Re: Exception in PGP Decryption

[Deepa]

Hi,
I want to encrypt and decrypt a txt file by using PGP.I completed my PGP Encryption.I'm getting an error in PGP Decryption. The error msg as follows

Quote:

org.bouncycastle.openpgp.PGPException: Exception decrypting key java.security.InvalidKeyException: Illegal key size

Plz help any one...

[pramod_pitta]

Hi,

Get the bouncy castle jar files and copy them into //jre/ext folder and also
get the jce_policy zip folder which contains two jar files (US_policy & local_policy jar files ) copy them into jre/lib/security folder and run the below code for decryption.

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.util.Iterator;

import org.bouncycastle.jce.provider.BouncyCastleProvider ;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData ;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollectio n;
import org.bouncycastle.openpgp.PGPUtil;





public class Test {
private static File privateKeyFile = new File("private key file");

private static String privateKeyPassword = "Password";

private static PGPPrivateKey findSecretKey(InputStream keyIn, long keyID, char[] pass) throws IOException, PGPException, NoSuchProviderException {
PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStrea m(keyIn));
PGPSecretKey secretKey = pgpSec.getSecretKey(keyID);
if (secretKey == null) {
return null;
}
return secretKey.extractPrivateKey(pass, "BC");




}

public static String decrypt(byte[] encdata) {
System.out.println("decrypt(): data length=" + encdata.length);

try {
ByteArrayInputStream bais = new ByteArrayInputStream(encdata);
FileInputStream privKey = new FileInputStream(privateKeyFile);
return _decrypt(bais, privKey, privateKeyPassword.toCharArray());
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
return null;
}

private static String _decrypt(InputStream in, InputStream keyIn, char[] passwd) throws Exception {
in = PGPUtil.getDecoderStream(in);
try {
PGPObjectFactory pgpF = new PGPObjectFactory(in);
PGPEncryptedDataList enc;
Object o = pgpF.nextObject();
//
// the first object might be a PGP marker packet.
//
if (o instanceof PGPEncryptedDataList) {
enc = (PGPEncryptedDataList) o;
} else {
enc = (PGPEncryptedDataList) pgpF.nextObject();
}
//
// find the secret key
//
Iterator iterator = enc.getEncryptedDataObjects();
PGPPrivateKey privateKey = null;
PGPPublicKeyEncryptedData publicKeyEncryptedData = null;
while (privateKey == null && iterator.hasNext()) {
publicKeyEncryptedData = (PGPPublicKeyEncryptedData) iterator.next();
System.out.println("publicKeyEncryptedData id=" + publicKeyEncryptedData.getKeyID());
privateKey = findSecretKey(keyIn, publicKeyEncryptedData.getKeyID(), passwd);
}
if (privateKey == null) {
throw new IllegalArgumentException("secret key for message not found.");
}
System.out.println("my-alg:" + privateKey.getKey().getAlgorithm());
System.out.println("private key" + privateKey.toString());
InputStream inputStream = publicKeyEncryptedData.getDataStream(privateKey, "BC", "BC");
PGPObjectFactory objectFactory = new PGPObjectFactory(inputStream);
Object message = objectFactory.nextObject();
if (message instanceof PGPCompressedData) {
PGPCompressedData cData = (PGPCompressedData) message;
PGPObjectFactory pgpFact = new PGPObjectFactory(cData.getDataStream());
message = pgpFact.nextObject();
}
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
if (message instanceof PGPLiteralData) {
PGPLiteralData pgpLiteralData = (PGPLiteralData) message;
InputStream unc = pgpLiteralData.getInputStream();
int ch;
while ((ch = unc.read()) >= 0) {
byteArrayOutputStream.write(ch);
}
} else if (message instanceof PGPOnePassSignatureList) {
throw new PGPException("encrypted message contains a signed message - not literal data.");
} else {
throw new PGPException("message is not a simple encrypted file - type unknown.");
}
if (publicKeyEncryptedData.isIntegrityProtected()) {
if (!publicKeyEncryptedData.verify()) {
System.err.println("message failed integrity check");
} else {
System.err.println("message integrity check passed");
}
} else {
System.err.println("no message integrity check");
}
return byteArrayOutputStream.toString();
} catch (PGPException e) {
System.err.println(e);
if (e.getUnderlyingException() != null) {
e.getUnderlyingException().printStackTrace();
}
}
return null;
}

