我正在尝试使用 bouncycastle 版本 1.49 中未弃用的构造函数,但我很难弄清楚如何使用这些创建的对象,因为它与我在网上找到的任何教程都有些不同。
这是我到目前为止的代码;谁能告诉我应该用PGPContentSigner做什么,以及我应该如何把它连接到OutputStream?我想要实现的是数据上的附加签名,而不必将数据加密给任何人(很像gpg --clearsign -a <textfile>)。
我已经研究了ArmoredOutputStream及其方法,beginClearText(int)看起来很有希望,但只是调用它,将数据转储到输出流中,调用endClearText,然后将签名字节写入ArmoredOutputStream不起作用。看起来好像需要对流进行低级操作,将控制字节戳入流中以指示签名的开始等。在我看来,应该有某种固定装置将签名者和装甲输出流连接在一起,以处理数据包杂耍。
/**
* Generate a signature for the given bytes so that they can be sent off and the recipient can verify
* that the bytes have not been tampered with in transit.
*
* @param dataBytes the data to sign
* @return the data along with the signature
* @throws PGPException if there's a problem generating the signature
*/
public static byte[] clearSignBytes(byte[] dataBytes, PGPSecretKeyRingCollection skrCollection, String keyPass) throws PGPException {
ByteArrayOutputStream baos = new ByteArrayOutputStream(); // this is where we put the signed data
try {
// get our secret key so we can init the signature generator
Iterator<PGPSecretKeyRing> it = skrCollection.getKeyRings();
PGPSecretKeyRing skr = it.next();
PGPSecretKey skey = skr.getSecretKey();
PGPPrivateKey prKey = skey.extractPrivateKey(new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(keyPass.toCharArray()));
BcPGPContentSignerBuilder signerBuilder = new BcPGPContentSignerBuilder(skey.getPublicKey().getAlgorithm(), PGPUtil.SHA256);
PGPContentSigner signer = signerBuilder.build(PGPSignature.BINARY_DOCUMENT, prKey);
// Now, we're supposed to write dataBytes somewhere and we're supposed to hand them to the signer somehow
// and ultimately we're supposed to tell the signer to output a signature and we put the signature and
// dataBytes together into baos.
// TODO ??????
} catch (Exception e) {
__l.error("Exception generating signature", e);
throw new PGPException("Exception while signing the data", e);
}
return baos.toByteArray();
}
事实证明,
我没有使用正确的类来完成工作。下面是该方法的相关部分,其中包含实际有效的代码。我希望这能帮助其他有同样困惑的人。在我们得到PGPPrivateKey prKey...之后
PGPSignatureGenerator sGen = new PGPSignatureGenerator(new JcaPGPContentSignerBuilder(skey.getPublicKey().getAlgorithm(), PGPUtil.SHA256).setProvider("BC"));
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
sGen.init(PGPSignature.CANONICAL_TEXT_DOCUMENT, prKey);
Iterator userIDs = skey.getPublicKey().getUserIDs();
if (it.hasNext()) {
spGen.setSignerUserID(false, (String)userIDs.next());
sGen.setHashedSubpackets(spGen.generate());
}
ArmoredOutputStream aos = new ArmoredOutputStream(baos);
aos.beginClearText(PGPUtil.SHA256);
sGen.update(dataBytes);
aos.write(dataBytes);
aos.endClearText();
BCPGOutputStream bOut = new BCPGOutputStream(aos);
sGen.generate().encode(bOut);
aos.flush();
aos.close();