Decrypt and verify pgp data in Android

As of version 1.3 of the library the methods for decrypt and verify have changed. The old version of this tutorial is available here.

In this chapter we are going to show how to decrypt and verify a previously one pass signed and encrypted OpenPGP data with the help of DidiSoft OpenPGP Library for Android.

Example code

The complete example is available in the /Examples/src/android/DecryptAndVerifyDemo.java file in the library distribution archive.

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
 
import com.didisoft.pgp.*;
 
public class DecryptAndVerifyDemo extends Activity {
 @Override
 public void onCreate(Bundle savedInstanceState) {
   super.onCreate(savedInstanceState);
   TextView tv = new TextView(this);
 
   SignatureCheckResult signatureCheck = this.decryptAndVerify();
   if (signatureCheck == SignatureCheckResult.SignatureVerified) {
        tv.append("The signature is valid.");
   } else if (signatureCheck == SignatureCheckResult.SignatureBroken) {
        tv.append("Message corrupted or signature forged");
   } else if (signatureCheck == SignatureCheckResult.PublicKeyNotMatching) {
        tv.append("Signature not matching provided public key /it is from another sender/");
   } else {
        tv.append("No signature found in message");
   }
   setContentView(tv);
 }
 
 public SignatureCheckResult decryptAndVerify() throws IOException, PGPException {	
  // create an instance of the library
  PGPLib pgp = new PGPLib();
 
  InputStream signedStream = null;
  InputStream privateDecryptionKeyStream = null;
  InputStream publicVerificationKeyStream = null;
  OutputStream decryptedStream = null;
 
  SignatureCheckResult signatureVerified = SignatureCheckResult.NoSignatureFound; 
  try {
   // load data and public key stream
   signedStream = this.openFileInput("OUTPUT.pgp");
 
   AssetManager assets = getAssets();
   privateDecryptionKeyStream = assets.open(key2_private);
   String privateDecryptionKeyPassword = key2_private_password; 
 
   publicVerificationKeyStream = assets.open(public_key);
 
   // specify output stream
   decryptedStream = this.openFileOutput("OUTPUT.txt", MODE_PRIVATE);            
   signatureVerified = pgp.decryptAndVerify(signedStream, 
						 privateDecryptionKeyStream,
				                 privateDecryptionKeyPassword,
						 publicVerificationKeyStream,
						 decryptedStream);
 
   return signatureVerified;
  } finally {
   // cleanup
   if (signedStream != null) 
	signedStream.close();
   if (privateDecryptionKeyStream != null) 
	privateDecryptionKeyStream.close();
   if (publicVerificationKeyStream != null) 
	publicVerificationKeyStream.close();
   if (decryptedStream != null) 
	decryptedStream.close();
 }    
}

The decryptAndVerify method is design to process also encrypted only data, signed only data and clear text signed as well.

Summary

This article has introduced the API method used to decrypt and verify OpenPGP data in one step.

List of methods used:
PGPLib.decryptAndVerifyStream