OpenPGP加密使用BouncyCastle轻量级API [英] OpenPGP Encryption Using BouncyCastle Lightweight API

问题描述

我必须使用256位AES-CBC密钥加密一些内容。要遵循的加密协议是OpenPGP。由于密钥大小为256位，公钥/私钥也将为4096位，因此我将不得不使用轻量级的API。我发现了几个问题，显示如何使用256位AES-CBC密钥进行加密，但我无法弄清楚如何将其与PGP进行整合。

最明显的做法是使用AES引擎对其进行加密，然后使用OpenPGP中的公钥加密结果。然而，这将需要我生成初始化向量和AES密钥。这些是我喜欢图书馆做的事情，因为在执行过程中有很多事情可能会出错。

这是我的代码示例用于加密：

  PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator（new JcePGPDataEncryptorBuilder（PGPEncryptedData.AES_256）.setWithIntegrityPacket（true）.setSecureRandom（rand ）.setProvider（ BC））; 
 encGen.addMethod（new JcePublicKeyEncryptionMethodGenerator（&PGPPublic Key object>））; 
 
 OutputStream encryptedOut = encGen.open（out，new byte [BUFFER_SIZE]）; 
  

从查看开放函数的代码我已经确定输入流首先使用AES -CFB（图书馆处理了我在内部使用初始化向量提到的所有上述问题），然后使用我提供的公钥。如何使用AES-CBC？

解决方案

您的问题主要归结为两部分 - 使用AES-256并切换到CBC操作模式。我无法帮助您在Bouncy Castle使用AES-256，但可以提供有关操作模式的说明。

您不能在OpenPGP中使用CBC。 OpenPGP规范仅允许 CFB的特殊变体。如果您需要CBC，则必须选择另一个加密系统;如果放在一起OpenPGP消息更重要，坚持OpenPGP CFB模式。如果您以CBC模式创建OpenPGP消息，那么他们不遵循OpenPGP的标准和其他实现（如PGP，正常BouncyCastle和GnuPG）将无法读取消息。

I have to encrypt some content using a 256 bit AES-CBC key. The encryption protocol to be followed is OpenPGP. Since the key size is 256 bit and the public/private keys will also be of 4096 bit I will have to use the lightweight APIs. I have found several questions that show how to encrypt using a 256 bit AES-CBC key but I cannot figure out how to integrate that with PGP.

The most obvious approach is to encrypt it using the AES engine and then encrypt the result using the public key as it is done in OpenPGP. However that would require me to generate the initialization vectors and the AES keys. These are things that I would prefer the library to do since there are a lot of things that can go wrong while doing it.

Here is a sample of the code I am using to encrypt:

PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.AES_256).setWithIntegrityPacket(true).setSecureRandom(rand).setProvider("BC"));
    encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(<PGPPublic Key object>));

    OutputStream encryptedOut = encGen.open(out, new byte[BUFFER_SIZE]);

From looking at the code for the open function I have determined that the input stream is first encoded using AES-CFB (the library handles all of the above issues I have mentioned with the Initialization Vectors internally) and then using the public key that I have provided. How do I get it to use AES-CBC instead?

解决方案

Your question mostly boils down to two parts -- using AES-256 and switching to the CBC mode of operation. I cannot help you with using AES-256 in Bouncy Castle, but can provide clarifications regarding the mode of operation.

You cannot use CBC with OpenPGP. The OpenPGP specification only allows a special variant of CFB. If you require CBC, you'll have to choose another crypto system; if putting together OpenPGP messages is more important, stick to the OpenPGP CFB mode. If you create OpenPGP messages in CBC mode, they're not following the standard and other implementations of OpenPGP (like PGP, "normal" BouncyCastle" and GnuPG) will not be able to read the message.

这篇关于OpenPGP加密使用BouncyCastle轻量级API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！