EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Can't sign file when PGP Encrypting

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#15039
Posted: 11/12/2010 10:16:53
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Please make sure that you are providing valid password for the secret key, via .PassphraseValid function call.
Also, please call .IsSigningKey(true) function on secret key to make sure that your key is able to sign.
#15040
Posted: 11/12/2010 11:18:11
by Warrick FitzGerald (Standard support level)
Joined: 03/12/2007
Posts: 14

Ok, I'm setting the passphrase directly now and removed the OnKeyPassphrase event hookup.

The PassphraseValid() funtion returns true.

However when I call EncryptAndSign I still get the same exception.

----------

SBPGPKeys.TElPGPPublicKey zPublicKey = new SBPGPKeys.TElPGPPublicKey();
SBPGPKeys.TElPGPSecretKey zSecretKey = new SBPGPKeys.TElPGPSecretKey();
zSecretKey.IsSigningKey(true);

zPublicKey.LoadFromFile(PublicKey);
zSecretKey.LoadFromFile(PrivateSignKey);
zSecretKey.Passphrase = "test1";
bool isGood = zSecretKey.PassphraseValid();
#15041
Posted: 11/12/2010 11:31:57
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Have you tried to sign that file with PGPFilesDemo? Was it successful?
#15042
Posted: 11/12/2010 11:47:40
by Warrick FitzGerald (Standard support level)
Joined: 03/12/2007
Posts: 14

The PGPFilesDemo only allows you to use a KeyRing - not specify specific Private and Public standalone keys.

If I however load these keys into a GPG KeyRing and point the PGPFilesDemo at that KeyRing it does work as expected.

What I have not tried is loading that same keyring in my own code and see if it works. I'll give that a go.
#15043
Posted: 11/12/2010 12:49:53
by Warrick FitzGerald (Standard support level)
Joined: 03/12/2007
Posts: 14

WTF?

I noticed when using the PGPFilesDemo I'm getting prompted twice for the signing password.

1st time:
Passphrase is needded for secret key:
PGPTest2 .....

2nd Time:
Passphrase is needded for secret key:
SubKey (ID xxxx)

So I removed the:
Cancel = true;

From the OnKeyPassphrase call and now it work. By why's it prompting twice?

I tried creating a fresh key pair and the same thing happens. Here's how I created the keypair.

c:\Program Files (x86)\GNU\GnuPG>gpg --gen-key
gpg (GnuPG) 1.4.11; Copyright © 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `C:/Users/wfitzgerald/AppData/Roaming/gnupg\secring.gpg' created
gpg: keyring `C:/Users/wfitzgerald/AppData/Roaming/gnupg\pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: PGPTest2
Email address: pgptest2@livetechnology.com
Comment: PGPTest2
You selected this USER-ID:
"PGPTest2 (PGPTest2) <pgptest2@livetechnology.com>"

Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
....+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
......+++++
.+++++
gpg: C:/Users/wfitzgerald/AppData/Roaming/gnupg\trustdb.gpg: trustdb created
gpg: key F648643A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/F648643A 2010-11-12
Key fingerprint = 3832 8FC1 0765 55C1 27F6 C136 B108 98CA F648 643A
uid PGPTest2 (PGPTest2) <pgptest2@livetechnology.com>
sub 2048R/97489538 2010-11-12
#15044
Posted: 11/12/2010 13:02:07
by Warrick FitzGerald (Standard support level)
Joined: 03/12/2007
Posts: 14

Think I just answered my own question.

During the keygen process, Selecting (2) seems to resolve my problem when it comes to signing.

(1) RSA and RSA (default)
(2) DSA and Elgamal

I'd still really love to know why though?

Thanks
Warrick
#15045
Posted: 11/12/2010 14:12:44
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

As I wrote before, you can specify public key and secret key to public/secret keyrings respectively, and it will load those keys into keyrings (actually, keyring is just a set of keys, which are stored sequentially).

It asked two times for password since (if you are using keys attached before) your key and subkey are both RSA, so they capable of generating signatures, and demo will need a password for both of them. In most cases subkey and key have the same password, but OpenPGP specification doesn't limit to this, that's why you need to specify password for both key and subkey.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 5671 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!