EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElPGPReader.VerifyDetachedFile -> Invalid PGP Packet

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#14715
Posted: 10/18/2010 07:28:24
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

I'm trying to verify a file that was created as follows

1. encrypt with GNUPG
2. sign with GNUPG as detached signature
3. load public key into pgpReader
4. pgpReader.VerifyDetachedFile(signedFile, signatureFile)

Both the signed file and the signature file are not armored. Also the file can be decrypted with the matching keyfile & passphrase with GNUPG and the signature can be verified there so I assume the files are not broken.
As soon as VerifyDetachedFile is called I get an SBPGPExceptions.EElPGPInvalidPacketException that says "invalid PGP packet" but doesn't tell me what file.
I've tried this with three different keys of 2048 and 4096 bit but the exception didn't change.


This is the code that I'm using:

Code
            SBPGP.TElPGPReader pgpReader = new SBPGP.TElPGPReader();
            pgpReader.OnSignatures += new SBPGPStreams.TSBPGPSignaturesEvent(pgpReader_OnSignatures);
            pgpReader.OnSigned += new SBPGP.TSBPGPSignedEvent(pgpReader_OnSigned);
            pgpReader.OnEncrypted += new SBPGP.TSBPGPEncryptedEvent(pgpReader_OnEncrypted);
            pgpReader.OnArmored += new SBPGP.TSBPGPArmoredEvent(pgpReader_OnArmored);
            SBUtils.Unit.SetLicenseKey(...);

            SBPGPKeys.TElPGPPublicKey publicKey = new SBPGPKeys.TElPGPPublicKey();
            publicKey.LoadFromFile(KeyFile);
            SBPGPKeys.TElPGPKeyring keyRing = new SBPGPKeys.TElPGPKeyring();
            int result = keyRing.AddPublicKey(publicKey);
            pgpReader.VerifyingKeys = keyRing;
          
            pgpReader.VerifyDetachedFile(SignedFile, SignatureFile);


The hooked events are not fired so it's something right at the start I suppose.
I hope it's something utterly stupid but I'm pretty much clueless what's going wrong here.

SBB Version is 8.1.190 on .Net 3.5 SP1 written in VS2010

Greets
Frank
#14716
Posted: 10/18/2010 08:32:26
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

What is your GnuPG version? Could you attach input files.

You should also try to check the signature using the sample from OpenPGPBlackbox\Primitives\VerifyDetached
#14718
Posted: 10/18/2010 09:34:35
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

The GnuPG version is 2.0.14.

I've experimented some more and I think the issue is with version 8 of the SBB Library. The primitives samples you told me to try helped a lot.

I've tried the SignDetached Demo compiled against the default 8.1.190 SBB Library to create the attached test files. The attached keyrings are just test files.
Then I've tried the VerifyDetached Demo with these test files compiled against the SBB Versions I had archived somewhere:

7.2.171 -> works perfectly (also with real GnuPG signed files)
8.0.176 -> unexpected end of data
8.1.190 -> unexpected end of data

Exception for 8.x Version:
"SBPGPExceptions.EElPGPDearmoringStreamException: Unexpected end of data\r\n bei SBPGPStreams.TElPGPDearmoringStream.DataAvailable()\r\n bei SBPGPStreams.TElPGPStream.ProcessStream(Stream AInputStream, Stream AOutputStream, Int32 Count)\r\n bei SBPGP.TElPGPReader.VerifyDetached@0(Stream InStream, Stream OutStream, Int32 Count)\r\n bei SBPGP.TElPGPReader.VerifyDetached(Stream ASourceStream, Stream ASignatureStream, Int64 SourceStreamCount, Int64 SignatureStreamCount)\r\n bei VerifyDetached.frmMainForm.VerifyDetached(String strInputFilename, String strOutputFilename, TElPGPKeyring Keyring) in C:\\Dokumente und Einstellungen\\All Users\\Dokumente\\EldoS\\SecureBlackbox.NET\\Samples\\C#\\OpenPGPBlackbox\\Primitives\\VerifyDetached\\Form1.cs:Zeile 260."

Maybe this is the solution to my original problem.

Greets
Frank


[ Download ]
#14720
Posted: 10/18/2010 10:01:38
by Vsevolod Ievgiienko (EldoS Corp.)

Error realy exists. I'll send an information about it to the person, who is responsible for pgpReader.
#14722
Posted: 10/19/2010 01:40:46
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

Thank you! I'll use the 7.x version for the time being then.
#14724
Posted: 10/19/2010 03:52:12
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Thank you for pointing us at this issue. There is small mistake in our code, which leads to invalid input size detection. We fixed it, however, right now you can use .VerifyDetached by passing to it input sizes directly, i.e.:

Code
FileStream fSource, fSignature;
fSource = new FileStream(SignedFile, FileMode.Open, FileAccess.Read);
fSignature = new FileStream(SignatureFile, FileMode.Open, FileAccess.Read);
pgpReader.VerifyDetached(fSource, fSignature, fSource.Length, fSignature.Length);
fSource.Close();
fSignature.Close();
#14725
Posted: 10/19/2010 05:48:43
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

Oh that's great! Thanks alot
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 2262 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!