bouncy-gpg
bouncy-gpg copied to clipboard
neuhalje
No (suitable) public key for encryption to [a provided recipient email address] found
Hi,
I tested encryption out with gpg in commandline with no problem. When I test it out with Bouncy-gpg by using this code:
publicKeyLocation = "../GPGKeys/Experian/Experian_Public.asc";
final String PUBLIC_KEY = new String(Files.readAllBytes(Paths.get(publicKeyLocation)));
gpgFileLocation = "../Development/treadstone/test.gpg";
FileOutputStream fileOutput = new FileOutputStream(gpgFileLocation);
BufferedOutputStream bufferedOutputStream = null;
FileInputStream fis = null;
OutputStream outputStream = null;
InMemoryKeyring keyring =
KeyringConfigs.forGpgExportedKeys(KeyringConfigCallbacks.withUnprotectedKeys());
String UID = "[email protected]";
keyring.addPublicKey(PUBLIC_KEY.getBytes(StandardCharsets.US_ASCII));
try {
bufferedOutputStream = new BufferedOutputStream(fileOutput);
fis = new FileInputStream(plainFileLocation);
outputStream = BouncyGPG
.encryptToStream()
.withConfig(keyring)
.withStrongAlgorithms()
.toRecipient(UID)
.andDoNotSign()
.binaryOutput()
.andWriteTo(bufferedOutputStream);
Streams.pipeAll(fis, outputStream);
} catch (Exception ex) {
throw new RuntimeException(ex);
} finally {
if (bufferedOutputStream != null && fis != null && outputStream != null) {
outputStream.close();
bufferedOutputStream.close();
fileOutput.close();
}
}
Then, It gives exception
java.lang.RuntimeException: org.bouncycastle.openpgp.PGPException: No (suitable) public key for encryption to [email protected] found
at com.viantinc.BouncyGPGTest.testEncryptionByUsingPubKeyWithTryCatch(BouncyGPGTest.java:165)
...
...
...
Caused by: org.bouncycastle.openpgp.PGPException: No (suitable) public key for encryption to [email protected] found
at name.neuhalfen.projects.crypto.bouncycastle.openpgp.BuildEncryptionOutputStreamAPI$WithAlgorithmSuiteImpl$ToImpl.extractValidKey(BuildEncryptionOutputStreamAPI.java:414)
at name.neuhalfen.projects.crypto.bouncycastle.openpgp.BuildEncryptionOutputStreamAPI$WithAlgorithmSuiteImpl$ToImpl.toRecipient(BuildEncryptionOutputStreamAPI.java:431)
at com.viantinc.BouncyGPGTest.testEncryptionByUsingPubKeyWithTryCatch(BouncyGPGTest.java:158)
This code works all other public key except this one. The interesting part is that it works in GPG commandline.
I have attached the public key in the following comment. I don't know if the recipient email address the "dot" in front of domain that causes the issue.
just FYI, right now for short term solution, I just use Java subprocess to call python's gnupg library to do encryption. Once this is fixed, I will test it for you and will use it.
I had the same issue. Checking the content of your key with:
gpg --export -a <key id>|gpg --list-packets --verbose
the key doesn't contain a KeyFlags subpacket (subpacket type 27). This section of the key indicates whether the key can be used for encryption, or signing, or other things.
In this case Bouncy-gpg assumes the key cannot be used for encryption. GPG is more lenient: if a key doesn't contain a KeyFlags subpacket, it will check the key algo, and if the algo is for example RSA, it assumes the key is fine for encrypting/signing
An alternative to using a python call is to implement your own KeySelectionStrategy, so that it accepts keys that don't explicitly have an Encryption flag
I attached an example for reference, which mimics GPG behaviour CustomKeySelectionStrategy.zip
@neuhalje or @mdesmons, is the fix merged to the next build? and new Jar version?
I am ready to test it.
It doesn't look like it's been merged yet. I don't have write access to the repo and can only submit a PR, I think @neuhalje has to review and approve...
But my comment above provides a workaround that doesn't require changing the library, if you really need it https://github.com/neuhalje/bouncy-gpg/issues/50#issuecomment-620277475
Can you provide an example of how to use the override with InMemoryKeyring?
Not sure how to implement the override when the parent class is not an explicit instantiation.
For example where to override the single use of "KeyringConfigCallbacks" below?
keyring = KeyringConfigs.forGpgExportedKeys(KeyringConfigCallbacks.withPassword(passphrase)); keyring.addPublicKey(publicKey.getBytes("US-ASCII")); keyring.addSecretKey(privateKey.getBytes("US-ASCII"));
BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(result); OutputStream outStream = BouncyGPG.encryptToStream() .withConfig(keyring) .withStrongAlgorithms() .toRecipient(receiverUserId) .andSignWith(senderUserIdEmail) .armorAsciiOutput() .andWriteTo(bufferedOutputStream)
Same question here.
Hi there! Was this ever put through? Getting the same issue here. Thanks!
we were able to resolve it by invoking selectUidByAnyUidPart() after initializing WithKeySelectionStrategy.
ex: outputStream = BouncyGPG .encryptToStream() .withConfig(keyring).selectUidByAnyUidPart() .withStrongAlgorithms() .toRecipient(UID) .andDoNotSign() .binaryOutput() .andWriteTo(bufferedOutputStream); Streams.pipeAll(fis, outputStream);
Same question here. Hi there! Was this ever put through? Getting the same issue here. Thanks!
Is this still a problem? I get message "PGPException: No (suitable) public key for encryption to [email protected] found" when I add the recipient [email protected] to BouncyGPG using .toRecipient("[email protected]"). Why do BouncyGPG check on toRecipient? I should think this is the job of the recipient service to check that he is identical to "[email protected]".
