下面是一段摘自《Java密码学:工具与技术》(作者为David Hook和Jon Eaves)源代码的完整示例。
所有示例的完整源代码可以在这里下载:
https://www.bouncycastle.org/java-crypto-tools-src.zip
这些示例展示了使用El Gamal或椭圆曲线进行私钥/公钥创建以及使用AES-256进行加密。
在ecExample方法中,我添加了两行代码,将加密字符串保存到文件“pgp-encrypted-string.dat”,然后重新加载数据以解密文件并显示解密后的字符串。
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.io.Streams;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
public class PGPEncryptionExampleForSO
{
public static byte[] createEncryptedData(
PGPPublicKey encryptionKey,
byte[] data)
throws PGPException, IOException
{
PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(
new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256)
.setWithIntegrityPacket(true)
.setSecureRandom(new SecureRandom()).setProvider("BC"));
encGen.addMethod(
new JcePublicKeyKeyEncryptionMethodGenerator(encryptionKey)
.setProvider("BC"));
ByteArrayOutputStream encOut = new ByteArrayOutputStream();
OutputStream cOut = encGen.open(encOut, new byte[4096]);
PGPLiteralDataGenerator lData = new PGPLiteralDataGenerator();
OutputStream pOut = lData.open(
cOut, PGPLiteralData.BINARY,
PGPLiteralData.CONSOLE, data.length, new Date());
pOut.write(data);
pOut.close();
cOut.close();
return encOut.toByteArray();
}
public static byte[] extractPlainTextData(
PGPPrivateKey privateKey,
byte[] pgpEncryptedData)
throws PGPException, IOException
{
PGPObjectFactory pgpFact = new JcaPGPObjectFactory(pgpEncryptedData);
PGPEncryptedDataList encList = (PGPEncryptedDataList)pgpFact.nextObject();
PGPPublicKeyEncryptedData encData = null;
for (PGPEncryptedData pgpEnc: encList)
{
PGPPublicKeyEncryptedData pkEnc
= (PGPPublicKeyEncryptedData)pgpEnc;
if (pkEnc.getKeyID() == privateKey.getKeyID())
{
encData = pkEnc;
break;
}
}
if (encData == null)
{
throw new IllegalStateException("matching encrypted data not found");
}
PublicKeyDataDecryptorFactory dataDecryptorFactory =
new JcePublicKeyDataDecryptorFactoryBuilder()
.setProvider("BC")
.build(privateKey);
InputStream clear = encData.getDataStream(dataDecryptorFactory);
byte[] literalData = Streams.readAll(clear);
clear.close();
if (encData.verify())
{
PGPObjectFactory litFact = new JcaPGPObjectFactory(literalData);
PGPLiteralData litData = (PGPLiteralData)litFact.nextObject();
byte[] data = Streams.readAll(litData.getInputStream());
return data;
}
throw new IllegalStateException("modification check failed");
}
private static void elgamalExample()
throws Exception
{
byte[] msg = Strings.toByteArray("Hello, world!");
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DH", "BC");
kpGen.initialize(2048);
KeyPair kp = kpGen.generateKeyPair();
PGPKeyPair elgKp = new JcaPGPKeyPair(
PGPPublicKey.ELGAMAL_ENCRYPT, kp, new Date());
byte[] encData = createEncryptedData(elgKp.getPublicKey(), msg);
byte[] decData = extractPlainTextData(elgKp.getPrivateKey(), encData);
System.out.println("elgamal encryption msg length: " + msg.length + " enc.length: " + encData.length + " dec.length: " + decData.length);
System.out.println(Strings.fromByteArray(decData));
}
private static void ecExample()
throws Exception
{
byte[] msg = Strings.toByteArray("Hello, world!");
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");
kpGen.initialize(new ECGenParameterSpec("P-256"));
KeyPair kp = kpGen.generateKeyPair();
PGPKeyPair ecdhKp = new JcaPGPKeyPair(PGPPublicKey.ECDH, kp, new Date());
byte[] encData = createEncryptedData(ecdhKp.getPublicKey(), msg);
Files.write(Paths.get("pgp-encrypted-string.dat"), encData);
byte[] encDataLoad = Files.readAllBytes(Paths.get("pgp-encrypted-string.dat"));
byte[] decData = extractPlainTextData(ecdhKp.getPrivateKey(), encDataLoad);
System.out.println("ec encryption msg length: " + msg.length + " enc.length: " + encData.length + " dec.length: " + decData.length);
System.out.println(Strings.fromByteArray(decData));
}
public static void main(String[] args)
throws Exception
{
Security.addProvider(new BouncyCastleProvider());
System.out.println("Example from Java Cryptography: Tools and Techniques by David Hook & Jon Eaves");
System.out.println("get source files: https://www.bouncycastle.org/java-crypto-tools-src.zip");
elgamalExample();
ecExample();
}
}
这是简短输出:
Example from Java Cryptography: Tools and Techniques by David Hook & Jon Eaves
get source files: https://www.bouncycastle.org/java-crypto-tools-src.zip
elgamal encryption msg length: 13 enc.length: 601 dec.length: 13
Hello, world!
ec encryption msg length: 13 enc.length: 200 dec.length: 13
Hello, world!
