EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElPGPReader.VerifyDetachedFile -> Invalid PGP Packet

Posted: 10/18/2010 07:28:24
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 49

I'm trying to verify a file that was created as follows

1. encrypt with GNUPG
2. sign with GNUPG as detached signature
3. load public key into pgpReader
4. pgpReader.VerifyDetachedFile(signedFile, signatureFile)

Both the signed file and the signature file are not armored. Also the file can be decrypted with the matching keyfile & passphrase with GNUPG and the signature can be verified there so I assume the files are not broken.
As soon as VerifyDetachedFile is called I get an SBPGPExceptions.EElPGPInvalidPacketException that says "invalid PGP packet" but doesn't tell me what file.
I've tried this with three different keys of 2048 and 4096 bit but the exception didn't change.

This is the code that I'm using:

            SBPGP.TElPGPReader pgpReader = new SBPGP.TElPGPReader();
            pgpReader.OnSignatures += new SBPGPStreams.TSBPGPSignaturesEvent(pgpReader_OnSignatures);
            pgpReader.OnSigned += new SBPGP.TSBPGPSignedEvent(pgpReader_OnSigned);
            pgpReader.OnEncrypted += new SBPGP.TSBPGPEncryptedEvent(pgpReader_OnEncrypted);
            pgpReader.OnArmored += new SBPGP.TSBPGPArmoredEvent(pgpReader_OnArmored);

            SBPGPKeys.TElPGPPublicKey publicKey = new SBPGPKeys.TElPGPPublicKey();
            SBPGPKeys.TElPGPKeyring keyRing = new SBPGPKeys.TElPGPKeyring();
            int result = keyRing.AddPublicKey(publicKey);
            pgpReader.VerifyingKeys = keyRing;
            pgpReader.VerifyDetachedFile(SignedFile, SignatureFile);

The hooked events are not fired so it's something right at the start I suppose.
I hope it's something utterly stupid but I'm pretty much clueless what's going wrong here.

SBB Version is 8.1.190 on .Net 3.5 SP1 written in VS2010

Posted: 10/18/2010 08:32:26
by Vsevolod Ievgiienko (Team)


What is your GnuPG version? Could you attach input files.

You should also try to check the signature using the sample from OpenPGPBlackbox\Primitives\VerifyDetached
Posted: 10/18/2010 09:34:35
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 49

The GnuPG version is 2.0.14.

I've experimented some more and I think the issue is with version 8 of the SBB Library. The primitives samples you told me to try helped a lot.

I've tried the SignDetached Demo compiled against the default 8.1.190 SBB Library to create the attached test files. The attached keyrings are just test files.
Then I've tried the VerifyDetached Demo with these test files compiled against the SBB Versions I had archived somewhere:

7.2.171 -> works perfectly (also with real GnuPG signed files)
8.0.176 -> unexpected end of data
8.1.190 -> unexpected end of data

Exception for 8.x Version:
"SBPGPExceptions.EElPGPDearmoringStreamException: Unexpected end of data\r\n bei SBPGPStreams.TElPGPDearmoringStream.DataAvailable()\r\n bei SBPGPStreams.TElPGPStream.ProcessStream(Stream AInputStream, Stream AOutputStream, Int32 Count)\r\n bei SBPGP.TElPGPReader.VerifyDetached@0(Stream InStream, Stream OutStream, Int32 Count)\r\n bei SBPGP.TElPGPReader.VerifyDetached(Stream ASourceStream, Stream ASignatureStream, Int64 SourceStreamCount, Int64 SignatureStreamCount)\r\n bei VerifyDetached.frmMainForm.VerifyDetached(String strInputFilename, String strOutputFilename, TElPGPKeyring Keyring) in C:\\Dokumente und Einstellungen\\All Users\\Dokumente\\EldoS\\SecureBlackbox.NET\\Samples\\C#\\OpenPGPBlackbox\\Primitives\\VerifyDetached\\Form1.cs:Zeile 260."

Maybe this is the solution to my original problem.


[ Download ]
Posted: 10/18/2010 10:01:38
by Vsevolod Ievgiienko (Team)

Error realy exists. I'll send an information about it to the person, who is responsible for pgpReader.
Posted: 10/19/2010 01:40:46
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 49

Thank you! I'll use the 7.x version for the time being then.
Posted: 10/19/2010 03:52:12
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 442

Hi. Thank you for pointing us at this issue. There is small mistake in our code, which leads to invalid input size detection. We fixed it, however, right now you can use .VerifyDetached by passing to it input sizes directly, i.e.:

FileStream fSource, fSignature;
fSource = new FileStream(SignedFile, FileMode.Open, FileAccess.Read);
fSignature = new FileStream(SignatureFile, FileMode.Open, FileAccess.Read);
pgpReader.VerifyDetached(fSource, fSignature, fSource.Length, fSignature.Length);
Posted: 10/19/2010 05:48:43
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 49

Oh that's great! Thanks alot



Topic viewed 2435 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!