public static void main(String[] args) throws IOException {
Security.addProvider(new BouncyCastleProvider());

byte[] newB = null;
try {
FileInputStream fileInputStream = new FileInputStream("ecnrypted file");
newB = new byte[fileInputStream.available()];
System.out.println("read bytes: " + fileInputStream.read(newB));
} catch (IOException e) {
e.printStackTrace();
}
System.out.println("byte array" + newB.length);
// ----- Decrypt the token that
String result = decrypt(newB);
FileOutputStream decryptedFile = new FileOutputStream("C:/new.txt");

while(result.length()!= -1)
{
decryptedFile.write(result.getBytes());
}

System.out.println("Decrypted: " + result);
}

}

[Deepa]

Hi,
I follow the steps what u told...But i got the same exception.

[pramod_pitta]

Hi Deepa,

R u running the above code in Eclipse? If so you will be getting the same error. I am working on that as I am also facing the same issue while running the above code in eclipse.

If you run from command prompt you will be able to decrypt the file.Copy the above code into jdk/bin directory and run from command prompt.

Please let me know if you are facing any issues.

Thanks,
Pramod

[Deepa]

Hi Pramod,
I'm trying to run this application in java only..I tried this code lot of times still now,i'm trying...But i got the same error what i have mentioned earlier..I have placed the java.policy,US_export_policy.jar and local_policy.jar in "C:\Program Files\Java\jdk1.5.0_07\jre\lib\security" Folder..And also,i have placed BouncyCastle jar files in "C:\Program Files\Java\jdk1.5.0_07\jre\lib\ext"..But i'm getting the same error..

My code:

Quote:

