EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Simple String Encryption

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#5976
Posted: 04/22/2008 14:15:23
by Joe King (Standard support level)
Joined: 04/04/2008
Posts: 16

Okay, I swear I'm almost out of your hair. I finally worked it out with the vendor and they supplied me with their publc key with which I am going to encrypt their data. I also gave them my public key and thus they expect the encrypted data to be signed using my key. Now, I assume that I will be using my private key to sign the data? I tried rewriting the above function to do this, but the vendor is claiming that the data is not signed (although they are able to decrypt). What am I missing? Do I have to include passphrase?
Code
        private string PGPEncrypt(string unencryptedString, string publicKeyringFile, string secretKeyringFile)
        {
            string retVal;
            SBUtils.Unit.SetLicenseKey(SBUtils.Unit.BytesOfString("0645...589D"));

            TElPGPKeyring keyring = new TElPGPKeyring();
            TElPGPKeyring clientPublicKey = new TElPGPKeyring();
            TElPGPKeyring mySecretKey = new TElPGPKeyring();

            string path = Request.PhysicalApplicationPath + FILE_PATH_KEY;
            keyring.Load(path + publicKeyringFile, path + secretKeyringFile, true);
            clientPublicKey.AddPublicKey(keyring.get_PublicKeys(0));
            mySecretKey.AddSecretKey(keyring.get_SecretKeys(0));

            Stream inStream = new MemoryStream(Encoding.ASCII.GetBytes(unencryptedString));
            Stream outStream = new MemoryStream();

            TElPGPWriter writer = new TElPGPWriter();
            writer.Armor = true;
            writer.EncryptingKeys = clientPublicKey;
            writer.SigningKeys = mySecretKey;
            writer.UseNewFeatures = false;
            writer.UseOldPackets = true;
            writer.EncryptionType = SBPGP.TSBPGPEncryptionType.etPublicKey;
            writer.Timestamp = DateTime.Now;
            writer.Encrypt(inStream, outStream, 0);

            outStream.Position = 0;
            byte[] bytes = new byte[BUFFER_SIZE];
            int nBytesReceived = outStream.Read(bytes, 0, BUFFER_SIZE);
            retVal = Encoding.ASCII.GetString(bytes, 0, nBytesReceived);
            return retVal;
        }
#5982
Posted: 04/23/2008 02:20:02
by Ken Ivanov (EldoS Corp.)

You should use TElPGPWriter.EncryptAndSign() method instead of the Encrypt() one.
#5996
Posted: 04/23/2008 11:57:44
by Joe King (Standard support level)
Joined: 04/04/2008
Posts: 16

Quote
Innokentiy Ivanov wrote:
You should use TElPGPWriter.EncryptAndSign() method instead of the Encrypt() one.


Is there anything else I need to do besides that (different EncryptionType maybe)? I tried using the EncryptAndSign() method and the client is still claiming that the data is not signed. My .pkr only has the one public key and I have stepped through and know it's being used, but they still claim the data is not signed. Any suggestions?
#5997
Posted: 04/23/2008 12:09:01
by Ken Ivanov (EldoS Corp.)

As an option, you should provide passphrase(s) for secret key(s) either via OnKeyPassphrase event or by assigning a Passphrase property of the TElPGPSecretKey object.
#6004
Posted: 04/23/2008 18:21:31
by Joe King (Standard support level)
Joined: 04/04/2008
Posts: 16

Quote
Innokentiy Ivanov wrote:
As an option, you should provide passphrase(s) for secret key(s) either via OnKeyPassphrase event or by assigning a Passphrase property of the TElPGPSecretKey object.


I added this to my code with the passphrase, but I am getting an error on the EncryptAndSign() method that my passphrase is incorrect (I have verified against my key that I am using the correct passphrase in PGP Desktop).

I tried using the sample application with my keyring files and I get an error when I try to encrypt and sign -- it says secret key mismatch/passphrase not provided. However, I am entering the passphrase I created my key with in the password field. Is that not correct?

