import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator; //导入依赖的package包/类
public final static PGPKeyRingGenerator generateKeyRingGenerator (String keyId, char[] pass) throws PGPException{
    RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();
    kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 4096, 12));
    PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date());
    PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date());
    PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();
    signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA|KeyFlags.CERTIFY_OTHER|KeyFlags.SHARED);
    signhashgen.setPreferredSymmetricAlgorithms(false, new int[]{SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128});
    signhashgen.setPreferredHashAlgorithms(false, new int[]{HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512, HashAlgorithmTags.SHA224});
    signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);
    PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
    enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);
    PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);
    PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256);
    PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, 0xc0)).build(pass);
    PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator (PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign,
            keyId, sha1Calc, signhashgen.generate(), null, new BcPGPContentSignerBuilder(rsakp_sign.getPublicKey().getAlgorithm(),
            HashAlgorithmTags.SHA1), pske);
    keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null);
    return keyRingGen;
}
 

import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator; //导入依赖的package包/类
@Override
public PGPKeyRingGenerator generateKey(String email, char[] password) throws Exception {
    RSAKeyPairGenerator rsaKeyPairGenerator=new RSAKeyPairGenerator();
    rsaKeyPairGenerator.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001),new SecureRandom(),2048,12));
    PGPKeyPair keyPair=new BcPGPKeyPair(PGPPublicKey.RSA_SIGN,rsaKeyPairGenerator.generateKeyPair(),new Date());
    PGPKeyPair enKeyPair=new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT,rsaKeyPairGenerator.generateKeyPair(),new Date());

    // Add a self-signature on the id
    PGPSignatureSubpacketGenerator signhashgen =
            new PGPSignatureSubpacketGenerator();

    // Add signed metadata on the signature.
    // 1) Declare its purpose
    signhashgen.setKeyFlags
            (false, KeyFlags.SIGN_DATA|KeyFlags.CERTIFY_OTHER);
    // 2) Set preferences for secondary crypto algorithms to use
    //    when sending messages to this key.
    signhashgen.setPreferredSymmetricAlgorithms
            (false, new int[] {
                    SymmetricKeyAlgorithmTags.AES_256,
                    SymmetricKeyAlgorithmTags.AES_192,
                    SymmetricKeyAlgorithmTags.AES_128
            });
    signhashgen.setPreferredHashAlgorithms
            (false, new int[] {
                    HashAlgorithmTags.SHA256,
                    HashAlgorithmTags.SHA1,
                    HashAlgorithmTags.SHA384,
                    HashAlgorithmTags.SHA512,
                    HashAlgorithmTags.SHA224,
            });
    // 3) Request senders add additional checksums to the
    //    message (useful when verifying unsigned messages.)
    signhashgen.setFeature
            (false, Features.FEATURE_MODIFICATION_DETECTION);

    // Create a signature on the encryption subkey.
    PGPSignatureSubpacketGenerator enchashgen =
            new PGPSignatureSubpacketGenerator();
    // Add metadata to declare its purpose
    enchashgen.setKeyFlags
            (false, KeyFlags.ENCRYPT_COMMS|KeyFlags.ENCRYPT_STORAGE);

    // Objects used to encrypt the secret key.
    PGPDigestCalculator sha1Calc =
            new BcPGPDigestCalculatorProvider()
                    .get(HashAlgorithmTags.SHA1);
    PGPDigestCalculator sha256Calc =
            new BcPGPDigestCalculatorProvider()
                    .get(HashAlgorithmTags.SHA256);


    PBESecretKeyEncryptor pske =
            (new BcPBESecretKeyEncryptorBuilder
                    (PGPEncryptedData.AES_256, sha256Calc, 0xc0))
                    .build(password);

