我生成了一个PGP密钥对,并给了另一方公钥,他们正在加密一条消息并发送给我,我正在使用Camel Crypto/PGP来解密它。一个简单的路线设置在骆驼2.15.0:骆驼加密失败PGP解密(无效)
from("direct://TestPGPDecrypt")
.routeId("TestPGPDecrypt")
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Calling PGP Decryption Using PGP Key: " + Vault.TestPGP.keyUserId)
.unmarshal(pgpDecryptTest)
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Decrypted Original ${header[CamelFileName]}")
有了这个,我传递一个。ASC(装甲-ASCII)文件,我得到以下异常:
Exchange[
Id ID-MBProi7-54281-1432247325866-1-12
ExchangePattern InOnly
BodyType org.apache.camel.component.file.GenericFile
Body [Body is file based: GenericFile[2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc]]
]
Stacktrace
------------------------------------------------------------------------------------------------------------------------
java.lang.IllegalArgumentException: The input message body has an invalid format.
The PGP decryption/verification processor expects a sequence of PGP packets of
the form (entries in brackets are optional and ellipses indicate repetition,
comma represents sequential composition, and vertical bar separates
alternatives): Public Key Encrypted Session Key ..., Symmetrically Encrypted Data
| Sym. Encrypted and Integrity Protected Data, Compressed Data, (One Pass Signature ...,) Literal Data, (Signature ...,)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getFormatException(PGPKeyAccessDataFormat.java:488)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getUncompressedData(PGPKeyAccessDataFormat.java:424)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.unmarshal(PGPKeyAccessDataFormat.java:363)
显然,这个问题似乎与消息“某处”的解析 - 堆栈显示它在PGPKeyAccessDataFormat中的此代码中:
private InputStream getUncompressedData(InputStream encData) throws IOException, PGPException {
PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
Object compObj = pgpFactory.nextObject();
if (!(compObj instanceof PGPCompressedData)) {
throw getFormatException();
}
我不知道为什么这样的InputStream不回来作为一个instanceof PGPCompressedData ...
如果我解密该文件在本地(UNIX/Mac OS X上)使用GPG - 没有问题。事实上,我可以看到详细运行的输出。
如果我加密一个本地文件,然后试图通过骆驼加密解密它,没有任何问题
我只用这一个文件的问题。 我甚至试过调整配置的PGPDataFormat无济于事:
PGPDataFormat pgpDecryptTest = new PGPDataFormat();
pgpDecryptTest.setKeyFileName(Vault.secret.keyFileName);
pgpDecryptTest.setKeyUserid(Vault.secret.keyUserId);
pgpDecryptTest.setArmored(true);
pgpDecryptTest.setPassword(Vault.secret.getTestKeyRingPwd());
pgpDecryptTest.setIntegrity(false);
pgpDecryptTest.setHashAlgorithm(HashAlgorithmTags.SHA1);
pgpDecryptTest.setAlgorithm(SymmetricKeyAlgorithmTags.TRIPLE_DES);
pgpDecryptTest.setSignatureKeyFileName(Vault.TRDParty.keyFileName);
pgpDecryptTest.setSignatureKeyUserid(Vault.TRDParty.keyUserId);
pgpDecryptTest.setSignatureVerificationOption("ignore");
任何想法? [编辑]根据请求,这里是关于PGP数据包的信息。有骆驼解密问题的加密文件:
gpg --list-packets 2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxxxxxxxxx
data: [2046 bits]
You need a passphrase to unlock the secret key for
user: "Your Key <[email protected]>"
2048-bit RSA key, ID XXXXXXXX, created 2015-05-18 (main key ID YYYYYYYYY)
:encrypted data packet:
length: 52051
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
"Your Key <[email protected]>"
:onepass_sig packet: keyid ABVBBBBBBBBBB
version 3, sigclass 0x00, digest 2, pubkey 17, last=1
:literal data packet:
mode b (62), created 1432151886, name="",
raw data: 51945 bytes
:signature packet: algo 17, keyid CCCCCCCCCCCCCC
version 4, created 1432151886, md5len 0, sigclass 0x00
digest algo 2, begin of digest e4 5a
hashed subpkt 2 len 4 (sig created 2015-05-20)
subpkt 16 len 8 (issuer key ID CCCCCCCCCCCCCC)
data: [159 bits]
data: [160 bits]
gpg: WARNING: message was not integrity protected
然后进行比较,我用GPG加密的同一个文件的内容(明文版本),然后运行就可以了列表分组:
gpg --list-packets encrypted.asc
:pubkey enc packet: version 3, algo 1, keyid XXXXXXXXXXX
data: [2045 bits]
You need a passphrase to unlock the secret key for
user: "Your Key <[email protected]>"
2048-bit RSA key, ID 8EFFC26E, created 2015-05-18 (main key ID YYYYYYYYY)
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
"Your Key <[email protected]>"
:compressed packet: algo=2
:literal data packet:
mode b (62), created 1432321235, name="clear.out.xml",
raw data: 51945 bytes
能为你倾倒'GPG --list-包[加密文件]的输出?如果你愿意的话,你可以去掉钥匙ID;我担心它包含Apache Camel不支持的任何功能。虽然我找不到任何描述支持的Camel规格表,但我们可能会在那里找到“可疑”的OpenPGP数据包或算法。 –
形式我可以告诉:在Mac OS X上使用我的本地工具 - 我正在使用:GPG工具和骆驼阅读此问题没有问题(这也是我如何得到在工作示例中的列表数据包)。另一方面,在Camel中不工作的版本是用Cryptix Open PGP构建的 - 我搜索了one_pass_sig数据包,还有一些其他的投诉 – BoneSmuggler
原始数据不仅被加密,而且还使用DSA密钥另外签名,但这不应该是任何问题; DSA已经被指定了很长时间。进一步阅读错误信息,并与您发布的数据包结构信息进行比较,似乎您称为解密对称加密数据包的功能。您可能需要先调用其他一些功能。 –