java - 无法 gpg 解密 BouncyCaSTLePGP 加密消息

当我尝试使用 BouncyCaSTLe 加密的 GnuPG 解密消息时，我收到两条 gpg: [dont Know]: invalid packet (ctb=xx) 消息，并且解密失败。

我在 OSX 上使用 BouncyCaSTLe 1.54 和 gpg (GnuPG) 2.0.30

详细信息

1) PGP key 是使用 gpg 生成的，如下所示:

$ gpg --gen-key
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Foo Bar
Email address: foo@bar.com
Comment: Test Key
You selected this USER-ID:
    "Foo Bar (Test Key) <foo@bar.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
public and secret key created and signed.

pub   2048R/79CC322A 2017-08-17
      Key fingerprint = 93B9 0D06 08D2 EB84 9F83  4CD3 A470 748E 79CC 322A
uid       [ unknown] Foo Bar (Test Key) <foo@bar.com>
sub   2048R/21B41E21 2017-08-17
$

2) 以 asc 形式导出的 PGP 公钥如下所示:

3) PGP 公钥以“PUBLIC KEY BLOCK”形式传入并解析如下: (pgpKeyBytes 是 key 的字符串表示形式的 UTF-8 字节编码)

private PGPPublicKey resolvePgpPublicKey(byte[] pgpKeyBytes) throws IOException, PGPException {
  PGPPublicKeyRingCollection keyRingCollection;
  try (InputStream in = PGPUtil.getDecoderStream(new ByteArrayInputStream(pgpKeyBytes))) {
    keyRingCollection = new PGPPublicKeyRingCollection(
        PGPUtil.getDecoderStream(in), new JcaKeyFingerprintCalculator());
  }

  Iterator<?> keyRingIterator = keyRingCollection.getKeyRings();
  while (keyRingIterator.hasNext()) {
    PGPPublicKeyRing keyRing = (PGPPublicKeyRing) keyRingIterator.next();

    Iterator<?> keyIterator = keyRing.getPublicKeys();
    while (keyIterator.hasNext()) {
      PGPPublicKey key = (PGPPublicKey) keyIterator.next();
      if (key.isMasterKey()) {
        continue;
      }
      if (key.isEncryptionKey()) {
        return key;
      }
    }
  }
  throw new ServiceRequestException("Cannot resolve PGPPublicKey");
}

4) PGP 加密的是 16 字节数组的十六进制字符串表示形式(作为传入) keyBytes)如下:

private byte[] encryptKeyBytes(byte[] keyBytes, byte[] pgpKey) throws GeneralSecurityException {
  ByteArrayOutputStream encKeyBytes = new ByteArrayOutputStream(keyBytes.length);

  try (Handle<SecureRandom> randomHandle = RngSupport.getRandom()) {
    JcePGPDataEncryptorBuilder encryptorBuilder =
        new JcePGPDataEncryptorBuilder(PGPEncryptedDataGenerator.AES_256);
    encryptorBuilder.setWithIntegrityPacket(true);
    encryptorBuilder.setSecureRandom(randomHandle.getObject());
    encryptorBuilder.setProvider("BC");

    PGPEncryptedDataGenerator encryptor = new PGPEncryptedDataGenerator(encryptorBuilder);
    try {
      JcePublicKeyKeyEncryptionMethodGenerator keyEncryptionMethodGenerator =
          new JcePublicKeyKeyEncryptionMethodGenerator(resolvePgpPublicKey(pgpKey));
      keyEncryptionMethodGenerator.setProvider("BC");
      encryptor.addMethod(keyEncryptionMethodGenerator);
      try (
          OutputStream ao = new ArmoredOutputStream(encKeyBytes);
          OutputStream eo = encryptor.open(ao, keyBytes.length)) {
        eo.write(BytesSupport.encodeHex(keyBytes).getBytes(StandardCharsets.UTF_8));
      }
    } catch (ServiceRequestException e) {
      throw e;
    } catch (Exception e) {
      throw new GeneralSecurityException("Cannot perform PGP encryption", e);
    }
  }

  return encKeyBytes.toByteArray();
}

5) 此加密的示例结果如下所示:

