6

几周以来,我一直在努力想弄清楚为什么我们的银行无法解密使用 BouncyCastle PGP 进行单遍签名和加密的消息。该银行正在使用 McAfee E-Business Server 8.6 进行解密。

数据使用银行的公钥加密,并使用我们的私钥签名。

使用我们自己的公钥进行加密,我成功地解密并验证了使用以下代码生成的文件的签名。Gnupg 可以很好地解密和验证文件。

但是,银行无法解密该文件。我试过先关闭压缩,然后关闭 ASCII 装甲。这两个选项似乎都不起作用,无论我尝试什么选项,它们总是会收到相同的错误消息:

event 1: initial
event 13: BeginLex
event 8: Analyze
File is encrypted.  event 9: Recipients
Secret key is required to read it.
Key for user ID "XXXXXXXXX <XXXXXX@XXXX>"
event 6: Passphrase
event 23: Decryption

symmetric cipher used: CAST5
event 3: error -11391

event 2: final

Error decrypting file '/somepath/FILENAME'.
Corrupt data.
Bad packet

exitcode = 32

这是我用来执行单通签名和加密的代码:

public class PGPService {

    private static final Logger log = Logger.getLogger(PGPService.class);


    static {
        Security.addProvider(new BouncyCastleProvider());
    }


    /**
     * A simple routine that opens a key ring file and loads the first available key
     * suitable for signature generation.
     * 
     * @param input stream to read the secret key ring collection from.
     * @return a secret key.
     * @throws IOException on a problem with using the input stream.
     * @throws PGPException if there is an issue parsing the input stream.
     */
    @SuppressWarnings("rawtypes")
    private static PGPSecretKey readSecretKey(InputStream input) throws IOException, PGPException {
        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(
        PGPUtil.getDecoderStream(input));

        // We just loop through the collection till we find a key suitable for encryption, in the real
        // world you would probably want to be a bit smarter about this.

        Iterator keyRingIter = pgpSec.getKeyRings();
        while (keyRingIter.hasNext()) {
            PGPSecretKeyRing keyRing = (PGPSecretKeyRing)keyRingIter.next();
            Iterator keyIter = keyRing.getSecretKeys();
            while (keyIter.hasNext()) {
                PGPSecretKey key = (PGPSecretKey)keyIter.next();
                if (key.isSigningKey()) {
                    return key;
                }
            }
        }

        throw new IllegalArgumentException("Can't find signing key in key ring.");
    }

    /**
     * Single pass signs and encrypts the given file to the given output file using the provided keys.
     * 
     * @param fileNameIn - The name and location of the source input file.
     * @param fileNameOut - The name and location of the destination output file.
     * @param privateKeyIn - The input stream for the private key file.
     * @param privateKeyPassword - The password for the private key file.
     * @param publicEncryptionKey - The public encryption key.
     * @param armoredOutput - Whether or not to ASCII armor the output.
     */
    @SuppressWarnings("rawtypes")
    public static void signAndEncrypt(String fileNameIn, String fileNameOut, InputStream privateKeyIn, String privateKeyPassword, PGPPublicKey publicEncryptionKey, boolean armoredOutput, boolean compress) {

        int bufferSize = 1<<16;
        InputStream input = null;
        OutputStream finalOut = null;
        OutputStream encOut = null;
        OutputStream compressedOut = null;
        OutputStream literalOut = null;
        PGPEncryptedDataGenerator encryptedDataGenerator = null;
        PGPCompressedDataGenerator compressedDataGenerator = null;
        PGPSignatureGenerator signatureGenerator = null;
        PGPLiteralDataGenerator literalDataGenerator = null;

        try {

            File output = new File(fileNameOut);
            OutputStream out = new FileOutputStream(output);
            if (armoredOutput) out = new ArmoredOutputStream(out);

            // ? Use BCPGOutputStreams ?

            // Init encrypted data generator
            encryptedDataGenerator = new PGPEncryptedDataGenerator(PGPEncryptedDataGenerator.CAST5, true, new SecureRandom(), "BC");
            encryptedDataGenerator.addMethod(publicEncryptionKey);
            finalOut = new BufferedOutputStream(out, bufferSize);
            encOut = encryptedDataGenerator.open(finalOut, new byte[bufferSize]);

            // Init compression
            if (compress) {
                compressedDataGenerator = new PGPCompressedDataGenerator(PGPCompressedData.ZLIB);
                compressedOut = new BufferedOutputStream(compressedDataGenerator.open(encOut));
            }

            // Init signature
            PGPSecretKey pgpSec = readSecretKey(privateKeyIn);
            PGPPrivateKey pgpPrivKey = pgpSec.extractPrivateKey(privateKeyPassword.toCharArray(), "BC");        
            signatureGenerator = new PGPSignatureGenerator(pgpSec.getPublicKey().getAlgorithm(), PGPUtil.SHA1, "BC");
            signatureGenerator.initSign(PGPSignature.CANONICAL_TEXT_DOCUMENT, pgpPrivKey);
            Iterator it = pgpSec.getPublicKey().getUserIDs();
            if (it.hasNext()) {
                PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
                spGen.setSignerUserID(false, (String)it.next());
                signatureGenerator.setHashedSubpackets(spGen.generate());
            }
            PGPOnePassSignature onePassSignature = signatureGenerator.generateOnePassVersion(false);
            if (compress) onePassSignature.encode(compressedOut);
            else onePassSignature.encode(encOut);

