I am trying to use the bouncy-gpg library with BouncyCastle to do PGP encryption in my Java programs. I keep getting the below NPE.
We had a shell script calling gpg on a Linux box and I wanted to move that logic into a Java app on Windows. I exported the public key from the keyring on Linux and try to use it on Windows but I always get the below error. I have tried all sorts of variations of different keys, formats and API options and I can't get encryption working with this one key. It worked OK with a key pair I generated myself.
Here is the method I wrote based on https://github.com/neuhalje/bouncy-gpg/blob/master/examples/encrypt/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/example/EncryptMain.java
/**
* Encypt the output file using gpg
*/
public void encryptFile() {
Path sourceFile = Paths.get(this.filePath());
Path destFile = Paths.get(this.encryptedFilePath());
try {
BouncyGPG.registerProvider();
int bufferSize = 8 * 1024;
InMemoryKeyring keyringConfig = KeyringConfigs.forGpgExportedKeys(KeyringConfigCallbacks.withUnprotectedKeys());
try {
keyringConfig.addPublicKey(Files.readAllBytes(Paths.get("c:/path/to/my/exported.key"));
} catch ( Exception e ) {
throw new RuntimeException(e);
}
try (
OutputStream fileOutput = Files.newOutputStream(destFile);
BufferedOutputStream bufferedOut = new BufferedOutputStream(fileOutput, bufferSize);
OutputStream outputStream = BouncyGPG
.encryptToStream()
.withConfig(keyringConfig)
.withStrongAlgorithms()
.toRecipient(recipient)
.andDoNotSign()
.binaryOutput()
.andWriteTo(bufferedOut);
InputStream is = Files.newInputStream(sourceFile)
) {
Streams.pipeAll(is, outputStream);
}
} catch (Exception e) {
throw new RuntimeException(e);
}
And here is the stack trace of the exception:
Caused by: java.lang.NullPointerException
at name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.generation.KeyFlag.extractPublicKeyFlags(KeyFlag.java:106)
at name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.callbacks.Rfc4880KeySelectionStrategy.isEncryptionKey(Rfc4880KeySelectionStrategy.java:228)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174)
at java.util.ArrayList$Itr.forEachRemaining(ArrayList.java:891)
at java.util.Collections$UnmodifiableCollection$1.forEachRemaining(Collections.java:1049)
at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580)
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:270)
at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1548)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.reduce(ReferencePipeline.java:479)
at name.neuhalfen.projects.crypto.bouncycastle.openpgp.keys.callbacks.Rfc4880KeySelectionStrategy.selectPublicKey(Rfc4880KeySelectionStrategy.java:156)
at name.neuhalfen.projects.crypto.bouncycastle.openpgp.BuildEncryptionOutputStreamAPI$WithAlgorithmSuiteImpl$ToImpl.extractValidKey(BuildEncryptionOutputStreamAPI.java:411)
at name.neuhalfen.projects.crypto.bouncycastle.openpgp.BuildEncryptionOutputStreamAPI$WithAlgorithmSuiteImpl$ToImpl.toRecipient(BuildEncryptionOutputStreamAPI.java:431) ...
And the code block in bouncy-gpg where the NPE is occurring. The hashedSubPackets variable is null:
while (directKeySignatures.hasNext()) {
final PGPSignature signature = directKeySignatures.next();
final PGPSignatureSubpacketVector hashedSubPackets = signature.getHashedSubPackets();
final int keyFlags = hashedSubPackets.getKeyFlags(); // <- NPE HERE
aggregatedKeyFlags |= keyFlags;
}
Thanks very much in advance for any help.
The latest bouncy-gpg source code with the fix for https://github.com/neuhalje/bouncy-gpg/issues/48 resolved this issue. I retried my encryption method with the exported public key and it worked.