0

I trying to import a existint pgp public key : 

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v1.0.0
Comment: https://keybase.io/crypto

xm8EXtFujBMFK4EEACIDAwQNLpTSC8Tvvve477Qw8YLe7toYxzYgDQRQbcaIajuF
QwWbnns+gZ9EDKIijcmi80QYPICDzrxKCaUOIIN+4//AUkCULovLC67qoEkcgDBY
Zig7GIoTPPYHVgEwr9baTqrNHGl2YW4gPGl2YWxiZXJ0bzg5QGdtYWlsLmNvbT7C
jwQTEwoAFwUCXtFujAIbLwMLCQcDFQoIAh4BAheAAAoJEO8cm+rVKFm/INMBgLQn
5itjscBcGoK605Wlsmk0lmTFK2qE7GmhFsFVg4Ut3vL2BjFBtlSzj21CH8bneQGA
1Btl14COww3h2u0rZY7HcsgzsWV8gaKBfAN/KpmOfxXqZ7HqrNc7o4XuXJH5QVrC
zlIEXtFujBMIKoZIzj0DAQcCAwS8t6iC+Ik9ZbgOY2JwmC8eILILiu3HUM/mqa4q
zBNe+gWgpHPNBjPHJKDYCTByy6UAb3eJHCjJZOj6ZU4BdmfPwsAnBBgTCgAPBQJe
0W6MBQkPCZwAAhsuAGoJEO8cm+rVKFm/XyAEGRMKAAYFAl7RbowACgkQUa2LyJhX
0c/6qQD/WWZpNX0O/k6kYrzK1i/xk0NBLLb4nNq0OB04x7gWuGoBAOPpxjoqRURV
0Hozha+XV9u1aTq+fOMDZxTNgL5FG0KGo4cBf0vATKVZw9wcq+s4mZIXZxs4rAod
sFe5fLgpzZvT/RIHVIU6uJieUsee4hgs0H2ErwGAihWWRrnmaJcsaKC9rq2na3fr
X6BcXRlGbavVofoX+nPyJKDDayHXZ2m4jmgllZe+zlIEXtFujBMIKoZIzj0DAQcC
AwTFxy3Kjj8Jy/fW5W21oG6+aY/ekTChtUANz28MiUvy1de4DYZkFxukRzudT3ij
c2zzsi8UBN02q2cvqY0luAvEwsAnBBgTCgAPBQJe0W6MBQkPCZwAAhsuAGoJEO8c
m+rVKFm/XyAEGRMKAAYFAl7RbowACgkQ103VlblSzhyRKAD/ac/TbN5EaFNdEMWn
28OW8uiDbKl/39EYVE/yr6DjQigA/0VkcoPWN3eVxj44d/cAWhRbWqoy04A+lRtC
wAEV6VXNOdUBgN4AuhF9urpqXFfJ/1s1G8GbRzY0wTpHuZEAjyrBtC+hBgVN0Us7
OYpM6CC6dXOejwGAurQgQOH/i++M8olxZAEnVj0vrP93hjs90N8DbtuIc/7Beb6o
uJ9OEwREoizWqTdn
=4fnu
-----END PGP PUBLIC KEY BLOCK-----

But my public key always is getting null value. This public key is create with algoritm ecdsa ,you can see the values used in this page : keyPropertes

This is my method to read the publicKey ,it works if the algoritms to creaate the key is Rsa :

public static PGPPublicKey readPublicKey(InputStream in) throws IOException, PGPException {
        in = org.bouncycastle.openpgp.PGPUtil.getDecoderStream(in);

        PGPPublicKeyRingCollection pgpPub = new PGPPublicKeyRingCollection(in);

        //
        // we just loop through the collection till we find a key suitable for encryption, in the real
        // world you would probably want to be a bit smarter about this.
        //
        PGPPublicKey key = null;

        //
        // iterate through the key rings.
        //
        Iterator<PGPPublicKeyRing> rIt = pgpPub.getKeyRings();

        while (key == null && rIt.hasNext()) {
            PGPPublicKeyRing kRing = rIt.next();
            Iterator<PGPPublicKey> kIt = kRing.getPublicKeys();
            while (key == null && kIt.hasNext()) {
                PGPPublicKey k = kIt.next();

                if (k.isEncryptionKey()) {
                    key = k;
                }
            }
        }

        if (key == null) {
            throw new IllegalArgumentException("Can't find encryption key in key ring.");
        }

        return key;
    }

can you give me a big help with this ?

Thanks in advance, best regards ;)

Ivan Fontalvo
  • 433
  • 4
  • 21

1 Answers1

0

Your code is looking for an encryption-capable key. All three keys in that keyblock are ECDSA (algorithm 19) which is only usable for signature verification, including 'certification' (key signing) and 'authorization' (SSH) both of which are actually kinds of signatures. If you truly want encryption you need an ECDH (algorithm 18) subkey. See https://www.rfc-editor.org/rfc/rfc6637#section-5 . If you truly want verification, you need to change your code.

Community
  • 1
  • 1
dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
  • Thanks, for the answer , i just need the key to encrypt some data example 123 to whatever the encryption throw , the key is provided by my customer ... So for you say for standard is not recommendable use that key type to encrypt data? . Can you help me with a piece of code to use that key .. or that is not a good way to encrypt data ? – Ivan Fontalvo May 30 '20 at 14:06
  • **You CANNOT encrypt with an ECDSA (sub)key**, just like you can't encrypt with DSA. You can encrypt only with ElG (El-Gamal) or ECDH, or _some_ RSA keys (the RSA _algorithm_ does both, but each _key_ can be flagged as only signing or only encryption). It is _conventional_ to match these: RSA-encryption subkey with RSA-signing masterkey, ElG sub with DSA master, ECDH sub with ECDSA master, although technically it would work to mix them. If the client wants you to encrypt, they must supply an encryption key, normally a subkey under a suitable masterkey. – dave_thompson_085 May 31 '20 at 21:33