当前位置: 首页 > 知识库问答 >
问题:

Java:使用Bouncy Castle的PGP加密

袁志专
2023-03-14

我正在尝试使用PGP实现加密,我的encrypt方法成功地加密了输入字符串,但当我尝试解密它以验证加密是否正确时,字符串没有被解密。

我尝试了两种方法:

我假设只有直接由OutputStream创建的文件能够成功解密。但我必须真的检查加密字符串。

如有任何帮助,我们将不胜感激。

共有1个答案

诸葛皓
2023-03-14

下面的完整示例摘自David Hook和Jon Eaves的“Java密码学:工具和技术”一书的源代码。包含所有示例的完整源代码可在以下网址获得:https://www.bouncycastle.org/java-crypto-tools-src.zip

示例显示了使用El Gamal或椭圆曲线创建私钥/公钥以及使用AES-256加密。在ecExample-method中,我添加了两行代码,将加密的字符串保存到文件“pgp-encrypted-string.dat”中,然后重新加载数据以对文件进行解密并显示解密的字符串。

import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.io.Streams;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;

public class PGPEncryptionExampleForSO
{
     /**
     * Create an encrypted data blob using an AES-256 session key and the
     * passed in public key.
     *
     * @param encryptionKey the public key to use.
     * @param data the data to be encrypted.
     * @return a PGP binary encoded version of the encrypted data.
     */
    public static byte[] createEncryptedData(
        PGPPublicKey encryptionKey,
        byte[] data)
        throws PGPException, IOException
    {
        PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(
            new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256)
                .setWithIntegrityPacket(true)
                .setSecureRandom(new SecureRandom()).setProvider("BC"));
        encGen.addMethod(
            new JcePublicKeyKeyEncryptionMethodGenerator(encryptionKey)
                .setProvider("BC"));
        ByteArrayOutputStream encOut = new ByteArrayOutputStream();
        // create an indefinite length encrypted stream
        OutputStream cOut = encGen.open(encOut, new byte[4096]);
        // write out the literal data
        PGPLiteralDataGenerator lData = new PGPLiteralDataGenerator();
        OutputStream pOut = lData.open(
            cOut, PGPLiteralData.BINARY,
            PGPLiteralData.CONSOLE, data.length, new Date());
        pOut.write(data);
        pOut.close();
        // finish the encryption
        cOut.close();
        return encOut.toByteArray();
    }

    /**
     * Extract the plain text data from the passed in encoding of PGP
     * encrypted data. The routine assumes the passed in private key
     * is the one that matches the first encrypted data object in the
     * encoding.
     *
     * @param privateKey the private key to decrypt the session key with.
     * @param pgpEncryptedData the encoding of the PGP encrypted data.
     * @return a byte array containing the decrypted data.
     */
    public static byte[] extractPlainTextData(
        PGPPrivateKey privateKey,
        byte[] pgpEncryptedData)
        throws PGPException, IOException
    {
        PGPObjectFactory pgpFact = new JcaPGPObjectFactory(pgpEncryptedData);
        PGPEncryptedDataList encList = (PGPEncryptedDataList)pgpFact.nextObject();
        // find the matching public key encrypted data packet.
        PGPPublicKeyEncryptedData encData = null;
        for (PGPEncryptedData pgpEnc: encList)
        {
            PGPPublicKeyEncryptedData pkEnc
                = (PGPPublicKeyEncryptedData)pgpEnc;
            if (pkEnc.getKeyID() == privateKey.getKeyID())
            {
                encData = pkEnc;
                break;
            }
        }
        if (encData == null)
        {
            throw new IllegalStateException("matching encrypted data not found");
        }
        // build decryptor factory
        PublicKeyDataDecryptorFactory dataDecryptorFactory =
            new JcePublicKeyDataDecryptorFactoryBuilder()
                .setProvider("BC")
                .build(privateKey);
        InputStream clear = encData.getDataStream(dataDecryptorFactory);
        byte[] literalData = Streams.readAll(clear);
        clear.close();
        // check data decrypts okay
        if (encData.verify())
        {
            // parse out literal data
            PGPObjectFactory litFact = new JcaPGPObjectFactory(literalData);
            PGPLiteralData litData = (PGPLiteralData)litFact.nextObject();
            byte[] data = Streams.readAll(litData.getInputStream());
            return data;
        }
        throw new IllegalStateException("modification check failed");
    }

