1. 首頁
  2. 問答
  3. Bouncy Castle從公鑰加密會話包中提取PGP會話密鑰

Bouncy Castle從公鑰加密會話包中提取PGP會話密鑰

2017-10-04 221 views
0

我有一個PGP Public-Key Encrypted Session Packet,我想從中提取會話密鑰,以便我可以分別解密會話密鑰。我使用的BouncyCastle的圖書館,我提取這樣的會話密鑰:Bouncy Castle從公鑰加密會話包中提取PGP會話密鑰

private static void outputSessionKey(String path) throws FileNotFoundException, IOException { 
    BCPGInputStream input = new BCPGInputStream(PGPUtil.getDecoderStream(new FileInputStream(path))); 
    Packet packet; 
    while((packet = input.readPacket()) != null) { 
     if (packet instanceof PublicKeyEncSessionPacket) { 
      PublicKeyEncSessionPacket encPacket = (PublicKeyEncSessionPacket) packet; 
      byte[] encKey = encPacket.getEncSessionKey()[0]; 
      FileOutputStream output = new FileOutputStream("session_key_enc.bin"); 
      output.write(encKey); 
      output.close(); 
     } 
    } 

    input.close(); 
}

我期待那麼可以使用OpenSSL的解密會話密鑰:

openssl rsautl -decrypt -in session_key_enc.bin -out session_key_decoded.bin -inkey private.pem

session_key_enc.bin是我用二進制格式加密的會話密鑰,private.pem是我用來加密GPG中的數據的公鑰對應的私鑰。在加密我的數據之前,我將RSA密鑰對的公鑰部分轉換爲PGP格式的密鑰並將其導入GPG。

當我運行OpenSSL命令,我得到這個錯誤:

RSA operation error 
140624851898072:error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len:rsa_eay.c:518:

在檢查session_key_enc.bin我發現,該文件是258個字節。這似乎並不像它應該有可能考慮到我使用的是2048位RSA密鑰和規範指示加密的會話密鑰由n改裝成:

Algorithm Specific Fields for RSA encryption - multiprecision integer (MPI) of RSA encrypted value m**e mod n.

The value "m" in the above formulas is derived from the session key as follows. First, the session key is prefixed with a one-octet algorithm identifier that specifies the symmetric encryption algorithm used to encrypt the following Symmetrically Encrypted Data Packet. Then a two-octet checksum is appended, which is equal to the sum of the preceding session key octets, not including the algorithm identifier, modulo 65536. This value is then encoded as described in PKCS#1 block encoding EME-PKCS1-v1_5 in Section 7.2.1 of [RFC3447] to form the "m" value used in the formulas above. See Section 13.1 of this document for notes on OpenPGP's use of PKCS#1.

如何解決這個難題將任何意見非常感謝,謝謝!

來源

2017-10-04 Thuy Guevarra

+0

你是否分裂了數據包的頭幾個字節(或確保Bouncy Castle已經這麼做)? 'pgpdump -pi'也應該將會話密鑰打印爲整數值,您應該能夠將Java代碼的結果與此結果進行比較。 –

+0

@JensErat事實證明,Bouncy Castle以MPI格式輸出會話密鑰,頭兩個字節表示總邊。刪除這些後,我能夠解密會話密鑰,但仍然無法從解碼的原始字節中獲取任何明智的密鑰 –

回答

0

結果Bouncy Castle使用MPI格式導出加密的會話密鑰,其中前2個字節是長度。這解決了我無法解密會話密鑰的原始問題,因爲它是258字節而不是256.

我將此問題標記爲已回答,儘管仍然無法使用--override-session-key解密文件和現在解密的會話密鑰的原始字節。

來源

2017-10-05 22:37:04

相關問題

 相關問題