Develop Reference

PGP Encrypt using BouncyCastle in Java

I was given a task to build a java method to encrypt data (String or InputStream) using PGP. I have generated a test public key, private key with passphrase following the guide here. I then exported the public key using the command below and copy and pasted it to my java code.
gpg --armor --output pubkey.txt --export 'Your Name'
I am able to encrypt a file using the command below
gpg --encrypt --armor -r 'Your Name' plaintext.txt
And I get the below content which is what I'm trying to achieve in my java program. I might need to sign it later as part of the requirement but all I want to do for now is to be able to successfully encrypt it like this.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.22 (GNU/Linux)
hQEMA0PxXau0Q30VAQf/RuWsN3f4L2HW2GJWOZUjetJsw0odXYbDc7Sug1gZULP8
I0KRrvxnHgiiJgSlBZsws8E8iB1/LDCYJ8oJGj6olicz83iUT8VLdzdJZlc0+96/
BHAvtSTtEv2PWZlh307nU+Zn9cuGAccaijyekCosS5/0JpDyXSFefsLTexMgphAL
veXsxtsISyUU6S0xUux6Ac9HgUWTpCrlNaSdqBN1bk7y8YuvbZgbQ5akwY5FEbq1
f9rxmgXgEgz3N+7f8n5yN2OvWiEyXb+qngVgDLzysD8NTtKDqtw5nViscvVF1h3v
AebdxYxOKGYnWk6XAWhpIgIZdY0ZXG0yu9NJH5VfLtJSAc3c6d2/Nhb7g+k+f2Mn
srZW6XzHCeyGQQqSfr5YJfyUVdsW12udmhnc+ErbRkz84oDkMvFaxes6+2AAKrP/
jdWXsp4fTPl454m+tG5ec/Kn0Q==
=cZH2
-----END PGP MESSAGE-----
The java method I need to build accepts a Public Key as a String parameter where I then use the following method to convert it to a PGPPublicKey.
private static PGPPublicKey getPublicKey(String keyAscii) throws IOException, PGPException, Exception {
InputStream encodedKey = new ByteArrayInputStream(keyAscii.getBytes());
InputStream decodedKey = PGPUtil.getDecoderStream(encodedKey);
JcaPGPPublicKeyRingCollection pgpPub = new JcaPGPPublicKeyRingCollection(decodedKey);
decodedKey.close();
PGPPublicKey key = null;
Iterator<PGPPublicKeyRing> rIt = pgpPub.getKeyRings();
while (key == null && rIt.hasNext()) {
PGPPublicKeyRing kRing = rIt.next();
Iterator<PGPPublicKey> kIt = kRing.getPublicKeys();
while (key == null && kIt.hasNext()) {
PGPPublicKey k = kIt.next();
if (k.isEncryptionKey()) {
key = k;
}
}
}
if (key == null) {
throw new Exception("Can't find key");
}
return key;
}
However, when I run the java program, I get an error "exception constructing public key" on the following line of code.
OutputStream cOut = encGen.open(encOut, new byte[4096]);
Complete error below
org.bouncycastle.openpgp.PGPException: exception constructing public key
at org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyConverter.getPublicKey(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(Unknown Source)
at org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator.generate(Unknown Source)
at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
at pgp.PgpImpl.encrypt(PgpImpl.java:84)
at pgp.PgpImpl.main(PgpImpl.java:216)
Caused by: java.security.NoSuchProviderException: no such provider: BC
at sun.security.jca.GetInstance.getService(GetInstance.java:83)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.KeyFactory.getInstance(KeyFactory.java:211)
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createKeyFactory(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createKeyFactory(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyConverter.implGeneratePublic(Unknown Source)
... 7 more
I followed the sample here but it didn't provide any information on how to construct the publickey coming from a String.
Here's my code so far.
