基于Java Bouncy Castle的PGP加密解密示例1

最新推荐文章于 2024-07-02 09:11:28 发布
最新推荐文章于 2024-07-02 09:11:28 发布
阅读量8.4k 收藏 5
点赞数 1
分类专栏: 工具-加解密
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/z69183787/article/details/72818317
版权

GPG文件加解密 百科及教程:

http://www.ruanyifeng.com/blog/2013/07/gpg.html

http://www.alexgao.com/2009/01/24/gpg/

 

pom:

 

<dependency>
            <groupId>commons-net</groupId>
            <artifactId>commons-net</artifactId>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpg-jdk15on</artifactId>
        </dependency>

 

 

 

 

 

UTIL 工具类:

 

package util;


import org.apache.commons.io.FileUtils;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;

import java.io.*;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.util.Iterator;

public class PGPUtils {

    private static final int BUFFER_SIZE = 1 << 16; // should always be power of 2
    private static final int KEY_FLAGS = 27;
    private static final int[] MASTER_KEY_CERTIFICATION_TYPES = new int[]{
            PGPSignature.POSITIVE_CERTIFICATION,
            PGPSignature.CASUAL_CERTIFICATION,
            PGPSignature.NO_CERTIFICATION,
            PGPSignature.DEFAULT_CERTIFICATION
    };

    @SuppressWarnings("unchecked")
    public static PGPPublicKey readPublicKey(InputStream in)
            throws IOException, PGPException {
        PGPPublicKeyRingCollection keyRingCollection = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(in));
        //
        // we just loop through the collection till we find a key suitable for encryption, in the real
        // world you would probably want to be a bit smarter about this.
        //
        PGPPublicKey publicKey = null;

        // iterate through the key rings.
        Iterator<PGPPublicKeyRing> rIt = keyRingCollection.getKeyRings();

        while (publicKey == null && rIt.hasNext()) {
            PGPPublicKeyRing kRing = rIt.next();
            Iterator<PGPPublicKey> kIt = kRing.getPublicKeys();
            while (publicKey == null && kIt.hasNext()) {
                PGPPublicKey key = kIt.next();
                if (key.isEncryptionKey()) {
                    publicKey = key;
                }
            }
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("Can't find public key in the key ring.");
        }
        if (!isForEncryption(publicKey)) {
            throw new IllegalArgumentException("KeyID " + publicKey.getKeyID() + " not flagged for encryption.");
        }

        return publicKey;
    }

    @SuppressWarnings("unchecked")
    public static PGPSecretKey readSecretKey(InputStream in)
            throws IOException, PGPException {

        PGPSecretKeyRingCollection keyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(in));
        PGPSecretKey secretKey = null;
        Iterator<PGPSecretKeyRing> rIt = keyRingCollection.getKeyRings();
        while (secretKey == null && rIt.hasNext()) {
            PGPSecretKeyRing keyRing = rIt.next();
            Iterator<PGPSecretKey> kIt = keyRing.getSecretKeys();
            while (secretKey == null && kIt.hasNext()) {
                PGPSecretKey key = kIt.next();
                if (key.isSigningKey()) {
                    secretKey = key;
                }
            }
        }
        // Validate secret key
        if (secretKey == null) {
            throw new IllegalArgumentException("Can't find private key in the key ring.");
        }
        if (!secretKey.isSigningKey()) {
            throw new IllegalArgumentException("Private key does not allow signing.");
        }

        if (secretKey.getPublicKey().isRevoked()) {
            throw new IllegalArgumentException("Private key has been revoked.");
        }

        if (!hasKeyFlags(secretKey.getPublicKey(), KeyFlags.SIGN_DATA)) {
            throw new IllegalArgumentException("Key cannot be used for signing.");
        }
        return secretKey;

    }

    /**
     * Load a secret key ring collection from keyIn and find the private key corresponding to
     * keyID if it exists.
     * <p/>
     *
     * @param keyIn input stream representing a key ring collection.
     * @param keyID keyID we want.
     * @param pass  passphrase to decrypt secret key with.
     * @return 156
     * @throws IOException             157
     * @throws PGPException            158
     * @throws NoSuchProviderException 159
     */

    public static PGPPrivateKey findPrivateKey(InputStream keyIn, long keyID, char[] pass)
            throws IOException, PGPException, NoSuchProviderException
    {
        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyIn));
        return findPrivateKey(pgpSec.getSecretKey(keyID), pass);

