java - PGP signature format reader -
in project need verify pgp clear signed signatures using corresponding public key. while did manage find code (for example: https://github.com/cjmalloy/openbitpub/blob/64485d64a699eb6096f01b27d5f7e51dd726602f/src/main/java/com/cjmalloy/obp/server/pgp/pgputil.java), operates on low level , looks pretty horrible.
i thinking, perhaps there exist specialized parsers can consume -----begin pgp public key block-----xxx-----end pgp public key block----- , -----begin pgp signed message-----xxx-----begin pgp signature-----xxx-----end pgp signature----- blocks can check signatures in more declarative way?
i've found related pemreader class bouncycastle.openssl package nothing pgp-related far.
i thinking, perhaps there exist specialized parsers can consume
-----begin pgp public key block-----xxx-----end pgp public key block-----,-----begin pgp signed message-----xxx-----begin pgp signature-----xxx-----end pgp signature-----blocks can check signatures in more declarative way?
a parser not enough @ -- need implement lots of openpgp-specific functions symmetric key derivation strings (for encrypted keys), handling of different types of assymetric cryptography algorithms, hash sums, different kinds of packet nesting, ... -- @ least you're not required implement openpgp cbc mode deriate don't require encryption (only signatures).
openpgp much complicated write own parser , crypto code, rely on existing libraries instead. in end, java you've got 2 possible roads follow:
- using gnupg through gpgme's java interface, requires local gnupg installation.
- using bouncy castle java has pretty complete openpgp implementation in native java code, require perform crypto operations in java. documentation pretty consists of javadoc openpgp package.
i've found related
pemreaderclass bouncycastle.openssl package nothing pgp-related far.
you looked in wrong bouncycastle package. openpgp not use keys in pem format (which belongs x.509 standard), class not useful @ all.
Comments
Post a Comment