Camel Crypto失败PGP解密(无效

时间:2015-05-21 22:58:32

标签: java encryption apache-camel pgp

我生成了一个PGP密钥对,并为另一方提供了公钥。他们正在加密消息并将其发送给我。我正在使用Camel Crypto / PGP尝试解密它。我在Camel 2.15.0中有一个简单的路由设置:

from("direct://TestPGPDecrypt")
.routeId("TestPGPDecrypt")
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Calling PGP Decryption Using PGP Key: " + Vault.TestPGP.keyUserId)
.unmarshal(pgpDecryptTest)
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Decrypted Original ${header[CamelFileName]}")

通过这个我传入.asc(Armored-ASCII)文件,我得到以下异常:

Exchange[
    Id                  ID-MBProi7-54281-1432247325866-1-12
    ExchangePattern     InOnly
    BodyType            org.apache.camel.component.file.GenericFile
    Body                [Body is file based: GenericFile[2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc]]
]

Stacktrace
------------------------------------------------------------------------------------------------------------------------
java.lang.IllegalArgumentException: The input message body has an invalid format.
The PGP decryption/verification processor expects a sequence of PGP packets of
the form (entries in brackets are optional and ellipses indicate repetition,
comma represents sequential composition, and vertical bar separates
alternatives): Public Key Encrypted Session Key ..., Symmetrically Encrypted Data 
| Sym. Encrypted and Integrity Protected Data, Compressed Data, (One Pass Signature ...,) Literal Data, (Signature ...,)  
    at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getFormatException(PGPKeyAccessDataFormat.java:488)
    at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getUncompressedData(PGPKeyAccessDataFormat.java:424)
    at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.unmarshal(PGPKeyAccessDataFormat.java:363)

显然问题似乎是解析消息“某处” - 堆栈显示它在PGPKeyAccessDataFormat中的这段代码中:

private InputStream getUncompressedData(InputStream encData) throws IOException, PGPException {
        PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
        Object compObj = pgpFactory.nextObject();
        if (!(compObj instanceof PGPCompressedData)) {
            throw getFormatException();
        }

我不知道为什么这个输入流不会作为PGPCompressedData的实例返回...

如果我使用gpg在本地(Unix / Mac OS X)解密此文件 - 没问题。事实上,我可以看到详细运行的输出。

如果我加密本地文件,然后尝试通过Camel Crypto解密它,没有问题

我只对这个文件有问题。 我甚至试图调整PGPDataFormat的配置无济于事:

PGPDataFormat pgpDecryptTest = new PGPDataFormat();
pgpDecryptTest.setKeyFileName(Vault.secret.keyFileName);
pgpDecryptTest.setKeyUserid(Vault.secret.keyUserId);
pgpDecryptTest.setArmored(true);
pgpDecryptTest.setPassword(Vault.secret.getTestKeyRingPwd());
pgpDecryptTest.setIntegrity(false);
pgpDecryptTest.setHashAlgorithm(HashAlgorithmTags.SHA1);
pgpDecryptTest.setAlgorithm(SymmetricKeyAlgorithmTags.TRIPLE_DES);
pgpDecryptTest.setSignatureKeyFileName(Vault.TRDParty.keyFileName);
pgpDecryptTest.setSignatureKeyUserid(Vault.TRDParty.keyUserId);
pgpDecryptTest.setSignatureVerificationOption("ignore");

有什么想法吗? [编辑]根据请求,这里是有关PGP数据包的信息。 Camel解密中存在问题的加密文件:

gpg --list-packets 2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc 
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxxxxxxxxx
    data: [2046 bits]

You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID XXXXXXXX, created 2015-05-18 (main key ID YYYYYYYYY)

:encrypted data packet:
    length: 52051
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
      "Your Key <you@company.com>"
:onepass_sig packet: keyid ABVBBBBBBBBBB
    version 3, sigclass 0x00, digest 2, pubkey 17, last=1
:literal data packet:
    mode b (62), created 1432151886, name="",
    raw data: 51945 bytes
:signature packet: algo 17, keyid CCCCCCCCCCCCCC
    version 4, created 1432151886, md5len 0, sigclass 0x00
    digest algo 2, begin of digest e4 5a
    hashed subpkt 2 len 4 (sig created 2015-05-20)
    subpkt 16 len 8 (issuer key ID CCCCCCCCCCCCCC)
    data: [159 bits]
    data: [160 bits]
gpg: WARNING: message was not integrity protected

然后进行比较,我使用gpg加密了同一文件内容的(明文版),然后在其上运行了列表包:

gpg --list-packets encrypted.asc 
:pubkey enc packet: version 3, algo 1, keyid XXXXXXXXXXX
    data: [2045 bits]

You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID 8EFFC26E, created 2015-05-18 (main key ID YYYYYYYYY)

:encrypted data packet:
    length: unknown
    mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
      "Your Key <you@company.com>"
:compressed packet: algo=2
:literal data packet:
    mode b (62), created 1432321235, name="clear.out.xml",
    raw data: 51945 bytes

2 个答案:

答案 0 :(得分:1)

此问题已在Apache Camel-2.16.0或更高版本中解决。 发行说明:https://issues.apache.org/jira/browse/CAMEL-9163

答案 1 :(得分:0)

您应该向发送邮件的一方查询,并询问邮件是否在加密时被压缩。对于Camel 2.15(我假设旧版本),Camel要求压缩PGP加密文件。在Camel 2.16中,他们放宽了对压缩和加密文件的要求。

此外,要验证未压缩的代码是否导致该错误,您可以尝试使用&#34; - compress-level 0&#34;来加密文件。压缩级别为0会禁用压缩。

来源:http://camel.apache.org/crypto.html