。这让我觉得很奇怪:
我假设为了信任另一个 public 密钥,必须使用您自己的私人 pgp 密钥对其进行签名,就像在具有 CA 认证的常规 x.509 中一样。
这是我在尝试从其他库中获得一些想法时看到的一些方法的假设:例如,didisoft 在密钥库上有一个类似的方法,您必须在其中提供 PgpPrivatekey keyuid ...
有人有任何提示或一段代码可以提出吗?
提前致谢。
这是签署 public 密钥的代码示例:
PGPSecretKey mySecretKey;
PGPPublicKey publicKeyToBeSigned;
PGPPrivateKey pgpPrivKey = mySecretKey
.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()
.setProvider("BC").build("password for your private key"));
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(mySecretKey.getPublicKey()
.getAlgorithm(), PGPUtil.SHA512));
signatureGenerator.init(PGPSignature.DIRECT_KEY, pgpPrivKey);
PGPSignature signature = signatureGenerator.generateCertification(
id, publicKeyToBeSigned);
这段代码只是创建签名。您需要将它添加到您的 public 键然后:
PGPPublicKey.addCertification(publicKeyToBeSigned, signature);
希望对你有帮助:)
这可用于检查一把钥匙是否将默认证书授予另一把钥匙
/**
* Signs a public key
*
* @param publicKeyRing a public key ring containing the single public key to sign
* @param id the id we are certifying against the public key
* @param secretKey the signing key
* @param secretKeyPassword the signing key password
*
* @return a public key ring with the signed public key
*/
public static PGPPublicKeyRing signPublicKey( PGPPublicKeyRing publicKeyRing, String id, PGPSecretKey secretKey,
String secretKeyPassword ) throws PGPException
{
try
{
PGPPublicKey oldKey = publicKeyRing.getPublicKey();
PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( provider )
.build( secretKeyPassword.toCharArray() ) );
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1 ) );
signatureGenerator.init( PGPSignature.DEFAULT_CERTIFICATION, pgpPrivKey );
PGPSignature signature = signatureGenerator.generateCertification( id, oldKey );
PGPPublicKey newKey = PGPPublicKey.addCertification( oldKey, signature );
PGPPublicKeyRing newPublicKeyRing = PGPPublicKeyRing.removePublicKey( publicKeyRing, oldKey );
return PGPPublicKeyRing.insertPublicKey( newPublicKeyRing, newKey );
}
catch ( Exception e )
{
//throw custom exception
throw new PGPException( "Error signing public key", e );
}
}
/**
* Verifies that a public key is signed with another public key
*
* @param keyToVerify the public key to verify
* @param id the id we are verifying against the public key
* @param keyToVerifyWith the key to verify with
*
* @return true if verified, false otherwise
*/
public static boolean verifyPublicKey( PGPPublicKey keyToVerify, String id, PGPPublicKey keyToVerifyWith )
throws PGPException
{
try
{
Iterator<PGPSignature> signIterator = keyToVerify.getSignatures();
while ( signIterator.hasNext() )
{
PGPSignature signature = signIterator.next();
signature.init( new JcaPGPContentVerifierBuilderProvider().setProvider( provider ), keyToVerifyWith );
if ( signature.verifyCertification( id.getBytes(), keyToVerify ) )
{
return true;
}
}
return false;
}
catch ( Exception e )
{
//throw custom exception
throw new PGPException( "Error verifying public key", e );
}
}
我有一个疑问.. 据推测,我必须使用 bouncycastle api 签署一个 pgp public 密钥。 现在:根据我的理解,用另一个密钥签名意味着最终向这个 public 密钥添加一个 "certificate"。 因此没有任何其他方法,我在图书馆盲目搜索。 到目前为止,我唯一的发现是 PGPSignatureGenerator 中的 generateCertification 方法。但是这种方法会在主 PgpPublicKey 和另一个 PgpPublicKey 之间生成证书。这让我觉得很奇怪: 我假设为了信任另一个 public 密钥,必须使用您自己的私人 pgp 密钥对其进行签名,就像在具有 CA 认证的常规 x.509 中一样。 这是我在尝试从其他库中获得一些想法时看到的一些方法的假设:例如,didisoft 在密钥库上有一个类似的方法,您必须在其中提供 PgpPrivatekey keyuid ...
有人有任何提示或一段代码可以提出吗? 提前致谢。
这是签署 public 密钥的代码示例:
PGPSecretKey mySecretKey;
PGPPublicKey publicKeyToBeSigned;
PGPPrivateKey pgpPrivKey = mySecretKey
.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()
.setProvider("BC").build("password for your private key"));
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(mySecretKey.getPublicKey()
.getAlgorithm(), PGPUtil.SHA512));
signatureGenerator.init(PGPSignature.DIRECT_KEY, pgpPrivKey);
PGPSignature signature = signatureGenerator.generateCertification(
id, publicKeyToBeSigned);
这段代码只是创建签名。您需要将它添加到您的 public 键然后:
PGPPublicKey.addCertification(publicKeyToBeSigned, signature);
希望对你有帮助:)
这可用于检查一把钥匙是否将默认证书授予另一把钥匙
/**
* Signs a public key
*
* @param publicKeyRing a public key ring containing the single public key to sign
* @param id the id we are certifying against the public key
* @param secretKey the signing key
* @param secretKeyPassword the signing key password
*
* @return a public key ring with the signed public key
*/
public static PGPPublicKeyRing signPublicKey( PGPPublicKeyRing publicKeyRing, String id, PGPSecretKey secretKey,
String secretKeyPassword ) throws PGPException
{
try
{
PGPPublicKey oldKey = publicKeyRing.getPublicKey();
PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(
new JcePBESecretKeyDecryptorBuilder().setProvider( provider )
.build( secretKeyPassword.toCharArray() ) );
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1 ) );
signatureGenerator.init( PGPSignature.DEFAULT_CERTIFICATION, pgpPrivKey );
PGPSignature signature = signatureGenerator.generateCertification( id, oldKey );
PGPPublicKey newKey = PGPPublicKey.addCertification( oldKey, signature );
PGPPublicKeyRing newPublicKeyRing = PGPPublicKeyRing.removePublicKey( publicKeyRing, oldKey );
return PGPPublicKeyRing.insertPublicKey( newPublicKeyRing, newKey );
}
catch ( Exception e )
{
//throw custom exception
throw new PGPException( "Error signing public key", e );
}
}
/**
* Verifies that a public key is signed with another public key
*
* @param keyToVerify the public key to verify
* @param id the id we are verifying against the public key
* @param keyToVerifyWith the key to verify with
*
* @return true if verified, false otherwise
*/
public static boolean verifyPublicKey( PGPPublicKey keyToVerify, String id, PGPPublicKey keyToVerifyWith )
throws PGPException
{
try
{
Iterator<PGPSignature> signIterator = keyToVerify.getSignatures();
while ( signIterator.hasNext() )
{
PGPSignature signature = signIterator.next();
signature.init( new JcaPGPContentVerifierBuilderProvider().setProvider( provider ), keyToVerifyWith );
if ( signature.verifyCertification( id.getBytes(), keyToVerify ) )
{
return true;
}
}
return false;
}
catch ( Exception e )
{
//throw custom exception
throw new PGPException( "Error verifying public key", e );
}
}