            // Create the Literal Data generator Output stream which writes to the compression stream
            literalDataGenerator = new PGPLiteralDataGenerator(true);
            if (compress) literalOut = literalDataGenerator.open(compressedOut, PGPLiteralData.BINARY, output.getName(), new Date(), new byte[bufferSize]);
            else literalOut = literalDataGenerator.open(encOut, PGPLiteralData.TEXT, fileNameIn, new Date(), new byte[bufferSize]);

            // Update sign and encrypt
            byte[] buffer = new byte[bufferSize];

            int bytesRead = 0;
            input = new FileInputStream(fileNameIn);
            while((bytesRead = input.read(buffer)) != -1) {
                literalOut.write(buffer,0,bytesRead);
                signatureGenerator.update(buffer,0,bytesRead);
                literalOut.flush();
            }

            // Close Literal data stream and add signature
            literalOut.close();
            literalDataGenerator.close();
            if (compress) signatureGenerator.generate().encode(compressedOut);
            else signatureGenerator.generate().encode(encOut);

        } catch (Exception e) {
            log.error(e);
            throw new RuntimeException(e);
        } finally {
            // Close all streams
            if (literalOut != null) try { literalOut.close(); } catch (IOException e) {}
            if (literalDataGenerator != null) try { literalDataGenerator.close(); } catch (IOException e) {}
            if (compressedOut != null) try { compressedOut.close(); } catch (IOException e) {}
            if (compressedDataGenerator != null) try {  compressedDataGenerator.close(); } catch (IOException e) {}
            if (encOut != null) try {  encOut.close(); } catch (IOException e) {}
            if (encryptedDataGenerator != null) try {  encryptedDataGenerator.close(); } catch (IOException e) {}
            if (finalOut != null) try {  finalOut.close(); } catch (IOException e) {}
            if (input != null) try {  input.close(); } catch (IOException e) {}
        }
    }

    @SuppressWarnings("rawtypes")
    private static PGPPublicKey readPublicKeyFromCol(InputStream in) throws Exception {
        PGPPublicKeyRing pkRing = null;
        PGPPublicKeyRingCollection pkCol = new PGPPublicKeyRingCollection(in);
        log.info("Key ring size = " + pkCol.size());
        Iterator it = pkCol.getKeyRings();
        while (it.hasNext()) {
            pkRing = (PGPPublicKeyRing) it.next();
            Iterator pkIt = pkRing.getPublicKeys();
            while (pkIt.hasNext()) {
                PGPPublicKey key = (PGPPublicKey) pkIt.next();
                log.info("Encryption key = " + key.isEncryptionKey() + ", Master key = " + 
                key.isMasterKey());
                if (key.isEncryptionKey()) {
                    // Find out a little about the keys in the public key ring.
                    log.info("Key Strength = " + key.getBitStrength());
                    log.info("Algorithm = " + key.getAlgorithm());
                    log.info("Bit strength = " + key.getBitStrength());
                    log.info("Version = " + key.getVersion());
                    return key;
                }
            }
        }
        return null;
    }

    private static PGPPrivateKey findSecretKey(InputStream keyIn, long keyID, char[] pass) 
            throws IOException, PGPException, NoSuchProviderException {
        PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyIn));
        PGPSecretKey pgpSecKey = pgpSec.getSecretKey(keyID);
        if (pgpSecKey == null) {
            return null;
        }
        return pgpSecKey.extractPrivateKey(pass, "BC");
    }
}

知道是什么原因造成的吗?我使用 Google 找到了许多报告,但没有解决方案或后续行动。

4

1 回答 1

7

我正在回答我自己的问题,希望它能帮助其他人,因为在网上任何地方都很难找到这个问题的答案。

8.6 之前的 McAfee E-Business Server 版本存在与 BouncyCastle PGP 的兼容性问题,似乎大多数人无法使其正常工作。因此,如果您的供应商/客户/银行正在使用 8.6 之前的 E-Business Server 版本,那么您很可能是 SOL,并且可能需要找到不同的加密包。

来源: https ://kc.mcafee.com/corporate/index?page=content&id=KB60816&cat=CORP_EBUSINESS_SERVER&actp=LIST

“解密使用 Bouncy Castle v1.37 加密的文件可能会导致访问冲突错误(或 UNIX 平台上的 SIGSEG)。此版本已解决此问题。”

幸运的是,我们的银行正在使用 McAfee E-Business Server 8.6。然而,这只是等式的一部分。为了解决不兼容问题,我们必须先关闭压缩和 ASCII 装甲,然后才能成功解密和验证我们的文件。因此,使用我发布的原始代码,您可以为使用 E-Business Server 8.6 的客户端调用它:

