47

I would like to be able to encrypt files on disk and/or data in memory using GnuPG from a Java application. If possible I'd like to avoid having to make system calls out to the GPG command line tools.

Is there a recommended library, or can you recommend the best approach to GPG encrypting from Java (or Scala)?

I'm developing and intend to run the application in a Linux environment, although a cross-platform solution would be preferred.

James Shade
  • 653
  • 1
  • 6
  • 8

3 Answers3

27

You can try to call the JAVA API of BouncyCastle.org.

Its documentation mentions:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms.

You have here an example of openpgp ByteArrayHandler.

There might be some incompatibility between BouncyCastle encryption and GnuGP encryption though, since BouncyCastle does not use GnuPG, but rather implements OpenPGP (RFC2440) in Java.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • 1
    Thanks for the answer - looks promising. Will give it a go and report back on whether I can make it work with GnuPG. Looks like it might just be about careful selection of mutually compatible options. – James Shade Sep 21 '09 at 16:26
  • 8
    Have got this to work now. I recommend looking at the example code in org.bouncycastle.openpgp.examples.KeyBasedFileProcessor in particular. Tricky bits included finding the desired public key within the key ring collection, and working out that the JCE implementation supplied in the standard JDK is crippled, and you need to explicitly download and install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6" from the Sun website. – James Shade Oct 27 '09 at 21:06
4

I recently had to work on GPG encryption-decryption and did find BountyCastle's PGP library does the trick. The steps were

1) Add the version in pom.xml properties

        <org.bouncycastle.version>1.46</org.bouncycastle.version>

2) Add the following dependencies

        <!-- Dependency for PGP and GPG Encryption-Decryption -->
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcmail-jdk15</artifactId>
            <version>${org.bouncycastle.version}</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpg-jdk15</artifactId>
            <version>${org.bouncycastle.version}</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15</artifactId>
            <version>${org.bouncycastle.version}</version>
        </dependency>

3) In the implementation class added the provider with Java Security

         Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

4) The rest of the code was just simple Java implementation

    File encryptedFile = new File(encryptedFileName);
    byte[]  encryptedByteArray = FileUtils.readFileToByteArray(inputFile);      
    byte[] decryptedByteArray = ByteArrayHandler.decrypt(encryptedByteArray, passPhrase.toCharArray());
    String decryptedString = new String(decryptedByteArray);

I hope this helps.

Vivek Kumar
  • 219
  • 2
  • 5
3

There is https://github.com/smartrevolution/gnupg-for-java which is based on gpgme, and works on top of GnuPG 1.4. We're updating it for GnuPG 2.x and are using it in our Android app. You can get the code to those here:

Hans-Christoph Steiner
  • 2,572
  • 31
  • 30
  • I made a test app to decrypt a message using gnupg-for-java. It successfully decrypted but crashed on `fclose` (before it had change to return the result). Then I found some example of usage of gpgme, where they don't use fclose, but just `gpgme_data_release`. So it does not look like a ready to go solution. Example, provided in the repository worked well. – Alexey Oct 11 '16 at 17:35
  • Our fork of gnupg-for-java could certainly use some work, but it does fully work. There are some annoying gotchas. – Hans-Christoph Steiner Nov 01 '16 at 17:22