logo标签列表

使用Bouncy Castle PGP在JAVA中加密/解密文件

javaencryptionbouncycastlepgp
3

我正在使用这个类生成用于PGP加密的密钥对,并将文件保存到磁盘。

import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Date;

import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.bcpg.sig.Features;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.bc.BcPGPKeyPair;

public class RSAGen {
    public static void Generate(String ID,String PassPhrase , String FileName) throws Exception {
        char pass[] = PassPhrase.toCharArray();
        PGPKeyRingGenerator krgen = generateKeyRingGenerator(ID, pass);

        // Generate public key ring, dump to file.
        PGPPublicKeyRing pkr = krgen.generatePublicKeyRing();
        ArmoredOutputStream pubout = new ArmoredOutputStream(new BufferedOutputStream(new FileOutputStream(FileName + ".asc")));
        pkr.encode(pubout);
        pubout.close();

        // Generate private key, dump to file.
        PGPSecretKeyRing skr = krgen.generateSecretKeyRing();
        BufferedOutputStream secout = new BufferedOutputStream(new FileOutputStream(FileName + ".skr"));
        skr.encode(secout);
        secout.close();
    }

    public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass) throws Exception{
        return generateKeyRingGenerator(id, pass, 0xc0);
    }

    // Note: s2kcount is a number between 0 and 0xff that controls the number of times to iterate the password hash before use. More
    // iterations are useful against offline attacks, as it takes more time to check each password. The actual number of iterations is
    // rather complex, and also depends on the hash function in use. Refer to Section 3.7.1.3 in rfc4880.txt. Bigger numbers give
    // you more iterations.  As a rough rule of thumb, when using SHA256 as the hashing function, 0x10 gives you about 64
    // iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0, or about 1 million iterations. The maximum you can go to is
    // 0xff, or about 2 million iterations.  I'll use 0xc0 as a default -- about 130,000 iterations.

    public final static PGPKeyRingGenerator generateKeyRingGenerator(String id, char[] pass, int s2kcount) throws Exception {
        // This object generates individual key-pairs.
        RSAKeyPairGenerator  kpg = new RSAKeyPairGenerator();

        // Boilerplate RSA parameters, no need to change anything
        // except for the RSA key-size (2048). You can use whatever key-size makes sense for you -- 4096, etc.
        kpg.init(new RSAKeyGenerationParameters(BigInteger.valueOf(0x10001), new SecureRandom(), 2048, 12));

        // First create the master (signing) key with the generator.
        PGPKeyPair rsakp_sign = new BcPGPKeyPair(PGPPublicKey.RSA_SIGN, kpg.generateKeyPair(), new Date());
        // Then an encryption subkey.
        PGPKeyPair rsakp_enc = new BcPGPKeyPair(PGPPublicKey.RSA_ENCRYPT, kpg.generateKeyPair(), new Date());

        // Add a self-signature on the id
        PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

        // Add signed metadata on the signature.
        // 1) Declare its purpose
        signhashgen.setKeyFlags(false, KeyFlags.SIGN_DATA|KeyFlags.CERTIFY_OTHER);
        // 2) Set preferences for secondary crypto algorithms to use when sending messages to this key.
        signhashgen.setPreferredSymmetricAlgorithms
                (false, new int[] {
                        SymmetricKeyAlgorithmTags.AES_256,
                        SymmetricKeyAlgorithmTags.AES_192,
                        SymmetricKeyAlgorithmTags.AES_128
                });
        signhashgen.setPreferredHashAlgorithms
                (false, new int[] {
                        HashAlgorithmTags.SHA256,
                        HashAlgorithmTags.SHA1,
                        HashAlgorithmTags.SHA384,
                        HashAlgorithmTags.SHA512,
                        HashAlgorithmTags.SHA224,
                });
        // 3) Request senders add additional checksums to the message (useful when verifying unsigned messages.)
        signhashgen.setFeature(false, Features.FEATURE_MODIFICATION_DETECTION);