    }

    /**
     * 169
     * Load a secret key and find the private key in it
     * 170
     *
     * @param pgpSecKey The secret key
     * @param pass      passphrase to decrypt secret key with
     * @throws PGPException
     */
    public static PGPPrivateKey findPrivateKey(PGPSecretKey pgpSecKey, char[] pass)
            throws PGPException {
        if (pgpSecKey == null) return null;
        PBESecretKeyDecryptor decryptor = new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(pass);
        return pgpSecKey.extractPrivateKey(decryptor);
    }

    @SuppressWarnings("unchecked")
    public static void decryptFile(InputStream in, OutputStream out, InputStream keyIn, char[] passwd)
            throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        in = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(in);

        PGPObjectFactory pgpF = new PGPObjectFactory(in);
        PGPEncryptedDataList enc;
        Object o = pgpF.nextObject();
        // the first object might be a PGP marker packet.
        if (o instanceof PGPEncryptedDataList) {
            enc = (PGPEncryptedDataList) o;
        } else {
            enc = (PGPEncryptedDataList) pgpF.nextObject();
        }
        Iterator<PGPPublicKeyEncryptedData> it = enc.getEncryptedDataObjects();
        PGPPrivateKey sKey = null;
        PGPPublicKeyEncryptedData pbe = null;

        while (sKey == null && it.hasNext()) {
            pbe = it.next();
            sKey = findPrivateKey(keyIn, pbe.getKeyID(), passwd);
        }

        if (sKey == null) {
            throw new IllegalArgumentException("Secret key for message not found.");
        }

        InputStream clear = pbe.getDataStream(new BcPublicKeyDataDecryptorFactory(sKey));
        PGPObjectFactory plainFact = new PGPObjectFactory(clear);
        Object message = plainFact.nextObject();

        if (message instanceof PGPCompressedData) {
            PGPCompressedData cData = (PGPCompressedData) message;
            PGPObjectFactory pgpFact = new PGPObjectFactory(cData.getDataStream());
            message = pgpFact.nextObject();
        }

        if (message instanceof PGPLiteralData) {
            PGPLiteralData ld = (PGPLiteralData) message;
            InputStream unc = ld.getInputStream();
            int ch;
            while ((ch = unc.read()) >= 0) {
                out.write(ch);
            }
        } else if (message instanceof PGPOnePassSignatureList) {
            throw new PGPException("Encrypted message contains a signed message - not literal data.");
        } else {
            throw new PGPException("Message is not a simple encrypted file - type unknown.");
        }

        if (pbe.isIntegrityProtected()) {
            if (!pbe.verify()) {
                throw new PGPException("Message failed integrity check");
            }
        }
    }

    /**
     * From LockBox Lobs PGP Encryption tools.
     * http://www.lockboxlabs.org/content/downloads
     * <p/>
     * I didn't think it was worth having to import a 4meg lib for three methods
     */

    public static boolean isForEncryption(PGPPublicKey key) {
        if (key.getAlgorithm() == PublicKeyAlgorithmTags.RSA_SIGN
                || key.getAlgorithm() == PublicKeyAlgorithmTags.DSA
                || key.getAlgorithm() == PublicKeyAlgorithmTags.EC
                || key.getAlgorithm() == PublicKeyAlgorithmTags.ECDSA) {
            return false;
        }
        return hasKeyFlags(key, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);
    }


    /**
     * From LockBox Lobs PGP Encryption tools.
     * http://www.lockboxlabs.org/content/downloads
     * <p/>
     * I didn't think it was worth having to import a 4meg lib for three methods
     */
    @SuppressWarnings("unchecked")
    private static boolean hasKeyFlags(PGPPublicKey encKey, int keyUsage) {
        if (encKey.isMasterKey()) {
            for (int i = 0; i != PGPUtils.MASTER_KEY_CERTIFICATION_TYPES.length; i++) {
                for (Iterator<PGPSignature> eIt = encKey.getSignaturesOfType(PGPUtils.MASTER_KEY_CERTIFICATION_TYPES[i]); eIt.hasNext(); ) {
                    PGPSignature sig = eIt.next();
                    if (!isMatchingUsage(sig, keyUsage)) {
                        return false;
                    }
                }
            }
        } else {
            for (Iterator<PGPSignature> eIt = encKey.getSignaturesOfType(PGPSignature.SUBKEY_BINDING); eIt.hasNext(); ) {
                PGPSignature sig = eIt.next();
                if (!isMatchingUsage(sig, keyUsage)) {
                    return false;
                }
            }
        }
        return true;
    }

