Next, while you don’t need to have PGP installed, you do need to have a at least one public keyring file available on your system. I’m using PGP 6.5.8 on Windows which automatically saves my public keyring for me. You can find the location of the keyring file by Edit –> Options –> Files from within the PGP Keys window. You should see something like this: Second, you’ll need to generate a keypair (if you don’t already have one). I won’t go into the how or why (I assume you know the how and why) but you do need to make sure that you create what the Bouncy Castle folks call a ‘RSA key’ or ‘El Gamal key’ (source<\/a>) rather than a DSA key. If you try to use a DSA keypair (which I’m assuming is synonomous with Diffie-Hellman\/DSS?), that I ran into: Now that you downloaded the appropriate libraries, created an RSA keypair and located your public keyring file, we’re ready to start. Open up your favorite Java IDE (I’m using Eclipse) and start by importing the appropriate libraries: Finally, create an armored ASCII text file and call the encryptFile() method (again provided us by the KeyBasedFileProcessor example: You can download the source code and batch file for the example above here:<\/p>\n bouncy_castle_pgp_example.zip<\/a><\/p>\n Updated 04\/07\/2004: David Hook wrote to let me know that there is a bug in the examples, I updated both the sample code above and the zip file that contains the full source code. Look at the beta versions<\/a> for the updated examples.<\/font><\/p>\n","protected":false},"excerpt":{"rendered":" It can’t be that hard. So given a couple hours of hacking with the library, here’s a fully illustrated example that shows how to encrypt a file using the Bouncy Castle Cryptography API and PGP. First, giving credit where credit is due, the example comes mostly from the KeyBasedFileProcessor example that ships with the Bouncy … Continue reading PGP Encryption using Bouncy Castle<\/span>
\n![\"PGP](\"\/images\/misc\/pgp_options_small.gif\")
<\/a>
\nNote the location of the Public Keyring File.<\/p>\n
\norg.bouncycastle.openpgp.PGPException: Can't use DSA for encryption<\/code>, which again is explained by the link above.<\/p>\n
\n
\nimport java.io.*;
\nimport java.security.*;
\nimport org.bouncycastle.bcpg.*;
\nimport org.bouncycastle.jce.provider.*;
\nimport org.bouncycastle.openpgp.*;
\n<\/code>
\nI took a shortcut above and didn’t specify exactly what classes I wanted to import for clarity, if you’re using Eclipse you can easily clean that up by selecting Source –> Organize Imports (or by downloading the source code at the end of this example). Next the class declaration and the standard public static void main etc.. The KeyBasedFileProcessor example on the BouncyCastle website lets you pass in the location of the public keyring and the file you want to encrypt, I’m hardcoding it in my code so that it’s crystal clear what everything is:
\n
\n\/\/ the keyring that holds the public key we're encrypting with
\nString publicKeyFilePath = \"C:\\\\pgp6.5.8\\\\pubring.pkr\";
\n<\/code>
\nand then use the static addProvider() method of the java.security.Security class:
\n
\nSecurity.addProvider(new BouncyCastleProvider());
\n<\/code>
\nNext I chose to create a temporary file to hold the message that I want to encrypt:
\n
\nFile outputfile = File.createTempFile(\"pgp\", null);
\nFileWriter writer = new FileWriter(outputfile);
\nwriter.write(\"the message I want to encrypt\".toCharArray());
\nwriter.close();
\n<\/code>
\nRead the public keyring file into a FileInputStream and then call the readPublicKey() method that was provided for us by the KeyBasedFileProcessor:
\n
\nFileInputStream\tin = new FileInputStream(publicKeyFilePath);
\nPGPPublicKey key = readPublicKey(in);
\n<\/code>
\nAt this point it’s important to note that the PGPPublicKeyRing class (at least in the version I was using) appears to have a bug where it only recognizes the first key in the keyring. If you use the getUserIds() method of the object returned you’ll only see one key:
\n
\nfor (java.util.Iterator iterator = key.getUserIDs(); iterator.hasNext();) {
\n\tSystem.out.println((String)iterator.next());
\n}
\n<\/code>
\nThis could cause you problems if you have multiple keys in your keyring and if the first key is not an RSA or El Gamal key. <\/p>\n
\n
\nFileOutputStream out = new FileOutputStream(outputfile.getAbsolutePath() + \".asc\");
\n\/\/ (file we want to encrypt, file to write encrypted text to, public key)
\nencryptFile(outputfile.getAbsolutePath(), out, key);
\n<\/code>
\nThe rest of the example is almost verbatim from the KeyBaseFileProcessor example, I’ll paste the code here, but I didn’t do much to it:
\n
\nout = new ArmoredOutputStream(out);
\nByteArrayOutputStream bOut = new ByteArrayOutputStream();
\nPGPCompressedDataGenerator comData = new PGPCompressedDataGenerator(PGPCompressedDataGenerator.ZIP);
\nPGPUtil.writeFileToLiteralData(comData.open(bOut), PGPLiteralData.BINARY, new File(fileName));
\ncomData.close();
\nPGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(PGPEncryptedDataGenerator.CAST5, new SecureRandom(), \"BC\");
\ncPk.addMethod(encKey);
\nbyte[] bytes = bOut.toByteArray();
\nOutputStream cOut = cPk.open(out, bytes.length);
\ncOut.write(bytes);
\ncPk.close();
\nout.close();
\n<\/code>
\nOne last thing that I gleamed from their web-based forum was that one of the exceptions thrown by the above code is a PGPException, which itself doesn’t tell you much (in my case it was simply saying exception encrypting session key<\/code>. PGPException can be a wrapper for an underlying exception though, and you should use the getUnderlyingException() method to determine what the real cause of the problem is (which lead me to the Can't use DSA for encryption<\/code> message that I mentioned above).<\/p>\n