java用bouncycastle签名公共pgp密钥

Question

I've got a doubt.. I have to sign a pgp public key using bouncycastle api supposedly. 我有一个疑问。我应该使用bouncycastle api签名pgp公钥。 Now: to my understanding signing a key with another means ultimately adding to this public key a "certificate". 现在：据我所知，以另一种方式签名密钥意味着最终向该公共密钥添加“证书”。 Thus lacking any other way, I've gone blind searching in the library. 因此，由于缺乏其他方法，我在图书馆中盲目搜索。 my only find so far has been method generateCertification inside PGPSignatureGenerator. 到目前为止，我唯一发现的是PGPSignatureGenerator中的generateCertification方法。 But this method generate a certification between a master PgpPublicKey and another PgpPublicKey.. And this strikes me as strange: I assumed that in order to trust another public key, that has to be signed with your own private pgp key just like in regular x.509 with CA certification in a manner.. This was assumption by some methods that I saw when trying to get some ideas from other library: didisoft for example has a similar method on a keystore where you have to provide the PgpPrivatekey keyuid... 但是这种方法会在主PgpPublicKey和另一个PgpPublicKey之间生成一个证书。这让我感到奇怪：我假设为了信任另一个公共密钥，必须像常规x一样使用自己的私有pgp密钥进行签名。 509以某种方式获得了CA认证。.这是我在尝试从其他库中获取一些想法时所看到的一些方法的假设：例如didisoft在密钥库中有类似的方法，您必须在其中提供PgpPrivatekey keyuid ...

Anyone has any hint or a piece of code to propose? 任何人都可以提出任何提示或一段代码？ Thanks in advance. 提前致谢。

Answer 1

This can be used to check that one key gave default certification to another 这可以用来检查一个密钥是否给了另一个缺省证书

  /**
 * Signs a public key
 *
 * @param publicKeyRing a public key ring containing the single public key to sign
 * @param id the id we are certifying against the public key
 * @param secretKey the signing key
 * @param secretKeyPassword the signing key password
 *
 * @return a public key ring with the signed public key
 */
public static PGPPublicKeyRing signPublicKey( PGPPublicKeyRing publicKeyRing, String id, PGPSecretKey secretKey,
                                              String secretKeyPassword ) throws PGPException
{
    try
    {
        PGPPublicKey oldKey = publicKeyRing.getPublicKey();

        PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(
                new JcePBESecretKeyDecryptorBuilder().setProvider( provider )
                                                     .build( secretKeyPassword.toCharArray() ) );

        PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
                new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1 ) );

        signatureGenerator.init( PGPSignature.DEFAULT_CERTIFICATION, pgpPrivKey );

        PGPSignature signature = signatureGenerator.generateCertification( id, oldKey );

        PGPPublicKey newKey = PGPPublicKey.addCertification( oldKey, signature );

        PGPPublicKeyRing newPublicKeyRing = PGPPublicKeyRing.removePublicKey( publicKeyRing, oldKey );

        return PGPPublicKeyRing.insertPublicKey( newPublicKeyRing, newKey );
    }
    catch ( Exception e )
    {
        //throw custom  exception
        throw new PGPException( "Error signing public key", e );
    }
}


/**
 * Verifies that a public key is signed with another public key
 *
 * @param keyToVerify the public key to verify
 * @param id the id we are verifying against the public key
 * @param keyToVerifyWith the key to verify with
 *
 * @return true if verified, false otherwise
 */
public static boolean verifyPublicKey( PGPPublicKey keyToVerify, String id, PGPPublicKey keyToVerifyWith )
        throws PGPException
{
    try
    {
        Iterator<PGPSignature> signIterator = keyToVerify.getSignatures();
        while ( signIterator.hasNext() )
        {
            PGPSignature signature = signIterator.next();
            signature.init( new JcaPGPContentVerifierBuilderProvider().setProvider( provider ), keyToVerifyWith );
            if ( signature.verifyCertification( id.getBytes(), keyToVerify ) )
            {
                return true;
            }
        }
        return false;
    }
    catch ( Exception e )
    {
        //throw custom  exception
        throw new PGPException( "Error verifying public key", e );
    }
}

Answer 2

Here's a Codeexample to sign a public Key: 这是一个签名公钥的代码示例：

    PGPSecretKey mySecretKey;
    PGPPublicKey publicKeyToBeSigned; 
    PGPPrivateKey pgpPrivKey = mySecretKey
            .extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()
                    .setProvider("BC").build("password for your private key"));
    PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
            new JcaPGPContentSignerBuilder(mySecretKey.getPublicKey()
                    .getAlgorithm(), PGPUtil.SHA512));
    signatureGenerator.init(PGPSignature.DIRECT_KEY, pgpPrivKey);

    PGPSignature signature = signatureGenerator.generateCertification(
            id, publicKeyToBeSigned);

This piece of code just creates the signature. 这段代码只是创建签名。 You need to add it to your the public key then: 您需要将其添加到公用密钥，然后：

PGPPublicKey.addCertification(publicKeyToBeSigned, signature);

Hope that helps you :) 希望对您有帮助:)

java用bouncycastle签名公共pgp密钥

问题描述

2 个解决方案

解决方案1
2 2015-11-27 13:37:15

解决方案2
1 已采纳 2015-02-18 20:36:27

java用bouncycastle签名公共pgp密钥

问题描述

2 个解决方案

解决方案1 2 2015-11-27 13:37:15

解决方案2 1 已采纳 2015-02-18 20:36:27

解决方案1
2 2015-11-27 13:37:15

解决方案2
1 已采纳 2015-02-18 20:36:27