PGPService.signAndEncrypt(clearTextFileName, secureFileName, privKeyIn, privateKeyFilePassword, pubKeyIn, true, false, false);

当然,这意味着您不能使用 ASCII 装甲,这可能对您来说是个问题,也可能不是。如果是,BouncyCastle 开发邮件列表上的 David 建议您在非分组模式下使用 BouncyCastle。IE:不要将字节缓冲区传递到流中的打开命令中。或者分两遍对文件进行签名和加密。

比如通过调用:

public static void signFile(String fileNameIn, String fileNameOut, InputStream privKeyIn, String password, boolean armoredOutput) {

        OutputStream out = null;
        BCPGOutputStream bOut = null;
        OutputStream lOut = null;
        InputStream fIn = null;

        try {
            out = new FileOutputStream(fileNameOut);
            if (armoredOutput) {
                out = new ArmoredOutputStream(out);
            }
            PGPSecretKey pgpSec = readSecretKey(privKeyIn);
            PGPPrivateKey pgpPrivKey = pgpSec.extractPrivateKey(password.toCharArray(), "BC");        
            PGPSignatureGenerator sGen = new PGPSignatureGenerator(pgpSec.getPublicKey().getAlgorithm(), PGPUtil.SHA1, "BC");

            sGen.initSign(PGPSignature.BINARY_DOCUMENT, pgpPrivKey);

            Iterator it = pgpSec.getPublicKey().getUserIDs();
            if (it.hasNext()) {
                PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
                spGen.setSignerUserID(false, (String)it.next());
                sGen.setHashedSubpackets(spGen.generate());
            }

            PGPCompressedDataGenerator cGen = new PGPCompressedDataGenerator(PGPCompressedData.ZLIB);
            bOut = new BCPGOutputStream(cGen.open(out));

            sGen.generateOnePassVersion(false).encode(bOut);

            File file = new File(fileNameIn);
            PGPLiteralDataGenerator lGen = new PGPLiteralDataGenerator();
            lOut = lGen.open(bOut, PGPLiteralData.BINARY, file);
            fIn = new FileInputStream(file);
            int ch = 0;

            while ((ch = fIn.read()) >= 0) {
                lOut.write(ch);
                sGen.update((byte) ch);
            }

            lGen.close();
            sGen.generate().encode(bOut);
            cGen.close();

        } catch (Exception e) {
            log.error(e);
            throw new RuntimeException(e);
        } finally {
            if (lOut != null) try { lOut.close(); } catch (IOException e) {}
            if (bOut != null) try { bOut.close(); } catch (IOException e) {}
            if (out != null) try { out.close(); } catch (IOException e) {}
            if (fIn != null) try { fIn.close(); } catch (IOException e) {}
        }
    }

随后调用:

public static byte[] encrypt(byte[] data, InputStream pubKeyIn, boolean isPublicKeyArmored) {

        FileOutputStream fos = null;
        BufferedReader isr = null;

        try {
            if (isPublicKeyArmored) pubKeyIn = new ArmoredInputStream(pubKeyIn);
            PGPPublicKey key = readPublicKeyFromCol(pubKeyIn);
            log.info("Creating a temp file...");
            // Create a file and write the string to it.
            File tempfile = File.createTempFile("pgp", null);
            fos = new FileOutputStream(tempfile);
            fos.write(data);
            fos.close();
            log.info("Temp file created at: " + tempfile.getAbsolutePath());
            log.info("Reading the temp file to make sure that the bits were written...\n");
            isr = new BufferedReader(new FileReader(tempfile));
            String line = "";
            while ((line = isr.readLine()) != null ) {
                log.info(line + "\n");
            }
            int count = 0;
            for (java.util.Iterator iterator = key.getUserIDs(); iterator.hasNext();) {
                count++;
                log.info(iterator.next());
            }
            log.info("Key Count = " + count);
            // Encrypt the data.
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            _encrypt(tempfile.getAbsolutePath(), baos, key);
            log.info("Encrypted text length = " + baos.size());         
            tempfile.delete();
            return baos.toByteArray();
        } catch (PGPException e) {
            log.error(e);
            throw new RuntimeException(e);
        } catch (Exception e) {
            log.error(e);
            throw new RuntimeException(e);
        } finally {
            if (fos != null) try { fos.close(); } catch (IOException e) {}
            if (isr != null) try { isr.close(); } catch (IOException e) {}
        }
    }

警告购买者,因为我无法测试此方法以查看这是否甚至可以解决不兼容问题。但是,如果您没有选择,并且必须为电子商务服务器目标使用 ASCII 装甲,那么您可以尝试这条路径。

可以在 BouncyCastle 开发邮件列表存档中找到更多信息,如果您决定走这条路,可能会有所帮助。特别是这个线程: http: //www.bouncycastle.org/devmailarchive/msg12080.html

于 2011-07-08T17:27:54.770 回答