    /**
     * From LockBox Lobs PGP Encryption tools.
     * http://www.lockboxlabs.org/content/downloads
     * <p/>
     * I didn't think it was worth having to import a 4meg lib for three methods
     */
    private static boolean isMatchingUsage(PGPSignature sig, int keyUsage) {
        if (sig.hasSubpackets()) {
            PGPSignatureSubpacketVector sv = sig.getHashedSubPackets();
            if (sv.hasSubpacket(PGPUtils.KEY_FLAGS)) {
                // code fix suggested by kzt (see comments)
                if ((sv.getKeyFlags() == 0 && keyUsage == 0)) {
                    return false;
                }
            }
        }
        return true;
    }

    public static void main(String[] args) throws Exception {
        FileInputStream in = new FileInputStream("/Users/fusheng/Desktop/DPXK_EBC17030001_14_20170306_26_1.csv.gpg");
        File keyInFile = new File("/Users/fusheng/Desktop/xieyuanshun.asc");
        FileInputStream keyIn = new FileInputStream(keyInFile);
        File outputFile = File.createTempFile("CITIC_DECRYPTED", ".csv");
        FileOutputStream out = new FileOutputStream(outputFile);
        PGPUtils.decryptFile(in, out, keyIn, "1qaz2wsx".toCharArray());
        System.out.println(FileUtils.readFileToString(outputFile));
    }
}

 

 

 

 

 

使用密钥解密文件并读取数据:

 

if (!"gpg".equalsIgnoreCase(FilenameUtils.getExtension(file.getName()))) {
                continue;
            }

            FileInputStream in = new FileInputStream(file);
            File keyInFile = new File("/Users/fusheng/Desktop/xieyuanshun.asc");
            FileInputStream keyIn = new FileInputStream(keyInFile);
            File outputFile = File.createTempFile("CITIC_DECRYPTED", ".csv");
            FileOutputStream out = new FileOutputStream(outputFile);
            PGPUtils.decryptFile(in, out, keyIn, "1qaz2wsx".toCharArray());

            List<File> fileLST = new ArrayList<>();
            fileLST.add(file);
            List<String> referenceIds = FileUtils.readLines(outputFile);

 

 

 

 

 

