private static PGPLiteralData asLiteral( final byte[] message, final InputStream secretKeyRing, final String secretPwd ) throws IOException, PGPException { PGPPrivateKey key = null; PGPPublicKeyEncryptedData encrypted = null; final PGPSecretKeyRingCollection keys = new PGPSecretKeyRingCollection( PGPUtil.getDecoderStream( secretKeyRing ), new JcaKeyFingerprintCalculator() ); for ( final Iterator<PGPPublicKeyEncryptedData> i = getEncryptedObjects( message ); ( key == null ) && i.hasNext(); ) { encrypted = i.next(); key = getPrivateKey( keys, encrypted.getKeyID(), secretPwd ); } if ( key == null ) { throw new IllegalArgumentException( "secret key for message not found." ); } final InputStream stream = encrypted .getDataStream( new JcePublicKeyDataDecryptorFactoryBuilder().setProvider( provider ).build( key ) ); return asLiteral( stream ); }
@SuppressWarnings( "unchecked" ) private static Iterator<PGPPublicKeyEncryptedData> getEncryptedObjects( final byte[] message ) throws IOException { try { final PGPObjectFactory factory = new PGPObjectFactory( PGPUtil.getDecoderStream( new ByteArrayInputStream( message ) ), new JcaKeyFingerprintCalculator() ); final Object first = factory.nextObject(); final Object list = ( first instanceof PGPEncryptedDataList ) ? first : factory.nextObject(); return ( ( PGPEncryptedDataList ) list ).getEncryptedDataObjects(); } catch ( IOException e ) { throw new IOException( e ); } }
public static byte[] decrypt( byte encData[], PGPPrivateKey privateKey ) throws PGPException, IOException { PGPPublicKeyEncryptedData pgpEncData = getPGPEncryptedData( encData ); InputStream is = getInputStream( privateKey, pgpEncData ); // IMPORTANT: pipe() should be before verify(). Otherwise we get "java.io.EOFException: Unexpected end of ZIP // input stream". byte data[] = pipe( is ); if ( !pgpEncData.verify() ) { throw new PGPDataValidationException( "Data integrity check failed" ); } return data; }
/** * Opens a new {@link Decryptor} (Reading Step 1/3) * * <p>This is the first step in opening a ghostryde file. After this method, you'll want to * call {@link #openDecompressor(Decryptor)}. * * @param input is an {@link InputStream} of the ghostryde file data. * @param privateKey is the private encryption key of the recipient (which is us!) * @throws IOException * @throws PGPException */ @CheckReturnValue public Decryptor openDecryptor(@WillNotClose InputStream input, PGPPrivateKey privateKey) throws IOException, PGPException { checkNotNull(privateKey, "privateKey"); PGPObjectFactory fact = new BcPGPObjectFactory(checkNotNull(input, "input")); PGPEncryptedDataList crypts = pgpCast(fact.nextObject(), PGPEncryptedDataList.class); checkState(crypts.size() > 0); if (crypts.size() > 1) { logger.warningfmt("crypts.size() is %d (should be 1)", crypts.size()); } PGPPublicKeyEncryptedData crypt = pgpCast(crypts.get(0), PGPPublicKeyEncryptedData.class); if (crypt.getKeyID() != privateKey.getKeyID()) { throw new PGPException(String.format( "Message was encrypted for keyid %x but ours is %x", crypt.getKeyID(), privateKey.getKeyID())); } return new Decryptor( crypt.getDataStream(new BcPublicKeyDataDecryptorFactory(privateKey)), crypt); }
/** * Decrypts the encrypted data as the returned input stream. */ protected InputStream decrypt(PGPPublicKeyEncryptedData data, Subkey subkey) throws IOException, PGPException { if (data == null || subkey == null) throw new DecryptionException("no suitable decryption key found"); if (log.isLoggable(Level.INFO)) log.info("using decryption key " + subkey); return data.getDataStream(buildPublicKeyDecryptor(subkey)); }