        // Create a signature on the encryption subkey.
        PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
        // Add metadata to declare its purpose
        enchashgen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS|KeyFlags.ENCRYPT_STORAGE);

        // Objects used to encrypt the secret key.
        PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1);
        PGPDigestCalculator sha256Calc = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA256);

        // bcpg 1.48 exposes this API that includes s2kcount. Earlier versions use a default of 0x60.
        PBESecretKeyEncryptor pske = (new BcPBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, sha256Calc, s2kcount)).build(pass);

        // Finally, create the keyring itself. The constructor takes parameters that allow it to generate the self signature.
        PGPKeyRingGenerator keyRingGen =
                new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign,
                        id, sha1Calc, signhashgen.generate(), null,
                        new BcPGPContentSignerBuilder(rsakp_sign.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1), pske);

        // Add our encryption subkey, together with its signature.
        keyRingGen.addSubKey(rsakp_enc, enchashgen.generate(), null);
        return keyRingGen;
    }
}

我发现这个类无法与最新版本一起使用,最新版本为: -bcpg-jdk15on-1.54 -bcprov-jdk15on-1.54
当使用这个类时,我收到了很多错误消息: https://github.com/matthewmccullough/encryption-jvm-bootcamp/blob/master/bc-pgp/src/main/java/com/ambientideas/cryptography/KeyBasedFileProcessorUtil.java 
package com.ambientideas.cryptography;

import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Iterator;

//Matthew McCullough: Rediculous as it sounds, many of the functions such as 
// private static void encryptFile()
// private static void decryptFile()
// private static PGPPrivateKey findSecretKey()
// private static PGPPublicKey readPublicKey()
// for PGP in BouncyCastle are private, thus making it unbearable to use
// in a simple manner against whole file contents. Thus, this class is duplicated from the
// core of BouncyCastle (KeyBasedFileProcessor being the original name), but with the
// methods made public so that the test can use them.

/**
 * A simple utility class that encrypts/decrypts public key based
 * encryption files.
 * <p>
 * To encrypt a file: KeyBasedFileProcessor -e [-a|-ai] fileName publicKeyFile.<br>
 * If -a is specified the output file will be "ascii-armored".
 * If -i is specified the output file will be have integrity checking added.
 * <p>
 * To decrypt: KeyBasedFileProcessor -d fileName secretKeyFile passPhrase.
 * <p>
 * Note 1: this example will silently overwrite files, nor does it pay any attention to
 * the specification of "_CONSOLE" in the filename. It also expects that a single pass phrase
 * will have been used.
 * <p>
 * Note 2: if an empty file name has been specified in the literal data object contained in the
 * encrypted packet a file with the name filename.out will be generated in the current working directory.
 */
public class KeyBasedFileProcessorUtil
{
    /**
     * A simple routine that opens a key ring file and loads the first available key suitable for
     * encryption.
     * 
     * @param in
     * @return
     * @throws IOException
     * @throws PGPException
     */
    public static PGPPublicKey readPublicKey(
        InputStream    in)
        throws IOException, PGPException
    {
        in = PGPUtil.getDecoderStream(in);

        PGPPublicKeyRingCollection        pgpPub = new PGPPublicKeyRingCollection(in);

        //
        // we just loop through the collection till we find a key suitable for encryption, in the real
        // world you would probably want to be a bit smarter about this.
        //

        //
        // iterate through the key rings.
        //
        Iterator<?> rIt = pgpPub.getKeyRings();

        while (rIt.hasNext())
        {
            PGPPublicKeyRing    kRing = (PGPPublicKeyRing)rIt.next();    
            Iterator<?>                        kIt = kRing.getPublicKeys();

            while (kIt.hasNext())
            {
                PGPPublicKey    k = (PGPPublicKey)kIt.next();

                if (k.isEncryptionKey())
                {
                    return k;
                }
            }
        }

        throw new IllegalArgumentException("Can't find encryption key in key ring.");
    }