package pgp;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Iterator;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
import org.bouncycastle.openpgp.operator.PGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.jcajce.JcaPGPPublicKeyRingCollection;
public class PgpImpl {
public PgpImpl() {
}
private static String encrypt(byte[] data, PGPPublicKey encryptionKey) throws Exception {
String step = "Step-0";
try {
step = "Step-1";
PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(
new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256)
.setWithIntegrityPacket(true)
.setSecureRandom(new SecureRandom())
.setProvider("BC"));
step = "Step-2";
encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(encryptionKey)
.setSecureRandom(new SecureRandom()).setProvider("BC"));
step = "Step-3";
ByteArrayOutputStream encOut = new ByteArrayOutputStream();
step = "Step-4";
// create an indefinite length encrypted stream
OutputStream cOut = encGen.open(encOut, new byte[4096]);
step = "Step-5";
// write out the literal data
PGPLiteralDataGenerator lData = new PGPLiteralDataGenerator();
OutputStream pOut = lData.open(cOut, PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, data.length,
new Date());
pOut.write(data);
pOut.close();
// finish the encryption
cOut.close();
step = "Step-6";
return new String(encOut.toByteArray());
} catch (Exception e) {
//throw new Exception(String.format("%s: %s", e.getMessage(), step));
e.printStackTrace();
}
return new String(step);
}
private static PGPPublicKey getPublicKey(String keyAscii) throws IOException, PGPException, Exception {
InputStream encodedKey = new ByteArrayInputStream(keyAscii.getBytes());
InputStream decodedKey = PGPUtil.getDecoderStream(encodedKey);
JcaPGPPublicKeyRingCollection pgpPub = new JcaPGPPublicKeyRingCollection(decodedKey);
decodedKey.close();
PGPPublicKey key = null;
Iterator<PGPPublicKeyRing> rIt = pgpPub.getKeyRings();
while (key == null && rIt.hasNext()) {
PGPPublicKeyRing kRing = rIt.next();
Iterator<PGPPublicKey> kIt = kRing.getPublicKeys();
while (key == null && kIt.hasNext()) {
PGPPublicKey k = kIt.next();
if (k.isEncryptionKey()) {
key = k;
}
}
}
if (key == null) {
throw new Exception("Can't find key");
}
return key;
}
public static void main(String[] args) {
String publicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n" + "Version: GnuPG v2.0.22 (GNU/Linux)\r\n"
+ "\r\n" + "mQENBGA1A70BCADK8BnH6GgMbnS1TJSpJvgH+D9VIw0sN8XZWQsUmWWV9WSqhqXt\r\n"
+ "5wNC4XJDcaWtMCapaekQXV5S52T7QCxAz/E5oZzIDe+IUCHQz0WUs37S4Wnw+SZ6\r\n"
+ "QNPXOFaC4nNByRq6gvg0+wtD2Bo/3OJur3f0O0aRSHNiwfd0PdFgG0NU5vGV9PwE\r\n"
+ "xbTMpGssWexIC0MwJaYfJkxzov33CkwLaITvBTCn/J3oeX6JarMkgpurp1FAW0Jk\r\n"
+ "YzgGMOOxwuEVedwP4NtEPce+UtLv2NHHfqsW6xSxjWqsJkMdJ9afzu1jvn9M6e0j\r\n"
+ "MOTmPUCYVCioXK59It8ngN8NLtwaPgfnBwcbABEBAAG0BWFsbGVuiQE5BBMBAgAj\r\n"
+ "BQJgNQO9AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQxzGJxIrjAlxq\r\n"
+ "aggAgoiO82MZZMHyhZ3uLD4qTQ2vsT6+onhCr83kw0eFNM5AH0r3xlVARXHaViWC\r\n"
+ "SFutpb/34lrCTpJfLfKwdFU2bJP2SI3hAujtTg45UFklswu6GZaqQno6JKkZM4hw\r\n"
+ "ltFIXU1dMpIud7nsJ2QU46TI97n+HeD7DvOSGY/CFPnNot0YFHxXCKtHdPHk8JO3\r\n"
+ "JdOG0X90Yi9XSI1USv8HL/WjOTvhSqo7Qps2MpcUZrfNsa0H9Adk9xVYiz0nKNPY\r\n"
+ "qLQxFAiHb34vdav4e28anJ8th93SfiRn5OFK2G6R3DlhLlvn3h1dSAT6vSOrzx80\r\n"
+ "EylyMg2BIbRfp+JEgwCMf2V8X7kBDQRgNQO9AQgA3qV0wYvdH5M4XBzVwDtuGuIs\r\n"
+ "+GRcSRQqmvnt94e8ZE4Kv2w2Pf/JxPMwnPC92lVRypdOjmTZrT3R0z7g+D8mU5A9\r\n"
+ "o/CPvvSShA8Jh3z69S+hLP0nSaajsVsQlBGrI8ehI1EVJDsNh15PZrl27OK0aBb4\r\n"
+ "Fp0BYm0D2HaLnQPD4/jhTR13i1mt5E5hmBwiZiiWr/Wa1i1g1o/XaT4CApu91zgg\r\n"
+ "cmJBz9DL/C2hYC5lkp/cz5IJYp5BsvfA2lwamca33aHxFj8+Bz3+REWa8zvEqQ9U\r\n"
+ "a26RbPVjkeGChwNWLxNTuj1rNDdqB/KZO6iM02orqW86L45SKTBWYqPcpD7GeQAR\r\n"
+ "AQABiQEfBBgBAgAJBQJgNQO9AhsMAAoJEMcxicSK4wJcOLEIAMevvOk9iZ13T3yA\r\n"
+ "+ZW8mWKKE5aXy93VPKAvplP/WlW2VVGeb+6rEkFFsdN4doYIJPEIr+U7K0GDR6XX\r\n"
+ "TKLyI7BtUZPegOdjgcFWVGFnFogDnkrO+IPY+JUy1VMg8fGStThfa2dYEgd7yqpq\r\n"
+ "fZ97q5RQun1B+wyRdPDgC39roSGEwtXbRCZnuSMVNT7J9a2qnXkenvQRSoPjY7wQ\r\n"
+ "tn1wUfnHyjyS9OzfXTSHDi2A5JDRCh5L/V7Q93/P5Isv/U4QzIWudGM6AjuaoZ6i\r\n"
+ "chksRI9EchNKnSut9ebTyTkIJ80sB7Eyfp8TtORAnz8/Xf8A8aYD73r9rD4poSmo\r\n" + "FV15pP8=\r\n" + "=Yc74\r\n"
+ "-----END PGP PUBLIC KEY BLOCK-----";
try {
PGPPublicKey key = getPublicKey(publicKey);
System.out.println(encrypt("Test".getBytes(), key));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (PGPException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Appreciate any help.
