4

I have a PGP file named 'filename.txt.pgp' that I need to decrypt. When I run decryption from command-line it asks me only for the password. I use gpg command:

gpg filename.txt.pgp

The password is enough and my file is decrypted. I can read it's content.

Now, I should create an utility in Java. After research I see that Bouncy Castle library is my best choice. But all the examples in Java I can find use public/private key file which I do not have.

Could you please help me with an example in Java that decrypts PGP file using just a password?

Thank you.

Igor
  • 53
  • 1
  • 5
  • PGP uses a concept of a key ring which contains your public/private keys. You will use the password to access the key ring (via Bouncy Castle APIs) and retrieve the relevant keys (via Bouncy Castle APIs) and finally decode and decrypt the file (via Bouncy Castle APIs). Google can lead you to lots of examples, such as https://stackoverflow.com/questions/6987699/pgp-encryption-and-decryption-using-bouncycastle-c-sharp. – Rob Dec 08 '17 at 13:53
  • I am receiving the file from FTP and I know just the password. I do not have any key ring. So, I do not have public/private keys. Can the password be my public key? – Igor Dec 08 '17 at 14:00
  • If you are decrypting a pgp file, that means that you gave the other party your public key and that your private key is in your key ring (which is why the command-line tool works with just the password). Look for a directory called ".gnupg" in your home directory - that is the default place that gpg stores key rings. – Rob Dec 08 '17 at 14:03
  • 1
    No. I am the "other party" here. I have received just the file and the passphrase. Then I have installed some PGP utility and that is why I have gpg command. – Igor Dec 08 '17 at 14:22
  • So, that looks like the phrase I have received is the PublicKey from the sender, right? But then how my Java program should work at another computer if there is no any key rings and stuff? – Igor Dec 08 '17 at 14:28
  • It is possible (but in my experience I have never seen it) to use PGP to encrypt with a symmetric key (just a password). I notice that gpg has a "-c" option to do this. I suggest that you contact whoever is creating the encrypted file for more details on how the file is constructed. Alternatively, you can use the Bouncy Castle APIs to parse the file and see what kind of structures you find. Good luck. – Rob Dec 08 '17 at 14:40
  • Thank you @Rob for your answer. I will try to resolve that. – Igor Dec 08 '17 at 15:50

1 Answers1

4

If you look at the documentation section of Bouncy Castle's site, they say to "...look at the test programs in the packages..." and they're not joking.

If you look inside the jar file from Bouncy Castle you will see under the \org.bouncycastle\openpgp\examples\ directory a class file called "PBEFileProcessor" that will cover password based encryption when using their library.

Here's a link to the same file in their Github repo.

John Ryan
  • 56
  • 4