6) 当我尝试解密消息时，我收到两条“gpg: [不知道]: 无效数据包”消息和解密失败:

$ gpg -vv --decrypt /tmp/ct.asc
gpg: armor: BEGIN PGP MESSAGE
Version: BCPG v@RELEASE_NAME@
:pubkey enc packet: version 3, algo 1, keyid 46B51E4921B41E21
    data: [2046 bits]
gpg: armor header:
gpg: public key is 21B41E21
gpg: using subkey 21B41E21 instead of primary key 79CC322A

You need a passphrase to unlock the secret key for
user: "Foo Bar (Test Key) <foo@bar.com>"
gpg: using subkey 21B41E21 instead of primary key 79CC322A
2048-bit RSA key, ID 21B41E21, created 2017-08-17 (main key ID 79CC322A)

gpg: no running gpg-agent - starting one
gpg: public key encrypted data: good DEK
:encrypted data packet:
    length: 57
    mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID 21B41E21, created 2017-08-17
      "Foo Bar (Test Key) <foo@bar.com>"
gpg: AES256 encrypted data
gpg: [don't know]: invalid packet (ctb=39)
gpg: decryption okay
gpg: [don't know]: invalid packet (ctb=44)
$

最佳答案

encryptKeyBytes 实现(即构建加密 PGP 消息的地方)的问题在于，它按原样写入纯文本消息八位字节，而不是 literal data ，因此在解密尝试期间出现协议(protocol)错误。

正确的实现如下所示:

private byte[] encryptKeyBytes(String keyName, byte[] keyBytes, byte[] pgpKey)
    throws GeneralSecurityException {
  ByteArrayOutputStream encKeyBytes = new ByteArrayOutputStream(keyBytes.length);

  try (Handle<SecureRandom> randomHandle = RngSupport.getRandom()) {
    JcePGPDataEncryptorBuilder encryptorBuilder =
        new JcePGPDataEncryptorBuilder(PGPEncryptedDataGenerator.AES_256);
    encryptorBuilder.setWithIntegrityPacket(true);
    encryptorBuilder.setSecureRandom(randomHandle.getObject());
    encryptorBuilder.setProvider("BC");

    PGPEncryptedDataGenerator encryptor = new PGPEncryptedDataGenerator(encryptorBuilder);
    try {
      JcePublicKeyKeyEncryptionMethodGenerator keyEncryptionMethodGenerator =
          new JcePublicKeyKeyEncryptionMethodGenerator(resolvePgpPublicKey(pgpKey));
      keyEncryptionMethodGenerator.setProvider("BC");
      encryptor.addMethod(keyEncryptionMethodGenerator);

      PGPLiteralDataGenerator dataGenerator = new PGPLiteralDataGenerator();
      byte[] data = BytesSupport.encodeHex(keyBytes).getBytes(StandardCharsets.UTF_8);
      try (
          OutputStream ao = new ArmoredOutputStream(encKeyBytes);
          OutputStream eo = encryptor.open(ao, keyBytes.length);
          OutputStream go = dataGenerator.open(
              eo, PGPLiteralData.UTF8, keyName, data.length, new Date())) {
        go.write(data);
      }
    } catch (ServiceRequestException e) {
      throw e;
    } catch (Exception e) {
      throw new GeneralSecurityException("Cannot perform PGP encryption on the content key", e);
    }
  }

  return encKeyBytes.toByteArray();
}

请注意 PGPLiteralDataGenerator 的使用，它是提供写入消息字节的输出流的抽象。

关于java - 无法 gpg 解密 BouncyCaSTLePGP 加密消息，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/45745843/

java - 无法 gpg 解密 BouncyCaSTLePGP 加密消息

上一篇：java - 矩形与从中心点绘制的直线之间的截距

下一篇：java - 如何禁用ActiveMQ中的InactivityMonitor日志？