@Test public void testEncryptDecrypt_ExplicitStyle() throws Exception { int bufferSize = 64 * 1024; // Alice loads Bob's "publicKey" into memory. PGPPublicKeyRing publicKeyRing = new BcPGPPublicKeyRing(PUBLIC_KEY); PGPPublicKey publicKey = publicKeyRing.getPublicKey(); // Alice encrypts the secret message for Bob using his "publicKey". PGPEncryptedDataGenerator encryptor = new PGPEncryptedDataGenerator( new BcPGPDataEncryptorBuilder(AES_128)); encryptor.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(publicKey)); byte[] encryptedData; try (ByteArrayOutputStream output = new ByteArrayOutputStream()) { try (OutputStream output2 = encryptor.open(output, new byte[bufferSize])) { output2.write(FALL_OF_HYPERION_A_DREAM.getBytes(UTF_8)); } encryptedData = output.toByteArray(); } logger.info("Encrypted data: " + dumpHex(encryptedData)); // Bob loads his "privateKey" into memory. PGPSecretKeyRing privateKeyRing = new BcPGPSecretKeyRing(PRIVATE_KEY); PGPPrivateKey privateKey = extractPrivateKey(privateKeyRing.getSecretKey()); // Bob decrypt's the OpenPGP message (w/ ciphertext) using his "privateKey". try (ByteArrayInputStream input = new ByteArrayInputStream(encryptedData)) { PGPObjectFactory pgpFact = new BcPGPObjectFactory(input); PGPEncryptedDataList encDataList = (PGPEncryptedDataList) pgpFact.nextObject(); assertThat(encDataList.size()).isEqualTo(1); PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) encDataList.get(0); assertThat(encData.getKeyID()).isEqualTo(publicKey.getKeyID()); assertThat(encData.getKeyID()).isEqualTo(privateKey.getKeyID()); try (InputStream original = encData.getDataStream(new BcPublicKeyDataDecryptorFactory(privateKey))) { assertThat(CharStreams.toString(new InputStreamReader(original, UTF_8))) .isEqualTo(FALL_OF_HYPERION_A_DREAM); } } }
private void testDecrypt(PGPSecretKeyRing secretKeyRing) throws Exception { PGPObjectFactory pgpF = new PGPObjectFactory(testMessage); PGPEncryptedDataList encList = (PGPEncryptedDataList)pgpF.nextObject(); PGPPublicKeyEncryptedData encP = (PGPPublicKeyEncryptedData)encList.get(0); PGPSecretKey secretKey = secretKeyRing.getSecretKey(); // secretKeyRing.getSecretKey(encP.getKeyID()); // // PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey()extractPrivateKey(null); // // clear = encP.getDataStream(pgpPrivKey, "BC"); // // bOut.reset(); // // while ((ch = clear.read()) >= 0) // { // bOut.write(ch); // } // // out = bOut.toByteArray(); // // if (!areEqual(out, text)) // { // fail("wrong plain text in generated packet"); // } }
private static InputStream getInputStream( PGPPrivateKey privateKey, PGPPublicKeyEncryptedData pgpEncData ) throws PGPException, IOException { InputStream is = pgpEncData .getDataStream( new JcePublicKeyDataDecryptorFactoryBuilder().setProvider( "BC" ).build( privateKey ) ); JcaPGPObjectFactory objectFactory = new JcaPGPObjectFactory( is ); Object message = objectFactory.nextObject(); PGPCompressedData compressedData = ( PGPCompressedData ) message; JcaPGPObjectFactory pgpObjectFactory = new JcaPGPObjectFactory( compressedData.getDataStream() ); PGPLiteralData literalData = ( PGPLiteralData ) pgpObjectFactory.nextObject(); return literalData.getInputStream(); }
Decryptor(@WillCloseWhenClosed InputStream input, PGPPublicKeyEncryptedData crypt) { super(input); this.crypt = checkNotNull(crypt, "crypt"); }
@Override public String decryptAndVerify(String messageIn) throws IOException, SignatureVerificationException { try { /* Stage zero: Convert to ASCII armored format and open a decoding stream */ InputStream is = new ByteArrayInputStream(Base64.decode(messageIn)); InputStream decoderStream = PGPUtil.getDecoderStream(is); /* Stage one: Init a decrypting stream */ PGPObjectFactory pgpFactory = new PGPObjectFactory(decoderStream); PGPEncryptedDataList cryptedDataList = (PGPEncryptedDataList) pgpFactory.nextObject(); PGPPublicKeyEncryptedData cryptedData = (PGPPublicKeyEncryptedData) cryptedDataList.get(0); InputStream clearStream = cryptedData.getDataStream(getCryptingPrivateKey(), _provider); /* Stage two: Seperate the XML data from the signatures */ PGPObjectFactory plainFact = new PGPObjectFactory(clearStream); PGPOnePassSignatureList onePassSignatureList = (PGPOnePassSignatureList) plainFact.nextObject(); PGPLiteralData literalData = (PGPLiteralData) plainFact.nextObject(); String xmlMessage = IOUtils.toString(literalData.getInputStream()); PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject(); /* Stage three: Verify signature */ PGPOnePassSignature ops = onePassSignatureList.get(0); PGPPublicKey key = _remotePublicKeyRing.getPublicKey(ops.getKeyID()); ops.initVerify(key, _provider); ops.update(xmlMessage.getBytes()); if (!ops.verify(signatureList.get(0))) { throw new SignatureVerificationException("Failed to verify message signature. Message authenticity cannot be thrusted."); } return xmlMessage; } catch (PGPException pgpException) { throw new IOException("PGP subsystem problem.", pgpException); } catch (SignatureException signException) { throw new IOException("PGP subsystem problem.", signException); } catch (Throwable t) { throw new IOException("Unknown error occured in PGP subsystem: " + t.getMessage(), t); } }
@Test public void encryptAndDecrypt() throws Exception { // both keys have property encryptionKey==true final String[] keyIds = { "d7a92a24aa97ddbd", // master-key "a58da7d810b74edf" // sub-key }; for (final String keyId : keyIds) { final PGPDataEncryptorBuilder encryptorBuilder = new BcPGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.TWOFISH); final PGPEncryptedDataGenerator encryptedDataGenerator = new PGPEncryptedDataGenerator(encryptorBuilder); final PGPKeyEncryptionMethodGenerator keyEncryptionMethodGenerator = new BcPublicKeyKeyEncryptionMethodGenerator( getPgpPublicKeyOrFail(bytesToLong(decodeHexStr(keyId)))); encryptedDataGenerator.addMethod(keyEncryptionMethodGenerator); final byte[] plain = new byte[1 + random.nextInt(1024 * 1024)]; random.nextBytes(plain); final File encryptedFile = File.createTempFile("encrypted_", ".tmp"); try (final OutputStream encryptedOut = new FileOutputStream(encryptedFile);) { try (final OutputStream plainOut = encryptedDataGenerator.open(encryptedOut, new byte[1024 * 16]);) { plainOut.write(plain); } } final byte[] decrypted; try (InputStream in = new FileInputStream(encryptedFile)) { final PGPEncryptedDataList encryptedDataList = new PGPEncryptedDataList(new BCPGInputStream(in)); final Iterator<?> encryptedDataObjects = encryptedDataList.getEncryptedDataObjects(); assertThat(encryptedDataObjects.hasNext()).isTrue(); final PGPPublicKeyEncryptedData encryptedData = (PGPPublicKeyEncryptedData) encryptedDataObjects.next(); assertThat(encryptedDataObjects.hasNext()).isFalse(); final PublicKeyDataDecryptorFactory dataDecryptorFactory = new BcPublicKeyDataDecryptorFactory( getPgpPrivateKeyOrFail(encryptedData.getKeyID(), "test12345".toCharArray())); try (InputStream plainIn = encryptedData.getDataStream(dataDecryptorFactory);) { final ByteArrayOutputStream out = new ByteArrayOutputStream(); transferStreamData(plainIn, out); decrypted = out.toByteArray(); } } assertThat(decrypted).isEqualTo(plain); encryptedFile.delete(); // delete it, if this test did not fail } }
private static PGPPublicKeyEncryptedData getPGPEncryptedData( byte data[] ) throws IOException { InputStream in = PGPUtil.getDecoderStream( new ByteArrayInputStream( data ) ); JcaPGPObjectFactory objectFactory = new JcaPGPObjectFactory( in ); PGPEncryptedDataList encryptedDataList = ( PGPEncryptedDataList ) objectFactory.nextObject(); Iterator it = encryptedDataList.getEncryptedDataObjects(); return ( PGPPublicKeyEncryptedData ) it.next(); }
