当前位置: 首页 > 工具软件 > GnuPG > 使用案例 >

Gnupg加解密.java实现

霍永年
2023-12-01

使用java实现gnupg对文件的加解密

yilai

<!--    Gnupg依赖-->
        </dependency>
            <dependency>
                <groupId>org.bouncycastle</groupId>
                <artifactId>bcpg-jdk15on</artifactId>
                <version>1.50</version>
            </dependency>
 <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
            <dependency>
                <groupId>org.bouncycastle</groupId>
                <artifactId>bcprov-jdk15on</artifactId>
                <version>1.50</version>
            </dependency>

interface

package com.jkhl.infrastructure.common.encryDncryServer;


import org.bouncycastle.openpgp.*;
import java.io.*;
import java.security.GeneralSecurityException;
import java.security.NoSuchProviderException;


/**
 * 加解密
 * BY:该功能基于系统gnupg服务
 */
public interface IEncryDecryService {


    default PGPPublicKey readPublicKey(InputStream input) throws IOException, PGPException {
        return null;
    }

    /**
     * Load a secret key ring collection from keyIn and find the secret key corresponding to
     * keyID if it exists.
     *
     * @param keyIn input stream representing a key ring collection.
     * @param keyID keyID we want.
     * @param pass  passphrase to decrypt secret key with.
     * @return
     * @throws IOException
     * @throws PGPException
     * @throws NoSuchProviderException
     */
    default PGPPrivateKey findSecretKey(InputStream keyIn, long keyID, char[] pass) throws IOException, PGPException, NoSuchProviderException {
        return null;
    }

    /**
     * @param in     已加密文件,待解密文件
     * @param out    解密后要存储的文件
     * @param keyIn  gpg-私钥文件
     * @param passwd gpg-私钥文件对应的密码
     * @throws Exception
     */
    default void decryptFile(InputStream in, OutputStream out, InputStream keyIn, char[] passwd) throws Exception {
    }

    /**
     * @param out                加密完成后->存储的目标文件
     * @param filePath           需要加密的明文文件
     * @param encKey             PGPPublicKey类型的公钥;依赖readPublicKey()方法获得
     * @param armor              是否使用公钥和私钥加解密;建议为true
     * @param withIntegrityCheck 是否进行完整性检查
     * @throws IOException
     * @throws NoSuchProviderException
     * @throws PGPException
     */
    default void encryptFile(OutputStream out, String filePath, PGPPublicKey encKey, boolean armor, boolean withIntegrityCheck) throws IOException, NoSuchProviderException, PGPException {
    }

    /**
     * 分段写入
     *
     * @param is
     * @return
     * @throws IOException
     */
    default byte[] inputStreamToByteArray(InputStream is) throws IOException {
        return null;
    }


    /**
     * verify the signature in in against the file fileName.
     */
    default boolean verifySignature(String fileName, byte[] b, InputStream keyIn) throws GeneralSecurityException, IOException, PGPException {
        return false;
    }

    default PGPSecretKey readSecretKey(InputStream input) throws IOException, PGPException {
        return null;
    }

    default byte[] createSignature(String fileName, InputStream keyIn, char[] pass, boolean armor) throws GeneralSecurityException, IOException, PGPException {
        return null;
    }


    /**
     * 生成签名文件
     *
     * @param filePath       签名文件路径
     * @param privateKeyPath 私钥路径
     * @param outFilePath    输出证书路径
     *                       证书名称必须与签名文件名称一样 多后缀: .asc
     *                       比如: 签名文件为:di.ova   那么生成的证书必须为: di.ova.asc
     * @param passWord       证书密码
     * @return 证书字节数组
     */
    default byte[] signatureCreate(String filePath, String privateKeyPath, String outFilePath, String passWord) {
        return null;
    }

    /**
     * 签名验证
     *
     * @param filePath      被签名的文件路径
     * @param publicKeyPath 公钥路径
     * @param signFilePath  签名文件路径
     * @return 是否通过
     */
    default boolean verifySignature(String filePath, String publicKeyPath, String signFilePath) {
        return false;
    }


}

实现

package com.jkhl.infrastructure.common.encryDncryServer;

import java.io.*;
import java.security.GeneralSecurityException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Iterator;
 
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.springframework.stereotype.Service;

/**
 * pgp 加解密
 */
@Service
public class EncryDecryServiceByGnupg implements IEncryDecryService{
 
    private static EncryDecryServiceByGnupg INSTANCE = null;
 
    public static EncryDecryServiceByGnupg getInstance() {
        if (INSTANCE == null) {
            INSTANCE = new EncryDecryServiceByGnupg();
        }
        return INSTANCE;
    }

    public EncryDecryServiceByGnupg() {}



    @Override
    public PGPPublicKey readPublicKey(InputStream input) throws IOException, PGPException {
        input = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(input);
        PGPPublicKeyRingCollection pgpPub = new PGPPublicKeyRingCollection(input);

