I am trying to debug and extend an existing piece of Java code using BouncyCastle to decrypt and verify protected attachments.
I looked at the BouncyCastle samples, but it’s more difficult to extract from them a model of how attachments attached to PGP look. From the code and various errors, I can assume that there is something represented by PGPMarker, then you can find PGPCompressedData, inside which there is PGPOnePassSignatureList and so on. This does not clarify issues such as when to expect one against the other and whether a one-time signature is present when signing and encrypting separately (these were examples that I came across, but not the topic of the question). BC javadoc doesn't explain much (e.g. PGPOnePassSignature is a "one-pass signature object").
The time spent re-designing the model by trial and error, and since I could not successfully find a good resource, I hope someone else knows this.
Thanks in advance.
source
share