我生成了一个PGP密钥对,并为另一方提供了公钥。他们正在加密消息并将其发送给我。我正在使用Camel Crypto / PGP尝试解密它。我在Camel 2.15.0中有一个简单的路由设置:
from("direct://TestPGPDecrypt")
.routeId("TestPGPDecrypt")
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Calling PGP Decryption Using PGP Key: " + Vault.TestPGP.keyUserId)
.unmarshal(pgpDecryptTest)
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Decrypted Original ${header[CamelFileName]}")
通过这个我传入.asc(Armored-ASCII)文件,我得到以下异常:
Exchange[
Id ID-MBProi7-54281-1432247325866-1-12
ExchangePattern InOnly
BodyType org.apache.camel.component.file.GenericFile
Body [Body is file based: GenericFile[2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc]]
]
Stacktrace
------------------------------------------------------------------------------------------------------------------------
java.lang.IllegalArgumentException: The input message body has an invalid format.
The PGP decryption/verification processor expects a sequence of PGP packets of
the form (entries in brackets are optional and ellipses indicate repetition,
comma represents sequential composition, and vertical bar separates
alternatives): Public Key Encrypted Session Key ..., Symmetrically Encrypted Data
| Sym. Encrypted and Integrity Protected Data, Compressed Data, (One Pass Signature ...,) Literal Data, (Signature ...,)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getFormatException(PGPKeyAccessDataFormat.java:488)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getUncompressedData(PGPKeyAccessDataFormat.java:424)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.unmarshal(PGPKeyAccessDataFormat.java:363)
显然问题似乎是解析消息“某处” - 堆栈显示它在PGPKeyAccessDataFormat中的这段代码中:
private InputStream getUncompressedData(InputStream encData) throws IOException, PGPException {
PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
Object compObj = pgpFactory.nextObject();
if (!(compObj instanceof PGPCompressedData)) {
throw getFormatException();
}
我不知道为什么这个输入流不会作为PGPCompressedData的实例返回...
如果我使用gpg在本地(Unix / Mac OS X)解密此文件 - 没问题。事实上,我可以看到详细运行的输出。
如果我加密本地文件,然后尝试通过Camel Crypto解密它,没有问题
我只对这个文件有问题。 我甚至试图调整PGPDataFormat的配置无济于事:
PGPDataFormat pgpDecryptTest = new PGPDataFormat();
pgpDecryptTest.setKeyFileName(Vault.secret.keyFileName);
pgpDecryptTest.setKeyUserid(Vault.secret.keyUserId);
pgpDecryptTest.setArmored(true);
pgpDecryptTest.setPassword(Vault.secret.getTestKeyRingPwd());
pgpDecryptTest.setIntegrity(false);
pgpDecryptTest.setHashAlgorithm(HashAlgorithmTags.SHA1);
pgpDecryptTest.setAlgorithm(SymmetricKeyAlgorithmTags.TRIPLE_DES);
pgpDecryptTest.setSignatureKeyFileName(Vault.TRDParty.keyFileName);
pgpDecryptTest.setSignatureKeyUserid(Vault.TRDParty.keyUserId);
pgpDecryptTest.setSignatureVerificationOption("ignore");
有什么想法吗? [编辑]根据请求,这里是有关PGP数据包的信息。 Camel解密中存在问题的加密文件:
gpg --list-packets 2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxxxxxxxxx
data: [2046 bits]
You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID XXXXXXXX, created 2015-05-18 (main key ID YYYYYYYYY)
:encrypted data packet:
length: 52051
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
"Your Key <you@company.com>"
:onepass_sig packet: keyid ABVBBBBBBBBBB
version 3, sigclass 0x00, digest 2, pubkey 17, last=1
:literal data packet:
mode b (62), created 1432151886, name="",
raw data: 51945 bytes
:signature packet: algo 17, keyid CCCCCCCCCCCCCC
version 4, created 1432151886, md5len 0, sigclass 0x00
digest algo 2, begin of digest e4 5a
hashed subpkt 2 len 4 (sig created 2015-05-20)
subpkt 16 len 8 (issuer key ID CCCCCCCCCCCCCC)
data: [159 bits]
data: [160 bits]
gpg: WARNING: message was not integrity protected
然后进行比较,我使用gpg加密了同一文件内容的(明文版),然后在其上运行了列表包:
gpg --list-packets encrypted.asc
:pubkey enc packet: version 3, algo 1, keyid XXXXXXXXXXX
data: [2045 bits]
You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID 8EFFC26E, created 2015-05-18 (main key ID YYYYYYYYY)
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
"Your Key <you@company.com>"
:compressed packet: algo=2
:literal data packet:
mode b (62), created 1432321235, name="clear.out.xml",
raw data: 51945 bytes
答案 0 :(得分:1)
此问题已在Apache Camel-2.16.0或更高版本中解决。 发行说明:https://issues.apache.org/jira/browse/CAMEL-9163
答案 1 :(得分:0)
您应该向发送邮件的一方查询,并询问邮件是否在加密时被压缩。对于Camel 2.15(我假设旧版本),Camel要求压缩PGP加密文件。在Camel 2.16中,他们放宽了对压缩和加密文件的要求。
此外,要验证未压缩的代码是否导致该错误,您可以尝试使用&#34; - compress-level 0&#34;来加密文件。压缩级别为0会禁用压缩。