certify: add some subscopes in PgpKeyOperation for readability
note this commit introduces NO semantical changes whatsoever!
This commit is contained in:
Vincent Breitmoser
@@ -215,19 +215,20 @@ public class PgpKeyOperation {
|
|||||||
|
|
||||||
updateProgress(R.string.progress_preparing_master_key, 10, 100);
|
updateProgress(R.string.progress_preparing_master_key, 10, 100);
|
||||||
|
|
||||||
int usageId = keysUsages.get(0);
|
// prepare keyring generator with given master public and secret key
|
||||||
boolean canSign =
|
PGPKeyRingGenerator keyGen;
|
||||||
(usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
|
PGPPublicKey masterPublicKey; {
|
||||||
boolean canEncrypt =
|
|
||||||
(usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
|
|
||||||
|
|
||||||
String mainUserId = userIds.get(0);
|
String mainUserId = userIds.get(0);
|
||||||
|
|
||||||
|
// prepare the master key pair
|
||||||
|
PGPKeyPair masterKeyPair; {
|
||||||
|
|
||||||
PGPSecretKey masterKey = keys.get(0);
|
PGPSecretKey masterKey = keys.get(0);
|
||||||
|
|
||||||
// this removes all userIds and certifications previously attached to the masterPublicKey
|
// this removes all userIds and certifications previously attached to the masterPublicKey
|
||||||
PGPPublicKey tmpKey = masterKey.getPublicKey();
|
PGPPublicKey tmpKey = masterKey.getPublicKey();
|
||||||
PGPPublicKey masterPublicKey = new PGPPublicKey(tmpKey.getAlgorithm(),
|
masterPublicKey = new PGPPublicKey(tmpKey.getAlgorithm(),
|
||||||
tmpKey.getKey(new BouncyCastleProvider()), tmpKey.getCreationTime());
|
tmpKey.getKey(new BouncyCastleProvider()), tmpKey.getCreationTime());
|
||||||
|
|
||||||
// already done by code above:
|
// already done by code above:
|
||||||
@@ -263,10 +264,18 @@ public class PgpKeyOperation {
|
|||||||
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification);
|
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification);
|
||||||
}
|
}
|
||||||
|
|
||||||
PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey);
|
masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey);
|
||||||
|
}
|
||||||
|
|
||||||
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
PGPSignatureSubpacketGenerator hashedPacketsGen;
|
||||||
PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
PGPSignatureSubpacketGenerator unhashedPacketsGen; {
|
||||||
|
|
||||||
|
hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
||||||
|
unhashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
||||||
|
|
||||||
|
int usageId = keysUsages.get(0);
|
||||||
|
boolean canEncrypt =
|
||||||
|
(usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
|
||||||
|
|
||||||
int keyFlags = KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA;
|
int keyFlags = KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA;
|
||||||
if (canEncrypt) {
|
if (canEncrypt) {
|
||||||
@@ -296,6 +305,7 @@ public class PgpKeyOperation {
|
|||||||
hashedPacketsGen.setKeyExpirationTime(false, 0);
|
hashedPacketsGen.setKeyExpirationTime(false, 0);
|
||||||
//this happens anyway
|
//this happens anyway
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
updateProgress(R.string.progress_building_master_key, 30, 100);
|
updateProgress(R.string.progress_building_master_key, 30, 100);
|
||||||
|
|
||||||
@@ -311,10 +321,12 @@ public class PgpKeyOperation {
|
|||||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
|
||||||
newPassPhrase.toCharArray());
|
newPassPhrase.toCharArray());
|
||||||
|
|
||||||
PGPKeyRingGenerator keyGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION,
|
keyGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION,
|
||||||
masterKeyPair, mainUserId, sha1Calc, hashedPacketsGen.generate(),
|
masterKeyPair, mainUserId, sha1Calc, hashedPacketsGen.generate(),
|
||||||
unhashedPacketsGen.generate(), certificationSignerBuilder, keyEncryptor);
|
unhashedPacketsGen.generate(), certificationSignerBuilder, keyEncryptor);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
updateProgress(R.string.progress_adding_sub_keys, 40, 100);
|
updateProgress(R.string.progress_adding_sub_keys, 40, 100);
|
||||||
|
|
||||||
for (int i = 1; i < keys.size(); ++i) {
|
for (int i = 1; i < keys.size(); ++i) {
|
||||||
@@ -323,23 +335,23 @@ public class PgpKeyOperation {