    /**
     * Search a secret key ring collection for a secret key corresponding to
     * keyID if it exists.
     * 
     * @param pgpSec a secret key ring collection.
     * @param keyID keyID we want.
     * @param pass passphrase to decrypt secret key with.
     * @return
     * @throws PGPException
     * @throws NoSuchProviderException
     */
    public static PGPPrivateKey findSecretKey(
        PGPSecretKeyRingCollection  pgpSec,
        long                        keyID,
        char[]                      pass)
        throws PGPException, NoSuchProviderException
    {    
        PGPSecretKey pgpSecKey = pgpSec.getSecretKey(keyID);

        if (pgpSecKey == null)
        {
            return null;
        }

        return pgpSecKey.extractPrivateKey(pass, "BC");
    }

    /**
     * decrypt the passed in message stream
     */
    public static void decryptFile(
        InputStream in,
        InputStream keyIn,
        char[]      passwd,
        String      defaultFileName,
        String      outputPath)
        throws Exception
    {
        in = PGPUtil.getDecoderStream(in);

        PGPObjectFactory pgpF = new PGPObjectFactory(in);
        PGPEncryptedDataList    enc;

        Object                  o = pgpF.nextObject();
        //
        // the first object might be a PGP marker packet.
        //
        if (o instanceof PGPEncryptedDataList)
        {
            enc = (PGPEncryptedDataList)o;
        }
        else
        {
            enc = (PGPEncryptedDataList)pgpF.nextObject();
        }

        //
        // find the secret key
        //
        Iterator <?>                   it = enc.getEncryptedDataObjects();
        PGPPrivateKey               sKey = null;
        PGPPublicKeyEncryptedData   pbe = null;
        PGPSecretKeyRingCollection  pgpSec = new PGPSecretKeyRingCollection(
                PGPUtil.getDecoderStream(keyIn));

        while (sKey == null && it.hasNext())
        {
            pbe = (PGPPublicKeyEncryptedData)it.next();

            sKey = findSecretKey(pgpSec, pbe.getKeyID(), passwd);
        }

        if (sKey == null)
        {
            throw new IllegalArgumentException("secret key for message not found.");
        }

        InputStream         clear = pbe.getDataStream(sKey, "BC");

        PGPObjectFactory    plainFact = new PGPObjectFactory(clear);

        Object              message = plainFact.nextObject();

        if (message instanceof PGPCompressedData)
        {
            PGPCompressedData   cData = (PGPCompressedData)message;
            PGPObjectFactory    pgpFact = new PGPObjectFactory(cData.getDataStream());

            message = pgpFact.nextObject();
        }

        if (message instanceof PGPLiteralData)
        {
            PGPLiteralData      ld = (PGPLiteralData)message;
            String              outFileName = ld.getFileName();
            if (ld.getFileName().length() == 0)
            {
                outFileName = defaultFileName;
            }

            //MJM: Enhancement to allow targeting of output folder for decrypted files
            if (outputPath == null || outputPath.length() > 0) {
                outFileName = outputPath + outFileName;
            }

            FileOutputStream    fOut = new FileOutputStream(outFileName);

            InputStream    unc = ld.getInputStream();
            int    ch;

            while ((ch = unc.read()) >= 0)
            {
                fOut.write(ch);
            }
        }
        else if (message instanceof PGPOnePassSignatureList)
        {
            throw new PGPException("encrypted message contains a signed message - not literal data.");
        }
        else
        {
            throw new PGPException("message is not a simple encrypted file - type unknown.");
        }

        if (pbe.isIntegrityProtected())
        {
            if (!pbe.verify())
            {
                System.err.println("message failed integrity check");
            }
            else
            {
                System.err.println("message integrity check passed");
            }
        }
        else
        {
            System.err.println("no message integrity check");
        }
    }

    public static void encryptFile(
        OutputStream    out,
        String          fileName,
        PGPPublicKey    encKey,
        boolean         armor,
        boolean         withIntegrityCheck)
        throws IOException, NoSuchProviderException
    {    
        if (armor)
        {
            out = new ArmoredOutputStream(out);
        }

        try
        {
            ByteArrayOutputStream       bOut = new ByteArrayOutputStream();


