如何在 java 和 Bouncy Castle 中生成 PGP 密钥撤销

Question

我想生成吊销证书以及公钥和私钥对生成。

正确生成私钥和公钥。

我试着这样做：

public void generateRevoke(String id, PGPPublicKey pk, PGPSecretKey secretKey, char[] passPhrase, OutputStream out) throws PGPException, IOException {

    PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
            new JcaPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1));

    PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(
            new JcePBESecretKeyDecryptorBuilder().setProvider(new BouncyCastleProvider())
                    .build(passPhrase));

    signatureGenerator.init(PGPSignature.KEY_REVOCATION, pgpPrivKey);

    PGPSignature signature = signatureGenerator.generateCertification(id, pk);

    PGPPublicKey key = PGPPublicKey.addCertification(pk, id, signature);

    key.encode(new ArmoredOutputStream(out));
}

但在输出文件中我得到的是 PGP MESSAGE 而不是 PGP PUBLIC KEY

我做错了什么？

Answer 1

我解决问题。正确的方法返回带有撤销证书的公钥：

public void generateRevoke(String id, PGPSecretKey secretKey, char[] passPhrase, OutputStream out) throws PGPException, IOException {

    PGPPublicKey oldKey = secretKey.getPublicKey();

    PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(
            new JcePBESecretKeyDecryptorBuilder().setProvider( provider )
                    .build(passPhrase));

    PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
            new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1 ) );

    signatureGenerator.init( PGPSignature.CERTIFICATION_REVOCATION, pgpPrivKey );

    PGPSignature signature = signatureGenerator.generateCertification(id, oldKey);

    PGPPublicKey newKey = PGPPublicKey.addCertification(oldKey, id, signature);

    out = new ArmoredOutputStream(out);

    newKey.encode(out);
    out.close();
}