|
|||||||
PGPSecretKey subKey = keys.get(i);
|
PGPSecretKey subKey = keys.get(i);
|
||||||
PGPPublicKey subPublicKey = subKey.getPublicKey();
|
PGPPublicKey subPublicKey = subKey.getPublicKey();
|
||||||
|
|
||||||
PBESecretKeyDecryptor keyDecryptor2 = new JcePBESecretKeyDecryptorBuilder()
|
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
|
||||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
|
||||||
oldPassPhrase.toCharArray());
|
oldPassPhrase.toCharArray());
|
||||||
PGPPrivateKey subPrivateKey = subKey.extractPrivateKey(keyDecryptor2);
|
PGPPrivateKey subPrivateKey = subKey.extractPrivateKey(keyDecryptor);
|
||||||
|
|
||||||
// TODO: now used without algorithm and creation time?! (APG 1)
|
// TODO: now used without algorithm and creation time?! (APG 1)
|
||||||
PGPKeyPair subKeyPair = new PGPKeyPair(subPublicKey, subPrivateKey);
|
PGPKeyPair subKeyPair = new PGPKeyPair(subPublicKey, subPrivateKey);
|
||||||
|
|
||||||
hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
||||||
unhashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
||||||
|
|
||||||
keyFlags = 0;
|
int keyFlags = 0;
|
||||||
|
|
||||||
usageId = keysUsages.get(i);
|
int usageId = keysUsages.get(i);
|
||||||
canSign =
|
boolean canSign =
|
||||||
(usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
|
(usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
|
||||||
canEncrypt =
|
boolean canEncrypt =
|
||||||
(usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
|
(usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
|
||||||
if (canSign) {
|
if (canSign) {
|
||||||
Date todayDate = new Date(); //both sig times the same
|
Date todayDate = new Date(); //both sig times the same
|
||||||
@@ -402,8 +414,9 @@ public class PgpKeyOperation {
|
|||||||
if (passphrase == null) {
|
if (passphrase == null) {
|
||||||
throw new PgpGeneralException("Unable to obtain passphrase");
|
throw new PgpGeneralException("Unable to obtain passphrase");
|
||||||
} else {
|
} else {
|
||||||
PGPPublicKeyRing pubring = ProviderHelper
|
|
||||||
.getPGPPublicKeyRingByKeyId(mContext, pubKeyId);
|
// create a signatureGenerator from the supplied masterKeyId and passphrase
|
||||||
|
PGPSignatureGenerator signatureGenerator; {
|
||||||
|
|
||||||
PGPSecretKey certificationKey = PgpKeyHelper.getCertificationKey(mContext, masterKeyId);
|
PGPSecretKey certificationKey = PgpKeyHelper.getCertificationKey(mContext, masterKeyId);
|
||||||
if (certificationKey == null) {
|
if (certificationKey == null) {
|
||||||
@@ -423,16 +436,19 @@ public class PgpKeyOperation {
|
|||||||
certificationKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256)
|
certificationKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256)
|
||||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||||
|
|
||||||
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
|
signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
|
||||||
contentSignerBuilder);
|
|
||||||
|
|
||||||
signatureGenerator.init(PGPSignature.DIRECT_KEY, signaturePrivateKey);
|
signatureGenerator.init(PGPSignature.DIRECT_KEY, signaturePrivateKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
{ // supply signatureGenerator with a SubpacketVector
|
||||||
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
|
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
|
||||||
|
|
||||||
PGPSignatureSubpacketVector packetVector = spGen.generate();
|
PGPSignatureSubpacketVector packetVector = spGen.generate();
|
||||||
signatureGenerator.setHashedSubpackets(packetVector);
|
signatureGenerator.setHashedSubpackets(packetVector);
|
||||||
|
}
|
||||||
|
|
||||||
|
// fetch public key ring, add the certification and return it
|
||||||
|
PGPPublicKeyRing pubring = ProviderHelper
|
||||||
|
.getPGPPublicKeyRingByKeyId(mContext, pubKeyId);
|
||||||
PGPPublicKey signedKey = PGPPublicKey.addCertification(pubring.getPublicKey(pubKeyId),
|
PGPPublicKey signedKey = PGPPublicKey.addCertification(pubring.getPublicKey(pubKeyId),
|
||||||
signatureGenerator.generate());
|
signatureGenerator.generate());
|
||||||
pubring = PGPPublicKeyRing.insertPublicKey(pubring, signedKey);
|
pubring = PGPPublicKeyRing.insertPublicKey(pubring, signedKey);
|
||||||
|
|||||||
Reference in New Issue
Block a user