            PGPCompressedDataGenerator  comData = new PGPCompressedDataGenerator(
                                                                    PGPCompressedData.ZIP);

            PGPUtil.writeFileToLiteralData(comData.open(bOut), PGPLiteralData.BINARY, new File(fileName));

            comData.close();

            PGPEncryptedDataGenerator   cPk = new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, withIntegrityCheck, new SecureRandom(), "BC");

            cPk.addMethod(encKey);

            byte[]                bytes = bOut.toByteArray();

            OutputStream    cOut = cPk.open(out, bytes.length);

            cOut.write(bytes);

            cOut.close();

            out.close();
        }
        catch (PGPException e)
        {
            System.err.println(e);
            if (e.getUnderlyingException() != null)
            {
                e.getUnderlyingException().printStackTrace();
            }
        }
    }

    public static void main(
        String[] args)
        throws Exception
    {
        Security.addProvider(new BouncyCastleProvider());

        if (args.length == 0)
        {
            System.err.println("usage: KeyBasedFileProcessor -e|-d [-a|ai] file [secretKeyFile passPhrase|pubKeyFile]");
            return;
        }

        if (args[0].equals("-e"))
        {
            if (args[1].equals("-a") || args[1].equals("-ai") || args[1].equals("-ia"))
            {
                FileInputStream     keyIn = new FileInputStream(args[3]);
                FileOutputStream    out = new FileOutputStream(args[2] + ".asc");
                encryptFile(out, args[2], readPublicKey(keyIn), true, (args[1].indexOf('i') > 0));
            }
            else if (args[1].equals("-i"))
            {
                FileInputStream     keyIn = new FileInputStream(args[3]);
                FileOutputStream    out = new FileOutputStream(args[2] + ".bpg");
                encryptFile(out, args[2], readPublicKey(keyIn), false, true);
            }
            else
            {
                FileInputStream     keyIn = new FileInputStream(args[2]);
                FileOutputStream    out = new FileOutputStream(args[1] + ".bpg");
                encryptFile(out, args[1], readPublicKey(keyIn), false, false);
            }
        }
        else if (args[0].equals("-d"))
        {
            FileInputStream    in = new FileInputStream(args[1]);
            FileInputStream    keyIn = new FileInputStream(args[2]);
            decryptFile(in, keyIn, args[3].toCharArray(), new File(args[1]).getName() + ".out", null);
        }
        else
        {
            System.err.println("usage: KeyBasedFileProcessor -d|-e [-a|ai] file [secretKeyFile passPhrase|pubKeyFile]");
        }
    }
}

错误消息

在IntelliJ中运行时,出现了以下错误消息。

指出错误消息。 - SOFe
看起来 KeyBasedFileProcessorUtil 的最后编辑日期是在2011年,而您使用的 Bouncycastle 版本相对较新 - 是否可能是因为原始的 BouncyCastle KeyBasedFileProcessor 类的内部已经在 McCullough 复制它之后发生了变化? - reowil
在添加依赖之前,请检查Java版本上的bouncycastle依赖项。还要检查Java证书。 - Bhavesh
3个回答
2

利用标准的现代Java Core类(例如Java 1.8_303+)中包含的JCE,BouncyCastle Core和Bouncy Castle提供程序,我开发了一个基于Spring的服务,可以处理Resource文件中包含的公钥/私钥的PGP加密和解密。如果您没有使用Spring,则可以剥离Spring特定代码,仅利用公共加密/解密方法以及私人支持方法:

package com.your.organization.impl;

import com.your.organization.exception.EncryptionException; // Your own Exception class
import com.your.organization.service.PgpEncryptionService; // Your own Interface class
import org.apache.commons.io.IOUtils;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.springframework.core.io.ClassPathResource;
import org.springframework.stereotype.Service;

import javax.annotation.PostConstruct;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Iterator;

