1. 程式人生 > >Java 使用PGP實現簽名加密

Java 使用PGP實現簽名加密

具體的給一個我寫的Util類,在這裡使用到了第三方包cryptix,具體的可以去www.cryptix.org網站上去找資料。ceryptix的jar包放在附件中。
示例類:

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;


import cryptix.message.EncryptedMessage;
import cryptix.message.EncryptedMessageBuilder;
import cryptix.message.KeyBundleMessage;
import cryptix.message.LiteralMessage;
import cryptix.message.LiteralMessageBuilder;
import cryptix.message.Message;
import cryptix.message.MessageException;
import cryptix.message.MessageFactory;
import cryptix.message.NotEncryptedToParameterException;
import cryptix.message.SignedMessage;
import cryptix.message.SignedMessageBuilder;
import cryptix.openpgp.PGPArmouredMessage;
import cryptix.pki.KeyBundle;

public class PGPUtil {

/**
* 新增提供者
*/
static{
Security.addProvider(new cryptix.jce.provider.CryptixCrypto());
Security.addProvider(new cryptix.openpgp.provider.CryptixOpenPGP() );
}

/**
* 構建 LiteralMessage 物件
* @param message
* @return
* @throws MessageException
*/
private static LiteralMessage buildLiteralMessage(byte[] message) throws MessageException{
LiteralMessageBuilder lmb = null;

try {
lmb = LiteralMessageBuilder.getInstance("OpenPGP");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
lmb.init(message);
LiteralMessage literal = (LiteralMessage)lmb.build();
return literal;
}

/**
* 使用多個公鑰對明文加密
* @param plain 明文
* @param recipientKeys 公鑰集合
* @return 加密後的明文
* @throws MessageException
*/
public static byte[] encrypt(byte[] plain,List<KeyBundle> recipientKeys) throws MessageException{
LiteralMessage literal = buildLiteralMessage(plain);

EncryptedMessageBuilder emb = null;
try {
emb = EncryptedMessageBuilder.getInstance("OpenPGP");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
emb.init(literal);

//新增接受者
for(KeyBundle key : recipientKeys){
emb.addRecipient(key);
}
//壓縮
emb.setAttribute("compressed", "true");
//得到加密資訊
Message msg = emb.build();
PGPArmouredMessage pgpMsg = new PGPArmouredMessage(msg);
return pgpMsg.getEncoded();
}

/**
* 使用單張公鑰加密
* @param plain 明文
* @param publicKey 公鑰
* @return 返回加密後的密文
* @throws MessageException
*/
public static byte[] encrypt(byte[] plain,KeyBundle publicKey) throws MessageException{
List<KeyBundle> list = new ArrayList<KeyBundle>();
list.add(publicKey);
return encrypt(plain, list);

}

/**
* 使用私鑰和密碼對明文簽名
* @param plain 明文
* @param privateKey 私鑰
* @param keypass 私鑰密碼
* @return 簽名後的明文
* @throws MessageException
* @throws UnrecoverableKeyException
*/
public static byte[] sign(byte[] plain,KeyBundle privateKey,String keypass)throws MessageException,UnrecoverableKeyException{
SignedMessageBuilder smb = null;
try {
smb = SignedMessageBuilder.getInstance("OpenPGP");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}

// SignedMessageBuilder smb = SignedMessageBuilder.getInstance("OpenPGP/V3");

LiteralMessage literal = buildLiteralMessage(plain);
smb.init(literal);
smb.addSigner(privateKey, keypass.toCharArray());

Message msg = smb.build();
PGPArmouredMessage armoured = new PGPArmouredMessage(msg);
return armoured.getEncoded();
}

/**
* 使用私鑰和密碼解密加密後的資料
* @param encrypted PGP加密過的資料
* @param privateKey 私鑰
* @param keypass 私鑰密碼
* @return 解密後的明文
* @throws MessageException
* @throws IOException
* @throws UnrecoverableKeyException
* @throws NotEncryptedToParameterException
*/
public static byte[] decrypt(byte[] encrypted,KeyBundle privateKey,String keypass) throws MessageException, IOException, UnrecoverableKeyException, NotEncryptedToParameterException{

MessageFactory mf = null;
try {
mf = MessageFactory.getInstance("OpenPGP");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}

