2

我正在尝试在 bouncycastle 1.49 版中使用未弃用的构造函数,但我很难弄清楚如何使用这些创建的对象,因为它与我发现的任何教程都有点不同网络。

到目前为止,这是我的代码;谁能告诉我我应该用 PGPContentSigner 做什么以及我应该如何将它连接到 OutputStream?我想要实现的是在数据上附加签名,而不必将数据加密给任何特定的人(很像gpg --clearsign -a <textfile>)。

我已经研究过ArmoredOutputStream它的方法,beginClearText(int)看起来很有希望,但只是调用它,将数据转储到输出流中,调用endClearText,然后将签名字节写入 是ArmoredOutputStream行不通的。看起来好像需要对流进行低级操作,将控制字节插入流中以指示签名的开始等。在我看来,应该有某种固定装置来挂钩签名者和装甲输出流在一起,可以处理该数据包的杂耍。

/**
 * Generate a signature for the given bytes so that they can be sent off and the recipient can verify
 * that the bytes have not been tampered with in transit.
 *
 * @param dataBytes the data to sign
 * @return the data along with the signature
 * @throws PGPException if there's a problem generating the signature
 */
public static byte[] clearSignBytes(byte[] dataBytes, PGPSecretKeyRingCollection skrCollection, String keyPass) throws PGPException {
    ByteArrayOutputStream baos = new ByteArrayOutputStream(); // this is where we put the signed data

    try {
        // get our secret key so we can init the signature generator
        Iterator<PGPSecretKeyRing> it = skrCollection.getKeyRings();
        PGPSecretKeyRing skr = it.next();
        PGPSecretKey skey = skr.getSecretKey();
        PGPPrivateKey prKey = skey.extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(keyPass.toCharArray()));
        BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder(skey.getPublicKey().getAlgorithm(), PGPUtil.SHA256);
        PGPContentSigner signer = signerBuilder.build(PGPSignature.BINARY_DOCUMENT, prKey);

        // Now, we're supposed to write dataBytes somewhere and we're supposed to hand them to the signer somehow
        // and ultimately we're supposed to tell the signer to output a signature and we put the signature and
        // dataBytes together into baos.
        // TODO ??????
    } catch (Exception e) {
        __l.error("Exception generating signature", e);
        throw new PGPException("Exception while signing the data", e);
    }
    return baos.toByteArray();
}
4

1 回答 1

3

原来我没有使用正确的课程来完成工作。这是该方法的相关部分,其中包含实际有效的代码。我希望这可以帮助其他有同样困惑的人。我们拿到后PGPPrivateKey prKey...

        PGPSignatureGenerator sGen = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(skey.getPublicKey().getAlgorithm(), PGPUtil.SHA256).setProvider("BC"));
        PGPSignatureSubpacketGenerator  spGen = new PGPSignatureSubpacketGenerator();

        sGen.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, prKey);
        Iterator userIDs = skey.getPublicKey().getUserIDs();
        if (it.hasNext()) {
            spGen.setSignerUserID(false, (String)userIDs.next());
            sGen.setHashedSubpackets(spGen.generate());
        }

        ArmoredOutputStream aos = new ArmoredOutputStream(baos);
        aos.beginClearText(PGPUtil.SHA256);

        sGen.update(dataBytes);
        aos.write(dataBytes);

        aos.endClearText();

        BCPGOutputStream bOut = new BCPGOutputStream(aos);
        sGen.generate().encode(bOut);

        aos.flush();
        aos.close();
于 2013-09-13T23:10:01.490 回答