Quick Tip: Using Bouncy Castle for PGP Encryption

From Aventine Solutions

Jump to: navigation, search

This tip is specifically for using Java 5 ... you'll have to adjust slightly following Bouncy Castle's intructions when using other JDK's:

  • In Eclipse, make a Bouncy Castle Java project.
  • Download the signed provider jar bcprov-jdk15-138.jar and the signed OpenPG implementation jar bcpg-jdk15-138.jar from the Bouncy Castle latest releases page. Make these jar's available to the Java build for the project using File -> Properties -> Java Build Path -> Libraries
  • If your workstation doesn't already have GnuPG installed by default, then do it. For MacOSX, you can get if from Fink, for Windows you can use Cygwin. For Linux, you'll probably find it with yum or apt.
  • Cook up a private key for your testing and export the public key; shells commands will look something like: 
# generate a new secret key
gpg --gen-key
# enter your name for the key user
# you will also be asked for the size of the key, a new pass phrase,
# expiration period, plus an email address and comment

# list the keys on the key rings
gpg --list-keys

# export the new public key
# this command places the key in ASCII text
gpg --export -u 'MyName' -a -o MyName-publickey.txt
  • Note the path to the public and private key ring files. You'll need these for testing in Java. With GnuPG, they will be somewhere around ${HOME}/.gnupg/secring.gpg and ${HOME}/.gnupg/pubring.gpg
  • Import (or paste) some or all of the examples for the Bouncy Castle OpenPG package into org.bouncycastle.openpgp.examples in your Eclipse project. I found SignedFileProcessor the most useful as it helped figuring out how to sign files then verify them. To get the example code, download the version 138 source code distribution from the Bouncy Castle latest releases page and extract all or just the examples part of the source code, importing what you need into Eclipse.Image:Screenshot-eclipse-BouncyCastle-packageexplorer.png
  • If you have managed to sign a file using Java, you can go back out to the command line and verify your work manually with GnuPG: 
gpg --decrypt myfile.bpg > test.csv
Retrieved from "http://www.aventinesolutions.nl/mediawiki/index.php/Quick_Tip:_Using_Bouncy_Castle_for_PGP_Encryption"
Personal tools