UPDATE #1: After getting the stacktrace, I found out that the error is due to an invalid provider which I then change using
BouncyCastleProvider provider = new BouncyCastleProvider();
So I had to change all reference to the provider.
private static String encrypt(byte[] data, PGPPublicKey encryptionKey) {
BouncyCastleProvider provider = new BouncyCastleProvider();
String step = "Step-0";
try {
step = "Step-1";
PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(
new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256)
.setWithIntegrityPacket(true)
.setSecureRandom(new SecureRandom())
.setProvider(provider));
step = "Step-2";
encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(encryptionKey)
.setSecureRandom(new SecureRandom()).setProvider(provider));
step = "Step-3";
ByteArrayOutputStream encOut = new ByteArrayOutputStream();
step = "Step-4";
// create an indefinite length encrypted stream
OutputStream cOut = encGen.open(encOut, new byte[1 << 16]);
step = "Step-5";
// write out the literal data
PGPLiteralDataGenerator lData = new PGPLiteralDataGenerator();
OutputStream pOut = lData.open(cOut, PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, data.length,
new Date());
pOut.write(data);
pOut.close();
// finish the encryption
cOut.close();
step = "Step-6";
return new String(encOut.toByteArray());
} catch (Exception e) {
//throw new Exception(String.format("%s: %s", e.getMessage(), step));
e.printStackTrace();
}
return new String("");
}
But now I'm getting a different error.
org.bouncycastle.openpgp.PGPException: Exception creating cipher
at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
at pgp.PgpImpl.encrypt(PgpImpl.java:85)
at pgp.PgpImpl.main(PgpImpl.java:217)
Caused by: org.bouncycastle.openpgp.PGPException: invalid key: Illegal key size
at org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder$MyPGPDataEncryptor.<init>(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder.build(Unknown Source)
... 4 more
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1034)
at javax.crypto.Cipher.init(Cipher.java:1367)
at javax.crypto.Cipher.init(Cipher.java:1301)
... 6 more
UPDATE#2: Did a bit of research and came across this. Followed the instructions there and got everything working.

Your modified code works for me: (I have taken out the exception handling, but that should make no difference)
package pgp;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Iterator;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
import org.bouncycastle.openpgp.operator.PGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.jcajce.JcaPGPPublicKeyRingCollection;
public class PgpImpl {
public PgpImpl() {
}
private static String encrypt(byte[] data, PGPPublicKey encryptionKey) throws PGPException, IOException {
BouncyCastleProvider provider = new BouncyCastleProvider();
String step = "Step-0";
step = "Step-1";
PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(
new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256)
.setWithIntegrityPacket(true)
.setSecureRandom(new SecureRandom())
.setProvider(provider));
step = "Step-2";
encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(encryptionKey)
.setSecureRandom(new SecureRandom()).setProvider(provider));
step = "Step-3";
ByteArrayOutputStream encOut = new ByteArrayOutputStream();
step = "Step-4";
// create an indefinite length encrypted stream
OutputStream cOut = encGen.open(encOut, new byte[1 << 16]);
