Java Sign and Encrypt
OpenPGP signing and encrypting in one pass is the most secure way by which we can send encrypted data. We sign the file with our private key and encrypt it with the public key of the person to whom we are sending the message. This way the encrypted file can be read only by the recipient and she can tell with absolute assurance that it was you who sent the message.
The examples below demonstrate in practice how to achieve this with OpenPGP Library for Java.
Sign and encrypt file with keys located in files
Sign and encrypt file with keys located in a KeyStore
Sign and encrypt input stream with keys located in files
Sign and encrypt input stream with keys located in a KeyStore
Sign and encrypt file with keys located in files
This example intentionally sets the parameter withIntegrityCheck to false, as integrity check information is not supported by PGP (r) 6.5 and prior versions, and if you do not know for sure what OpenPGP software your partners are using, it is better to avoid this feature.
import com.didisoft.pgp.PGPLib; public class SignAndEncryptFile { public static void main(String[] args) throws Exception{ // create an instance of the library PGPLib pgp = new PGPLib(); // should output be ASCII or binary boolean asciiArmor = false; // should integrity check information be added boolean withIntegrityCheck = false; // sign and encrypt pgp.signAndEncryptFile("INPUT.txt", "our_private_key.asc", "private_key_pass_phrase", "recipient_public_key.asc", "encrypted.pgp", asciiArmor, withIntegrityCheck); } }
Sign and encrypt file with keys located in a KeyStore
This example is equivalent to the above one except that the encryption (public) key of the receiver has been imported to a KeyStore and our secret key has either been generated or imported in the same KeyStore object.
import com.didisoft.pgp.KeyStore; import com.didisoft.pgp.PGPLib; public class KeystoreSignAndEncryptFile { public static void main(String[] args) throws Exception{ // create an instance of the KeyStore KeyStore keyStore = new KeyStore("pgp.keystore", "changeit"); // create an instance of the library PGPLib pgp = new PGPLib(); // is output ASCII or binary boolean asciiArmor = false; // should integrity check information be appended boolean withIntegrityCheck = false; // The signing key is usually our private key String signUserId = "demo@didisoft.com"; String signKeyPassword = "changeit"; // the User Id of the recipient, this // example assumes her public key is // already imported in the KeyStore file String encUserId = "recipient@company.com"; pgp.signAndEncryptFile("INPUT.txt", keyStore, signUserId, signKeyPassword, encUserId, "encrypted.pgp", asciiArmor, withIntegrityCheck); } }
Sign and encrypt input stream with keys located in files
We can sign and encrypt an input stream source too.
The second parameter of this method is often misunderstood. Although the encrypted data is stored in an output stream, the OpenPGP data format stores in addition to the encrypted bytes a file name string associated with them, so we are forced to set an additional artificial file name label.
import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.OutputStream; import com.didisoft.pgp.PGPLib; public class SignAndEncryptStream { public static void main(String[] args) throws Exception{ // initialize the library PGPLib pgp = new PGPLib(); // is output ASCII or binary boolean asciiOutput = true; // should integrity check information be appended boolean withIntegrityCheck = true; // recipient public key as stream InputStream recipientPublicKeyStream = new FileInputStream("recipient_public_key.asc"); // private signing key as stream InputStream privateKeyStream = new FileInputStream("our_private_key.asc"); String privateKeyPassword = "changeit"; // input stream to be encrypted InputStream inputStream = new FileInputStream("INPUT.txt"); // encrypted output destination OutputStream encryptedOutStream = new FileOutputStream("encrypted.pgp"); // Here "INPUT.txt" is just a string to be written in // the message OpenPGP packet which stored // file name label, timestamp, and the actual data bytes pgp.signAndEncryptStream(inputStream, "INPUT.txt", privateKeyStream, privateKeyPassword, recipientPublicKeyStream, encryptedOutStream, asciiOutput, withIntegrityCheck); } }
Sign and encrypt input stream with keys located in a KeyStore
This example is equivalent to the above one, except the keys are located in a KeyStore.
import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.OutputStream; import com.didisoft.pgp.KeyStore; import com.didisoft.pgp.PGPLib; public class KeyStoreSignAndEncryptStream { public static void main(String[] args) throws Exception{ // create an instance of the KeyStore KeyStore keyStore = new KeyStore("pgp.keystore", "changeit"); // create an instance of the library PGPLib pgp = new PGPLib(); // is output ASCII or binary boolean asciiArmor = true; // should integrity check information be added boolean withIntegrityCheck = true; // The signing key is usually our private key String signUserId = "demo@didisoft.com"; String signKeyPassword = "changeit"; // the User Id of the recipient, this // example assumes her public key is // already imported in the KeyStore file String encUserId = "recipient@company.com"; InputStream dataStream = new FileInputStream("INPUT.txt"); // this parameter is just a label that is associated with // the encrypted content in the OpenPGP archive String encryptedContentLabel = "INPUT.txt"; // create the output stream OutputStream encryptedStream = new FileOutputStream("encrypted.pgp"); pgp.signAndEncryptStream(dataStream, encryptedContentLabel, keyStore, signUserId, signKeyPassword, encUserId, encryptedStream, asciiArmor, withIntegrityCheck); } }
All of the above mentioned examples produce signatures in OpenPGP version 4 format, which is the current format. Some OpenPGP compatible software systems can expect digital signatures in the older version 3 format, although this is a very rare case. To produce version 3 signatures you can either use the examples above and replace the signAndEncrypt methods with the ones that end with Version3 or see the examples from the Examples folder in the library distribution package.
