问题：

无法gpg解密bouncycastlepgp加密消息

贝滨海

2023-03-14

$ gpg --gen-key
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Foo Bar
Email address: foo@bar.com
Comment: Test Key
You selected this USER-ID:
    "Foo Bar (Test Key) <foo@bar.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
public and secret key created and signed.

pub   2048R/79CC322A 2017-08-17
      Key fingerprint = 93B9 0D06 08D2 EB84 9F83  4CD3 A470 748E 79CC 322A
uid       [ unknown] Foo Bar (Test Key) <foo@bar.com>
sub   2048R/21B41E21 2017-08-17
$

private PGPPublicKey resolvePgpPublicKey(byte[] pgpKeyBytes) throws IOException, PGPException {
  PGPPublicKeyRingCollection keyRingCollection;
  try (InputStream in = PGPUtil.getDecoderStream(new ByteArrayInputStream(pgpKeyBytes))) {
    keyRingCollection = new PGPPublicKeyRingCollection(
        PGPUtil.getDecoderStream(in), new JcaKeyFingerprintCalculator());
  }

  Iterator<?> keyRingIterator = keyRingCollection.getKeyRings();
  while (keyRingIterator.hasNext()) {
    PGPPublicKeyRing keyRing = (PGPPublicKeyRing) keyRingIterator.next();

    Iterator<?> keyIterator = keyRing.getPublicKeys();
    while (keyIterator.hasNext()) {
      PGPPublicKey key = (PGPPublicKey) keyIterator.next();
      if (key.isMasterKey()) {
        continue;
      }
      if (key.isEncryptionKey()) {
        return key;
      }
    }
  }
  throw new ServiceRequestException("Cannot resolve PGPPublicKey");
}

private byte[] encryptKeyBytes(byte[] keyBytes, byte[] pgpKey) throws GeneralSecurityException {
  ByteArrayOutputStream encKeyBytes = new ByteArrayOutputStream(keyBytes.length);

  try (Handle<SecureRandom> randomHandle = RngSupport.getRandom()) {
    JcePGPDataEncryptorBuilder encryptorBuilder =
        new JcePGPDataEncryptorBuilder(PGPEncryptedDataGenerator.AES_256);
    encryptorBuilder.setWithIntegrityPacket(true);
    encryptorBuilder.setSecureRandom(randomHandle.getObject());
    encryptorBuilder.setProvider("BC");

    PGPEncryptedDataGenerator encryptor = new PGPEncryptedDataGenerator(encryptorBuilder);
    try {
      JcePublicKeyKeyEncryptionMethodGenerator keyEncryptionMethodGenerator =
          new JcePublicKeyKeyEncryptionMethodGenerator(resolvePgpPublicKey(pgpKey));
      keyEncryptionMethodGenerator.setProvider("BC");
      encryptor.addMethod(keyEncryptionMethodGenerator);
      try (
          OutputStream ao = new ArmoredOutputStream(encKeyBytes);
          OutputStream eo = encryptor.open(ao, keyBytes.length)) {
        eo.write(BytesSupport.encodeHex(keyBytes).getBytes(StandardCharsets.UTF_8));
      }
    } catch (ServiceRequestException e) {
      throw e;
    } catch (Exception e) {
      throw new GeneralSecurityException("Cannot perform PGP encryption", e);
    }
  }

  return encKeyBytes.toByteArray();
}

6）当我尝试解密消息时，我得到两个“gpg:[不知道]:无效数据包”消息，解密失败：

$ gpg -vv --decrypt /tmp/ct.asc
gpg: armor: BEGIN PGP MESSAGE
Version: BCPG v@RELEASE_NAME@
:pubkey enc packet: version 3, algo 1, keyid 46B51E4921B41E21
    data: [2046 bits]
gpg: armor header:
gpg: public key is 21B41E21
gpg: using subkey 21B41E21 instead of primary key 79CC322A

You need a passphrase to unlock the secret key for
user: "Foo Bar (Test Key) <foo@bar.com>"
gpg: using subkey 21B41E21 instead of primary key 79CC322A
2048-bit RSA key, ID 21B41E21, created 2017-08-17 (main key ID 79CC322A)

gpg: no running gpg-agent - starting one
gpg: public key encrypted data: good DEK
:encrypted data packet:
    length: 57
    mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID 21B41E21, created 2017-08-17
      "Foo Bar (Test Key) <foo@bar.com>"
gpg: AES256 encrypted data
gpg: [don't know]: invalid packet (ctb=39)
gpg: decryption okay
gpg: [don't know]: invalid packet (ctb=44)
$

共有1个答案

孙佐

2023-03-14

encryptkeybytes实现（加密PGP消息的构建位置）的问题是，它按原样写入纯文本消息的八位字节，而不是文字数据，因此在解密尝试期间会出现协议错误。

正确的实现如下所示：

private byte[] encryptKeyBytes(String keyName, byte[] keyBytes, byte[] pgpKey)
    throws GeneralSecurityException {
  ByteArrayOutputStream encKeyBytes = new ByteArrayOutputStream(keyBytes.length);

  try (Handle<SecureRandom> randomHandle = RngSupport.getRandom()) {
    JcePGPDataEncryptorBuilder encryptorBuilder =
        new JcePGPDataEncryptorBuilder(PGPEncryptedDataGenerator.AES_256);
    encryptorBuilder.setWithIntegrityPacket(true);
    encryptorBuilder.setSecureRandom(randomHandle.getObject());
    encryptorBuilder.setProvider("BC");

    PGPEncryptedDataGenerator encryptor = new PGPEncryptedDataGenerator(encryptorBuilder);
    try {
      JcePublicKeyKeyEncryptionMethodGenerator keyEncryptionMethodGenerator =
          new JcePublicKeyKeyEncryptionMethodGenerator(resolvePgpPublicKey(pgpKey));
      keyEncryptionMethodGenerator.setProvider("BC");
      encryptor.addMethod(keyEncryptionMethodGenerator);

      PGPLiteralDataGenerator dataGenerator = new PGPLiteralDataGenerator();
      byte[] data = BytesSupport.encodeHex(keyBytes).getBytes(StandardCharsets.UTF_8);
      try (
          OutputStream ao = new ArmoredOutputStream(encKeyBytes);
          OutputStream eo = encryptor.open(ao, keyBytes.length);
          OutputStream go = dataGenerator.open(
              eo, PGPLiteralData.UTF8, keyName, data.length, new Date())) {
        go.write(data);
      }
    } catch (ServiceRequestException e) {
      throw e;
    } catch (Exception e) {
      throw new GeneralSecurityException("Cannot perform PGP encryption on the content key", e);
    }
  }

  return encKeyBytes.toByteArray();
}

请注意PGPLiteralDataGenerator的使用，它是提供消息字节写入的输出流的抽象。

类似资料：

gpg：加密/解密失败

我尝试在服务器上进行gpg加密/解密，对于加密，我使用以下命令行：我想要找到原因：同一个用户有2个不同的密钥和1个秘密密钥。但现在又出现了一个问题：我删除了错误的键，并再次进行相同的测试。解密后的答案是：您需要一个密码短语来解锁用户的密钥：“Droli Mail_Adress”2048位RSA密钥，ID 6D2F1BE9，创建2017-07-19（主密钥ID 09C41BAC) 没有关于gp
使用bouncy-gpg和PCKS12密钥加密和解密

我对使用bouncy-gpg和PCKS12密钥的加密和描述的实现有麻烦。现在我有了PCKS12密钥（扩展名:.p12)。从这个密钥，我能够获得公钥和私钥。否则，bouncy-gpg需要使用gpg密钥。如何在bouncy-gpg中使用p12文件？如果有任何建议，我将不胜感激。多谢了。
Enigmail GPG错误-GPG：解密失败：密钥不可用

我有一个全新的Linux Mint14安装。已安装Thunderbird&Enigmail。我试着删除我的密钥并重新移植它。我试着改变各种设置。但我想不出问题出在哪里。我以前使用过Linux/Thunderbird/Enigmail，从来没有出现过这个错误。
PythonGnuPG生成密钥，加密和解密消息

使用Python-GnuPG我想 null 不幸的是,加密返回错误：但它仍然生成加密ASCII铠甲消息,如果解密结果为对象,则bool值为属性,并包含以下属性：不确定错误发生的确切位置以及如何处理
HDCP加密/解密算法

英特尔证实HDCP（高频宽数字内容保护）主密钥已经泄漏，现在研究人员在BSD许可证下发布了HDCP加密/解密算法的开源实现。他们表示公布软件的目的是帮助其他人研究或实现HDCP协议。主密钥： 6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9 82592e77a204a8 146a6970e3c4a
thinkphp微信开发（消息加密解密）

本文向大家介绍thinkphp微信开发（消息加密解密），包括了thinkphp微信开发（消息加密解密）的使用技巧和注意事项，需要的朋友参考一下使用thinkphp官方的WeChat包，使用不同模式可以成功，但是安全模式就是不行，现将分析解决结果做下记录。分析问题：解密微信服务器消息老是不成功，下载下微信公众平台官方给出的解密文件和WechatCrypt.class.php

无法gpg解密bouncycastlepgp加密消息

共有1个答案

相关问答

相关文章

相关阅读

相关工具

相关文档