step = "Step-5";
// write out the literal data
PGPLiteralDataGenerator lData = new PGPLiteralDataGenerator();
OutputStream pOut = lData.open(cOut, PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, data.length,
new Date());
pOut.write(data);
pOut.close();
// finish the encryption
cOut.close();
step = "Step-6";
return new String(encOut.toByteArray());
}
private static PGPPublicKey getPublicKey(String keyAscii) throws IOException, PGPException, Exception {
InputStream encodedKey = new ByteArrayInputStream(keyAscii.getBytes());
InputStream decodedKey = PGPUtil.getDecoderStream(encodedKey);
JcaPGPPublicKeyRingCollection pgpPub = new JcaPGPPublicKeyRingCollection(decodedKey);
decodedKey.close();
PGPPublicKey key = null;
Iterator<PGPPublicKeyRing> rIt = pgpPub.getKeyRings();
while (key == null && rIt.hasNext()) {
PGPPublicKeyRing kRing = rIt.next();
Iterator<PGPPublicKey> kIt = kRing.getPublicKeys();
while (key == null && kIt.hasNext()) {
PGPPublicKey k = kIt.next();
if (k.isEncryptionKey()) {
key = k;
}
}
}
if (key == null) {
throw new Exception("Can't find key");
}
return key;
}
public static void main(String[] args) throws Exception {
String publicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n" + "Version: GnuPG v2.0.22 (GNU/Linux)\r\n"
+ "\r\n" + "mQENBGA1A70BCADK8BnH6GgMbnS1TJSpJvgH+D9VIw0sN8XZWQsUmWWV9WSqhqXt\r\n"
+ "5wNC4XJDcaWtMCapaekQXV5S52T7QCxAz/E5oZzIDe+IUCHQz0WUs37S4Wnw+SZ6\r\n"
+ "QNPXOFaC4nNByRq6gvg0+wtD2Bo/3OJur3f0O0aRSHNiwfd0PdFgG0NU5vGV9PwE\r\n"
+ "xbTMpGssWexIC0MwJaYfJkxzov33CkwLaITvBTCn/J3oeX6JarMkgpurp1FAW0Jk\r\n"
+ "YzgGMOOxwuEVedwP4NtEPce+UtLv2NHHfqsW6xSxjWqsJkMdJ9afzu1jvn9M6e0j\r\n"
+ "MOTmPUCYVCioXK59It8ngN8NLtwaPgfnBwcbABEBAAG0BWFsbGVuiQE5BBMBAgAj\r\n"
+ "BQJgNQO9AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQxzGJxIrjAlxq\r\n"
+ "aggAgoiO82MZZMHyhZ3uLD4qTQ2vsT6+onhCr83kw0eFNM5AH0r3xlVARXHaViWC\r\n"
+ "SFutpb/34lrCTpJfLfKwdFU2bJP2SI3hAujtTg45UFklswu6GZaqQno6JKkZM4hw\r\n"
+ "ltFIXU1dMpIud7nsJ2QU46TI97n+HeD7DvOSGY/CFPnNot0YFHxXCKtHdPHk8JO3\r\n"
+ "JdOG0X90Yi9XSI1USv8HL/WjOTvhSqo7Qps2MpcUZrfNsa0H9Adk9xVYiz0nKNPY\r\n"
+ "qLQxFAiHb34vdav4e28anJ8th93SfiRn5OFK2G6R3DlhLlvn3h1dSAT6vSOrzx80\r\n"
+ "EylyMg2BIbRfp+JEgwCMf2V8X7kBDQRgNQO9AQgA3qV0wYvdH5M4XBzVwDtuGuIs\r\n"
+ "+GRcSRQqmvnt94e8ZE4Kv2w2Pf/JxPMwnPC92lVRypdOjmTZrT3R0z7g+D8mU5A9\r\n"
+ "o/CPvvSShA8Jh3z69S+hLP0nSaajsVsQlBGrI8ehI1EVJDsNh15PZrl27OK0aBb4\r\n"
+ "Fp0BYm0D2HaLnQPD4/jhTR13i1mt5E5hmBwiZiiWr/Wa1i1g1o/XaT4CApu91zgg\r\n"
+ "cmJBz9DL/C2hYC5lkp/cz5IJYp5BsvfA2lwamca33aHxFj8+Bz3+REWa8zvEqQ9U\r\n"
+ "a26RbPVjkeGChwNWLxNTuj1rNDdqB/KZO6iM02orqW86L45SKTBWYqPcpD7GeQAR\r\n"
+ "AQABiQEfBBgBAgAJBQJgNQO9AhsMAAoJEMcxicSK4wJcOLEIAMevvOk9iZ13T3yA\r\n"
+ "+ZW8mWKKE5aXy93VPKAvplP/WlW2VVGeb+6rEkFFsdN4doYIJPEIr+U7K0GDR6XX\r\n"
+ "TKLyI7BtUZPegOdjgcFWVGFnFogDnkrO+IPY+JUy1VMg8fGStThfa2dYEgd7yqpq\r\n"
+ "fZ97q5RQun1B+wyRdPDgC39roSGEwtXbRCZnuSMVNT7J9a2qnXkenvQRSoPjY7wQ\r\n"
+ "tn1wUfnHyjyS9OzfXTSHDi2A5JDRCh5L/V7Q93/P5Isv/U4QzIWudGM6AjuaoZ6i\r\n"
+ "chksRI9EchNKnSut9ebTyTkIJ80sB7Eyfp8TtORAnz8/Xf8A8aYD73r9rD4poSmo\r\n" + "FV15pP8=\r\n" +
"=Yc74\r\n"
+ "-----END PGP PUBLIC KEY BLOCK-----";
PGPPublicKey key = getPublicKey(publicKey);
System.out.println(encrypt("Test".getBytes(), key));
}
}
My pom.xml has:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-jdk15on</artifactId>
<version>1.68</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.68</version>
</dependency>
Can you run that code and see what happens locally?

