I’m relatively new to PGP and bouncy castle. After signing a message, get a ascii-armored data back. Let’s assume this ascii-armored data is encrypted and decrypted and waiting for sign verification. Here are my following doubts:
-
Does the Ascii-armored data that I receive contains the signed data ready for encryption or just the sign digest? (as per the code for signing provided)
-
If it contains the complete signed data, How do I extract data and sign from within the Ascii-armored data and use them for verification?
-
If not should i append the sign to the raw data manually and how to do so ?
Code For Reference
private ByteArrayOutputStream signData(byte[] data, PGPPrivateKey privateKey, int hashAlgo) throws PGPException, IOException {
JcaPGPContentSignerBuilder contentSignerBuilder = new JcaPGPContentSignerBuilder(PGPPublicKey.RSA_GENERAL, hashAlgo)
.setProvider(BouncyCastleProvider.PROVIDER_NAME);
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
contentSignerBuilder
);
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
ArmoredOutputStream armoredOut = new ArmoredOutputStream(byteOut);
BCPGOutputStream bOut = new BCPGOutputStream(armoredOut);
signatureGenerator.generateOnePassVersion(false).encode(bOut);
signatureGenerator.update(data);
signatureGenerator.generate().encode(bOut);
armoredOut.close();
return byteOut;
}
Sample Ascii-armored Data:
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.77.00
kA0DAAgBASaMeyE5SE4BiJwEAAEIAAYFAmZdbXMACgkQASaMeyE5SE4nMQP/Rc0C
3U2wD4htYYwln7yOTScpVY0p6gWeIx/u5ai/kOAE1fdHN8HAAA+X3LoeSMzqv76C
F+yGcWmKH363xM5pcuvk3kGZ8F0gDlfuAJMlfvUjRdDC4FrvB5uoScBYQPz2w3Wr
wGCZl40tEXo7tvUja9SLKmhHviXS5FpPaXGJ2Xc=
=ozi9
-----END PGP MESSAGE-----
Kindly, let me know if there is any other ideal way of doing signing and verification without ascii-armored data or so.
Also I don’t understand a lot of OnePassSignatureList verification, kindly provide me a code sample and explain how it works.