Closed ntbrock closed 5 years ago
Thanks for the feedback! PGPPublicKey.isEncryptionKey()
just indicates whether or not the key technically could be used for encryption, not whether or not it was flagged to be used that way (most people's certification/signing keys could also technically be used for encryption). To ignore the key's usage flags, you can manually set the forDecryption
flag on the key after you load it, and JPGPJ will use it for decryption whenever it runs across a message encrypted with it. Here's an example:
https://github.com/justinludwig/jpgpj/wiki/DecryptingFiles#decryption-subkey-not-flagged
Thanks again for raising this issue! In JPGPJ 0.7, I added some new classes that I think will make the library easier to use in cases like this.
There's a new KeyForDecryption
class that you can use in place of the regular Key
class to load a key and flag all of its subkeys (including the master/parent key) to be used for decryption; and a KeyForVerification
class that you can use to load a key and flag all of its subkeys to be used for verification. Here's an example (of decrypting a message with Alice's key, and verifying it with Bob's key):
new Decryptor(
new KeyForDecryption(new File("path/to/my/keys/alice-sec.gpg"), "password123"),
new KeyForVerification(new File("path/to/my/keys/bob-pub.gpg"))
).decrypt(
new File("path/to/ciphertext.txt.gpg"),
new File("path/back-to/plaintext.txt")
);
If you need to decrypt and verify with the same key, you can just load up the same key twice, once with the KeyForDecryption
class (unlocking the secret key with a passphrase), and once with the KeyForVerification
class (which doesn't use the passphrase):
new Decryptor(
new KeyForDecryption(new File("path/to/my/keys/alice-sec.gpg"), "password123"),
new KeyForVerification(new File("path/to/my/keys/alice-sec.gpg"))
).decrypt(
new File("path/to/ciphertext.txt.gpg"),
new File("path/back-to/plaintext.txt")
);
Justin,
Wonderful project! I've been a gpg user for years and have some specific cases where I am encrypting data using the parent key, not just subkeys.
Could you advise on a more elegant way to support this use case? I'm new to your codebase.
Taylor