Problems with Java xml-dsig and namespaces

I have been trying to get XML signing to work, using the JDK's javax.xml.crypto.dsig package.
It works when i don't have any namespaces, but as soon as i add the namespaces, then the signing and validation works, on the in-memory DOM object. As soon as the object is transformed and then parsed again, the validation fails.
I have created an example where this can easily be seen. In the main-method, right after creating the Document, i have to transform and then parse the document, in which case signing and validation works. This seems to be just really stupid =))
So my question: Does anyone have an idea how i can fix the code so i don't need to first transform the Document to bytes then parse them again, so that the signature validation works?
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStore.PrivateKeyEntry;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.TimeZone;
import java.util.UUID;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class Test {
public static void main(String[] args) throws Exception {
System.out.println("Creating doc...");
Document doc = createDoc();
// AFTER creating the document, i must immediately
// transform and parse the document, to have xml
// signing and validation work:
doc = parse(transform(doc));
System.out.println();
System.out.println("Initial unsigned document:");
System.out.println();
dumpDocument(doc);
System.out.println();
System.out.println("Signing...");
sign(doc);
validate(doc);
System.out.println();
System.out.println("Initial signed and validated document:");
System.out.println();
dumpDocument(doc);
System.out.println();
// transform
System.out.println("Transforming...");
byte[] bytes = transform(doc);
System.out.println("Transformed document:");
System.out.println();
System.out.println(new String(bytes, "UTF-8"));
System.out.println();
// now parse
System.out.println("Parsing...");
doc = parse(bytes);
System.out.println();
System.out.println("After parsing:");
System.out.println();
//dumpDocument(doc);
System.out.println("Validating...");
validate(doc);
}
private static void dumpDocument(Node root) throws TransformerException {
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.transform(new DOMSource(root), new StreamResult(System.out));
}
public static byte[] transform(Document doc) throws Exception {
ByteArrayOutputStream out = new ByteArrayOutputStream();
TransformerFactory tf = TransformerFactory.newInstance();
Transformer transformer = tf.newTransformer();
transformer.transform(new DOMSource(doc), new StreamResult(out));
return out.toByteArray();
}
public static Document parse(byte[] bytes) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(bytes));
return doc;
}
public static Document createDoc() throws Exception {
String issuer = "test";
String destination = "test";
String assertionConsumerServiceUrl = "test";
Calendar issueInstant = Calendar.getInstance();
// create dates
SimpleDateFormat simpleDf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
simpleDf.setTimeZone(TimeZone.getTimeZone("UTC"));
String issueInstantS = simpleDf.format(issueInstant.getTime());
String notBeforeS = issueInstantS;
issueInstant.add(Calendar.SECOND, 10);
String notOnOrAfterS = simpleDf.format(issueInstant.getTime());
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder docBuilder = dbf.newDocumentBuilder();
Document doc = docBuilder.newDocument();
Element authnReqE = doc.createElementNS("urn:oasis:names:tc:SAML:2.0:protocol", "AuthnRequest");
//Element authnReqE = doc.createElement("AuthnRequest");
authnReqE.setPrefix("samlp");
authnReqE.setAttribute("Version", "2.0");
authnReqE.setAttribute("IssueInstant", issueInstantS);
authnReqE.setAttribute("ProtocolBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
authnReqE.setAttribute("AssertionConsumerServiceURL", assertionConsumerServiceUrl);
authnReqE.setAttribute("Destination", destination);
doc.appendChild(authnReqE);
Element issuerE = doc.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer");
//Element issuerE = doc.createElement("Issuer");
issuerE.setPrefix("saml");
issuerE.setTextContent(issuer);
authnReqE.appendChild(issuerE);
Element conditionsE = doc.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "Conditions");
//Element conditionsE = doc.createElement("Conditions");
conditionsE.setPrefix("saml");
conditionsE.setAttribute("NotBefore", notBeforeS);
conditionsE.setAttribute("NotOnOrAfter", notOnOrAfterS);
authnReqE.appendChild(conditionsE);
return doc;
}
public static void sign(Document doc) throws Exception {
String id = "Signed_" + UUID.randomUUID().toString();
Element rootElement = doc.getDocumentElement();
rootElement.setAttribute("ID", id);
// Create a DOM XMLSignatureFactory that will be used to
// generate the enveloped signature.
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a Reference to the enveloped document (in this case,
// you are signing the whole document, so a URI of "" signifies
// that, and also specify the SHA1 digest algorithm and
// the ENVELOPED Transform.
List<Transform> transforms = new ArrayList<>();
transforms.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
transforms.add(fac.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null));
DigestMethod digestMethod = fac.newDigestMethod(DigestMethod.SHA1, null);
Reference ref = fac.newReference("#" + id, digestMethod, transforms, null, null);
//Reference ref = fac.newReference("", digestMethod, transforms, null, null);
// Create the SignedInfo.
