Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/325.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/loops/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 通过Bouncy Castle提取GPG密钥使用标志_Java_Bouncycastle_Pgp_Gnupg - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 通过Bouncy Castle提取GPG密钥使用标志

Java 通过Bouncy Castle提取GPG密钥使用标志

java

Java 通过Bouncy Castle提取GPG密钥使用标志,java,bouncycastle,pgp,gnupg,Java,Bouncycastle,Pgp,Gnupg,似乎,PGPPublicKey类提供了一种isEncryptionKey()方法来确定公钥的算法是否可用于加密目的(RSA_-GENERAL,RSA_-ENCRYPT,ELGAMAL_-GENERAL,ELGAMAL-ENCRYPT)仅此一项不足以选择有效的加密子密钥 存在关于存储在数据包中的公钥的预期用途的信息,如GnuPG packet.h所示: 41 /* Usage flags */ 42 #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN

似乎,
PGPPublicKey
类提供了一种
isEncryptionKey()
方法来确定公钥的算法是否可用于加密目的(
RSA_-GENERAL
RSA_-ENCRYPT
ELGAMAL_-GENERAL
ELGAMAL-ENCRYPT
)仅此一项不足以选择有效的加密子密钥

存在关于存储在数据包中的公钥的预期用途的信息,如GnuPG packet.h所示:

 41 /* Usage flags */
 42 #define PUBKEY_USAGE_SIG     GCRY_PK_USAGE_SIGN  /* Good for signatures. */
 43 #define PUBKEY_USAGE_ENC     GCRY_PK_USAGE_ENCR  /* Good for encryption. */
 44 #define PUBKEY_USAGE_CERT    GCRY_PK_USAGE_CERT  /* Also good to certify keys.*/
 45 #define PUBKEY_USAGE_AUTH    GCRY_PK_USAGE_AUTH  /* Good for authentication. */
 46 #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN  /* Unknown usage flag. */
 47 #define PUBKEY_USAGE_NONE    256                 /* No usage given. */
我的问题是,鉴于Bouncy Castle不公开这些标志,建议用什么方法从Java中的PublicKeyPacket中提取密钥使用信息?

我找到了答案。对于子孙后代,以下是解决方案:

// If Key Usage flags are present, we must respect them:
int keyFlagsEncountered = 0;
boolean keyUsageAllowsEncryption = false;

Iterator<PGPSignature> i = key.getSignatures();
while(i.hasNext()) {
    PGPSignature signature = i.next();
    int keyFlags = signature.getHashedSubPackets().getKeyFlags();
    keyFlagsEncountered += keyFlags;

    boolean isEncryptComms = (keyFlags & KeyFlags.ENCRYPT_COMMS) > 0;
    boolean isEncryptStorage = (keyFlags & KeyFlags.ENCRYPT_STORAGE) > 0;
    // Other KeyFlags available here (AUTHENTICATION, SIGN_DATA, CERTIFY_OTHER).

    if (isEncryptComms || isEncryptStorage) {
        keyUsageAllowsEncryption = true;
    }
}

// However, if Key Usage flags are not present (older key, or key generation process simply did not include the flags) 
// then we still attempt to use an encryption key using the existing methods:
keyUsageAllowsEncryption = keyFlagsEncountered == 0 || keyUsageAllowsEncryption;

//如果存在密钥使用标志,我们必须尊重它们:
int keyFlagsEncountered=0;
布尔键UsageAllowsEncryption=false;
迭代器i=key.getSignatures();
while(i.hasNext()){
PGPSignature signature=i.next();
int keyFlags=signature.getHashedSubPackets().getKeyFlags();
keyFlagsEncountered+=keyFlags;
布尔值isEncryptComms=(keyFlags和keyFlags.ENCRYPT_COMMS)>0;
布尔isEncryptStorage=(keyFlags和keyFlags.ENCRYPT_存储)>0;
//此处提供的其他密钥标志(身份验证、签署数据、认证其他)。
if(isEncryptComms | | isEncryptStorage){
keyUsageAllowsEncryption=true;
}
}
//但是,如果密钥使用标志不存在(旧密钥或密钥生成过程根本不包括这些标志)
//然后,我们仍然尝试使用现有方法使用加密密钥:
keyUsageAllowsEncryption=keyFlagsEncountered==0 | | keyUsageAllowsEncryption;
子孙后代的问候。它不应该是keyFlags&keyFlags.ENCRYPT_COMMS==0而不是>0吗?谢谢