This is so frsutrating! I am so close!
#6015
Posted: 04/24/2008 05:46:10
by Ken Ivanov (EldoS Corp.)

Please re-check that you are passing the right keys to the EncryptingKeys and SigningKeys keyrings. The first one should only contain public keys which the message should be encrypted to, and the second one should only contain secret keys which you plan to create signatures with (in most cases EncryptingKeys contains a single public key of recipient, and SigningKeys contains a single signing key). It is likely that in your case the SigningKeys keyring contains other secret keys [with different passwords], which are unsuccessfully tried by TElPGPWriter.
#6018
Posted: 04/24/2008 13:21:29
by Joe King (Standard support level)
Joined: 04/04/2008
Posts: 16

Quote
Innokentiy Ivanov wrote:
Please re-check that you are passing the right keys to the EncryptingKeys and SigningKeys keyrings. The first one should only contain public keys which the message should be encrypted to, and the second one should only contain secret keys which you plan to create signatures with (in most cases EncryptingKeys contains a single public key of recipient, and SigningKeys contains a single signing key). It is likely that in your case the SigningKeys keyring contains other secret keys [with different passwords], which are unsuccessfully tried by TElPGPWriter.


Each keyring I am passing contains only one key (public and secret respectively). I tried looking at the OnKeyPassphrase event, but I am very confused on how to use this.

I don't get it: why do I have to add my passphrase in code when I already supplied it during creation of my secret key? I am totally lost here. Given my current code can you just tell me how to add the passphrase to the writer in order to sign my data? I've spent hours trying to do this last step.



#6022
Posted: 04/25/2008 02:22:57
by Ken Ivanov (EldoS Corp.)

Quote
I don't get it: why do I have to add my passphrase in code when I already supplied it during creation of my secret key?

Secret key is encrypted using a passphrase. In order to be able to use it, you should provide a passphrase to decrypt it.

Quote
Given my current code can you just tell me how to add the passphrase to the writer in order to sign my data? I've spent hours trying to do this last step.

Code
pgpWriter.OnKeyPassphrase += new SBPGPStreams.TSBPGPKeyPassphraseEvent(pgpWriter_OnKeyPassphrase);

private void pgpWriter_OnKeyPassphrase(object Sender, SBPGPKeys.TElPGPCustomSecretKey Key, ref string Passphrase, ref bool Cancel)
{
   Passphrase = "mykeypassphrase";
}
#6035
Posted: 04/25/2008 13:03:20
by Joe King (Standard support level)
Joined: 04/04/2008
Posts: 16

Quote
Innokentiy Ivanov wrote:
Code
pgpWriter.OnKeyPassphrase += new SBPGPStreams.TSBPGPKeyPassphraseEvent(pgpWriter_OnKeyPassphrase);
private void pgpWriter_OnKeyPassphrase(object Sender, SBPGPKeys.TElPGPCustomSecretKey Key, ref string Passphrase, ref bool Cancel)
{
Passphrase = "mykeypassphrase";
}

Okay, I just tried this and actually got it to run all the way through. However, the client is now saying that when they attempt to decrypt and verify the resulting data it gives them an error (PGP Warning, "An error has occurred: encrypted session key is bad"). This sounds to me like there is now an issue with which encryption algorithm I am using. [URL=http://www.eldos.com/forum/read.php?FID=7&TID=734&MID=3840&phrase_id=265327#message3843]I see that the default SymmetricKeyAlgorithm is CAST5[/URL], but I will work with the client to figure out what their PGP software is using to decrypt with.
#6039
Posted: 04/25/2008 18:35:15
by Joe King (Standard support level)
Joined: 04/04/2008
Posts: 16

Client is stating that they believe we are signing with a detached version of the key. Unfortunately, I don't see any detached property for this on my TElPGPWriter object and it doesn't look like calling the Encrypt() method and then Sign() method is the correct way to do things, either. Any suggestions?
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 17019 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!