Java 通过Bouncy Castle提取GPG密钥使用标志
似乎,Java 通过Bouncy Castle提取GPG密钥使用标志,java,bouncycastle,pgp,gnupg,Java,Bouncycastle,Pgp,Gnupg,似乎,PGPPublicKey类提供了一种isEncryptionKey()方法来确定公钥的算法是否可用于加密目的(RSA_-GENERAL,RSA_-ENCRYPT,ELGAMAL_-GENERAL,ELGAMAL-ENCRYPT)仅此一项不足以选择有效的加密子密钥 存在关于存储在数据包中的公钥的预期用途的信息,如GnuPG packet.h所示: 41 /* Usage flags */ 42 #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN
PGPPublicKey
类提供了一种isEncryptionKey()
方法来确定公钥的算法是否可用于加密目的(RSA_-GENERAL
,RSA_-ENCRYPT
,ELGAMAL_-GENERAL
,ELGAMAL-ENCRYPT
)仅此一项不足以选择有效的加密子密钥
存在关于存储在数据包中的公钥的预期用途的信息,如GnuPG packet.h所示:
41 /* Usage flags */
42 #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
43 #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
44 #define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/
45 #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */
46 #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */
47 #define PUBKEY_USAGE_NONE 256 /* No usage given. */
我的问题是,鉴于Bouncy Castle不公开这些标志,建议用什么方法从Java中的PublicKeyPacket中提取密钥使用信息?我找到了答案。对于子孙后代,以下是解决方案:
// If Key Usage flags are present, we must respect them:
int keyFlagsEncountered = 0;
boolean keyUsageAllowsEncryption = false;
Iterator<PGPSignature> i = key.getSignatures();
while(i.hasNext()) {
PGPSignature signature = i.next();
int keyFlags = signature.getHashedSubPackets().getKeyFlags();
keyFlagsEncountered += keyFlags;
boolean isEncryptComms = (keyFlags & KeyFlags.ENCRYPT_COMMS) > 0;
boolean isEncryptStorage = (keyFlags & KeyFlags.ENCRYPT_STORAGE) > 0;
// Other KeyFlags available here (AUTHENTICATION, SIGN_DATA, CERTIFY_OTHER).
if (isEncryptComms || isEncryptStorage) {
keyUsageAllowsEncryption = true;
}
}
// However, if Key Usage flags are not present (older key, or key generation process simply did not include the flags)
// then we still attempt to use an encryption key using the existing methods:
keyUsageAllowsEncryption = keyFlagsEncountered == 0 || keyUsageAllowsEncryption;
//如果存在密钥使用标志,我们必须尊重它们:
int keyFlagsEncountered=0;
布尔键UsageAllowsEncryption=false;
迭代器i=key.getSignatures();
while(i.hasNext()){
PGPSignature signature=i.next();
int keyFlags=signature.getHashedSubPackets().getKeyFlags();
keyFlagsEncountered+=keyFlags;
布尔值isEncryptComms=(keyFlags和keyFlags.ENCRYPT_COMMS)>0;
布尔isEncryptStorage=(keyFlags和keyFlags.ENCRYPT_存储)>0;
//此处提供的其他密钥标志(身份验证、签署数据、认证其他)。
if(isEncryptComms | | isEncryptStorage){
keyUsageAllowsEncryption=true;
}
}
//但是,如果密钥使用标志不存在(旧密钥或密钥生成过程根本不包括这些标志)
//然后,我们仍然尝试使用现有方法使用加密密钥:
keyUsageAllowsEncryption=keyFlagsEncountered==0 | | keyUsageAllowsEncryption;
子孙后代的问候。它不应该是keyFlags&keyFlags.ENCRYPT_COMMS==0而不是>0吗?谢谢