通过 Bouncy Castle 提取 GPG 密钥使用标志

Question

似乎PGPPublicKey 类提供了isEncryptionKey() 方法来确定公钥的算法是否可以用于加密目的（RSA_GENERAL、RSA_ENCRYPT、ELGAMAL_GENERAL、ELGAMAL_ENCRYPT），仅此一项就是不足以选择有效的加密子密钥。

有关于存储在数据包中的公钥的预期用途的信息，如 GnuPG packet.h 中所示：

 41 /* Usage flags */
 42 #define PUBKEY_USAGE_SIG     GCRY_PK_USAGE_SIGN  /* Good for signatures. */
 43 #define PUBKEY_USAGE_ENC     GCRY_PK_USAGE_ENCR  /* Good for encryption. */
 44 #define PUBKEY_USAGE_CERT    GCRY_PK_USAGE_CERT  /* Also good to certify keys.*/
 45 #define PUBKEY_USAGE_AUTH    GCRY_PK_USAGE_AUTH  /* Good for authentication. */
 46 #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN  /* Unknown usage flag. */
 47 #define PUBKEY_USAGE_NONE    256                 /* No usage given. */

我的问题是，鉴于 Bouncy Castle 没有公开这些标志，建议从 Java 中的 PublicKeyPacket 中提取此密钥使用信息的方法是什么？

Answer 1

我想通了。对于后代，这是解决方案：

// If Key Usage flags are present, we must respect them:
int keyFlagsEncountered = 0;
boolean keyUsageAllowsEncryption = false;

Iterator<PGPSignature> i = key.getSignatures();
while(i.hasNext()) {
    PGPSignature signature = i.next();
    int keyFlags = signature.getHashedSubPackets().getKeyFlags();
    keyFlagsEncountered += keyFlags;

    boolean isEncryptComms = (keyFlags & KeyFlags.ENCRYPT_COMMS) > 0;
    boolean isEncryptStorage = (keyFlags & KeyFlags.ENCRYPT_STORAGE) > 0;
    // Other KeyFlags available here (AUTHENTICATION, SIGN_DATA, CERTIFY_OTHER).

    if (isEncryptComms || isEncryptStorage) {
        keyUsageAllowsEncryption = true;
    }
}

// However, if Key Usage flags are not present (older key, or key generation process simply did not include the flags) 
// then we still attempt to use an encryption key using the existing methods:
keyUsageAllowsEncryption = keyFlagsEncountered == 0 || keyUsageAllowsEncryption;