SignedInfo signedInfo = fac.newSignedInfo(
fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), //
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), //
Collections.singletonList(ref));
// Load the KeyStore and get the signing key and certificate.
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("KeyStore_client.jks"), "changeit".toCharArray());
KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(ks.aliases().nextElement(),
new KeyStore.PasswordProtection("changeit".toCharArray()));
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
// Create the KeyInfo containing the X509Data.
KeyInfoFactory kif = fac.getKeyInfoFactory();
List<Object> x509Content = new ArrayList<>();
x509Content.add(cert.getSubjectX500Principal().getName());
x509Content.add(cert);
X509Data xd = kif.newX509Data(x509Content);
KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(xd));
// Create a DOMSignContext and specify the RSA PrivateKey and
// location of the resulting XMLSignature's parent element.
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), rootElement);
//dsc.setDefaultNamespacePrefix("samlp");
dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
dsc.setIdAttributeNS(rootElement, null, "ID");
// Create the XMLSignature, but don't sign it yet.
XMLSignature signature = fac.newXMLSignature(signedInfo, keyInfo);
// Marshal, generate, and sign the enveloped signature.
signature.sign(dsc);
}
public static void validate(Document doc) throws Exception {
// Create a DOM XMLSignatureFactory that will be used to
// generate the enveloped signature.
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Find Signature element.
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element!");
} else if (nl.getLength() > 1) {
throw new Exception("Found multiple Signature elements!");
}
// Load the KeyStore and get the signing key and certificate.
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("KeyStore_client.jks"), "changeit".toCharArray());
KeyStore.PrivateKeyEntry entry = (PrivateKeyEntry) ks.getEntry(ks.aliases().nextElement(),
new KeyStore.PasswordProtection("changeit".toCharArray()));
PublicKey publicKey = entry.getCertificate().getPublicKey();
// Create a DOMValidateContext and specify a KeySelector
// and document context.
Node signatureNode = nl.item(0);
DOMValidateContext valContext = new DOMValidateContext(publicKey, signatureNode);
valContext.setDefaultNamespacePrefix("samlp");
valContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
valContext.putNamespacePrefix("urn:oasis:names:tc:SAML:2.0:protocol", "samlp");
valContext.putNamespacePrefix("urn:oasis:names:tc:SAML:2.0:assertion", "saml");
valContext.setIdAttributeNS(doc.getDocumentElement(), null, "ID");
// Unmarshal the XMLSignature.
valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature.
boolean coreValidity = signature.validate(valContext);
// Check core validation status.
if (coreValidity) {
System.out.println("Signature passed core validation");
} else {
System.err.println("Signature failed core validation");
boolean sv = signature.getSignatureValue().validate(valContext);
System.out.println("signature validation status: " + sv);
if (!sv) {
// Check the validation status of each Reference.
Iterator<?> i = signature.getSignedInfo().getReferences().iterator();
for (int j = 0; i.hasNext(); j++) {
boolean refValid = ((Reference) i.next()).validate(valContext);
System.out.println("ref[" + j + "] validity status: " + refValid);
}
}
throw new RuntimeException("Uh-oh, failed!");
}
}
}

EC private key recovery from PEM format with BouncyCastle

My application stores private keys in PEM format, the existing code works for RSA keys but I am trying to switch to EC keys and there is a problem. The key recovery seems to work, and the equals method on the recovered key returns true for the original key, but getAlgorithm() on the original key returns "EC" and on the recovered key "ECDSA". The discrepancy in the algorithm later causes problems because it does not match the algorithm for the corresponding public key.
Am I doing something wrong or is this a bug in the PEM parser?
