EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PGP Encryption

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#9386
Posted: 03/24/2009 13:30:48
by Chris Gallucci (Standard support level)
Joined: 07/20/2006
Posts: 6

I recently upgraded SBB from version 4.x to 6.x. The only change I made to my software was updating the license key and relinking to the new version dlls. I use CAST5 and compression. The software I wrote that uses the PGP functions was made live today.

We have confirmed with one customer that they can successfully decrypt their files using a desktop PGP application.

Another customer with an automated system, using an OpenPGP library from SharpPrivacy, has stated that their system is now prompting them to supply the passphrase for decrypting. I don't have any further details at this time.

My question is premised on the idea that they're using some kind of caching mechanism for the passphrase. Is there some change to the encryption as a consequence of using a new license key with SBB?
#9387
Posted: 03/24/2009 13:55:12
by Eugene Mayevski (EldoS Corp.)

There were huge improvements in PGP components between versions 4 and 6 so it's quite hard (without knowing more details) to say what could go wrong with your usage scenario. Can it be that you are setting both encryption keys and encryption passphrase? If yes, then the user can use either key or passphrase and maybe their software detects that passphrase encryption was used and offers the user to provide a passphrase. Note, that I am talking about passphrase used fr encryption, not passphrase for a secret key.


Sincerely yours
Eugene Mayevski
#9388
Posted: 03/24/2009 13:56:40
by Eugene Mayevski (EldoS Corp.)

And, as you have just upgraded anyway, why not use SecureBlackbox 7 which has been released on Sunday? There are not much changes between version 6 and 7 in PGP part, but it's a good idea to have the latest version (if you upgrade).


Sincerely yours
Eugene Mayevski
#9392
Posted: 03/24/2009 14:45:09
by Chris Gallucci (Standard support level)
Joined: 07/20/2006
Posts: 6

Quote
Eugene Mayevski wrote:
There were huge improvements in PGP components between versions 4 and 6 so it's quite hard (without knowing more details) to say what could go wrong with your usage scenario. Can it be that you are setting both encryption keys and encryption passphrase? If yes, then the user can use either key or passphrase and maybe their software detects that passphrase encryption was used and offers the user to provide a passphrase. Note, that I am talking about passphrase used fr encryption, not passphrase for a secret key.


I think I'm doing as suggested. Here's my encrypt function.
Code
public static string PgpEncryptFile(string Filename, string PublicKeyRingFile)
{
   string outFile = "";

   try
   {
      SBUtils.Unit.SetLicenseKey("I'm not tellin' ;-)");

      FileInfo info = new FileInfo(Filename);
      outFile = info.FullName + ".pgp";

      SBPGPKeys.TElPGPKeyring pubKeyring = new SBPGPKeys.TElPGPKeyring();
      pubKeyring.SaveSecretKeySignatures = false;
      pubKeyring.Load(PublicKeyRingFile, null, true);

      SBPGP.TElPGPWriter pgpWriter = new SBPGP.TElPGPWriter();

      pgpWriter.Armor = true;
      pgpWriter.ArmorHeaders.Clear();
      pgpWriter.ArmorHeaders.Add("Version: " + ApplicationVersionInfos("PGP"));
      pgpWriter.ArmorBoundary = "PGP MESSAGE";
      pgpWriter.Compress = true;
      pgpWriter.EncryptingKeys = pubKeyring;
      pgpWriter.EncryptionType = SBPGP.TSBPGPEncryptionType.etPublicKey;
      pgpWriter.Filename = info.Name;
      pgpWriter.InputIsText = false;
      pgpWriter.Passphrases.Clear();
      pgpWriter.Protection = SBPGPConstants.TSBPGPProtectionType.ptLow;
      pgpWriter.SymmetricKeyAlgorithm = SBPGPConstants.Unit.SB_PGP_ALGORITHM_SK_CAST5;
      pgpWriter.Timestamp = DateTime.Now;
      pgpWriter.UseNewFeatures = false;
      pgpWriter.UseOldPackets = false;

      pgpWriter.EncryptFile(Filename, outFile);
   }
   catch ( SBPGPExceptions.EElPGPException pex )
   {
      throw new NstnPgpException("PGP encryption of file " + Filename + " failed.", pex.Message, pex.ToString());
   }
   catch ( Exception ex )
   {
      throw new NstnPgpException("Unable to complete PGP encryption operaton of file " + Filename, ex.Message, ex.ToString());
   }

   return outFile;
}
#9393
Posted: 03/24/2009 14:48:14
by Chris Gallucci (Standard support level)
Joined: 07/20/2006
Posts: 6

Quote
Eugene Mayevski wrote:
And, as you have just upgraded anyway, why not use SecureBlackbox 7 which has been released on Sunday? There are not much changes between version 6 and 7 in PGP part, but it's a good idea to have the latest version (if you upgrade).


Another cycle of breaking open the code, compiling, testing and deploying. ;-)
#9397
Posted: 03/24/2009 23:06:24
by Ken Ivanov (EldoS Corp.)

Can it be that your public keyring contains more than one key? TElPGPWriter uses all the suitable keys and subkeys contained in the public keyring to encrypt the document. The system used by your second customer might have been confused by this fact and have returned a failure message instead of decrypting a file with the proper key.

You can enable and disable keys and subkeys to be used for encryption/signing using their Enabled properties.

Quote
Another cycle of breaking open the code, compiling, testing and deploying. ;-)

Upgrading from SBB6 to SBB7 is much easier than upgrading from SBB4 to SBB6 that you have already performed ;). There are no breaking changes between these versions, so the existing code should compile and run correctly.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 1981 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!