新增: 我现在理解你有一个类似于字符串的
This string needs an encryption
如果您想使用RSA PGP公钥对其进行加密:
Version: BCPG v1.65
mI0EXr/nDgEEAKhB6ufAB954aBIlNjPCsryzUVLu0qkC/1RtnFHf+J6IVegV8Wi7
28V074inQcw6o6FTLtFTaLRP4+3eXNATdjGSjrvcP7k+nu50vydugHv43fPuCiZ7
6gbbMTE9gPiLPA2pS+SmQJnr9hOrD5rzwYP1yNNIsRJ9qmU5NeZyu+szABEBAAG0
DHRlc3RpZGVudGl0eYicBBABAgAGBQJev+cOAAoJEPBDuyqTbz/gY0YD/R+gDkfe
qPgNuk6iI2wLSGEeZRXr6Ru1cyG73CRvz7BjCpwWx039AdQzP9gkeo6MEj8Z0c73
obqEP8NtvvOcwC7+/QiGLTR2mgCsNhk54+iCGsvNbkpkr/rRoYZGyvb+rxui0A61
DCB1w5hdnyMg2OglFNrkaPfpNjMsTebfF5eS
=h1+m
并获取加密字符串
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.65
hIwD8EO7KpNvP+ABA/9JkOE9PDyS/kr/lZ1Uz+NCSe1JiNcKCXjbsUbvP8CT7Tf1
cKlgzIz1mQjdpkBtVpVhEnEjmUzFy2UCRKr4b4Wx7/1UL+370CICW5HgMoi5TgTg
MYRy5I9Uba/+JxcusjWB1JJHP4ofULziXRKLWAoSPLlglZDzSmV88hNo19rl39JZ
AbMhIS2edM9hHICefL/Yaiq90hGjKMRReVopu2tPUjNLGYP7QABAvWb3WQJMZoYT
HEsyjHxeyYQylAdYB7pWQA0++Z803iclvM3skN8FBt64ebDkqfxgbhs=
=je0r
-----END PGP MESSAGE-----
现在您想使用Kleoptatra在线(例如https://sela.io/pgp-en/)或使用RSA PGP私钥和密码123456在Java中解密此消息:
Version: BCPG v1.65
lQH+BF6/5w4BBACoQernwAfeeGgSJTYzwrK8s1FS7tKpAv9UbZxR3/ieiFXoFfFo
u9vFdO+Ip0HMOqOhUy7RU2i0T+Pt3lzQE3Yxko673D+5Pp7udL8nboB7+N3z7gom
e+oG2zExPYD4izwNqUvkpkCZ6/YTqw+a88GD9cjTSLESfaplOTXmcrvrMwARAQAB
/gMDAhhcE1oF/u8YYExKGLgriK5JpUUSsMFU0AOHP9/zZQr09437V0f/F4J87+9s
G30lDRikGwynEGRnAvIVwqq2F+iarKGGHCZCRgbyufXS7VK6wE/43lR0kSwA2VIM
ll/KbQKP1cSZv0rqtJ1tGL7cDHFEwq10gM4Bn75HOKyBzE9oERRKz37noAECsAZn
xuXGlEB5noqTT00RxsHjBA5Os04CtEz9N+OMrg47IR7AzSQUe90lG2F6W71dhJ6V
jQaf7D6JFU3dOWPW1eBb5FQhgYF92CFRizJ42lDCiTfl2FQU49MlwLd2ofNneuPo
aVuPoYUNKwbasyx4fo2vh6rrMyxmncCizMExvh6GIVgYd7EK9s6Gxq/duuOvly4O
ZAyIY2MOon0bDXxAYR2q/wdQLamnP7rAR4uMu24m/iOuBj6wwTR8v8hhsFFTp/4u
tebwWzLnPyyBYStnTF5IZ9ZJeVl5S3zdzNcrP9g8yXtItAx0ZXN0aWRlbnRpdHmI
nAQQAQIABgUCXr/nDgAKCRDwQ7sqk28/4GNGA/0foA5H3qj4DbpOoiNsC0hhHmUV
6+kbtXMhu9wkb8+wYwqcFsdN/QHUMz/YJHqOjBI/GdHO96G6hD/Dbb7znMAu/v0I
hi00dpoArDYZOePoghrLzW5KZK/60aGGRsr2/q8botAOtQwgdcOYXZ8jINjoJRTa
5Gj36TYzLE3m3xeXkg==
=y/tQ
并获取解密后的字符串:
This string needs an encryption
在Java中进行加密/解密,幸运的是,在BouncyCastle Github-Repo中有可用的示例文件:
https://github.com/bcgit/bc-java/blob/master/pg/src/main/java/org/bouncycastle/openpgp/examples/。您可能需要使用RSA (RSAKeyPairGenerator.java)或ElGamal (DSAElGamalKeyRingGenerator.java)创建新的PGP-密钥对。使用生成的密钥,您可以使用KeyBasedFileProcessor.java和必要的PGPExampleUtil.java进行加密或解密。
我使用“-a testidentity 123456”的参数创建了RSA密钥文件,使用“-e -ai plaintext.txt rsa_pub.asc”进行加密,使用“-d plaintext.txt.asc rsa_secret.asc 123456”进行解密。