Collection msgs = mf.generateMessages(new ByteArrayInputStream(encrypted));

//得到集合中的EncryptedMessage物件
Message message = (Message)msgs.iterator().next();

if (!(message instanceof EncryptedMessage)) {
throw new MessageException("Not a encrypted message.");
}

EncryptedMessage em = (EncryptedMessage)message;
Message msg = em.decrypt(privateKey,keypass.toCharArray());
return ((LiteralMessage)msg).getBinaryData();
}

/**
* 解密驗籤
* @param encrypted 密文
* @param privateKey 私鑰
* @param keypass 私鑰密碼
* @param publicKey 公鑰
* @return 返回明文
* @throws UnrecoverableKeyException
* @throws MessageException
* @throws IOException
* @throws NotEncryptedToParameterException
*/
public static byte[] decryptVerify(byte[] encrypted,KeyBundle privateKey,String keypass,KeyBundle publicKey) throws UnrecoverableKeyException, MessageException, IOException, NotEncryptedToParameterException{
return PGPUtil.verify(PGPUtil.decrypt(encrypted, privateKey, keypass), publicKey);
}

/**
* 驗證Message
* @param signed 驗證的內容
* @param publickey 公鑰
* @return 返回驗證後的內容
* @throws MessageException
* @throws IOException
*/
public static byte[] verify(byte[] signed,KeyBundle publickey) throws MessageException, IOException{

MessageFactory mf = null;
try {
mf = MessageFactory.getInstance("OpenPGP");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}

Message msg = (Message)mf.generateMessages(new ByteArrayInputStream(signed)).iterator().next();
if (!(msg instanceof SignedMessage)) {
throw new MessageException(" Not a signed message.");
}

SignedMessage sm = (SignedMessage)msg;
if (sm.verify(publickey)) {

} else {
throw new MessageException(" Signature verify fail. ");
}

if (!(sm.getContents() instanceof LiteralMessage)){
throw new MessageException(" Not a signed message.");
}

LiteralMessage lm = (LiteralMessage)sm.getContents();
return lm.getBinaryData();
}

/**
* 流轉換為PGP KeuBundle 物件
* @param inputStream Key
* @return 轉換後的 KeuBundle
* @throws MessageException
* @throws IOException
*/
public static KeyBundle streamToKeyBundle(InputStream inputStream) throws MessageException, IOException {
MessageFactory messageFactory = null;
try {
messageFactory = MessageFactory.getInstance("OpenPGP");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
Collection msgs = messageFactory.generateMessages(inputStream);
KeyBundleMessage keybm = (KeyBundleMessage)msgs.iterator().next();

return keybm.getKeyBundle();

}

/**
* 簽名加密
* @param plain 明文
* @param privateKey 私鑰
* @param keypass 私鑰密碼
* @param recipientKeys 公鑰
* @return 返回簽名加密後的資料
* @throws UnrecoverableKeyException
* @throws MessageException
*/
public static byte [] signAndEncrypt(byte[] plain,KeyBundle privateKey,String keypass,List<KeyBundle> recipientKeys) throws UnrecoverableKeyException, MessageException{
return PGPUtil.encrypt(PGPUtil.sign(plain, privateKey, keypass),recipientKeys);
}

/**
* 簽名加密
* @param plain 明文
* @param privateKey 私鑰
* @param keypass 私鑰密碼
* @param recipientKeys 公鑰
* @return 返回簽名加密後的資料
* @throws UnrecoverableKeyException
* @throws MessageException
*/
public static byte [] signAndEncrypt(byte[] plain,KeyBundle privateKey,String keypass,KeyBundle publicKey) throws UnrecoverableKeyException, MessageException{
return PGPUtil.encrypt(PGPUtil.sign(plain, privateKey, keypass),publicKey);
}
}


需要修改jre裡面的security下面的local_policy.jar包給替換。
替換為附件中的local_policy.jar包,然後找到security檔案下面的java.security檔案,在檔案中新增下面的內容:
security.provider.10=cryptix.jce.provider.CryptixCrypto
security.provider.11=cryptix.openpgp.provider.CryptixOpenPGP
增加java的cryptix提供者,sun提供的jre的security下面的local_policy.jar不提供cryptix的加密演算法。
在附件中的testCert.jar是用來測試的公鑰和私鑰。