我正在使用Bouncy Castle生成RSA PGP密钥对。在我可以找到的所有示例中,创建ID Ring 对象时始终分配User ID字段,而不是密钥对本身。
但是,当看着https://tools.ietf.org/html/rfc4880#section-5.11时
我看到密钥确实在密钥包中指定了一个用户ID字段。
我的问题是,如何在密钥创建期间 期间将用户ID分配给密钥对?
这是一些示例代码,与我尝试执行的操作很接近,但是当将密钥对分配给钥匙圈时,它们仍会分配用户ID。
public final static PGPKeyRingGenerator generateKeyRingGenerator
(String id, char[] pass, int s2kcount)
throws Exception
{
// This object generates individual key-pairs.
RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();
// Boilerplate RSA parameters, no need to change anything
// except for the RSA key-size (2048). You can use whatever
// key-size makes sense for you -- 4096, etc.
kpg.init
(new RSAKeyGenerationParameters
(BigInteger.valueOf(0x10001),
new SecureRandom(), 2048, 12));
// First create the master (signing) key with the generator.
PGPKeyPair rsakp_sign =
new BcPGPKeyPair
(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date());
// Then an encryption subkey.
PGPKeyPair rsakp_enc =
new BcPGPKeyPair
(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date());
// Add a self-signature on the id
PGPSignatureSubpacketGenerator signhashgen =
new PGPSignatureSubpacketGenerator();
// Add signed metadata on the signature.
// 1) Declare its purpose
signhashgen.setKeyFlags
(false, KeyFlags.SIGN_DATA|KeyFlags.CERTIFY_OTHER);
// 2) Set preferences for secondary crypto algorithms to use
// when sending messages to this key.
signhashgen.setPreferredSymmetricAlgorithms
(false, new int[] {
SymmetricKeyAlgorithmTags.AES_256,
SymmetricKeyAlgorithmTags.AES_192,
SymmetricKeyAlgorithmTags.AES_128
});
signhashgen.setPreferredHashAlgorithms
(false, new int[] {
HashAlgorithmTags.SHA256,
HashAlgorithmTags.SHA1,
HashAlgorithmTags.SHA384,
HashAlgorithmTags.SHA512,
HashAlgorithmTags.SHA224,
});
// 3) Request senders add additional checksums to the
// message (useful when verifying unsigned messages.)
signhashgen.setFeature
(false, Features.FEATURE_MODIFICATION_DETECTION);
// Create a signature on the encryption subkey.
PGPSignatureSubpacketGenerator enchashgen =
new PGPSignatureSubpacketGenerator();
// Add metadata to declare its purpose
enchashgen.setKeyFlags
(false, KeyFlags.ENCRYPT_COMMS|KeyFlags.ENCRYPT_STORAGE);
// Objects used to encrypt the secret key.
PGPDigestCalculator sha1Calc =
new BcPGPDigestCalculatorProvider()
.get(HashAlgorithmTags.SHA1);
PGPDigestCalculator sha256Calc =
new BcPGPDigestCalculatorProvider()
.get(HashAlgorithmTags.SHA256);
// bcpg 1.48 exposes this API that includes s2kcount. Earlier
// versions use a default of 0x60.
PBESecretKeyEncryptor pske =
(new BcPBESecretKeyEncryptorBuilder
(PGPEncryptedData.AES_256, sha256Calc, s2kcount))
.build(pass);
// Finally, create the keyring itself. The constructor
// takes parameters that allow it to generate the self
// signature.
PGPKeyRingGenerator keyRingGen =
new PGPKeyRingGenerator
(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign,
id, sha1Calc, signhashgen.generate(), null,
new BcPGPContentSignerBuilder
(rsakp_sign.getPublicKey().getAlgorithm(),
HashAlgorithmTags.SHA1),
pske);
// Add our encryption subkey, together with its signature.
keyRingGen.addSubKey
(rsakp_enc, enchashgen.generate(), null);
return keyRingGen;
}