How to do PGP decryption in Java?

In my previous post, I mentioned how to encrypt data with PGP public key. In this post, I will tell you how to decrypt the data with PGP private key. You need a PGP key pair to test the encryption and decryption and see it works. Check this post to generate the PGP key pair. Read|Load PGPPrivateKey from file don't forget the deps before you write your code. Check the encrypt post for it. Notes: The userId is the Real name + email address in format like: `Real <Email>` , you were asked to pro

Post, Code and Quiet Time. How to do PGP decryption in Java? By Errong Leng – 22 Apr 2023 – View online → Photo by Xavier von Erlach / Unsplash In my previous post, I mentioned how to encrypt data with PGP public key. In this post, I will tell you how to decrypt the data with PGP private key. You need a PGP key pair to test the encryption and decryption and see it works. Check this post to generate the PGP key pair. Read|Load PGPPrivateKey from file don't forget the deps before you write your code. Check the encrypt post for it. import java.io.IOException; import java.io.InputStream; import java.util.Iterator; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPrivateKey; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.bc.BcPGPSecretKeyRingCollection; import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder; import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider; public class PGPHelper { private PGPSecretKey getSignKey(final String userId, final InputStream input) throws IOException, PGPException { final PGPSecretKeyRingCollection pgpSec = new BcPGPSecretKeyRingCollection( org.bouncycastle.openpgp.PGPUtil.getDecoderStream(input)); final Iterator keyRingIter = pgpSec.getKeyRings(); while (keyRingIter.hasNext()) { final PGPSecretKeyRing keyRing = (PGPSecretKeyRing) keyRingIter.next(); final Iterator keyIter = keyRing.getSecretKeys(); while (keyIter.hasNext()) { final PGPSecretKey key = (PGPSecretKey) keyIter.next(); final Iterator idIter = key.getUserIDs(); while (idIter.hasNext()) { final String userID = idIter.next().toString(); if (userID.contains(userId) && key.isSigningKey()) { return key; } } } } throw new IllegalArgumentException(String.format("Can't find sign key in key ring with user id %s", userId)); } public PGPPrivateKey loadPrivateKey(final InputStream input, final String userId, final char[] passPhrase) throws IOException, PGPException { final PGPSecretKey secretKey = getSignKey(userId, input); return secretKey.extractPrivateKey( new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(passPhrase)); } } view raw PGPPrivateKey.java hosted with ❤ by GitHub Notes: The userId is the Real name + email address in format like: `Real <Email>` , you were asked to provide these when you create the PGP key pair. Remember the password too. Decrypt Data import java.io.InputStream; import org.bouncycastle.openpgp.PGPEncryptedData; import org.bouncycastle.openpgp.PGPEncryptedDataList; import org.bouncycastle.openpgp.PGPLiteralData; import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPPrivateKey; import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData; import org.bouncycastle.openpgp.bc.BcPGPObjectFactory; import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory; import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory; import org.bouncycastle.util.io.Streams; public class PGPHelper { public byte[] decrypt(String userId, String password, byte[] pgpEncryptedData) { try { PGPPrivateKey pgpPrivateKey = loadPrivateKey(privateKey.getInputStream(), userId, password.toCharArray()); PGPObjectFactory pgpFact = new BcPGPObjectFactory(pgpEncryptedData); PGPEncryptedDataList encList = (PGPEncryptedDataList) pgpFact.nextObject(); // find the matching public key encrypted data packet. PGPPublicKeyEncryptedData encData = null; for (PGPEncryptedData pgpEnc : encList) { PGPPublicKeyEncryptedData pkEnc = (PGPPublicKeyEncryptedData) pgpEnc; if (pkEnc.getKeyID() == pgpPrivateKey.getKeyID()) { encData = pkEnc; break; } } if (encData == null) { throw new IllegalStateException("matching encrypted data not found"); } // build decryptor factory PublicKeyDataDecryptorFactory dataDecryptorFactory = new BcPublicKeyDataDecryptorFactory(pgpPrivateKey); InputStream clear = encData.getDataStream(dataDecryptorFactory); byte[] literalData = Streams.readAll(clear); clear.close(); // check data decrypts okay if (encData.verify()) { // parse out literal data PGPObjectFactory litFact = new BcPGPObjectFactory(literalData); PGPLiteralData litData = (PGPLiteralData) litFact.nextObject(); return Streams.readAll(litData.getInputStream()); } throw new IllegalStateException("modification check failed"); } catch (Exception e) { throw new RuntimeException("fail to decrypt", e); } } view raw PGPDecrypt.java hosted with ❤ by GitHub BcPublicKeyDataDecryptorFactory (Bouncy Castle Library 1.64 API Specification) Post, Code and Quiet Time. © 2023 – Unsubscribe