    private static void elgamalExample()
        throws Exception
    {
        byte[] msg = Strings.toByteArray("Hello, world!");
        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DH", "BC");
        kpGen.initialize(2048);
        KeyPair kp = kpGen.generateKeyPair();
        PGPKeyPair elgKp = new JcaPGPKeyPair(
            PGPPublicKey.ELGAMAL_ENCRYPT, kp, new Date());
        byte[] encData = createEncryptedData(elgKp.getPublicKey(), msg);
        byte[] decData = extractPlainTextData(elgKp.getPrivateKey(), encData);
        System.out.println("elgamal encryption msg length: " + msg.length + " enc.length: " + encData.length + " dec.length: " + decData.length);
        System.out.println(Strings.fromByteArray(decData));
    }

    private static void ecExample()
        throws Exception
    {
        byte[] msg = Strings.toByteArray("Hello, world!");
        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");
        kpGen.initialize(new ECGenParameterSpec("P-256"));
        KeyPair kp = kpGen.generateKeyPair();
        PGPKeyPair ecdhKp = new JcaPGPKeyPair(PGPPublicKey.ECDH, kp, new Date());
        byte[] encData = createEncryptedData(ecdhKp.getPublicKey(), msg);
        // save encrypted string
        Files.write(Paths.get("pgp-encrypted-string.dat"), encData);
        // load encrypted string
        byte[] encDataLoad = Files.readAllBytes(Paths.get("pgp-encrypted-string.dat"));
        byte[] decData = extractPlainTextData(ecdhKp.getPrivateKey(), encDataLoad);
        System.out.println("ec encryption msg length: " + msg.length + " enc.length: " + encData.length + " dec.length: " + decData.length);
        System.out.println(Strings.fromByteArray(decData));
    }

    public static void main(String[] args)
        throws Exception
    {
        Security.addProvider(new BouncyCastleProvider());
        // you need the two files bcpg-jdk15on-165.jar and bcprov-jdk15to18-165.jar to run the example
        System.out.println("Example from Java Cryptography: Tools and Techniques by David Hook & Jon Eaves");
        System.out.println("get source files: https://www.bouncycastle.org/java-crypto-tools-src.zip");
        elgamalExample();
        ecExample();
    }
}

这是短输出:

Example from Java Cryptography: Tools and Techniques by David Hook & Jon Eaves
get source files: https://www.bouncycastle.org/java-crypto-tools-src.zip
elgamal encryption msg length: 13 enc.length: 601 dec.length: 13
Hello, world!
ec encryption msg length: 13 enc.length: 200 dec.length: 13
Hello, world!
This string needs an encryption
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.65

mI0EXr/nDgEEAKhB6ufAB954aBIlNjPCsryzUVLu0qkC/1RtnFHf+J6IVegV8Wi7
28V074inQcw6o6FTLtFTaLRP4+3eXNATdjGSjrvcP7k+nu50vydugHv43fPuCiZ7
6gbbMTE9gPiLPA2pS+SmQJnr9hOrD5rzwYP1yNNIsRJ9qmU5NeZyu+szABEBAAG0
DHRlc3RpZGVudGl0eYicBBABAgAGBQJev+cOAAoJEPBDuyqTbz/gY0YD/R+gDkfe
qPgNuk6iI2wLSGEeZRXr6Ru1cyG73CRvz7BjCpwWx039AdQzP9gkeo6MEj8Z0c73
obqEP8NtvvOcwC7+/QiGLTR2mgCsNhk54+iCGsvNbkpkr/rRoYZGyvb+rxui0A61
DCB1w5hdnyMg2OglFNrkaPfpNjMsTebfF5eS
=h1+m
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.65

hIwD8EO7KpNvP+ABA/9JkOE9PDyS/kr/lZ1Uz+NCSe1JiNcKCXjbsUbvP8CT7Tf1
cKlgzIz1mQjdpkBtVpVhEnEjmUzFy2UCRKr4b4Wx7/1UL+370CICW5HgMoi5TgTg
MYRy5I9Uba/+JxcusjWB1JJHP4ofULziXRKLWAoSPLlglZDzSmV88hNo19rl39JZ
AbMhIS2edM9hHICefL/Yaiq90hGjKMRReVopu2tPUjNLGYP7QABAvWb3WQJMZoYT
HEsyjHxeyYQylAdYB7pWQA0++Z803iclvM3skN8FBt64ebDkqfxgbhs=
=je0r
-----END PGP MESSAGE-----

现在您希望使用Kleoptatra在线(例如https://sela.io/pgp-en/)或使用RSA pgp私钥和密码123456在Java中解密该消息

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: BCPG v1.65

lQH+BF6/5w4BBACoQernwAfeeGgSJTYzwrK8s1FS7tKpAv9UbZxR3/ieiFXoFfFo
u9vFdO+Ip0HMOqOhUy7RU2i0T+Pt3lzQE3Yxko673D+5Pp7udL8nboB7+N3z7gom
e+oG2zExPYD4izwNqUvkpkCZ6/YTqw+a88GD9cjTSLESfaplOTXmcrvrMwARAQAB
/gMDAhhcE1oF/u8YYExKGLgriK5JpUUSsMFU0AOHP9/zZQr09437V0f/F4J87+9s
G30lDRikGwynEGRnAvIVwqq2F+iarKGGHCZCRgbyufXS7VK6wE/43lR0kSwA2VIM
ll/KbQKP1cSZv0rqtJ1tGL7cDHFEwq10gM4Bn75HOKyBzE9oERRKz37noAECsAZn
xuXGlEB5noqTT00RxsHjBA5Os04CtEz9N+OMrg47IR7AzSQUe90lG2F6W71dhJ6V
jQaf7D6JFU3dOWPW1eBb5FQhgYF92CFRizJ42lDCiTfl2FQU49MlwLd2ofNneuPo
aVuPoYUNKwbasyx4fo2vh6rrMyxmncCizMExvh6GIVgYd7EK9s6Gxq/duuOvly4O
ZAyIY2MOon0bDXxAYR2q/wdQLamnP7rAR4uMu24m/iOuBj6wwTR8v8hhsFFTp/4u
tebwWzLnPyyBYStnTF5IZ9ZJeVl5S3zdzNcrP9g8yXtItAx0ZXN0aWRlbnRpdHmI
nAQQAQIABgUCXr/nDgAKCRDwQ7sqk28/4GNGA/0foA5H3qj4DbpOoiNsC0hhHmUV
6+kbtXMhu9wkb8+wYwqcFsdN/QHUMz/YJHqOjBI/GdHO96G6hD/Dbb7znMAu/v0I
hi00dpoArDYZOePoghrLzW5KZK/60aGGRsr2/q8botAOtQwgdcOYXZ8jINjoJRTa
5Gj36TYzLE3m3xeXkg==
=y/tQ
-----END PGP PRIVATE KEY BLOCK-----

并获取解密的字符串:

This string needs an encryption

要在Java中加密/解密,幸运的是,BouncyCastle github-repo中提供了示例文件:https://github.com/bcgit/bc-java/blob/master/pg/src/main/Java/org/BouncyCastle/openpgp/examples/。您可能需要使用RSA(RSAKeyPairGenerator.java)或ElGamal(DSAELGamalKeyRingGenerator.java)创建一个新的PGP-keypair。使用生成的密钥,您可以使用KeyBasedFileProcessor.java和必要的PGPExampleUtil.java加密或解密。

我用“-a testidentity 123456”作为参数创建了RSA密钥文件,加密用“-e-ai plaintext.txt rsa_pub.asc”完成,解密用“-d plaintext.txt.asc rsa_secret.asc 123456”完成。

 类似资料:
  • 我一直在尝试使用BouncyCastle库来进行PGP加密/解密。我有一些代码需要修改,以便只使用流-不使用文件。 我尝试移除pgputilities.writeFileToliteralData(),然后让它返回一个流,但没有成功(输出流为空)。 这里更明确的是方法应该是什么: 下面是我需要修改的代码:

  • 我正在尝试编写一个加密文件,它将使用gpg解密,并将以增量方式写入行,而不是在一个块中。我已经在GnuPG中生成了密钥,并且正在使用公钥加密。下面是我正在使用的加密方法: 我有一个小的原型测试类来使用这种方法: 我怎样才能修改这段代码,使它既能加密两行,又能让GnuPG解密它们呢?

  • 我试图使用java BouncyCastle库解密和验证PGP消息,但遇到了一些问题,抱怨PartialInputStream过早结束。 我知道encrypt工作得很好,因为我可以在命令行上使用gpg解密和验证使用encrypt函数创建的消息。

  • 我目前正在用java编写一个加密消息传递服务,我使用的是bouncycastle PGP库。我编写了一个生成密钥对的测试程序,并对消息进行加密/解密。这已经工作了一段时间,但它最近在解密阶段停止了,给了我一个InvalidKeyException。 我做了一些研究,下载了JCE.jar文件,并将它们导入到我的项目中(通过Eclipse Project->Properties->add extern

  • 代码在这里,使用BouncyCastle实现: 我希望能够读取此签名并使用公钥验证它。如何将其转换回BouncyCastle对象?