import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.ByteArrayInputStream; import java.io.DataOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.util.Iterator; import sun.misc.BASE64Encoder; import sun.misc.BASE64Decoder; // Bouncy castle imports import org.bouncycastle.jce.provider.BouncyCastleProvider ; import org.bouncycastle.openpgp.PGPCompressedData; import org.bouncycastle.openpgp.PGPCompressedDataGenerato r; import org.bouncycastle.openpgp.PGPEncryptedDataGenerator ; import org.bouncycastle.openpgp.PGPEncryptedDataList; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPLiteralData; import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPOnePassSignatureList; import org.bouncycastle.openpgp.PGPPrivateKey; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData ; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollectio n; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRingCollectio n; import org.bouncycastle.openpgp.PGPUtil; // public class SingleSignOnTest1 { private static File publicKeyFile = new File("C:\\Documents and Settings\\deepaps\\My Documents\\PGP\\pubring.pkr"); private static File privateKeyFile = new File("C:\\Documents and Settings\\deepaps\\My Documents\\PGP\\secring.skr"); private static String privateKeyPassword = "Test$123"; // // Public class method decrypt // public static String decrypt(byte[] encdata) { System.out.println(encdata); System.out.println("decrypt(): data length=" + encdata.length); // ----- Decrypt the file try { ByteArrayInputStream bais = new ByteArrayInputStream(encdata); FileInputStream privKey = new FileInputStream(privateKeyFile); return _decrypt(bais, privKey, privateKeyPassword.toCharArray()); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } return null; } // // Public class method encrypt // public static byte[] encrypt(byte[] data) { try { // ----- Read in the public key PGPPublicKey key = readPublicKeyFromCol(new FileInputStream(publicKeyFile)); System.out.println("Creating a temp file..."); // create a file and write the string to it File tempfile = File.createTempFile("pgp", null); FileOutputStream fos = new FileOutputStream(tempfile); fos.write(data); fos.close(); System.out.println("Temp file created at "); System.out.println(tempfile.getAbsolutePath()); System.out.println("Reading the temp file to make sure that the bits were written\n--------------"); BufferedReader isr = new BufferedReader(new FileReader(tempfile)); String line = ""; while ( (line = isr.readLine()) != null ) { System.out.println(line + "\n"); } // find out a little about the keys in the public key ring System.out.println("Key Strength = " + key.getBitStrength()); System.out.println("Algorithm = " + key.getAlgorithm()); System.out.println("Bit strength = " + key.getBitStrength()); System.out.println("Version = " + key.getVersion()); System.out.println("Encryption key = " + key.isEncryptionKey()+ ", Master key = " + key.isMasterKey()); int count = 0; for ( java.util.Iterator iterator = key.getUserIDs(); iterator.hasNext(); ) { count++; System.out.println((String) iterator.next()); } System.out.println("Key Count = " + count); // create an armored ascii file // FileOutputStream out = new FileOutputStream(outputfile); // encrypt the file // encryptFile(tempfile.getAbsolutePath(), out, key); // Encrypt the data ByteArrayOutputStream baos = new ByteArrayOutputStream(); _encrypt(tempfile.getAbsolutePath(), baos, key); System.out.println("encrypted text length=" + baos.size()); tempfile.delete(); System.out.println("Return"+baos.toByteArray()); return baos.toByteArray(); } catch (PGPException e) { // System.out.println(e.toString()); System.out.println(e.getUnderlyingException().toSt ring()); e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } return null; } // // Private class method readPublicKeyFromCol // private static PGPPublicKey readPublicKeyFromCol(InputStream in) throws Exception { PGPPublicKeyRing pkRing = null; PGPPublicKeyRingCollection pkCol = new PGPPublicKeyRingCollection(in); System.out.println("key ring size=" + pkCol.size()); Iterator it = pkCol.getKeyRings(); while (it.hasNext()) { pkRing = (PGPPublicKeyRing) it.next(); Iterator pkIt = pkRing.getPublicKeys(); while (pkIt.hasNext()) { PGPPublicKey key = (PGPPublicKey) pkIt.next(); System.out.println("Encryption key = " + key.isEncryptionKey() + ", Master key = " + key.isMasterKey()); if (key.isEncryptionKey()) return key; } } return null; } // // Private class method _encrypt // private static void _encrypt(String fileName, OutputStream out, PGPPublicKey encKey) throws IOException, NoSuchProviderException, PGPException { out = new DataOutputStream(out); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); System.out.println("creating comData..."); // get