OkidoGreen
关注
  • 1
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
java pgp加密_基于Java Bouncy CastlePGP加密解密示例
weixin_34797253的博客
02-13 574
#re: 基于Java Bouncy CastlePGP加密解密示例回复更多评论2016-03-02 10:32 by 毛小龙对文件进行加密 在测试类里面已经跑通了 抽取出来调用就报这个错 各位帮忙看看是什么原因啊?????org.bouncycastle.openpgp.PGPException: cannot create cipher: No such provider: BCj...
Java接入PGP加密
weixin_35932974的博客
09-28 1466
java 接入 pgp 加密
PGP 加解密及签名验签示例
09-23
PGP 加解密及签名验签示例
使用Bouncy Castle进行高级加密实践
最新发布
weixin_53840353的博客
07-02 1075
Bouncy Castle是一个开源的Java加密库,提供了大量的加密算法、协议和工具。它支持从基本的对称加密到复杂的非对称加密,以及数字签名和密钥协商协议。Bouncy Castle不仅适用于Java标准版(JSE),还支持Java微版(JME)和Android平台。Bouncy Castle是一个功能强大的Java加密库,提供了丰富的加密算法和协议支持。通过本文的示例代码,你可以学习如何使用Bouncy Castle进行对称加密、非对称加密、数字签名和密钥协商。
关于PGP解密基于Java Bouncy Castle
weixin_44102477的博客
03-22 1355
前几天有个项目要PGP解密csv文件,第一次了解PGP,查了好多资料费时1天半算是完成了,特此记录一下,也是我第一篇文章。
JAVA实现PGP/GPG加解密加验签
热门推荐
Jack 架构师之路
03-13 15万+
一、引言 上一篇博客中介绍了GPG的基本使用,在原来的项目中我们对接gpg加密的时候,采用的方式,利用java代码执行shell命令行,但是在新对接的项目中,这种方式对方利用 命令行能解密,但是利用他们的代码不能解密,原因是他们代码生成并不是pgp后缀 的加密文件, 而是pgp格式的加密文件。所以小编也利用java生成一个加密文件,这样双方可以愉快的加解密了。 二、代码实现 2.1 mave...
搭建OpenPGP Key server
自律即自由
01-15 991
环境 Centos主机 相关资料 sks server source sks server 概览 从EPLE安装 yum install epel-release yum install sks 配置 mkdir /opt/sks -p cd /opt/aks sks build sks db sks recon & 其它工作 服务搭建完成后,工作在端口11371,可通过ngin...
bouncy-gpg:再次将Bouncy Castle与OpenPGP结合使用会很有趣!
05-04
只需几行代码即可加密,解密,签名和验证GPG / PGP文件 通过使用读取加密文件来保护所有 您甚至可以-永远不要让纯文本打入您的服务器磁盘! 例子 Bouncy GPG内置了几个。 密钥管理 Bouncy GPG支持读取gpg 密钥环和...
bouncycastle 加密工具包
11-17
- **添加依赖**:在Java项目中,需要将`bouncycastle.jar`添加到项目的类路径中,通常可以通过Maven或Gradle的依赖管理来实现。 - **初始化提供者**:为了使用Bouncy Castle提供的服务,需要在Java安全配置中注册...
openPGP加解密示例.docx
06-26
Java中实现OpenPGP的加解密功能,通常需要依赖BouncyCastle库,这是一个强大的加密工具包,包含了对OpenPGP的支持。 在开始之前,需要下载并安装两个关键的BouncyCastle JAR包:`bcprov-jdk15on`和`bcpg-jdk15on`...
bouncycastle jar包
06-22
4. **PGP支持**:Bouncy Castle还实现了Pretty Good Privacy (PGP) 协议,使得在Java环境中使用PGP加密和签名变得简单。 5. **TLS/SSL支持**:Bouncy Castle可以作为Java的JSSE(Java Secure Socket Extension)...
PGP加密软件Java实现
01-07
PGP(Pretty Good Privacy),是一个基于RSA公钥加密体系的邮件加密软件。 以RSA与DES为基础用Java实现。
BouncyCastle.Crypto.dll,itextsharp.dll
10-18
Bouncy Castle不仅提供了基本的加密操作,如加解密、数字签名和哈希,还支持更高级的功能,如PKCS#7(用于封装和验证数据)、PGP(用于电子邮件加密)以及X.509证书管理。这个库以其灵活、高效和全面的特性,成为了...
jec-bouncycastle.jar.rar
05-14
Java项目中使用Bouncy Castle,通常需要将`jec-bouncycastle.jar`添加到项目的类路径中。如果是Maven项目,可以在pom.xml文件中添加对应的依赖。对于非Maven项目,可以通过下载JAR文件并将其放入项目的lib目录下。...
JAVA_CRYPTO.zip_PGP java_Portable PGP Java_java PGP_java pgp fil
09-24
Java环境中,处理加密和解密通常会使用Bouncy Castle库,这是一个强大的密码学API,支持多种加密标准,包括RSA和PGP。开发者可能需要了解如何在项目中引入和使用这个库,以实现这些加密算法。 总结起来,这些Java...
基于Java Bouncy CastlePGP加密解密示例2
z69183787的专栏
09-07 4717
PGP即Pretty Good Privacy,是一个基于RSA公钥&私钥及AES等非对称加密算法的加密软件系列,比较具有代表性加密解密客户端已被Symantec收购,详见www.pgp.com,在Symantec的网站上可以下载最新版客户端软件。 本文讲的是使用Java基于Bouncy Castle包的PGP加密解密示例,按照以下步骤即可轻松实现: 1. 客户端软件 由于Symantec...
Java GPG解密关于:encrypted message contains a signed message - not literal data.的解决
qq_42394055的博客
11-18 834
今天决定写一篇关于GPG加密解密的文章吧,因为最近自己负责的一个项目有用到,客户将文件使用公钥加密后发给我们,我们需要使用对应的私钥进行解密。但是对于GPG的话我也是首次接触,于是参考网上大佬们的博客,我自己在这里做个记录。而让我感到比较有成就感的是,通过查找了一整天的资料,也解决了当解密后的文件包含签名信息时,网上大多数JAVA工具类抛出的encrypted message contains a signed message - not literal data.异常信息 1 关于GPG .
基于JAVA代码进行GPG加解密(代码拿来就可以用)
奔跑的小孩
07-10 4404
银行对接保险公司要对文件进行gpg加密,那保险公司要进行解密了。 原来想的方案是用java代码编写cmd命令然后执行bat文件,生成指定的文件夹下。这样的话有几个弊端:第一次运行bat文件的时候总是会提示要输入密码,发布到服务器上是不可控的。另一个是服务器是windows系统的话还要安装gpg的软件。 后来发现java封装有gpg解密的,于是就拿来用了。我的业务逻辑是取...
java BouncyCastle pgp 加密解密文件
05-20