Here is a test program which demonstrates the problem:
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.immutify.janus.keytool.KeyToolUtils;
public class TestPrivateKeyRecovery
{
private static final String KEY_ALGORITHM = "EC";
private static final String SIGNATURE_ALGORITHM = "SHA512withECDSA";
private static final String PROVIDER = "BC";
private static final String CURVE_NAME = "secp521r1";
private static final String WRAPPING_CIPHER_SPEC = "ECIESwithAES";
private ECGenParameterSpec ecGenSpec;
private KeyPairGenerator keyGen_;
private SecureRandom rand_;
public void run()
{
try
{
rand_ = new SecureRandom();
ecGenSpec = new ECGenParameterSpec(CURVE_NAME);
keyGen_ = KeyPairGenerator.getInstance(KEY_ALGORITHM, PROVIDER);
keyGen_.initialize(ecGenSpec, rand_);
PrivateKey privateKey = keyGen_.generateKeyPair().getPrivate();
String der = privateKeyToDER(privateKey);
PrivateKey recoveredKey = privateKeyFromDER(der);
System.out.println("privateKey=" + privateKey);
System.out.println("privateKey.getAlgorithm()=" + privateKey.getAlgorithm());
System.out.println("der=" + der);
System.out.println("recoveredKey=" + privateKey);
System.out.println("recoveredKey.getAlgorithm()=" + recoveredKey.getAlgorithm());
System.out.println();
if(privateKey.equals(recoveredKey))
System.out.println("Key recovery ok");
else
System.err.println("Private key recovery failed");
if(privateKey.getAlgorithm().equals(recoveredKey.getAlgorithm()))
System.out.println("Key algorithm ok");
else
System.err.println("Key algorithms do not match");
}
catch(Exception e)
{
e.printStackTrace();
}
}
public static String privateKeyToDER(PrivateKey key) throws IOException
{
ByteArrayOutputStream bos = new ByteArrayOutputStream();
PEMWriter pemWriter = new PEMWriter(new OutputStreamWriter(bos));
pemWriter.writeObject(key);
pemWriter.close();
return new String(bos.toByteArray());
}
public static PrivateKey privateKeyFromDER(String der) throws IOException
{
StringReader reader = new StringReader(der);
PEMParser pemParser = new PEMParser(reader);
try
{
Object o = pemParser.readObject();
if (o == null || !(o instanceof PEMKeyPair))
{
throw new IOException("Not an OpenSSL key");
}
KeyPair kp = new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair)o);
return kp.getPrivate();
}
finally
{
pemParser.close();
}
}
}
The output from the test program is:
privateKey=EC Private Key
S: 13d19928468d14fabb9235a81fc1ec706ff5413a70a760b63e07d45a5d04a2f18425ef735500190291aacaf58c92306acd87fa01a47d907d5d3fc01531180353146
privateKey.getAlgorithm()=EC
der=-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBPRmShGjRT6u5I1qB/B7HBv9UE6cKdgtj4H1FpdBKLxhCXvc1UAGQ
KRqsr1jJIwas2H+gGkfZB9XT/AFTEYA1MUagBwYFK4EEACOhgYkDgYYABAFN5ZcE
zg9fV13u57ffwyN9bm9Wa9Pe0MtL2cd5CW2ku4mWzgS5m8IfNMAw2QMah5Z9fuXW
1fGJgUx1RsC09R6legFTgymlbqt+CaPhNsJkr12cjyzhT1NxR6uEzMUtBcYxqLHy
ANkhHmvAk221//YIRIWix7ZlRsRrs+iYrpWw4bMt9A==
-----END EC PRIVATE KEY-----
recoveredKey=EC Private Key
S: 13d19928468d14fabb9235a81fc1ec706ff5413a70a760b63e07d45a5d04a2f18425ef735500190291aacaf58c92306acd87fa01a47d907d5d3fc01531180353146
recoveredKey.getAlgorithm()=ECDSA
Key recovery ok
Key algorithms do not match

The problem is not the PEMParser but JcaPEMKeyConverter which treats EC keys as keys for ECDSA:
algorithms.put(X9ObjectIdentifiers.id_ecPublicKey, "ECDSA");
...
private KeyFactory getKeyFactory(AlgorithmIdentifier algId)
throws NoSuchAlgorithmException, NoSuchProviderException
{
ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
String algName = (String)algorithms.get(algorithm);
...
The algorithm identifier is id-ecPublicKey, which is also used for ECDSA keys, so the algorithm selection is not unique here and probably the BC devs have chosen ECDSA as the most suitable choice. You could do something similar like JcaPEMKeyConverter with you own KeyFactory but choose your correct algorithm for EC keys.

Encrypt a XML file with XmlCipher (RSA)

I just need to encrypt some XML elements with a public key. I successfully can use this code with a simetric algorithm (XMLCipher.AES_128), but failed when try use XMLCipher.RSA_v1dot5.
That is the code:
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.xml.security.encryption.XMLCipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class XmlEncryption {
private static final String MENSAGEM_ENTIDADE_1 = "mensagem1";
private static final String MENSAGEM_ENTIDADE_2 = "mensagem2";
public static void main(String[] args) throws Exception {
/*
* Encrypt a file with 2 diferent assimetric keys
*/
// parse file into document
// Document document = EncryptToolExtended.parseFile("teste.xml");
Document document = EncryptToolExtended.parseFile("teste.xml");
// generate the keys
KeyPair entity1KeyPair = EncryptToolExtended.GenerateAssymmetricKey();
//KeyPair entity2KeyPair = EncryptToolExtended.GenerateAssymmetricKey();
// specify the element to encrypt
Element rootElement = document.getDocumentElement();
Element mensagem1ToEncrypt = rootElement;
Element mensagem2ToEncrypt = rootElement;
mensagem1ToEncrypt = (Element) rootElement.getElementsByTagName(
MENSAGEM_ENTIDADE_1).item(0);
mensagem2ToEncrypt = (Element) rootElement.getElementsByTagName(
MENSAGEM_ENTIDADE_2).item(0);
if (mensagem1ToEncrypt == null || mensagem2ToEncrypt == null) {
System.err.println("Unable to find element: " + MENSAGEM_ENTIDADE_1
+ " or " + MENSAGEM_ENTIDADE_2);
System.exit(1);
}
// initialize cipher
Security.addProvider(new BouncyCastleProvider());
XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
xmlCipher.init(XMLCipher.ENCRYPT_MODE, entity1KeyPair.getPublic());
// add key info to encrypted data element
// EncryptedData encryptedDataElement = xmlCipher.getEncryptedData();
// KeyInfo keyInfo = new KeyInfo(document);
// keyInfo.add(entity1KeyPair.getPublic());
// encryptedDataElement.setKeyInfo(keyInfo);
// do the actual encryption
boolean encryptContentsOnly = true;
xmlCipher.doFinal(document, mensagem1ToEncrypt);
xmlCipher.doFinal(document, mensagem1ToEncrypt, encryptContentsOnly);
// write the results to a file
// EncryptToolExtended.writeEncryptedDocToFile(document, "encc.xml");
}
public static Document parseFile(String fileName) throws Exception {
javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory
.newInstance();
dbf.setNamespaceAware(true);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
Document document = db.parse(fileName);
return document;
}
public static KeyPair GenerateAssymmetricKey() throws Exception {
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
return keyGen.genKeyPair();
}
}
Exception:
java.lang.IllegalArgumentException: unknown parameter type.