the data from the original file PGPCompressedDataGenerator comData = new PGPCompressedDataGenerator(PGPCompressedDataGenera tor.ZIP); PGPUtil.writeFileToLiteralData(comData.open(bOut), PGPLiteralData.BINARY, new File(fileName)); comData.close(); System.out.println("comData created..."); System.out.println("using PGPEncryptedDataGenerator..."); // object that encrypts the data PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(PGPEncryptedDataGenerato r.CAST5, new SecureRandom(), "BC"); cPk.addMethod(encKey); System.out.println("used PGPEncryptedDataGenerator..."); // take the outputstream of the original file and turn it into a byte // array byte[] bytes = bOut.toByteArray(); System.out.println("wrote bOut to byte array..."); // write the plain text bytes to the armored outputstream OutputStream cOut = cPk.open(out, bytes.length); cOut.write(bytes); cPk.close(); out.close(); } // // Private class method _decrypt // private static String _decrypt(InputStream in, InputStream keyIn, char[] passwd) throws Exception { in = PGPUtil.getDecoderStream(in); try { PGPObjectFactory pgpF = new PGPObjectFactory(in); PGPEncryptedDataList enc; Object o = pgpF.nextObject(); // // the first object might be a PGP marker packet. // if (o instanceof PGPEncryptedDataList) { enc = (PGPEncryptedDataList) o; } else { enc = (PGPEncryptedDataList) pgpF.nextObject(); } // // find the secret key // Iterator it = enc.getEncryptedDataObjects(); PGPPrivateKey sKey = null; PGPPublicKeyEncryptedData pbe = null; while (sKey == null && it.hasNext()) { pbe = (PGPPublicKeyEncryptedData) it.next(); System.out.println("pbe id=" + pbe.getKeyID()); sKey = findSecretKey(keyIn, pbe.getKeyID(), passwd); } if (sKey == null) { throw new IllegalArgumentException("secret key for message not found."); } InputStream clear = pbe.getDataStream(sKey, "BC"); PGPObjectFactory plainFact = new PGPObjectFactory(clear); Object message = plainFact.nextObject(); if (message instanceof PGPCompressedData) { PGPCompressedData cData = (PGPCompressedData) message; PGPObjectFactory pgpFact = new PGPObjectFactory(cData.getDataStream()); message = pgpFact.nextObject(); } ByteArrayOutputStream baos = new ByteArrayOutputStream(); if (message instanceof PGPLiteralData) { PGPLiteralData ld = (PGPLiteralData) message; InputStream unc = ld.getInputStream(); int ch; while ((ch = unc.read()) >= 0) { baos.write(ch); } } else if (message instanceof PGPOnePassSignatureList) { throw new PGPException("encrypted message contains a signed message - not literal data."); } else { throw new PGPException("message is not a simple encrypted file - type unknown."); } if (pbe.isIntegrityProtected()) { if (!pbe.verify()) { System.err.println("message failed integrity check"); } else { System.err.println("message integrity check passed"); } } else { System.err.println("no message integrity check"); } return baos.toString(); } catch (PGPException e) { System.err.println(e); if (e.getUnderlyingException() != null) { e.getUnderlyingException().printStackTrace(); } } return null; } // // Private class method findSecretKey // private static PGPPrivateKey findSecretKey(InputStream keyIn, long keyID, char[] pass) throws IOException, PGPException, NoSuchProviderException { PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStrea m(keyIn)); PGPSecretKey pgpSecKey = pgpSec.getSecretKey(keyID); if (pgpSecKey == null) { return null; } return pgpSecKey.extractPrivateKey(pass, "BC"); } // // Public class method readFile // public byte[] readFile(File file) throws IOException { FileInputStream fis = new FileInputStream(file); byte[] buf = new byte[4096]; int numRead = 0; ByteArrayOutputStream baos = new ByteArrayOutputStream(); while ((numRead = fis.read(buf)) > 0) { baos.write(buf, 0, numRead); } fis.close(); byte[] returnVal = baos.toByteArray(); baos.close(); return returnVal; } // // Public main method // public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); String TOKEN = "aamine"; // ----- Encrypt the message to a file // them byte[] encdata = encrypt(TOKEN.getBytes()); System.out.println("Encrypted: " + encdata); // Encode the byte array to a string BASE64Encoder en = new BASE64Encoder(); String temp = en.encode(encdata); System.out.println("Temp: " + temp); // us byte[] newB=null; BASE64Decoder en1 = new BASE64Decoder(); try { newB = en1.decodeBuffer(temp); } catch (Exception e) { System.out.println("Exception: " + e); } System.out.println("byte array" + newB.length); System.out.println("newB"+newB); // ----- Decrypt the token that String result = decrypt(newB); FileOutputStream decryptedFile = new FileOutputStream("C:/new.txt"); while(result.length()!= -1) { decryptedFile.write(result.getBytes()); } System.out.println("Decrypted: " + result); } }

