As of version 1.3 of the library the methods for decrypt and verify have changed. The old version of this tutorial is available here.
In this chapter we are going to show how to decrypt and verify a previously one pass signed and encrypted OpenPGP data with the help of DidiSoft OpenPGP Library for Android.
Example code
The complete example is available in the /Examples/src/android/DecryptAndVerifyDemo.java file in the library distribution archive.
import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import com.didisoft.pgp.*; public class DecryptAndVerifyDemo extends Activity { @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); TextView tv = new TextView(this); SignatureCheckResult signatureCheck = this.decryptAndVerify(); if (signatureCheck == SignatureCheckResult.SignatureVerified) { tv.append("The signature is valid."); } else if (signatureCheck == SignatureCheckResult.SignatureBroken) { tv.append("Message corrupted or signature forged"); } else if (signatureCheck == SignatureCheckResult.PublicKeyNotMatching) { tv.append("Signature not matching provided public key /it is from another sender/"); } else { tv.append("No signature found in message"); } setContentView(tv); } public SignatureCheckResult decryptAndVerify() throws IOException, PGPException { // create an instance of the library PGPLib pgp = new PGPLib(); InputStream signedStream = null; InputStream privateDecryptionKeyStream = null; InputStream publicVerificationKeyStream = null; OutputStream decryptedStream = null; SignatureCheckResult signatureVerified = SignatureCheckResult.NoSignatureFound; try { // load data and public key stream signedStream = this.openFileInput("OUTPUT.pgp"); AssetManager assets = getAssets(); privateDecryptionKeyStream = assets.open(key2_private); String privateDecryptionKeyPassword = key2_private_password; publicVerificationKeyStream = assets.open(public_key); // specify output stream decryptedStream = this.openFileOutput("OUTPUT.txt", MODE_PRIVATE); signatureVerified = pgp.decryptAndVerify(signedStream, privateDecryptionKeyStream, privateDecryptionKeyPassword, publicVerificationKeyStream, decryptedStream); return signatureVerified; } finally { // cleanup if (signedStream != null) signedStream.close(); if (privateDecryptionKeyStream != null) privateDecryptionKeyStream.close(); if (publicVerificationKeyStream != null) publicVerificationKeyStream.close(); if (decryptedStream != null) decryptedStream.close(); } } |
The decryptAndVerify method is design to process also encrypted only data, signed only data and clear text signed as well.
Summary
This article has introduced the API method used to decrypt and verify OpenPGP data in one step.
List of methods used:
PGPLib.decryptAndVerifyStream