at org.bouncycastle.jce.provider.JCERSACipher.engineInit(Unknown Source)
at javax.crypto.Cipher.init(Cipher.java:1346)
at javax.crypto.Cipher.init(Cipher.java:1282)
at org.apache.xml.security.encryption.XMLCipher.encryptData(XMLCipher.java:1184)
at org.apache.xml.security.encryption.XMLCipher.encryptData(XMLCipher.java:1136)
at org.apache.xml.security.encryption.XMLCipher.encryptElement(XMLCipher.java:869)
at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:987)
at XmlEncryption.main(XmlEncryption.java:84)
Any tips?
Thanks

How to sign signature data using bouncy castle?

**This is my code to sign a String.</br>**
package my.package;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;
import sun.misc.BASE64Encoder;
public class SignMessage {
static final String KEYSTORE_FILE = "keys/certificates.p12";
static final String KEYSTORE_INSTANCE = "PKCS12";
static final String KEYSTORE_PWD = "test";
static final String KEYSTORE_ALIAS = "Key1";
public static void main(String[] args) throws Exception {
String text = "This is a message";
Security.addProvider(new BouncyCastleProvider());
KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE);
ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD.toCharArray());
Key key = ks.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD.toCharArray());
//Sign
PrivateKey privKey = (PrivateKey) key;
Signature signature = Signature.getInstance("SHA1WithRSA", "BC");
signature.initSign(privKey);
signature.update(text.getBytes());
//Build CMS
X509Certificate cert = (X509Certificate) ks.getCertificate(KEYSTORE_ALIAS);
List certList = new ArrayList();
CMSTypedData msg = new CMSProcessableByteArray(signature.sign());
certList.add(cert);
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, cert));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(msg, false);
FileOutputStream sigfos = new FileOutputStream("D:\\SBI-DATA\\file\\signature_1.txt");
sigfos.write(Base64.encodeBase64(sp.getEncoded()));
sigfos.close();
}
}
Now, the EnvelopedData output will be used in the process to verify the signature by this way:
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.encoders.Base64;
public class VerifySignature {
public static void main(String[] args) throws Exception {
File p7s = new File("D:\\SBI-DATA\\file\\signature_2.txt") ;
int size = ((int) p7s.length());
byte[] sig = new byte[size];
File f = new File("D:\\SBI-DATA\\file\\plain.txt") ;
int sizecontent = ((int) f.length());
byte[] Data_Bytes = new byte[sizecontent];
Security.addProvider(new BouncyCastleProvider());
CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(Data_Bytes), sig);
Store store = signedData.getCertificates();
SignerInformationStore signers = signedData.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = store.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
X509Certificate certFromSignedData = new JcaX509CertificateConverter().setProvider(BC_PROVIDER).getCertificate(certHolder);
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC_PROVIDER).build(certFromSignedData))) {
System.out.println("Signature verified");
} else {
System.out.println("Signature verification failed");
}
}
}
}
Everything works good until signer.verify(..) due to the following Exception:
Exception in thread "main" org.bouncycastle.cms.CMSSignerDigestMismatchException: message-digest attribute value does not match calculated value
at org.bouncycastle.cms.SignerInformation.doVerify(Unknown Source)
at org.bouncycastle.cms.SignerInformation.verify(Unknown Source)
at my.package.VerifySignature.main(VerifySignature.java:64)
And I really don't know what I am doing wrong. Can someone please give me a hint of what is happening?

I think you are signing it twice, once directly using Signature and the other one using ContentSigner. You need only to sign the data, not the signature.
So the solution should be to replace signature.sign() with text.getBytes(), or text.getBytes(StandardCharsets.UTF_8) if you want to explicitly define a character set for text instead of using some system default.