EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Bad Signature using BizTalk PGP adaptor

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
Posted: 02/03/2015 05:11:36
by Patrick O'Dwyer (Basic support level)
Joined: 02/03/2015
Posts: 5


I'm evaluating the PGP BizTalk adaptor for our company.
Encryption and decryption works fine, however, signing is an issue.

When decrypting files using command line, or PGP desktop 10.2.1 I get the error

Bad signature in PGP desktop.

via the command line the error is slightly better:

Decoding data....
Secret key is required to read it.
Key for user ID "In <input@test.test>"
Key for user ID "Out <out@test.test>"
You need a pass phrase to unlock your secret key.

Enter pass phrase:

Good signature from user "".
Signature made 2015/02/03 11:00 GMT

WARNING: Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: "".
WARNING: Bad signature, doesn't match file contents!

Bad signature from user "In <input@test.test>".
Operation completed successfully.

I have attached the keyring we use on the BizTalk server.

We have both public and private key pairs on the machines we are using to decrypt.

Do you have any suggestions?


Posted: 02/03/2015 05:13:38
by Patrick O'Dwyer (Basic support level)
Joined: 02/03/2015
Posts: 5

Second attempt to upload keyring screen grab

Posted: 02/03/2015 05:51:32
by Ken Ivanov (EldoS Corp.)

Hi Patrick,

PGP implementations are quite selective in what they are able to process. Many third-party PGP applications will only accept no more than one signature per protected document (the others will be reported as invalid).

I suggest that you leave exactly one secret key in the signing keyring and check if it results in any changes on the processing side.

Posted: 02/03/2015 05:59:38
by Patrick O'Dwyer (Basic support level)
Joined: 02/03/2015
Posts: 5

Hi Ken,

There is only 1 secret key in the signing keyring on the BizTalk Server..

This is the keyring on the BizTalk Server:

McAfee E-Business Server v8.0 - Full License
© 1991-2004 Network Associates, Inc. All Rights Reserved.

Alg Type Size Flags Key ID User ID
--- ---- --------- ------- ---------- -------

*RSA4 pair 2048/2048 [VI---] 0x06E7CAC3 In <input@test.test>
RSA4 pub 2048/2048 [-----] 0x5C61CCD0 Out <out@test.test>

2 matching keys found.

Operation completed successfully.

Posted: 02/03/2015 06:52:12
by Ken Ivanov (EldoS Corp.)

Thank you for the clarification. Let's try to play with the adapter configuration and check if any of the settings affect the verification result.

Please try to adjust the following properties and try to protect the file in this configuration:

Input Is Text = No,
Hash Algorithm = SHA1,
Use New Features = False,
Use Old Packets = True,
Use Compression = No,
Armor = No.

Posted: 02/03/2015 07:10:23
by Patrick O'Dwyer (Basic support level)
Joined: 02/03/2015
Posts: 5

Thanks Ken - selected, as per your specs.

Options are slightly different on the PGP adaptor:
Compress Data = No
Use New Features = No
Use Old Packets = Yes

everything else as suggested.

No difference I'm afraid.
Posted: 02/03/2015 07:20:29
by Ken Ivanov (EldoS Corp.)

Thank you Patrick,

Could you please set Armor to Yes now (leaving the rest of the settings as above) and check if this makes any difference?

If it doesn't, could you please encrypt an arbitrary file with a password (this will require you to change Encryption Type to Password in the adapter settings) and post it to a Helpdesk ticket so that we could check the file and its signature? Changing encryption type to Password is necessary as we need the ability to decrypt the file in our environment (this way, please do not pick a file with any sensitive information inside please).

Posted: 02/03/2015 08:24:42
by Patrick O'Dwyer (Basic support level)
Joined: 02/03/2015
Posts: 5

Hi Ken,

No joy with armour.

Have raised ticket 26932 with the file.

Posted: 06/01/2015 07:22:59
by Martin Bring (Basic support level)
Joined: 06/01/2015
Posts: 1

Hi Patrick.

Did the support case solve your problem? We are experience the same issue.

Many thanks.

Martin Bring
Posted: 06/01/2015 08:13:54
by Eugene Mayevski (EldoS Corp.)

Unfortunately Patrick O'Dwyer didn't respond to the last suggestion in the HelpDesk so we don't know if that suggestion helped or not.

As for your problem, did you try the steps Ken suggested above?

Sincerely yours
Eugene Mayevski
Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.



Topic viewed 9534 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!