EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Secret Key PassPhrase not accepted during signing

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#7593
Posted: 09/12/2008 17:30:25
by Hamid Noorbakhsh (Basic support level)
Joined: 09/09/2008
Posts: 11

Hi,
I am having difficulty signing a document.
Here is the code and it is just like the sample provided:

try
{
pgpKeyring.Load(strPublicKeyring, strPrivateKeyring, true);
int keyIndex = pgpKeyring.FindSecretKeyByEmailAddress(strEmailAddress, 0);

TElPGPSecretKey signkey = pgpKeyring.get_SecretKeys(keyIndex);

signkey.Passphrase = strPassPhrase;
bool accepted = signkey.PassphraseValid();
signingKeyring.AddSecretKey(signkey);


FileStream streamInput, streamOutput;
FileInfo info;


pgpWriter.Armor = true;
pgpWriter.ArmorHeaders.Clear();
pgpWriter.ArmorHeaders.Add("Version: EldoS OpenPGPBlackbox");
pgpWriter.ArmorBoundary = "PGP MESSAGE";
pgpWriter.SigningKeys = signingKeyring;
pgpWriter.EncryptionType = SBPGP.TSBPGPEncryptionType.etPublicKey;
info = new System.IO.FileInfo(strInputFilename);
pgpWriter.Filename = info.Name;
pgpWriter.Timestamp = DateTime.Now;

streamInput = new FileStream(strInputFilename, FileMode.Open);
try
{
streamOutput = new FileStream(strOutputFilename, FileMode.Create);
try
{
pgpWriter.Sign(streamInput, streamOutput, false, 0);
}
catch (Exception e1)
{
throw e1;
}
finally
{
streamOutput.Close();
}
}
catch (Exception e2)
{
throw e2;
}
finally
{
streamInput.Close();
}
}
catch (Exception e3)
{
MessageBox.Show(e3.ToString());
}
finally
{
if (pgpKeyring != null)
{
pgpKeyring.Dispose();
}
if (signingKeyring != null)
{
signingKeyring.Dispose();
}
}


I looked and saw that I can check to see if the PassPhrase is accepted and my code shows an accepted PassPhrase, but at .Sign, it throws the error:

Signing failed (secret key mismatch/passphrase not provided?)

So I am stuck and can not figure out why? I tried the same keys for decrypt and verify and it takes them when I use the same passphrase.

Any help would be appreciated.

Thanks,

noorbakhsh
#7594
Posted: 09/13/2008 00:06:41
by Eugene Mayevski (EldoS Corp.)

Most likely your key has a subkey. You need to set the passphrase for the subkey too or disable the subkey by setting it's Enabled property to false.


Sincerely yours
Eugene Mayevski
#7614
Posted: 09/15/2008 10:46:28
by Hamid Noorbakhsh (Basic support level)
Joined: 09/09/2008
Posts: 11

Thanks Eugene, that did the trick. I just iterated through the subkeys and set the pass phrase.
Curious to know if that is a good practice, OR if the subKey can have a different passphrase?
Would it be better just to disable it(them) when signing, or set the passphrase?

My work will be dealing with an automated version and the owner of the key might schedule the signing, so they may not be present to enter the value in, and it has to be retrieved from DB (encrypted off course).
#7616
Posted: 09/15/2008 11:21:33
by Ken Ivanov (EldoS Corp.)

Quote
Curious to know if that is a good practice, OR if the subKey can have a different passphrase?

Most of the existing OpenPGP-compliant applications use the same password to encrypt both a key and subkeys. While OpenPGP specification allows use of different passwords for key and its subkeys, we have never seen this in real world.

We suggest you to ask a user what to do if both key and its subkey(s) are capable of signing. Disabling subkeys is not a good idea, as main key might be not intended for signing, while one of its subkeys might be.
#7618
Posted: 09/15/2008 13:22:44
by Hamid Noorbakhsh (Basic support level)
Joined: 09/09/2008
Posts: 11

Thank you for your response. I did change the code to allow for such cases.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 1957 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!