        PGPPublicKey key = null;
        Iterator<PGPPublicKeyRing> rIt = pgpPub.getKeyRings();
        while (key == null && rIt.hasNext()) {
            PGPPublicKeyRing kRing = rIt.next();
            Iterator<PGPPublicKey> kIt = kRing.getPublicKeys();
            while (key == null && kIt.hasNext()) {
                PGPPublicKey k = kIt.next();
                if (k.isEncryptionKey()) {
                    key = k;
                }
            }
        }
        if (key == null) {
            throw new IllegalArgumentException("Can't find encryption key in key ring.");
        }
        return key;
    }
 
    /**
     * Load a secret key ring collection from keyIn and find the secret key corresponding to
     * keyID if it exists.
     *
     * @param keyIn input stream representing a key ring collection.
     * @param keyID keyID we want.
     * @param pass  passphrase to decrypt secret key with.
     * @return
     * @throws IOException
     * @throws PGPException
     * @throws NoSuchProviderException
     */
    @Override
    public PGPPrivateKey findSecretKey(InputStream keyIn, long keyID, char[] pass) throws IOException, PGPException, NoSuchProviderException {
        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(org.bouncycastle.openpgp.PGPUtil.getDecoderStream(keyIn));
        PGPSecretKey pgpSecKey = pgpSec.getSecretKey(keyID);
        if (pgpSecKey == null) {
            return null;
        }
        PBESecretKeyDecryptor a = new JcePBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider("BC").build()).setProvider("BC").build(pass);
        return pgpSecKey.extractPrivateKey(a);
    }

    /**
     *
     * @param in 已加密文件,待解密文件
     * @param out 解密后要存储的文件
     * @param keyIn gpg-私钥文件
     * @param passwd gpg-私钥文件对应的密码
     * @throws Exception
     */
    @Override
    public  void decryptFile(InputStream in, OutputStream out, InputStream keyIn, char[] passwd) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        in = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(in);
        PGPObjectFactory pgpF = new PGPObjectFactory(in);
        PGPEncryptedDataList enc;
        Object o = pgpF.nextObject();

        // the first object might be a PGP marker packet.
        if (o instanceof PGPEncryptedDataList) {
            enc = (PGPEncryptedDataList) o;
        } else {
            enc = (PGPEncryptedDataList) pgpF.nextObject();
        }

        // find the secret key
        Iterator<PGPPublicKeyEncryptedData> it = enc.getEncryptedDataObjects();
        PGPPrivateKey sKey = null;
        PGPPublicKeyEncryptedData pbe = null;
 
        while (sKey == null && it.hasNext()) {
            pbe = it.next();
            sKey = findSecretKey(keyIn, pbe.getKeyID(), passwd);
        }
 
        if (sKey == null) {
            throw new IllegalArgumentException("Secret key for message not found.");
        }
 
        PublicKeyDataDecryptorFactory b = new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").setContentProvider("BC").build(sKey);
        InputStream clear = pbe.getDataStream(b);
        PGPObjectFactory plainFact = new PGPObjectFactory(clear);
        Object message = plainFact.nextObject();
 
        if (message instanceof PGPCompressedData) {
            PGPCompressedData cData = (PGPCompressedData) message;
            PGPObjectFactory pgpFact = new PGPObjectFactory(cData.getDataStream());
            message = pgpFact.nextObject();
        }
 
        if (message instanceof PGPLiteralData) {
            PGPLiteralData ld = (PGPLiteralData) message;
            InputStream unc = ld.getInputStream();
            int ch;
            while ((ch = unc.read()) >= 0) {
                out.write(ch);
            }
        } else if (message instanceof PGPOnePassSignatureList) {
            throw new PGPException("Encrypted message contains a signed message - not literal data.");
        } else {
            throw new PGPException("Message is not a simple encrypted file - type unknown.");
        }
 
        if (pbe.isIntegrityProtected()) {
            if (!pbe.verify()) {
                throw new PGPException("Message failed integrity check");
            }
        }
    }

