OpenPGP Encryption Using BouncyCastle Lightweight API

前提是你 提交于 2019-12-12 03:52:52

问题


I have to encrypt some content using a 256 bit AES-CBC key. The encryption protocol to be followed is OpenPGP. Since the key size is 256 bit and the public/private keys will also be of 4096 bit I will have to use the lightweight APIs. I have found several questions that show how to encrypt using a 256 bit AES-CBC key but I cannot figure out how to integrate that with PGP.

The most obvious approach is to encrypt it using the AES engine and then encrypt the result using the public key as it is done in OpenPGP. However that would require me to generate the initialization vectors and the AES keys. These are things that I would prefer the library to do since there are a lot of things that can go wrong while doing it.

Here is a sample of the code I am using to encrypt:

PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.AES_256).setWithIntegrityPacket(true).setSecureRandom(rand).setProvider("BC"));
    encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(<PGPPublic Key object>));

    OutputStream encryptedOut = encGen.open(out, new byte[BUFFER_SIZE]);

From looking at the code for the open function I have determined that the input stream is first encoded using AES-CFB (the library handles all of the above issues I have mentioned with the Initialization Vectors internally) and then using the public key that I have provided. How do I get it to use AES-CBC instead?


回答1:


Your question mostly boils down to two parts -- using AES-256 and switching to the CBC mode of operation. I cannot help you with using AES-256 in Bouncy Castle, but can provide clarifications regarding the mode of operation.

You cannot use CBC with OpenPGP. The OpenPGP specification only allows a special variant of CFB. If you require CBC, you'll have to choose another crypto system; if putting together OpenPGP messages is more important, stick to the OpenPGP CFB mode. If you create OpenPGP messages in CBC mode, they're not following the standard and other implementations of OpenPGP (like PGP, "normal" BouncyCastle" and GnuPG) will not be able to read the message.



来源:https://stackoverflow.com/questions/37645113/openpgp-encryption-using-bouncycastle-lightweight-api

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!