EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PGP encryption without signature

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#6738
Posted: 06/25/2008 10:27:29
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello.

It seems that one of my application is having a bit of a problem. It's supposed to send a file that is usually encrypted and signed using PGP.

Today, I tested the functionality in a usage scenario that I wasn't testing for before: no signature, just encryption.

It seems that, if I do that, then the encryption seems to work, but there is no way to decrypt the message afterward.

Here is the code I use:

Code
        
     PGPDataProvider := TMemoryStreamPGPDataProvider.Create;
        try
          if Sign then
            PGPWriter.SigningKeys := SigningKeyRing
          else
            PGPWriter.SigningKeys := nil;

          if Encrypt then
            PGPWriter.EncryptingKeys := EncryptingKeyRing
          else
            PGPWriter.EncryptingKeys := nil;

          PGPWriter.UseNewFeatures := true;
          PGPWriter.Compress := Armor;
          PGPWriter.Protection := ptNormal;
          PGPWriter.Timestamp := now;
          PGPWriter.Armor := Armor;
          PGPWriter.EncryptionType := etPublicKey;
          PGPWriter.CompressionLevel := 9;
          PGPWriter.SignBufferingMethod := sbmRewind;
          PGPWriter.UseOldPackets := false;
          PGPWriter.SymmetricKeyAlgorithm := SB_PGP_ALGORITHM_SK_AES256;
          PGPWriter.OnKeyPassphrase := PGPDataProvider.OnPassphraserequestEven;
          PGPWriter.FileName := FileName;
          ASource.Position := 0;
          PGPDataProvider.PassPhrase := PrivateKeypassphrase;
          PGPDataProvider.Initialize;
          if Encrypt then
          begin
            if Sign then
            begin
              PGPWriter.EncryptAndSign(ASource, ADestination);
            end
            else
            begin
              PGPWriter.Encrypt(ASource, ADestination);
            end;
          end
          else
          begin
            if Sign then
            begin
              PGPWriter.Sign(ASource, ADestination);
            end
            else
            begin
              Raise EInvalidOperation.Create('Invalid optiona for PGP. A stream must be signed, encrypted or both.');
            end;
          end;
          result := true;
          PGPDataProvider.Clear;
        finally
          PGPDataProvider.Free;
        end;


This code works in all cases but I can't ever decrypt the resulting file if Sign is set to false.

Am I doing something wrong ?

Thanks for your help
#6740
Posted: 06/25/2008 10:52:52
by Eugene Mayevski (EldoS Corp.)

First of all, please try doing the same with the sample application. This would exclude (or prove) the possibility that the problem is specific to your code.


Sincerely yours
Eugene Mayevski
#6742
Posted: 06/25/2008 11:15:29
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Ok, I just tested it.

- The sample application (FileSample) can encrypt and decrypt the file
- When using my own code, I can't decrypt the file generated by the sample app (same keyring).

P.S. Please ask the person responsible for your web forum if he can't remove that "Add new topic" button when the user is responding to a message. It's the 4th reply I'm losing this afternoon because it's so much more obliviously located (and labeled) than the "Reply" button :P
#6745
Posted: 06/25/2008 11:33:42
by Eugene Mayevski (EldoS Corp.)

Please post your decryption code then. Probably the issue is hiding there.

P.S. will do.


Sincerely yours
Eugene Mayevski
#6753
Posted: 06/26/2008 02:07:05
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Unfortunately, this is unlikely to be the case: the reason I detected the issue is by sending a message encrypted but not signed to a third party using GnuGP.

When he complained that he couldn't decrypt the message, I investigated and found out that I couldn't decrypt my own messages either.

But anyway, here is the decryption code I use:

Code
function DecryptPGPMessage(ASource, ADestination: TStream; KeyRing: TElPGPKeyRing; PrivateKeypassphrase: String; Var FileName: string; Var TimeStamp: TDateTime): Boolean;
var
  PGPReader: TElPGPReader;
  PGPDataProvider: TExternalPGPDataprovider;
begin
  result := false;
  PGPReader := TElPGPReader.Create(nil);
  try
    PGPDataProvider := TExternalPGPDataprovider.Create;
    try
      PGPDataProvider.DestinationStream := ADestination;
      PGPDataProvider.PassPhrase := PrivateKeypassphrase;
      PGPReader.VerifyingKeys := KeyRing;
      PGPReader.DecryptingKeys := KeyRing;
      PGPReader.OnKeyPassphrase := PGPDataProvider.OnPassphraserequestEven;
      PGPReader.OnCreateOutputStream := PGPDataProvider.OnCreateOutputStreamHandler;
      PGPReader.OnSignatures := PGPDataProvider.OnSignaturesHandler;
      ASource.Position := 0;
      PGPReader.DecryptAndVerify(ASource);
      if PGPDataProvider.OverallValidity then
      begin
        PGPDataProvider.DestinationStream.Position := 0;
        FileName := PGPDataProvider.Filename;
        TimeStamp := PGPDataProvider.TimeStamp;
        result := true;
      end;
      PGPDataProvider.Clear;
    finally
      PGPDataProvider.Free;
    end;
  finally
    PGPReader.Free;
  end;
end;
#6767
Posted: 06/27/2008 11:51:42
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. What error is thrown during the decryption?
And, also - could you encrypt for us sample dummy file with keys from SBB distribution?
#6813
Posted: 07/02/2008 02:32:29
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

I'm sorry. I'm in holoday this week. I'll answer you in detail as son as I am back.

Thank you very much for looking into this.
#6858
Posted: 07/07/2008 08:23:38
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello.

I have been able to perform the tests today and I found the problem: it was my code that wouldn't consider unsigned data as valid.

Thank you for your help and sorry for the trouble.

Best regards,
Stephane
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 2151 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!