Rectify my pblm...

[pramod_pitta]

Hi Deepa,

Your code should perfectly work.
Let me give the clear details.

Copy only two jar files (bcpg-jdk15-143 & bcprov-ext-jdk15-143) into jre/lib/ext directory and also copy the two policy jar(local_policy & US_export_policy) files into jre/lib/security folder then recompile the java file and run you will be succeded.

Thanks,
Pramod

[Deepa]

Hi Pramod,
Which jdk is used for this(ie JDK1.4 or JDK 1.5)...

[Deepa]

Hi Pramod,
It's working only in JDK 1.5...

Jar File :
bcpg-jdk15-143.jar
bcprov-ext-jdk15-143.jar

i put the above jar file in,
C:\Program Files\Java\jdk1.5.0_07\jre\lib\ext\bcpg-jdk15-143.jar and
C:\Program Files\Java\jdk1.5.0_07\jre\lib\ext\bcprov-ext-jdk15-143.jar

and also i'm having,
C:\Program Files\Java\jdk1.5.0_07\jre\lib\security\US_export_ policy.jar and
C:\Program Files\Java\jdk1.5.0_07\jre\lib\security\local_poli cy.jar

MY Passphrase(PrivateKeyPassword) is "Test$123" which was created by "PGPDesktopWin32-9.10.0.exe" and also pubring.pkr and secring.skr was generated by the same..

But I'm getting the same error...

How can rectify the issue...

[pramod_pitta]

Hi Deepa,

The PGP decryption works in all versions of jdk, there are appropriate jar files for each version.

Try with privatekey which is in file format rather than .skr format.

Thanks,
Pramod

[Deepa]

Hi Pramod,
i want pubring.pkr and secring.skr for Encryption&Decryption..When i was executing "PGPDesktopWin32-9.10.0.exe" ,the above 2 files(pubring.pkr,secring.skr) was generated..So,i use in .skr format only..

[pramod_pitta]

Hi Deepa,

I need to work out on how to decrypt the file using pubring.skr and secring.skr. Once Im done on the R&D I will let you know.

Thanks,
Pramod Kumar Pitta

[Deepa]

Hi Pramod,
For Encrypting,we use pubring.pkr and also for Decrypting we use secring.skr...

[Deepa]

Hi Pramod,
In Decryption,could i pass the privatekey or passPhrase.Is privatekey and passphrase is same...

[stevemilw]

i need a pooooo

[Deepa]

Hi,
What do you mean by pooooo

[pramod_pitta]

Hi Deepa,

No, the private key file is separate from passphrase. I think by looking at your code the passphrase is "Test$123" and private key should be in a filed mode.

Thanks & Regards,
Pramod

[pramod_pitta]

Hi,

I have an issue while decrypting the file in RAD. While running the code (mentioned above) from command prompt it works fine with out any issue. If I run the same code in RAD it gives an exception as below.

read bytes: 31331
byte array31331
decrypt(): data length=31331
publicKeyEncryptedData id=2165468330250183716
my-alg:ElGamal
private keyorg.bouncycastle.openpgp.PGPPrivateKey@5e645e64
org.bouncycastle.openpgp.PGPException: error setting asymmetric cipher
java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at org.bouncycastle.openpgp.PGPPublicKeyEncryptedData .fetchSymmetricKeyData(Unknown Source)
at org.bouncycastle.openpgp.PGPPublicKeyEncryptedData .getDataStream(Unknown Source)
at org.bouncycastle.openpgp.PGPPublicKeyEncryptedData .getDataStream(Unknown Source)
at com.fourcs.clm.iwarranty.wc.utilities.Test._decryp t(Test.java:93)
at com.fourcs.clm.iwarranty.wc.utilities.Test.decrypt (Test.java:55)
at com.fourcs.clm.iwarranty.wc.utilities.Test.main(Te st.java:150)
Exception in thread "main" java.lang.NullPointerException
at com.fourcs.clm.iwarranty.wc.utilities.Test.main(Te st.java:153)

By doing some R&D I think the bouncy castle api looks for urestricted cipher jars (US_export_policy & local_policy jars)from //jre/lib/security. But my application classpath will point to our own classpath dir, where all the jars are dumped into it. I copied the (US_export_policy & local_policy jars) into our classpath directory but, still I am facing the same issue.

How can I resolve my problem ? Please help me on this ASAP.

Thanks & Regards,
Pramod

[Deepa]

Hi,
Thank u Pramod..My Issue is fixed by replacing local_policy.jar and US_export_policy.jar..Now i'm encrypting and decrypting a text file ..But i'm unable to encrypt and decrypt an image ..How can i encrypt and decrypt an image..

[pramod_pitta]

Good you have solved your problem. I think for decrypting or encrypting the image files you need to convert the data into byte stream then only you will be albe to decrypt/encrypt the file

[Deepa]

Hi Pramod,
This issue is solved .Thank u.