search

justinludwig / jpgpj

Java Pretty Good Privacy Jig
MIT License
74 stars 20 forks source link

Cannot decrypt an encrypted avro payload #33

Closed alonsoir closed 3 years ago

alonsoir commented 3 years ago

Hi Justin, thanks for the previous help.

I cannot decrypt the avro message. This is the exception:

Exception in thread "main" org.c02e.jpgpj.DecryptionException: no suitable decryption key found at org.c02e.jpgpj.Decryptor.decrypt(Decryptor.java:556) at org.c02e.jpgpj.Decryptor.decrypt(Decryptor.java:533) at org.c02e.jpgpj.Decryptor.unpack(Decryptor.java:438) at org.c02e.jpgpj.Decryptor.decryptWithFullDetails(Decryptor.java:387) at avro.EncryptPayload$.main(EncryptPayload.scala:51) at avro.EncryptPayload.main(EncryptPayload.scala)

This is the code

I exported secret-key.pgp and copied to src/main/resources using this command:

gpg --output secret-key.pgp --armor --export-secret-key alonsoir@gmail.com

could you help me?

Thanks.

justinludwig commented 3 years ago

You need to supply the secret key's passphrase to enable it to be used for decryption:

new Decryptor(new Key(new File("src/main/resources/secret-key.pgp"), "password123"))
alonsoir commented 3 years ago

Hi Justing, thanks for the assistance, when I add the pass as suggested, I got this:

Exception in thread "main" org.c02e.jpgpj.VerificationException: content not signed with a required key at org.c02e.jpgpj.Decryptor.copy(Decryptor.java:580) at org.c02e.jpgpj.Decryptor.unpack(Decryptor.java:449) at org.c02e.jpgpj.Decryptor.unpack(Decryptor.java:442) at org.c02e.jpgpj.Decryptor.unpack(Decryptor.java:438) at org.c02e.jpgpj.Decryptor.decryptWithFullDetails(Decryptor.java:387) at avro.EncryptPayload$.main(EncryptPayload.scala:53) at avro.EncryptPayload.main(EncryptPayload.scala)

Is this happening because I am not signing the message?

val encryptor = new Encryptor(new Key(new File("src/main/resources/public-key.gpg"))) encryptor.setEncryptionAlgorithm(EncryptionAlgorithm.AES256) encryptor.setSigningAlgorithm(HashingAlgorithm.Unsigned) encryptor.setCompressionAlgorithm(CompressionAlgorithm.ZLIB)

Thanks for the assistance.

justinludwig commented 3 years ago

If you are going to encrypt and decrypt with the same keypair, sign the message with the secret key when you encrypt it, like this:

    val encryptor = new Encryptor(new Key(new File("src/main/resources/secret-key.gpg"), "password123"))
    encryptor.setEncryptionAlgorithm(EncryptionAlgorithm.CAST5)
    encryptor.setSigningAlgorithm(HashingAlgorithm.SHA256)
    encryptor.setCompressionAlgorithm(CompressionAlgorithm.ZLIB)

(Note you can skip setting the encryption, signing, or compression algorithms if you want to use JPGPJ's defaults of AES128, SHA256, and ZLIB.)

In a more typical use-case, however, you would use two keypairs -- one for the message sender and one for the message recipient. The sender would have access to her own secret key, but not the secret key of the recipient -- she would have access only to the public key of the recipient. Correspondingly, the recipient would have access to his own secret key, but not the sender's secret key -- he would have access only to the sender's public key.

In a case like this, you would set up the JPGPJ Encryptor to sign the message with the sender's secret key, and encrypt it with the recipient's public key, like so:

    val encryptor = new Encryptor(
        new Key(new File("src/main/resources/sender-secret-key.gpg"), "password123"),
        new Key(new File("src/main/resources/recipient-public-key.gpg"))
    )

And you would set up the JPGPJ Decryptor to verify the message with the sender's public key, and decrypt it with the recipient's secret key, like this:

    val decryptor = new Decryptor(
        new Key(new File("src/main/resources/sender-public-key.gpg")),
        new Key(new File("src/main/resources/recipient-secret-key.gpg"), "password456")
    )

But if your use-case doesn't require you to verify the authenticity or integrity of the message, you can skip signing and verifying the message by setting up the Encryptor like this:

    val encryptor = new Encryptor(new Key(new File("src/main/resources/recipient-public-key.gpg")))
    encryptor.setSigningAlgorithm(HashingAlgorithm.Unsigned)

And setting up the Decryptor like this:

    val decryptor = new Decryptor(new Key(new File("src/main/resources/recipient-secret-key.gpg"), "password456"))
    decryptor.setVerificationRequired(false)
alonsoir commented 3 years ago

Fantastic, thank you very much for the help. I learned a lot, and it worked! This is the final code.