EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PGPRedaer :: Get Signer Information

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#17608
Posted: 09/21/2011 10:43:47
by Aaron Cowie (Basic support level)
Joined: 09/19/2011
Posts: 11

The scenario is that we are receiving emails from a number of customers. The email contains an attachment that is PGP Encrypted and Signed.

To Verify the The file, we need to know which customer it is from so that we can get their X509 Certificate.

We do not wish to use the email address it was sent from. Is it possible to get some identifier from the pgp file to identify the signer?
#17609
Posted: 09/21/2011 12:02:59
by Eugene Mayevski (EldoS Corp.)

Correct approach is to run decryption using DecryptAndVerify() method and handle OnEncrypted event of TElPGPReader class. It passes IDs. Then you interrupt decryption by throwing your exception (and catching it in the code that called DecryptAndVerify), find keys and run decryption again. Not quite straightforward, but works.


Sincerely yours
Eugene Mayevski
#17614
Posted: 09/21/2011 14:08:14
by Ken Ivanov (EldoS Corp.)

In fact, you do not need to interrupt unprotection process by throwing the exception. Instead, you just obtain key identifiers from the KeyIDs parameter of the OnEncrypted and/or OnSigned events and set up the DecryptingKeys and VerifyingKeys properties of your TElPGPReader accordingly.
#17652
Posted: 09/26/2011 05:38:33
by Aaron Cowie (Basic support level)
Joined: 09/19/2011
Posts: 11

I am getting the Key Identifiers as you have suggested but how do I match the 8 byte KeyId to a Certificate that I have stored in the database as I do not see a KeyId in the TElX509CertificateEx class.

Do I have to load all of our customer certificates into the KeyRing? then it tells me which one (if any) passed verification.
#17653
Posted: 09/26/2011 06:30:39
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. To use x.509 certificates with PGP, they should be imported (by PGP desktop or similar software) to PGP keyring, where new key with ID will be created.
So using this ID you can locate the corresponding key, and for this key there will be signature with TElPGPX509SignatureSubpacket extension, where you can get the corresponding X.509 certificate.
#17654
Posted: 09/26/2011 06:53:26
by Aaron Cowie (Basic support level)
Joined: 09/19/2011
Posts: 11

OK, Step 1.

I tried this, but I cannot get the keyId back? The arrylist has 0 entries. Do I need to specify something specific in the Template?

sample code
===========
public static byte[] GetKeyId(SBX509Ex.TElX509CertificateEx certificate)
{
// create the ampty set of KeyIds to be updates
ArrayList keyIds = new ArrayList();

SBPGPKeys.TElPGPKeyring keyRing = new SBPGPKeys.TElPGPKeyring();
keyRing.AddX509Certificate(certificate);
keyRing.ListKeys(false, "", ref keyIds);

if (keyIds.Count == 1)
{
return (byte[])keyIds[0];
}

return null;
}
#17655
Posted: 09/26/2011 07:09:56
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

I'm not sure what goes wrong in your sample code.
The easier way to do this is to:
Code
TElPGPPublicKey key = new TElPGPPublicKey();
key.AssignFromX509(certificate);
return key.KeyID;
#17656
Posted: 09/26/2011 07:23:55
by Aaron Cowie (Basic support level)
Joined: 09/19/2011
Posts: 11

thanks
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 1110 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!