使用BouncyCastle进行Java签名文件-使用秘密密钥环创建文件签名 [英] Java signing files with BouncyCastle - Create signature of a file using secret keyring

问题描述

我正在尝试编写一个使用私钥对文件签名的Java程序。该程序采用3个参数-文件，密钥密钥和密码。输出应在分离的文件* .bpg中。问题是尝试编译代码时出现以下错误：

I'm trying to write a Java program that signs a file with a private key. The program takes 3 arguments - file, secret keyring and a password. The output should be in a detached file *.bpg. The problem is that I get the following errors when I try to compile my code:

C:\CNS3\BCastle>javac Sign.java
Note: Sign.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.

我的代码如下：

import java.io.*;
import java.security.*;
import java.util.Iterator;

import org.bouncycastle.bcpg.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;

public class Sign {
  public static void main(String[] args) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    FileInputStream keyIn = new FileInputStream(args[1]);
    FileOutputStream out = new FileOutputStream(args[0] + ".bpg");
    InputStream in = PGPUtil.getDecoderStream(keyIn);
    PGPSecretKeyRingCollection pgpSec = 
                               new PGPSecretKeyRingCollection(in);
    PGPSecretKey key = null;
    Iterator rIt = pgpSec.getKeyRings();
    while (key == null && rIt.hasNext()) {
      PGPSecretKeyRing kRing = (PGPSecretKeyRing)rIt.next();
      Iterator kIt = kRing.getSecretKeys();
      while ( key == null && kIt.hasNext() ) {
        PGPSecretKey k = (PGPSecretKey)kIt.next();
        if ( k.isSigningKey() ) { key = k; }
      }
    }
    if (key == null) {
      throw new IllegalArgumentException("Can't find key");
    }
    PGPPrivateKey pgpPrivKey = 
         key.extractPrivateKey(args[2].toCharArray(), "BC");
    PGPSignatureGenerator sGen = new PGPSignatureGenerator(
         key.getPublicKey().getAlgorithm(), PGPUtil.SHA1, "BC");
    sGen.initSign(PGPSignature.BINARY_DOCUMENT, pgpPrivKey);
    PGPCompressedDataGenerator cGen = new PGPCompressedDataGenerator(
         PGPCompressedDataGenerator.ZLIB);
    BCPGOutputStream bOut = new BCPGOutputStream(cGen.open(out));
    FileInputStream fIn = new FileInputStream(args[0]);
    int ch = 0;
    while ( (ch = fIn.read()) >= 0 ) { sGen.update((byte)ch); }
    sGen.generate().encode(bOut);
    cGen.close();
    out.close();
  }
}

错误来自以下几行：

    PGPPrivateKey pgpPrivKey = 
         key.extractPrivateKey(args[2].toCharArray(), "BC");
    PGPSignatureGenerator sGen = new PGPSignatureGenerator(
         key.getPublicKey().getAlgorithm(), PGPUtil.SHA1, "BC");
    sGen.initSign(PGPSignature.BINARY_DOCUMENT, pgpPrivKey);

任何人都对如何解决此问题有任何建议？非常感谢！

Anyone have any suggestion on how I might fix this? Thanks a lot!

推荐答案

首先，提到的消息不是错误。他们是警告。您的程序可以正常运行，但是您使用的方法或类被标记为已弃用。这意味着您仍然可以使用它们，但是不建议这样做，因为在将来的充气城堡中，这些方法或类可能会被删除。

First of all, the messages mentioned are not errors. They are warnings. Your program will run fine, but the methods or classes you use are marked as deprecated. That means you can still use them, but it is not recommended to do so, because in future versions of bouncy castle, these methods or classes might be removed.

转到这些类的最新API文档。应该有信息使用什么，而不是不推荐使用的方法/类。

Go to an up to date API documentation of these classes. There should be information what to use instead of the deprecated methods/classes.

这篇关于使用BouncyCastle进行Java签名文件-使用秘密密钥环创建文件签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！