虽然PGPPublicKey
类提供isEncryptionKey()
方法来确定公钥的算法是否可用于加密目的(RSA_GENERAL
,RSA_ENCRYPT
,{{1 }},ELGAMAL_GENERAL
)仅此一项不足以选择有效的加密子密钥。
有关于数据包中存储的公钥的预期用途的信息,如GnuPG packet.h中所示:
ELGAMAL_ENCRYPT
我的问题是,鉴于Bouncy Castle没有公开这些标志,从Java中的PublicKeyPacket中提取这些密钥用法信息的建议方法是什么?
答案 0 :(得分:4)
我明白了。对于后代,这是解决方案:
// If Key Usage flags are present, we must respect them:
int keyFlagsEncountered = 0;
boolean keyUsageAllowsEncryption = false;
Iterator<PGPSignature> i = key.getSignatures();
while(i.hasNext()) {
PGPSignature signature = i.next();
int keyFlags = signature.getHashedSubPackets().getKeyFlags();
keyFlagsEncountered += keyFlags;
boolean isEncryptComms = (keyFlags & KeyFlags.ENCRYPT_COMMS) > 0;
boolean isEncryptStorage = (keyFlags & KeyFlags.ENCRYPT_STORAGE) > 0;
// Other KeyFlags available here (AUTHENTICATION, SIGN_DATA, CERTIFY_OTHER).
if (isEncryptComms || isEncryptStorage) {
keyUsageAllowsEncryption = true;
}
}
// However, if Key Usage flags are not present (older key, or key generation process simply did not include the flags)
// then we still attempt to use an encryption key using the existing methods:
keyUsageAllowsEncryption = keyFlagsEncountered == 0 || keyUsageAllowsEncryption;