BouncyCastleJava 平台上的一个加解密库,支持多种加密算法,包括 PGP 加解密。以下是使用 BouncyCastle 实现 PGP 加密解密文件的示例代码: 1. 加载 BouncyCastle Provider: ``` Security.addProvider(new BouncyCastleProvider()); ``` 2. 生成 PGP 密钥对: ``` PGPKeyPairGenerator kpg = new JcaPGPKeyPairGenerator().setProvider("BC").setAlgorithm(AsymmetricAlgorithmTags.RSA_GENERAL).setKeySize(2048); PGPKeyPair kp = kpg.generate(); ``` 3. 导出公钥和私钥: ``` PGPPublicKeyRing publicKeyRing = new PGPPublicKeyRing(kp.getPublicKey().getEncoded(), new JcaKeyFingerprintCalculator()); PGPPublicKey publicKey = publicKeyRing.getPublicKey(); PGPPrivateKey privateKey = kp.getPrivateKey(); ``` 4. 加密文件: ``` // 创建加密器 PGPEncryptorBuilder builder = new JcePGPEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256).setSecureRandom(new SecureRandom()); builder.setProvider("BC"); PGPEncryptor encryptor = builder.build(publicKey); // 创建输出流 File outputFile = new File("encrypted.pgp"); OutputStream outputStream = new FileOutputStream(outputFile); // 创建压缩器 PGPCompressedDataGenerator compressor = new PGPCompressedDataGenerator(CompressionAlgorithmTags.ZIP); OutputStream compressedOutputStream = compressor.open(outputStream); // 创建签名器 PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(PublicKeyAlgorithmTags.RSA_GENERAL, HashAlgorithmTags.SHA256).setProvider("BC")); signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey); signatureGenerator.generateOnePassVersion(false).encode(compressedOutputStream); // 创建字节流加密器 PGPLiteralDataGenerator literalDataGenerator = new PGPLiteralDataGenerator(); OutputStream literalOutputStream = literalDataGenerator.open(compressedOutputStream, PGPLiteralData.BINARY, "filename", new Date(), new byte[1024]); // 加密文件内容 File inputFile = new File("input.txt"); InputStream inputStream = new FileInputStream(inputFile); byte[] buffer = new byte[1024]; int length; while ((length = inputStream.read(buffer)) != -1) { literalOutputStream.write(buffer, 0, length); } inputStream.close(); // 关闭流 literalDataGenerator.close(); signatureGenerator.generate().encode(compressedOutputStream); compressor.close(); encryptor.close(); outputStream.close(); ``` 5. 解密文件: ``` // 创建解密器 PGPObjectFactory factory = new JcaPGPObjectFactory(new FileInputStream("encrypted.pgp")); PGPEncryptedDataList encryptedDataList = (PGPEncryptedDataList) factory.nextObject(); PGPPBEEncryptedData pbeEncryptedData = (PGPPBEEncryptedData) encryptedDataList.get(0); PGPPrivateKey privateKey = findPrivateKey("userid", "password".toCharArray()); InputStream decryptedInputStream = pbeEncryptedData.getDataStream(new JcePBEDataDecryptorFactoryBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider("BC").build()).setProvider("BC").build(privateKey)); // 创建签名校验器 PGPObjectFactory plainFactory = new JcaPGPObjectFactory(decryptedInputStream); PGPOnePassSignatureList signatureList = (PGPOnePassSignatureList) plainFactory.nextObject(); PGPOnePassSignature signature = signatureList.get(0); PGPPublicKey publicKey = findPublicKey(signature.getKeyID()); signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), publicKey); PGPLiteralData literalData = (PGPLiteralData) plainFactory.nextObject(); InputStream literalInputStream = literalData.getInputStream(); // 校验签名 byte[] buffer = new byte[1024]; int length; while ((length = literalInputStream.read(buffer)) != -1) { signature.update(buffer, 0, length); } if (signature.verify(((PGPSignatureList) plainFactory.nextObject()).get(0))) { System.out.println("Signature verified"); } else { System.out.println("Signature not verified"); } // 读取文件内容 while ((length = literalInputStream.read(buffer)) != -1) { // 处理文件内容 } literalInputStream.close(); decryptedInputStream.close(); ``` 其中,`findPrivateKey` 和 `findPublicKey` 方法根据指定的用户 ID 查找对应的私钥和公钥。在实际使用时,需要将用户 ID 和密钥信息存储在合适的位置,例如文件或数据库中,然后在程序中进行读取。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值