Bouncycastle PGP decrypt and verify

Question

I\'m trying to decrypt and verify a PGP message using the java BouncyCastle libraries, but am running into issues, complaining about premature ends of PartialInputStream.

Answer 1

Getting Bouncy Castle to play along is not always easy. Code-snipets from Stackoverflow make it work just so, but they are mostly arcane pieces of code that none of the users really understand.

The problem with this is: In a production system copy'n'paste snippets quickly become "no go" and "do not touch" areas.

Shelling out executables can have some serious security implications, least of all is handling command line parameters (talking about filenames with spaces ... how do I know? Don't ask ...)

I had all of these (and more..) problems, and after some yak shaving I wrote a library to handle PGP with Bouncycastle.

Decrypting works like this:

final InputStream plaintextStream = BouncyGPG
               .decryptAndVerifyStream()
               .withConfig(keyringConfig)
               .andRequireSignatureFromAllKeys("sender@example.com")
               .fromEncryptedInputStream(cipherTextStream)

The library can be found at https://github.com/neuhalje/bouncy-gpg :

// in build.gradle add a dependency to bouncy castle and bouncy-gpg
//  ...
dependencies {
    compile 'org.bouncycastle:bcprov-jdk15on:1.56'
    compile 'org.bouncycastle:bcpg-jdk15on:1.56'
    //  ...
    compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.+'