我们使用BouncyCastle API加密客户端的文件.当他试图解密它时,他从PGP收到一条“仅供你的眼睛使用”的消息
本文关键字:一条 他从 PGP 消息 你的眼睛 解密 客户端 文件 加密 API BouncyCastle | 更新日期: 2023-09-27 17:56:59
我们使用Bouncy.Castle C# API进行PGP加密。我绝不是PGP加密和各种可用选项的专家。
加密似乎运行良好,但是,当客户端尝试解密它时,他说PGP不会输出到文件,而只会输出到屏幕,因为它被标记为"仅供你的眼睛使用"。 这是 --详细消息:
pgp --decrypt Client_FileExport_20110510_020011.zip.pgp
Client_FileExport_20110511_132203.zip.pgp --info verbose
McAfee E-Business Server v8.5 - Full License
(c) 1991-2006 McAfee, Inc. All Rights Reserved.
Setting temporary directory to C:'DOCUME~1'$963'LOCALS~1'Temp'
Decoding data....
event 1: initial
event 13: BeginLex
event 8: Analyze
File is encrypted. event 9: Recipients
Secret key is required to read it.
Key for user ID "Client_RSAv4_Key <Bob.Smith@Client.com>"
event 6: Passphrase
You need a pass phrase to unlock your secret key.
Enter pass phrase:
event 23: Decryption
symmetric cipher used: CAST5
event 11: Output options
typecode: 0062
for your eyes only
This message is marked "For your eyes only". Display now (Y/n)?
我不知道如何进行调试。 有人知道吗?
这是我们用于加密数据的通用代码。 在此方案中,我们不对文档进行签名,因此可以忽略该部分代码。
private void EncryptImpl(Stream inputStream, Stream outputStream, bool signOutput)
{
const int BUFFER_SIZE = 1 << 16; // should always be power of 2
bool armor = true;
bool withIntegrityCheck = true;
if (armor)
outputStream = new ArmoredOutputStream(outputStream);
var encKey = PgpHelper.ReadPublicKey(this.EncryptionPublicKey);
// Init encrypted data generator
PgpEncryptedDataGenerator encryptedDataGenerator =
new PgpEncryptedDataGenerator(SymmetricKeyAlgorithmTag.Cast5, withIntegrityCheck, new SecureRandom());
encryptedDataGenerator.AddMethod(encKey);
Stream encryptedOut = encryptedDataGenerator.Open(outputStream, new byte[BUFFER_SIZE]);
// Init compression
PgpCompressedDataGenerator compressedDataGenerator = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Zip);
Stream compressedOut = compressedDataGenerator.Open(encryptedOut);
PgpSignatureGenerator signatureGenerator = null;
if (signOutput)
{
// Init signature
var pgpSecKey = PgpHelper.ReadSecretKey(this.OrigamiSecretKey);
PgpPrivateKey pgpPrivKey = pgpSecKey.ExtractPrivateKey(this.PassPhrase.ToCharArray());
signatureGenerator = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
signatureGenerator.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);
foreach (string userId in pgpSecKey.PublicKey.GetUserIds())
{
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
spGen.SetSignerUserId(false, userId);
signatureGenerator.SetHashedSubpackets(spGen.Generate());
// Just the first one!
break;
}
signatureGenerator.GenerateOnePassVersion(false).Encode(compressedOut);
}
// Create the Literal Data generator output stream
PgpLiteralDataGenerator literalDataGenerator = new PgpLiteralDataGenerator();
// TODO: Use lastwritetime from source file
Stream literalOut = literalDataGenerator.Open(compressedOut, PgpLiteralData.Binary,
PgpLiteralDataGenerator.Console, DateTime.Now, new byte[BUFFER_SIZE]);
// Open the input file
byte[] buf = new byte[BUFFER_SIZE];
int len;
while ((len = inputStream.Read(buf, 0, buf.Length)) > 0)
{
literalOut.Write(buf, 0, len);
if (signOutput)
signatureGenerator.Update(buf, 0, len);
}
literalOut.Close();
literalDataGenerator.Close();
if (signOutput)
signatureGenerator.Generate().Encode(compressedOut);
compressedOut.Close();
compressedDataGenerator.Close();
encryptedOut.Close();
encryptedDataGenerator.Close();
inputStream.Close();
if (armor)
outputStream.Close();
}
我猜PgpLiteralDataGenerator.Console是导致它只出现在客户端计算机控制台中的原因。
Stream literalOut = literalDataGenerator.Open(
compressedOut,
PgpLiteralData.Binary,
PgpLiteralDataGenerator.Console,
DateTime.Now,
new byte[BUFFER_SIZE]);
当加密文件不包含原始文件的名称时,将显示此消息。如果不加密文件,则可以在该字段中放置几乎任何内容(假设它构成文件名,对目标系统有效)。