@Service("pgpEncryptionService")
public final class PgpEncryptionServiceImpl implements PgpEncryptionService {

    @PostConstruct
    public void initializeSecurityProviders() {

        // Add the Bouncy Castle security Provider to the JVM
        Security.addProvider(new BouncyCastleProvider());
    }

    /**
     * Encrypts a cleared message {@link String} using the classpath PGPPublicKey using
     * {@link ArmoredOutputStream} to further protect the encrypted message.
     *
     * @param message {@link String}
     * @return Encrypted String with, or without, armoring
     * @throws EncryptionException is thrown if the {@link PGPEncryptedDataGenerator} could not be initialized
     *                             from the provided PGPPublicKey or if the encoded message {@link OutputStream}
     *                             could not be opened
     */
    public String encrypt(String message) throws EncryptionException {

        /*
         * Initialize an OutputStream or ArmoredOutputStream for the encrypted message based on the armor
         * function input
         */
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        OutputStream armoredOutputStream = byteArrayOutputStream;
        armoredOutputStream = new ArmoredOutputStream(armoredOutputStream);

        // Initialize and configure the encryption generator using the provided PGPPublicKey
        PGPEncryptedDataGenerator pgpEncryptedDataGenerator = new PGPEncryptedDataGenerator(
                new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256)
                        .setSecureRandom(new SecureRandom())
                        .setProvider("BC"));

        pgpEncryptedDataGenerator.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(getPublicKey())
                .setProvider("BC"));

        // Convert message String to byte[] using standard UTF-8
        byte[] messageBytes = message.getBytes(StandardCharsets.UTF_8);

        // Open the PGPEncryptedDataGenerator from the ArmoredOutputStream initialized to the message body length
        OutputStream encryptedOutputStream;
        try {
            encryptedOutputStream = pgpEncryptedDataGenerator.open(armoredOutputStream, messageBytes.length);
        } catch (IOException | PGPException e) {
            throw new EncryptionException("Could not open an OutputStream from the PGPEncryptedDataGenerator " +
                    "using the provided message body", e);
        }

        // Write the encrypted message to the encryptedOutputStream
        try {
            encryptedOutputStream.write(messageBytes);
        } catch (IOException e) {
            throw new EncryptionException("Could not write the message body to the encrypted OutputStream", e);
        } finally {

            // Close the encrypted message OutputStream
            try {
                encryptedOutputStream.close();
            } catch (IOException e) {
                // TODO: Log this
            }

            // Close the ArmoredOutputStream
            try {
                armoredOutputStream.close();
            } catch (IOException e) {
                // TODO: Log this
            }
        }

        // Return the encrypted message OutputStream to a String
        return byteArrayOutputStream.toString();
    }

    /**
     * Decrypts an encrypted message {@link String} using the {@link PGPSecretKey} on the classpath and its
     * password {@link String}
     *
     * @param encryptedMessage {@link String}
     * @param password         {@link String}
     * @return String
     * @throws EncryptionException is thrown if an encrypted message InputStream cannot be initialized from the
     *                             encryptedMessage {@link String}, if the PGPEncryptedDataList from that stream
     *                             contains no data, or if the password {@link String} for the
     *                             {@link PGPSecretKey} is incorrect
     */
    public String decrypt(String encryptedMessage, String password) throws EncryptionException {

        // Convert the encrypted String into an InputStream
        InputStream encryptedStream = new ByteArrayInputStream(encryptedMessage.getBytes(StandardCharsets.UTF_8));
        try {
            encryptedStream = PGPUtil.getDecoderStream(encryptedStream);
        } catch (IOException e) {
            throw new EncryptionException("Could not initialize the DecoderStream", e);
        }

        // Retrieve the PGPEncryptedDataList from the encryptedStream
        JcaPGPObjectFactory jcaPGPObjectFactory = new JcaPGPObjectFactory(encryptedStream);
        PGPEncryptedDataList pgpEncryptedDataList;