    // Finally, create the keyring itself. The constructor
    // takes parameters that allow it to generate the self
    // signature.
    PGPKeyRingGenerator keyRingGen =
            new PGPKeyRingGenerator
                    (PGPSignature.POSITIVE_CERTIFICATION, keyPair,
                            email, sha1Calc, signhashgen.generate(), null,
                            new BcPGPContentSignerBuilder
                                    (keyPair.getPublicKey().getAlgorithm(),
                                            HashAlgorithmTags.SHA1),
                            pske);

    // Add our encryption subkey, together with its signature.
    keyRingGen.addSubKey
            (enKeyPair, enchashgen.generate(), null);
    return keyRingGen;
}
 

import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator; //导入依赖的package包/类
private byte[] encryptData(String mime, CharSequence data)
        throws PGPException, IOException, SignatureException {

    String from = mKey.getUserId(mServer.getNetwork());
    String[] to = new String[mRecipients.length];
    for (int i = 0; i < to.length; i++)
        to[i] = PGP.getUserId(PGP.getMasterKey(mRecipients[i]), mServer.getNetwork());

    // secure the message against the most basic attacks using Message/CPIM
    CPIMMessage cpim = new CPIMMessage(from, to, new Date(), mime, data);
    byte[] plainText = cpim.toByteArray();

    ByteArrayOutputStream out = new ByteArrayOutputStream();
    ByteArrayInputStream in = new ByteArrayInputStream(plainText);

    // setup data encryptor & generator
    BcPGPDataEncryptorBuilder encryptor = new BcPGPDataEncryptorBuilder(PGPEncryptedData.AES_192);
    encryptor.setWithIntegrityPacket(true);
    encryptor.setSecureRandom(new SecureRandom());

    // add public key recipients
    PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(encryptor);
    for (PGPPublicKeyRing rcpt : mRecipients)
        encGen.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(PGP.getEncryptionKey(rcpt)));

    OutputStream encryptedOut = encGen.open(out, new byte[BUFFER_SIZE]);

    // setup compressed data generator
    PGPCompressedDataGenerator compGen = new PGPCompressedDataGenerator(PGPCompressedData.ZIP);
    OutputStream compressedOut = compGen.open(encryptedOut, new byte[BUFFER_SIZE]);

    // setup signature generator
    PGPSignatureGenerator sigGen = new PGPSignatureGenerator
            (new BcPGPContentSignerBuilder(mKey.getSignKeyPair()
                .getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA256));
    sigGen.init(PGPSignature.BINARY_DOCUMENT, mKey.getSignKeyPair().getPrivateKey());

    PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
    spGen.setSignerUserID(false, mKey.getUserId(mServer.getNetwork()));
    sigGen.setUnhashedSubpackets(spGen.generate());

    sigGen.generateOnePassVersion(false)
        .encode(compressedOut);

    // Initialize literal data generator
    PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator();
    OutputStream literalOut = literalGen.open(
        compressedOut,
        PGPLiteralData.BINARY,
        "",
        new Date(),
        new byte[BUFFER_SIZE]);

    // read the "in" stream, compress, encrypt and write to the "out" stream
    // this must be done if clear data is bigger than the buffer size
    // but there are other ways to optimize...
    byte[] buf = new byte[BUFFER_SIZE];
    int len;
    while ((len = in.read(buf)) > 0) {
        literalOut.write(buf, 0, len);
        sigGen.update(buf, 0, len);
    }

    in.close();
    literalGen.close();
    // Generate the signature, compress, encrypt and write to the "out" stream
    sigGen.generate().encode(compressedOut);
    compGen.close();
    encGen.close();

    return out.toByteArray();
}
 

import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator; //导入依赖的package包/类
/**
 * https://github.com/wesabe/grendel/blob/master/src/test/java/com/wesabe/
 * grendel/openpgp/tests/KeySetGeneratorTest.java
 * 
 * @throws PGPException
 */
@Test
public void testOpenPgp() throws PGPException {
	String id = "[email protected]";
	String pass = "hello";
	int s2kcount = 0xc1;
	// http://bouncycastle-pgp-cookbook.blogspot.tw/2013/01/generating-rsa-keys.html

	RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();
	kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001),
			new SecureRandom(), 2048, 12));

	BcPGPKeyPair bkpSign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN,
			kpg.generateKeyPair(), new Date());

	assertNotNull(bkpSign);
	BcPGPKeyPair bkpEncrypt = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT,
			kpg.generateKeyPair(), new Date());

	assertNotNull(bkpEncrypt);

	PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

	signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA
			| KeyFlags.CERTIFY_OTHER);
	signhashgen.setPreferredSymmetricAlgorithms(false, new int[] {
			SymmetricKeyAlgorithmTags.AES_256,
			SymmetricKeyAlgorithmTags.AES_192,
			SymmetricKeyAlgorithmTags.AES_128 });
	signhashgen.setPreferredHashAlgorithms(false, new int[] {
			HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1,
			HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512,
			HashAlgorithmTags.SHA224, });

	signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);

	PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
	enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS
			| KeyFlags.ENCRYPT_STORAGE);

	PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider()
			.get(HashAlgorithmTags.SHA1);
	PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider()
			.get(HashAlgorithmTags.SHA256);

	// bcpg 1.48 exposes this API that includes s2kcount. Earlier
	// versions use a default of 0x60.
	PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(
			PGPEncryptedData.AES_256, sha256Calc))
			.build(pass.toCharArray());

	// Finally, create the keyring itself. The constructor
	// takes parameters that allow it to generate the self
	// signature.
	PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(
			PGPSignature.POSITIVE_CERTIFICATION, bkpSign, id, sha1Calc,
			signhashgen.generate(), null, new BcPGPContentSignerBuilder(
					bkpSign.getPublicKey().getAlgorithm(),
					HashAlgorithmTags.SHA1), pske);

	// Add our encryption subkey, together with its signature.
	keyRingGen.addSubKey(bkpEncrypt, enchashgen.generate(), null);
	assertNotNull(keyRingGen);
}
 

import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator; //导入依赖的package包/类
@SuppressWarnings("rawtypes")
private static String sign(String stanza, String keyPath, char[] pass) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, PGPException, SignatureException {
	if (stanza == null) {
		stanza = "";
	}

	PGPSecretKey pgpSecKey = EncryptionUtils.readSecretKey(keyPath);
	PGPPrivateKey pgpPrivKey = pgpSecKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider("SC").build(pass));
	PGPSignatureGenerator sGen = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(pgpSecKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1).setProvider("SC"));
	PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();

	sGen.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, pgpPrivKey);

	Iterator it = pgpSecKey.getPublicKey().getUserIDs();
	if (it.hasNext()) {
		spGen.setSignerUserID(false, (String) it.next());
		sGen.setHashedSubpackets(spGen.generate());
	}

	InputStream fIn = new BufferedInputStream(new ByteArrayInputStream(stanza.getBytes()));
	ByteArrayOutputStream out = new ByteArrayOutputStream();
	ArmoredOutputStream aOut = new ArmoredOutputStream(out);

	aOut.beginClearText(PGPUtil.SHA1);

	//
	// note the last \n/\r/\r\n in the file is ignored
	//
	ByteArrayOutputStream lineOut = new ByteArrayOutputStream();
	int lookAhead = readInputLine(lineOut, fIn);

	processLine(aOut, sGen, lineOut.toByteArray());

	if (lookAhead != -1) {
		do {
			lookAhead = readInputLine(lineOut, lookAhead, fIn);

			sGen.update((byte) '\r');
			sGen.update((byte) '\n');

			processLine(aOut, sGen, lineOut.toByteArray());
		} while (lookAhead != -1);
	}

	fIn.close();

	aOut.endClearText();

	BCPGOutputStream bOut = new BCPGOutputStream(aOut);

	sGen.generate().encode(bOut);

	aOut.close();

	String signed = new String(out.toByteArray());

	bOut.close();

	return EncryptedDataProvider.removeHeaderFooter(signed);

}