通过Bouncy Castle提取GPG密钥使用标志

时间:2014-10-24 19:26:30

标签: java bouncycastle pgp gnupg

虽然PGPPublicKey类提供isEncryptionKey()方法来确定公钥的算法是否可用于加密目的(RSA_GENERALRSA_ENCRYPT,{{1 }},ELGAMAL_GENERAL)仅此一项不足以选择有效的加密子密钥。

有关于数据包中存储的公钥的预期用途的信息,如GnuPG packet.h中所示:

ELGAMAL_ENCRYPT

我的问题是,鉴于Bouncy Castle没有公开这些标志,从Java中的PublicKeyPacket中提取这些密钥用法信息的建议方法是什么?

1 个答案:

答案 0 :(得分:4)

我明白了。对于后代,这是解决方案:

// If Key Usage flags are present, we must respect them:
int keyFlagsEncountered = 0;
boolean keyUsageAllowsEncryption = false;

Iterator<PGPSignature> i = key.getSignatures();
while(i.hasNext()) {
    PGPSignature signature = i.next();
    int keyFlags = signature.getHashedSubPackets().getKeyFlags();
    keyFlagsEncountered += keyFlags;

    boolean isEncryptComms = (keyFlags & KeyFlags.ENCRYPT_COMMS) > 0;
    boolean isEncryptStorage = (keyFlags & KeyFlags.ENCRYPT_STORAGE) > 0;
    // Other KeyFlags available here (AUTHENTICATION, SIGN_DATA, CERTIFY_OTHER).

    if (isEncryptComms || isEncryptStorage) {
        keyUsageAllowsEncryption = true;
    }
}

// However, if Key Usage flags are not present (older key, or key generation process simply did not include the flags) 
// then we still attempt to use an encryption key using the existing methods:
keyUsageAllowsEncryption = keyFlagsEncountered == 0 || keyUsageAllowsEncryption;