1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
package org.spongycastle.openpgp.operator.bc;
import java.security.SecureRandom;
import org.spongycastle.crypto.BlockCipher;
import org.spongycastle.crypto.BufferedBlockCipher;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.operator.PBESecretKeyEncryptor;
import org.spongycastle.openpgp.operator.PGPDigestCalculator;
public class BcPBESecretKeyEncryptorBuilder
{
private int encAlgorithm;
private PGPDigestCalculator s2kDigestCalculator;
private SecureRandom random;
private int s2kCount = 0x60;
public BcPBESecretKeyEncryptorBuilder(int encAlgorithm)
{
this(encAlgorithm, new SHA1PGPDigestCalculator());
}
/**
* Create an SecretKeyEncryptorBuilder with the S2K count different to the default of 0x60.
*
* @param encAlgorithm encryption algorithm to use.
* @param s2kCount iteration count to use for S2K function.
*/
public BcPBESecretKeyEncryptorBuilder(int encAlgorithm, int s2kCount)
{
this(encAlgorithm, new SHA1PGPDigestCalculator(), s2kCount);
}
/**
* Create a builder which will make encryptors using the passed in digest calculator. If a MD5 calculator is
* passed in the builder will assume the encryptors are for use with version 3 keys.
*
* @param encAlgorithm encryption algorithm to use.
* @param s2kDigestCalculator digest calculator to use.
*/
public BcPBESecretKeyEncryptorBuilder(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator)
{
this(encAlgorithm, s2kDigestCalculator, 0x60);
}
/**
* Create an SecretKeyEncryptorBuilder with the S2k count different to the default of 0x60, and the S2K digest
* different from SHA-1.
*
* @param encAlgorithm encryption algorithm to use.
* @param s2kDigestCalculator digest calculator to use.
* @param s2kCount iteration count to use for S2K function.
*/
public BcPBESecretKeyEncryptorBuilder(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, int s2kCount)
{
this.encAlgorithm = encAlgorithm;
this.s2kDigestCalculator = s2kDigestCalculator;
if (s2kCount < 0 || s2kCount > 0xff)
{
throw new IllegalArgumentException("s2KCount value outside of range 0 to 255.");
}
this.s2kCount = s2kCount;
}
/**
* Provide a user defined source of randomness.
*
* @param random the secure random to be used.
* @return the current builder.
*/
public BcPBESecretKeyEncryptorBuilder setSecureRandom(SecureRandom random)
{
this.random = random;
return this;
}
public PBESecretKeyEncryptor build(char[] passPhrase)
{
if (this.random == null)
{
this.random = new SecureRandom();
}
return new PBESecretKeyEncryptor(encAlgorithm, s2kDigestCalculator, s2kCount, this.random, passPhrase)
{
private byte[] iv;
public byte[] encryptKeyData(byte[] key, byte[] keyData, int keyOff, int keyLen)
throws PGPException
{
return encryptKeyData(key, null, keyData, keyOff, keyLen);
}
public byte[] encryptKeyData(byte[] key, byte[] iv, byte[] keyData, int keyOff, int keyLen)
throws PGPException
{
try
{
BlockCipher engine = BcImplProvider.createBlockCipher(this.encAlgorithm);
if (iv != null)
{ // to deal with V3 key encryption
this.iv = iv;
}
else
{
if (this.random == null)
{
this.random = new SecureRandom();
}
this.iv = iv = new byte[engine.getBlockSize()];
this.random.nextBytes(iv);
}
BufferedBlockCipher c = BcUtil.createSymmetricKeyWrapper(true, engine, key, iv);
byte[] out = new byte[keyLen];
int outLen = c.processBytes(keyData, keyOff, keyLen, out, 0);
outLen += c.doFinal(out, outLen);
return out;
}
catch (InvalidCipherTextException e)
{
throw new PGPException("decryption failed: " + e.getMessage(), e);
}
}
public byte[] getCipherIV()
{
return iv;
}
};
}
}
|
