PGP encryption in Enonic

wally · April 22, 2021, 10:48am

Hi!

Does anyone ever needed to make encryption/decryption in Enonic using PGP?

If so, can you share how it was resolved?

I found jsencrypt that uses RSA, but it did not work with PGP public keys.

I also found openpgpjs but it was impossible to bring to Enonic due to some functionalities used that Enonic does not support(e.g. async/await), and the code have 42k lines .

I’m also trying to resolve this on Java, but I cant find many useful content of the subject.

bhj · April 22, 2021, 10:55am

Hi, wally

I haven’t specifically used PGP, but have you examined the features available in the Cipher library?
https://market.enonic.com/vendors/rune-forberg/cipher

Best wishes,
Bjørnar

wally · April 22, 2021, 11:02am

thanks man. I just look at it, I don’t think is going to work in my case.

gri · April 22, 2021, 4:05pm

In Java, BouncyCastle has some support for PGP.

But you are right, finding resources on how to use the library is not the easiest thing. I was quite surprised that there was no proper documentation or at least some util classes that would facilitate the usage of the library. An entry point that I found useful: bc-java/pg/src/main/java/org/bouncycastle/openpgp/examples at master · bcgit/bc-java · GitHub

Also Enonic is already including and exposing org.bouncycastle:bcprov-jdk15on. So if you want to use the bouncycastle bcpg library for your app, you should do something similar to this in your build.gradle:

compile "org.bouncycastle:bcprov-jdk15on:1.67"
include("org.bouncycastle:bcpg-jdk15on:1.67") {
  exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
}

wally · April 22, 2021, 4:22pm

Well, I played with some content that I found on the internet. I got to encrypt a text, although the result was complete gibberish, not a PGP data base64 encoded string.

gri · April 22, 2021, 4:30pm

In some examples/utilclasses I saw online there was this flag armor or armored. You need to set this to true.

Or if you are using the library directly, you need to have ArmoredOutputStream wrapping your output stream

wally · April 28, 2021, 11:37am

gri, I looked it up and found some examples with ArmoredOutputStream, so I put it in my code and it actually worked. Thank you very much.

wally · May 6, 2021, 11:20am

Hi. Let me ask you something.
I’m having a weird issue with bouncy castle, sometimes it generates the PGP message really fast, and other times it takes up to a minute (or more). Did you have this issue at any moment while using this lib?

gri · May 7, 2021, 2:28pm

I only used it on very short files but no it has always been instantaneous in my case.

wally · May 7, 2021, 2:57pm

Yeah, I found the problem.
I don’t why, but using FIBS was being problematic. Sometimes it took more than a minute to encrypt. But we solved it!