    /**
     *
     * @param out 加密完成后->存储的目标文件
     * @param filePath 需要加密的明文文件
     * @param encKey PGPPublicKey类型的公钥;依赖readPublicKey()方法获得
     * @param armor 是否使用公钥和私钥加解密;建议为true
     * @param withIntegrityCheck 是否进行完整性检查
     * @throws IOException
     * @throws NoSuchProviderException
     * @throws PGPException
     */
    @Override
    public void encryptFile(OutputStream out, String filePath, PGPPublicKey encKey, boolean armor, boolean withIntegrityCheck) throws IOException, NoSuchProviderException, PGPException {
        Security.addProvider(new BouncyCastleProvider());
 
        if (armor) {
            out = new ArmoredOutputStream(out);
        }
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        PGPCompressedDataGenerator comData = new PGPCompressedDataGenerator(PGPCompressedData.ZIP);
        org.bouncycastle.openpgp.PGPUtil.writeFileToLiteralData(comData.open(bOut), PGPLiteralData.BINARY, new File(filePath));
        comData.close();

        JcePGPDataEncryptorBuilder c = new JcePGPDataEncryptorBuilder(PGPEncryptedData.CAST5).setWithIntegrityPacket(withIntegrityCheck).setSecureRandom(new SecureRandom()).setProvider("BC");
        PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(c);
        JcePublicKeyKeyEncryptionMethodGenerator d = new JcePublicKeyKeyEncryptionMethodGenerator(encKey).setProvider(new BouncyCastleProvider()).setSecureRandom(new SecureRandom());

        cPk.addMethod(d);
        byte[] bytes = bOut.toByteArray();
        OutputStream cOut = cPk.open(out, bytes.length);
        cOut.write(bytes);
        cOut.close();
        out.close();
    }

    /**
     * 分段写入
     * @param is
     * @return
     * @throws IOException
     */
    @Override
    public byte[] inputStreamToByteArray(InputStream is) throws IOException {
 
        ByteArrayOutputStream buffer = new ByteArrayOutputStream();
 
        int nRead;
        byte[] data = new byte[1024];
 
        while ((nRead = is.read(data, 0, data.length)) != -1) {
            buffer.write(data, 0, nRead);
        }
        buffer.flush();
        return buffer.toByteArray();
    }
 
 
    /**
     * verify the signature in in against the file fileName.
     */
    @Override
    public boolean verifySignature(String fileName, byte[] b, InputStream keyIn) throws GeneralSecurityException, IOException, PGPException {
        //in = PGPUtil.getDecoderStream(in);
 
        PGPObjectFactory pgpFact = new PGPObjectFactory(b);
        PGPSignatureList p3 = null;
 
        Object o = pgpFact.nextObject();
        if (o instanceof PGPCompressedData) {
            PGPCompressedData c1 = (PGPCompressedData) o;
 
            pgpFact = new PGPObjectFactory(c1.getDataStream());
 
            p3 = (PGPSignatureList) pgpFact.nextObject();
        } else {
            p3 = (PGPSignatureList) o;
        }
 
        PGPPublicKeyRingCollection pgpPubRingCollection = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(keyIn));
        InputStream dIn = new BufferedInputStream(new FileInputStream(fileName));
        PGPSignature sig = p3.get(0);
        PGPPublicKey key = pgpPubRingCollection.getPublicKey(sig.getKeyID());
 
        sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider(new BouncyCastleProvider()), key);
 
        int ch;
        while ((ch = dIn.read()) >= 0) {
            sig.update((byte) ch);
        }
 
        dIn.close();
 
        if (sig.verify()) {
            return true;
        } else {
            return false;
        }
    }

    @Override
    public PGPSecretKey readSecretKey(InputStream input) throws IOException, PGPException {
        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(input));
 
        //
        // we just loop through the collection till we find a key suitable for encryption, in the real
        // world you would probably want to be a bit smarter about this.
        //
 
        Iterator keyRingIter = pgpSec.getKeyRings();
        while (keyRingIter.hasNext()) {
            PGPSecretKeyRing keyRing = (PGPSecretKeyRing) keyRingIter.next();
 
            Iterator keyIter = keyRing.getSecretKeys();
            while (keyIter.hasNext()) {
                PGPSecretKey key = (PGPSecretKey) keyIter.next();
 
                if (key.isSigningKey()) {
                    return key;
                }
            }
        }
 
        throw new IllegalArgumentException("Can't find signing key in key ring.");
    }
    @Override
    public byte[] createSignature(String fileName, InputStream keyIn, char[] pass, boolean armor) throws GeneralSecurityException, IOException, PGPException {
 
 
        PGPSecretKey pgpSecKey = readSecretKey(keyIn);
        PGPPrivateKey pgpPrivKey = pgpSecKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider(new BouncyCastleProvider()).build(pass));
        PGPSignatureGenerator sGen = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(pgpSecKey.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1).setProvider(new BouncyCastleProvider()));
 
 
        sGen.init(PGPSignature.BINARY_DOCUMENT, pgpPrivKey);
 
        ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
        ArmoredOutputStream aOut = new ArmoredOutputStream(byteOut);
 
 
        BCPGOutputStream bOut = new BCPGOutputStream(byteOut);
 
        InputStream fIn = new BufferedInputStream(new FileInputStream(fileName));
 
        int ch;
        while ((ch = fIn.read()) >= 0) {
            sGen.update((byte) ch);
 
        }
 
        aOut.endClearText();
 
        fIn.close();
 
        sGen.generate().encode(bOut);
 
        if (armor) {
            aOut.close();
        }
 
        return byteOut.toByteArray();
    }
 
 
    /**
     * 生成签名文件
     *
     * @param filePath       签名文件路径
     * @param privateKeyPath 私钥路径
     * @param outFilePath    输出证书路径
     *                       证书名称必须与签名文件名称一样 多后缀: .asc
     *                       比如: 签名文件为:di.ova   那么生成的证书必须为: di.ova.asc
     * @param passWord       证书密码
     * @return 证书字节数组
     */
    @Override
    public  byte[] signatureCreate(String filePath, String privateKeyPath, String outFilePath, String passWord) {
 
        try {
            FileInputStream privKeyIn = new FileInputStream(privateKeyPath);
            FileOutputStream signatureOut = new FileOutputStream(outFilePath);
            byte[] sig = EncryDecryServiceByGnupg.getInstance().createSignature(filePath, privKeyIn, passWord.toCharArray(), true);
            signatureOut.write(sig);
            signatureOut.flush();
            signatureOut.close();
            privKeyIn.close();
            return sig;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }
 
    /**
     * 签名验证
     *
     * @param filePath      被签名的文件路径
     * @param publicKeyPath 公钥路径
     * @param signFilePath  签名文件路径
     * @return 是否通过
     */
    @Override
    public  boolean verifySignature(String filePath, String publicKeyPath, String signFilePath) {
        try {
            FileInputStream pubKeyIs = new FileInputStream(publicKeyPath);
            FileInputStream signFile = new FileInputStream(signFilePath);
            byte[] signFileBytes = new byte[signFile.available()];
            signFile.read(signFileBytes);
            final boolean verifyResult = EncryDecryServiceByGnupg.getInstance().verifySignature(filePath, signFileBytes, pubKeyIs);
            signFile.close();
            pubKeyIs.close();
            return verifyResult;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }


}

测试demo

package com.jkhl.infrastructure.common.encryDncryServer;

import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;

import java.io.*;
import java.security.NoSuchProviderException;

public class PgpTestDemo {




    private static EncryDecryServiceByGnupg encryDecryServiceByGnupg = new EncryDecryServiceByGnupg();
    static String path = "/data/";
    private static final String  todoSignFilePath = path + "test1.txt";
    private static final String  todoEncryFilePath = path + "test1.txt";
    private static final String  privateKeyFilePath = path + "private-file.key";
    private static final String  publicKeyFilePath = path + "public-file.key";
    private static final String  passWord = "你的密码";
    private static final String  doneSignFilePath = path + "test_en.txt";
    private static final String  doneEncryFilePath = path + "test1_encryed.txt";
    private static final String  doneDecryFilePath = path + "test1_encryed_decryed.txt";

    public static void main(String[] args) throws Exception {

        addSigunature();
        verifySigunature();
        encryptFile();
        decryptFile();
    }

    public static void addSigunature() {
        byte[] sign = encryDecryServiceByGnupg.signatureCreate(
                todoSignFilePath,
                privateKeyFilePath,
                doneSignFilePath,
                passWord);
        System.out.println(new String(sign));
    }

    public static void verifySigunature() {
        boolean flag = encryDecryServiceByGnupg.verifySignature(
                todoSignFilePath,
                publicKeyFilePath,
                doneSignFilePath);

        System.out.println(flag);
    }


    public static void encryptFile() {
        try {
            PGPPublicKey pgpPublicKey = encryDecryServiceByGnupg.readPublicKey(new FileInputStream(publicKeyFilePath));
            OutputStream os = new FileOutputStream(new File(doneEncryFilePath));
            encryDecryServiceByGnupg.encryptFile(os, todoEncryFilePath, pgpPublicKey, true, true);
        } catch (IOException e) {
            e.printStackTrace();
        } catch (PGPException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        }

    }

    public static void decryptFile() throws Exception {
        encryDecryServiceByGnupg.decryptFile(new FileInputStream(new File(doneEncryFilePath)),
                new FileOutputStream(new File(doneDecryFilePath)),
                new FileInputStream(new File(privateKeyFilePath)),
                "jkhl@2022".toCharArray());
    }

}

 类似资料: