bouncycastle从1.46更新到1.56后无法正常工作。
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了bouncycastle从1.46更新到1.56后无法正常工作。相关的知识,希望对你有一定的参考价值。
我在维护项目中有一个现有的PGP 1.46版本的代码.现在我需要更新到1.56版本,但它不能工作.很多类和方法都被改变了. 我对PGP没有任何概念,请帮助我。这里有一个具体代码的示例演示,当我从1.46更新到1.56时,我需要更新到1.56。
plugins {
id 'java'
}
group 'com.encryptor.pgp'
version '1.0-SNAPSHOT'
repositories {
mavenCentral()
}
dependencies {
compile fileTree(dir: 'src/main/resources/libs', include: '*.jar')
compile group: 'org.bouncycastle', name: 'bcpg-jdk15on', version: '1.46'
compile group: 'org.bouncycastle', name: 'bcprov-ext-jdk15on', version: '1.46'
compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.46'
}
当我从1.46更新到1.56时,它给出了错误。
处理器
package com.encryptor.pgp;
import java.io.FileInputStream;
import java.io.FileOutputStream;
public class PGPFileProcessor {
private String encryptFile;
private String decryptFile;
private String passphrase;
private String publicKeyFile;
private String privateKeyFile;
private String plainTextFile;
private boolean asciiArmored = false;
private boolean integrityCheck = true;
public PGPFileProcessor() {
}
public void setPublicKeyFile(String publicKeyFile) {
this.publicKeyFile = publicKeyFile;
}
public void setPrivateKeyFile(String privateKeyFile) {
this.privateKeyFile = privateKeyFile;
}
public void setEncryptFile(String encryptFile) {
this.encryptFile = encryptFile;
}
public void setDecryptFile(String decryptFile) {
this.decryptFile = decryptFile;
}
public void setPassphrase(String passphrase) {
this.passphrase = passphrase;
}
public void setPlainTextFile(String plainTextFile) {
this.plainTextFile = plainTextFile;
}
public void setAsciiArmored(boolean asciiArmored) {
this.asciiArmored = asciiArmored;
}
public void setIntegrityCheck(boolean integrityCheck) {
this.integrityCheck = integrityCheck;
}
public boolean encrypt() throws Exception {
FileInputStream keyIn = new FileInputStream(publicKeyFile);
FileOutputStream out = new FileOutputStream(encryptFile, true);
PGPUtil.encryptFile(out, plainTextFile, PGPUtil.readPublicKey(keyIn), asciiArmored, integrityCheck);
out.close();
keyIn.close();
return true;
}
public boolean decrypt() throws Exception {
FileInputStream in = new FileInputStream(encryptFile);
FileInputStream keyIn = new FileInputStream(privateKeyFile);
FileOutputStream out = new FileOutputStream(decryptFile);
PGPUtil.decryptFile(in, out, keyIn, passphrase.toCharArray());
in.close();
out.close();
keyIn.close();
return true;
}
}
主课
package com.encryptor.pgp;
public class PGPMain {
public static void main(String[] args) throws Exception {
PGPFileProcessor pgpFileProcessor = new PGPFileProcessor();
pgpFileProcessor.setEncryptFile("enc.txt"); pgpFileProcessor.setDecryptFile("dec.txt");
pgpFileProcessor.setPassphrase("pgpencr");
pgpFileProcessor.setInputFile("plain.txt");
private boolean asciiArmored = false;
pgpFileProcessor.setPublicKeyFile("publickey.key");
pgpFileProcessor.setPrivateKeyFile("pivatekey.key");
pgpFileProcessor.encrypt();*/
pgpFileProcessor.encrypt();
pgpFileProcessor.decrypt();
}
}
实用性
package com.encryptor.pgp;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;
import java.io.*;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Iterator;
public class PGPUtil {
@SuppressWarnings("unchecked")
public static PGPPublicKey readPublicKey(InputStream in) throws IOException, PGPException {
in = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(in);
PGPPublicKeyRingCollection pgpPub = new PGPPublicKeyRingCollection(in);/* we just loop through the collection till we find a key suitable for encryption, in the real world you would probably want to be a bit smarter about this. */
PGPPublicKey key = null;/* iterate through the key rings. */
Iterator<PGPPublicKeyRing> rIt = pgpPub.getKeyRings();
while (key == null && rIt.hasNext()) {
PGPPublicKeyRing kRing = rIt.next();
Iterator<PGPPublicKey> kIt = kRing.getPublicKeys();
while (key == null && kIt.hasNext()) {
PGPPublicKey k = kIt.next();
if (k.isEncryptionKey()) key = k;
}
}
if (key == null) throw new IllegalArgumentException("Can't find encryption key in key ring.");
return key;
}
private static PGPPrivateKey findSecretKey(InputStream keyIn, long keyID, char[] pass) throws IOException, PGPException, NoSuchProviderException {
PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(org.bouncycastle.openpgp.PGPUtil.getDecoderStream(keyIn));
PGPSecretKey pgpSecKey = pgpSec.getSecretKey(keyID);
if (pgpSecKey == null) return null;
return pgpSecKey.extractPrivateKey(pass, "BC");
}
@SuppressWarnings("unchecked")
public static void decryptFile(InputStream in, OutputStream out, InputStream keyIn, char[] passwd) throws Exception {
Security.addProvider(new BouncyCastleProvider());
in = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(in);
PGPObjectFactory pgpF = new PGPObjectFactory(in);
PGPEncryptedDataList enc;
Object o = pgpF.nextObject();/* the first object might be a PGP marker packet. */
if (o instanceof PGPEncryptedDataList) enc = (PGPEncryptedDataList) o;
else enc = (PGPEncryptedDataList) pgpF.nextObject();/* find the secret key */
Iterator<PGPPublicKeyEncryptedData> it = enc.getEncryptedDataObjects();
PGPPrivateKey sKey = null;
PGPPublicKeyEncryptedData pbe = null;
while (sKey == null && it.hasNext()) {
pbe = it.next();
sKey = findSecretKey(keyIn, pbe.getKeyID(), passwd);
}
if (sKey == null) throw new IllegalArgumentException("Secret key for message not found.");
InputStream clear = pbe.getDataStream(sKey, "BC");
PGPObjectFactory plainFact = new PGPObjectFactory(clear);
Object message = plainFact.nextObject();
if (message instanceof PGPCompressedData) {
PGPCompressedData cData = (PGPCompressedData) message;
PGPObjectFactory pgpFact = new PGPObjectFactory(cData.getDataStream());
message = pgpFact.nextObject();
}
if (message instanceof PGPLiteralData) {
PGPLiteralData ld = (PGPLiteralData) message;
InputStream unc = ld.getInputStream();
int ch;
while ((ch = unc.read()) >= 0) out.write(ch);
} else if (message instanceof PGPOnePassSignatureList)
throw new PGPException("Encrypted message contains a signed message - not literal data.");
else throw new PGPException("Message is not a simple encrypted file - type unknown.");
if (pbe.isIntegrityProtected() && !pbe.verify()) throw new PGPException("Message failed integrity check");
}
public static void encryptFile(OutputStream out, String fileName, PGPPublicKey encKey, boolean armor, boolean withIntegrityCheck) throws IOException, NoSuchProviderException, PGPException {
Security.addProvider(new BouncyCastleProvider());
if (armor) out = new ArmoredOutputStream(out);
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
PGPCompressedDataGenerator comData = new PGPCompressedDataGenerator(PGPCompressedData.ZIP);
org.bouncycastle.openpgp.PGPUtil.writeFileToLiteralData(comData.open(bOut), PGPLiteralData.BINARY, new File(fileName));
comData.close();
PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, withIntegrityCheck, new SecureRandom(), "BC");
cPk.addMethod(encKey);
byte[] bytes = bOut.toByteArray();
OutputStream cOut = cPk.open(out, bytes.length);
cOut.write(bytes);
cOut.close();
out.close();
}
}
答案
看起来你的 "旧 "PGP加密方法是从Bouncy Castle的例子中提取的,所以我用了更新后的Bouncy Castle例子在 https:/github.comcgitbc-javatreemasterpgsrcmainjavaorgbouncycastleopenpgpexamples。 进行简单的测试。
你写道,当把《弹弹城堡》更新到版本的时候,问题就会出现。1.56 - 这也是过时的,实际版本是 1.65 和我的例子在这个版本(和OpenJDK 11.0.6)下工作。把我的文件作为你维护的工作基础。
首先你需要一个PGP密钥对--在我的例子中,我用'RSAKeyPairGenerator.java -a myidentity mypassphrase'生成了一个密钥对,以获得文件'secret.asc'(私钥)和'pub.asc'(公钥)。
对于PGP文件加密,你还需要两个文件--'KeyBasedLargeFileProcessor.java'和'PGPExampleUtil.java'。在类'KeyBasedLargeFileProcessor.java'中,我将方法decryptFile和encryptFile的构造函数从'private'改为'public',以便从PGPMain.java中获得访问权。
只是一行代码用于pgp文件加密,另一行用于pgp文件解密。由于原始文件名可以存储在加密文件中,我添加了一个 "rename-method "来将原始文件名'plain.txt'改为'plain_org.txt'。请注意,decryptFile-method会在没有警告或通知的情况下覆盖现有文件,而且没有任何异常处理。
包括Bouncy Castle库在内的完整文件集可以在这里找到。https:/github.comjava-cryptoStackoverflowtreemasterPGP_Encryption_after_Update_Not_Working。. 您需要 bcprov-jdk15to18-165.jar 和 bcpg-jdk15on-165.jar!
PGPMain.java。
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import java.io.File;
import java.io.IOException;
import java.security.NoSuchProviderException;
import java.security.Security;
public class PGPMain {
public static void main(String[] args) throws NoSuchProviderException, IOException, PGPException {
System.out.println("https://stackoverflow.com/questions/61927913/bouncycastle-update-from-1-46-to-1-56-not-working");
Security.addProvider(new BouncyCastleProvider()); // get bouncy castle: https://www.bouncycastle.org/latest_releases.html
System.out.println("
Java version: " + Runtime.version() + " BouncyCastle Version: " + Security.getProvider("BC"));
// create a keypair with RSAKeyPairGenerator.java
// encryption
KeyBasedLargeFileProcessor.encryptFile("enc.txt", "plain.txt", "pub.asc", false, true);
// rename plaintextfile as it will be overwritten by decryptFile (filename is stored within encrypted file)
File file = new File("plain.txt");
file.renameTo(new File("plain_org.txt"));
// decryption will generate the decrypted file with original filename !
KeyBasedLargeFileProcessor.decryptFile("enc.txt", "secret.asc", "mypassphrase".toCharArray(), "defaultfilename.txt");
// return the original filename, to change this behavior change the code in class KeyBasedLargeFileProcessor lines 142-146
}
}
基于密钥的大文件处理器.java。
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Iterator;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.bouncycastle.util.io.Streams;
/**
* A simple utility class that encrypts/decrypts public key based
* encryption large files.
* <p>
* To encrypt a file: KeyBasedLargeFileProcessor -e [-a|-ai] fileName publicKeyFile.<br>
* If -a is specified the output file will be "ascii-armored".
* If -i is specified the output file will be have integrity checking added.
* <p>
* To decrypt: KeyBasedLargeFileProcessor -d fileName secretKeyFile passPhrase.
* <p>
* Note 1: this example will silently overwrite files, nor does it pay any attention to
* the specification of "_CONSOLE" in the filename. It also expects that a single pass phrase
* will have been used.
* <p>
* Note 2: this example generates partial packets to encode the file, the output it generates
* will not be readable by older PGP products or products that don't support partial packet
* encoding.
* <p>
* Note 3: if an empty file name has been specified in the literal data object contained in the
* encrypted packet a file with the name filename.out will be generated in the current working directory.
*/
public class KeyBasedLargeFileProcessor
{ // source: https://github.com/bcgit/bc-java/blob/master/pg/src/main/java/org/bouncycastle/openpgp/examples/KeyBasedLargeFileProcessor.java
// changed from private to public
public static void decryptFile(
String inputFileName,
String keyFileName,
char[] passwd,
String defaultFileName)
throws IOException, NoSuchProviderException
{
InputStream in = new BufferedInputStream(new FileInputStream(inputFileName));
InputStream keyIn = new BufferedInputStream(new FileInputStream(keyFileName));
decryptFile(in, keyIn, passwd, defaultFileName);
keyIn.close();
in.close();
}
/**
* decrypt the passed in message stream
*/
private static void decryptFile(
InputStream in,
InputStream keyIn,
char[] passwd,
String defaultFileName)
throws IOException, NoSuchProviderException
{
in = PGPUtil.getDecoderStream(in);
try
{
JcaPGPObjectFactory pgpF = new JcaPGPObjectFactory(in);
PGPEncryptedDataList enc;
Object o = pgpF.nextObject();
//
// the first object might be a PGP marker packet.
//
if (o instanceof PGPEncryptedDataList)
{
enc = (PGPEncryptedDataList)o;
}
else
{
enc = (PGPEncryptedDataList)pgpF.nextObject();
}
//
// find the secret key
//
Iterator it = enc.getEncryptedDataObjects();
PGPPrivateKey sKey = null;
PGPPublicKeyEncryptedData pbe = null;
PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(
PGPUtil.getDecoderStream(keyIn), new JcaKeyFingerprintCalculator());
while (sKey == null && it.hasNext())
{
pbe = (PGPPublicKeyEncryptedData)it.next();
sKey = PGPExampleUtil.findSecretKey(pgpSec, pbe.getKeyID(), passwd);
}
if (sKey == null)
{
throw new IllegalArgumentException("secret key for message not found.");
}
InputStream clear = pbe.getDataStream(new JcePublicKeyDataDecryptorFactory以上是关于bouncycastle从1.46更新到1.56后无法正常工作。的主要内容,如果未能解决你的问题,请参考以下文章