        /*
         * Evaluate the first object for a leading PGP marker packet and then return the encrypted
         * message body as a PGPEncryptedDataList
         */
        try {
            Object nextDataObject = jcaPGPObjectFactory.nextObject();
            if (nextDataObject instanceof PGPEncryptedDataList) {
                pgpEncryptedDataList = (PGPEncryptedDataList) nextDataObject;
            } else {
                pgpEncryptedDataList = (PGPEncryptedDataList) jcaPGPObjectFactory.nextObject();
            }
        } catch (IOException e) {
            throw new EncryptionException("Could not retrieve the encrupted message body", e);
        }

        // Retrieve the public key encrypted data from the encrypted message body
        PGPPublicKeyEncryptedData pgpPublicKeyEncryptedData =
                (PGPPublicKeyEncryptedData) pgpEncryptedDataList.getEncryptedDataObjects().next();

        // Use the PGPPublicKeyEncryptedData and Secret Key password to decrypt the encoded message
        InputStream decryptedInputStream;
        try {
            decryptedInputStream =
                    pgpPublicKeyEncryptedData.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder()
                            .setProvider("BC")
                            .build(getPrivateKey(getSecretKey(), password)));
        } catch (PGPException e) {
            throw new EncryptionException("Could not decrypt the encoded message from the application " +
                    "Secret Key or the embedded Private Key", e);
        }

        // Convert the InputStream of the decrypted message to a String
        try {
            return IOUtils.toString(decryptedInputStream, StandardCharsets.UTF_8.name());
        } catch (IOException e) {
            throw new EncryptionException("Could not convert the decrypted InputStream to a UTF-8 String", e);
        }
    }

    /**
     * Helper method for retrieving the {@link PGPPublicKey} from the application classpath.
     *
     * @return PGPPublicKey
     * @throws EncryptionException is thrown in the event that the PGP Public Key file does not contain a
     *                             Public Key or if the Public Key cannot be located on the file system
     */
    private PGPPublicKey getPublicKey() throws EncryptionException {

        // Retrieve the application PGP public key file from the classpath
        File publicKeyFile;
        try {
            publicKeyFile = new ClassPathResource("keys/yourpublickey-pub.asc").getFile();
        } catch (IOException e) {
            throw new EncryptionException("Could not retrieve the PGP Public Key from the classpath", e);
        }

        // Read Public Key from the file
        FileInputStream pubKey;
        try {
            pubKey = new FileInputStream(publicKeyFile);
        } catch (FileNotFoundException e) {
            throw new EncryptionException("Could not retrieve the PGP Public Key from the file system", e);
        }

        // Load PGPPublicKey FileInputStream into the PGPPublicKeyRingCollection
        PGPPublicKeyRingCollection pgpPub;
        try {
            pgpPub = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(pubKey),
                    new JcaKeyFingerprintCalculator());
        } catch (IOException | PGPException e) {
            throw new EncryptionException("Could not initialize the PGPPublicKeyRingCollection", e);
        }


        // Retrieve Public Key and evaluate if for the encryption key
        Iterator<PGPPublicKeyRing> keyRingIter = pgpPub.getKeyRings();
        while (keyRingIter.hasNext()) {
            PGPPublicKeyRing keyRing = keyRingIter.next();

            Iterator<PGPPublicKey> keyIter = keyRing.getPublicKeys();
            while (keyIter.hasNext()) {
                PGPPublicKey key = keyIter.next();

                if (key.isEncryptionKey()) {
                    return key;
                }
            }
        }

        throw new EncryptionException("The application PGPPublicKey is not an allowable encryption key");
    }

    /**
     * Helper method for retrieving the signing key {@link PGPSecretKey} from the classpath.
     *
     * @return Signing key {@link PGPSecretKey}
     * @throws EncryptionException is thrown if the Secret Key is not a signing key or if the Secret Key file
     *                             could not be located on the file system
     */
    private PGPSecretKey getSecretKey() throws EncryptionException {

