EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Verify Without Decrypt

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#19020
Posted: 02/13/2012 15:56:06
by Nathan  (Standard support level)
Joined: 02/13/2012
Posts: 5

I'm trying to use SecureBlackbox to verify a file that has been signed by a public key, but has undergone no further encryption.

Code
        public static Stream Verify(Stream publicKey, string passphrase, Stream ciphertext)
        {
            SBUtils.Unit.SetLicenseKey(ConfigWrapper.GetString("SecureBlackBoxLicenseKey"));

            TElPGPReader reader = new TElPGPReader();

            TElPGPKeyring keyring = new TElPGPKeyring();
            keyring.Load(publicKey, null, true);                        
            reader.VerifyingKeys = keyring;

            MemoryStream result = new MemoryStream();
            reader.OutputStream = result;
            reader.DecryptAndVerify(ciphertext, ciphertext.Length);
            
            return result;
        }


The same sort of method has worked for encryption, decryption, and signing, but it keeps failing at the DecryptAndVerify step, saying:

Code
SBPGPExceptions.EElPGPReaderException: Unexpected end of data


I had that same exception pop up when I was working on the previous functionality, so I feel like I'm missing something really small here - what is it?
#19023
Posted: 02/13/2012 16:29:31
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

The above exception is usually returned if incomplete or corrupted OpenPGP data is passed to TElPGPReader. One of the popular reasons is usage of binary-unfriendly StreamReader or StreamWriter classes to deal with protected messages.

You can send us the problematic file (by either posting it here or creating a help desk ticket), and we will have a look into it to ensure it's fine.
#19024
Posted: 02/13/2012 16:39:07
by Nathan  (Standard support level)
Joined: 02/13/2012
Posts: 5

I'm fairly certain that the data should be okay - it is being passed in as a MemoryStream directly out of the method that does the signing.

Here's a dump of the encrypted string:

Quote
-----BEGIN PGP SIGNATURE-----

wpUDBQBPOY+24chChuR+JyQBAubxBAC+dSb0xdzUr/hZBW0dARP2KyfYRN+PfMJs
YKN6Yyt3QFAmxbxDI1w3+ipi+xYB4E0PT3ImJjb43l6jYegUsJu6B7bbVqoGquMt
ipfvgWDDSJc6Oi4YaE8dccSjH96irLTG/jkt6jVxRK/drynW8bzo3fmno4v6dHhe
tfih79KMG8KVAwUATzmPt0mv7vInlVTiAQIOWgQAs7yX9s/BGFHNxAvx9XFyaG9k
CMXFgCN6rB+UM59ajYxcVHLHu8aIpqKHE5FLBkIpNXCk1mM6bzkNTsBsHoCwgfgQ
Yz8nx62ak1DvoYBP7C8hCTiXT1MUwalruPTuOzWfulO4hZxqq/YEPS6NJKnQ/zp4
fy16cK8syucj79hlFlc=
=L5Vc
-----END PGP SIGNATURE-----


and here's the signing method:

Code
        public static Stream Sign(Stream privateKey, string passphrase, Stream plaintext)
        {
            SBUtils.Unit.SetLicenseKey(ConfigWrapper.GetString("SecureBlackBoxLicenseKey"));

            TElPGPWriter writer = new TElPGPWriter
            {
                Armor = true,
                Compress = true,
                EncryptionType = TSBPGPEncryptionType.etPublicKey
            };

            writer.OnKeyPassphrase += (object sender, TElPGPCustomSecretKey key_, ref string passphrase_, ref bool cancel) =>
            {
                cancel = false;
                passphrase_ = passphrase;
            };

            MemoryStream result = new MemoryStream();
            TElPGPKeyring keyring = new TElPGPKeyring();
            keyring.Load(null, privateKey, false);

            writer.SigningKeys = keyring;
            writer.Sign(plaintext, result, true, plaintext.Length);

            return result;
        }


I am able to test through encrypt/decrypt and sign-encrypt/verify-decrypt workflows, so I'm fairly certain that I've got the stream passing down correctly - do I need to be going about this differently to verify a block of ciphertext that is only signed, not public-key-encrypted?

Thanks for the help!
#19027
Posted: 02/13/2012 23:46:29
by Eugene Mayevski (EldoS Corp.)

Another common mistake is that you write something to the stream, then forget to reset stream position to 0 and then pass the stream to SecureBlackbox. SecureBlackbox doesn't rewind the stream for you and you need to do this yourself. This is done to let one pass streams where data is in the middle of the stream (i.e. some prefix is present).


Sincerely yours
Eugene Mayevski
#19032
Posted: 02/14/2012 08:54:04
by Nathan  (Standard support level)
Joined: 02/13/2012
Posts: 5

That's what I figured - I am resetting all streams to position 0.
#19034
Posted: 02/14/2012 09:29:34
by Eugene Mayevski (EldoS Corp.)

... and does this solve the problem or the problem remains?


Sincerely yours
Eugene Mayevski
#19036
Posted: 02/14/2012 09:48:41
by Nathan  (Standard support level)
Joined: 02/13/2012
Posts: 5

Nope, the problem persists. I don't absolutely have to get this done to accomplish the goal of my project, so I may just drop this particular intricacy. Interestingly, I can't get Gpg4Win to sign a file without also encrypting it either. Is this an idiosyncrasy in PGP that I'm fundamentally missing?
#19037
Posted: 02/14/2012 10:02:31
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. You are creating detached signature, so you should use .VerifyDetached method.
#19038
Posted: 02/14/2012 11:22:02
by Nathan  (Standard support level)
Joined: 02/13/2012
Posts: 5

Ah, thank you. But as far as I can tell, VerifyDetached doesn't have any way to get the original plaintext information back - how do I finalize that?
#19040
Posted: 02/14/2012 11:36:58
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

That's how detached signing works - signed file and signature are stored separately.
If you want to store them in one file, set parameter 'detached' to false in .Sign() method call.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 1853 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!