        // Retrieve the application PGP secret key file from the classpath
        File secretKeyFile;
        try {
            secretKeyFile = new ClassPathResource("keys/yoursecretkey-sec.asc").getFile();
        } catch (IOException e) {
            throw new EncryptionException("Could not retrieve the PGP Secret Key from the classpath", e);
        }

        // Read Secret Key file and load it into a PGPPublicKeyRingCollection for evaluation
        FileInputStream secKey;
        try {
            secKey = new FileInputStream(secretKeyFile);
        } catch (FileNotFoundException e) {
            throw new EncryptionException("Could not retrieve the PGP Secret Key from the file system", e);
        }

        // Load PGPSecretKey FileInputStream into the PGPSecretKeyRingCollection
        PGPSecretKeyRingCollection pgpSec;
        try {
            pgpSec = new PGPSecretKeyRingCollection(
                    PGPUtil.getDecoderStream(secKey), new JcaKeyFingerprintCalculator());
        } catch (IOException | PGPException e) {
            throw new EncryptionException("Could not initialize the PGPSecretKeyRingCollection", e);
        }

        // Retrieve signing Secret Key
        Iterator<PGPSecretKeyRing> secretKeyRingIterator = pgpSec.getKeyRings();
        while (secretKeyRingIterator.hasNext()) {
            PGPSecretKeyRing keyRing = secretKeyRingIterator.next();

            Iterator<PGPSecretKey> keyIter = keyRing.getSecretKeys();
            while (keyIter.hasNext()) {
                PGPSecretKey key = keyIter.next();

                if (key.isSigningKey()) {
                    return key;
                }
            }
        }

        throw new EncryptionException("The application PGPSecretKey is not a signing key");
    }

    /**
     * Retrieves the {@link PGPPrivateKey} from the provided {@link PGPSecretKey} and its password.
     *
     * @param secretKey {@link PGPSecretKey}
     * @param password  {@link String}
     * @return PGPPrivateKey
     * @throws EncryptionException is thrown in the event that the password for the {@link PGPSecretKey}
     *                             is incorrect
     */
    private PGPPrivateKey getPrivateKey(PGPSecretKey secretKey, String password) throws EncryptionException {

        PBESecretKeyDecryptor decryptorFactory = new BcPBESecretKeyDecryptorBuilder(
                new BcPGPDigestCalculatorProvider()).build(password.toCharArray());

        try {
            return secretKey.extractPrivateKey(decryptorFactory);
        } catch (PGPException e) {
            throw new EncryptionException("Could not extract the Private Key from the application Secret Key", e);
        }
    }
}
2

我曾遇到类似问题,后来使用了这个实现方案对PGP文件进行加密或解密,效果良好。

我尝试了附上的代码,但它对我没有用。您能否详细说明如何使其工作?我使用 gpg --full-generate-key(默认参数)创建了密钥,并使用 gpg --output test.gpg.pub --armor --export username; gpg --output test.gpg.prv --armor --export-secret-key username; 将其导出到文件中。在解密过程中,我遇到了以下错误:Exception in thread "main" java.io.IOException: unknown PGP public key algorithm encountered。加密过程没有出错,但我无法使用 CLI 解密输出文件:gpg --output test.txt.dec --decrypt test.txt.enc 出现 Unknown system error - Damien Lancry
0

我在使用@TomazStoiljkovic推荐的实现时遇到了问题, 所以我最终使用了 this one。 当我用gpg --gen-key生成密钥时,我首先遇到了一些问题。 这是因为gpg默认使用的密钥类型是ECC(签名和加密)。而这个实现不支持它。相反,请使用gpg --full-generate-key。然后,在提示时:

Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)

选择(1)或(2)或(4)。 然后使用以下代码将其导出到文件中:

gpg --output key.pub --armor --export <username>; gpg --output key.prv --armor --export-secret-key <username>;
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接