EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to set Preffered Algoritms on TElPGPPublicKey?

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#20159
Posted: 05/15/2012 23:32:30
by PaDelphiDev (Standard support level)
Joined: 03/23/2011
Posts: 12

Hi,

How do I set the PrefferedSymAlgs and PrefferedHashAlgs properties on a PGP Public key (TELPGPPublicKey)?

See red box in attached file "PublicKeyProperties.gif"

Thanks
#20162
Posted: 05/16/2012 05:09:05
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

These properties are read-only. Preferred algorithms should be set during keypair generation process. To do this you should handle TElPGPSecretKey.OnBeforeSign event. Inside it you should check if Signature.IsUserCertification = true and in this case add a custom extension using TElPGPSignature.AddExtension method. Please refer to this article http://www.eldos.com/documentation/sb...nsion.html for a complete list of extensions.
#20173
Posted: 05/17/2012 00:13:30
by PaDelphiDev (Standard support level)
Joined: 03/23/2011
Posts: 12

Thanks Vsevolod,

I've handled the OnBeforeSign event with my own as below and set the event handler prior to calling Generate.

Code
...
  SecKey.OnBeforeSign := BeforeSecretKeySign;
  SecKey.Generate(Password, Bits, Algorithm, LUserName, False, Expires);
...

procedure TFwPGPEncryptionItem.BeforeSecretKeySign(Sender: TObject; Signature: TElPGPSignature; Subject: TObject);
begin
  if Signature.IsUserCertification then
    begin
      Signature.AddExtension(sePrefferedHashAlg);
      Signature.AddExtension(sePrefferedSymAlg);
    end;
end;


When I inspect the Signature.IsUserCertification property during Key Generation it is False. What controls whether Signature.IsUserCertification returns true or false?

Thanks
#20177
Posted: 05/17/2012 04:19:01
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Sorry, signature class is not set in call to OnBeforeSign, since it is set later.
You should check the second parameter (Subject) if it is TElPGPUserID.

Also you can take a look at sources - actually, generation procedure has around 20 lines and you can copy them to your code, adding PrefferedHashAlgorithm/SymAlgorithms there.
#20207
Posted: 05/21/2012 19:17:16
by PaDelphiDev (Standard support level)
Joined: 03/23/2011
Posts: 12

Hi Mykola,

I've handled the BeforeSign event and can now successfully add additional Extensions to the Signature (See file ExtensionsAdded.png and code below).

Code
procedure TFwPGPEncryptionItem.BeforeSecretKeySign(Sender: TObject; Signature: TElPGPSignature; Subject: TObject);
var
  Count, Index: Integer;
  SubPacket: Byte;
  SigSubpktHash: TElPGPPreferredHashAlgorithmsSignatureSubpacket;
  SigSubpktSym: TElPGPPreferredSymmetricAlgorithmsSignatureSubpacket;
begin
  if Subject is TElPGPUserID then
    begin
      Count := Signature.GetExtensionCount;

      Signature.AddExtension(sePrefferedHashAlg, True, True);
      Signature.AddExtension(sePrefferedSymAlg,  True, True);

      Count := Signature.GetExtensionCount;
    end;
end;


I've looked through the source code in the generate method but haven't found an example where additional extensions were added and then their corresponding list of preferred algorithms modified.

I'm trying to do something like this

Code
SecKey.PublicKey.UserIDs[0].Signatures[0].Extensions[i].Preferred[0] := SB_PGP_ALGORITHM_MD_SHA256;


and this

Code
SecKey.PublicKey.UserIDs[0].Signatures[0].Extensions[i].Preferred[0] := SB_PGP_ALGORITHM_SK_AES128;


so that the the PublicKey array properties PreferredSymAlgs and PreferredHashAlgs contain values. (see attached file PublicKeyProperties.gif)

Thanks for your help.


#20208
Posted: 05/21/2012 19:19:00
by PaDelphiDev (Standard support level)
Joined: 03/23/2011
Posts: 12

Here's the 2nd attached file (PreferredAlgCountIs0.png) for the post above. Please note - I quoted the wrong file name (PublicKeyProperties.gif) in the previous post.


#20210
Posted: 05/22/2012 03:31:40
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Before setting Preferred[] items you should set .PreferredCount to the needed size.
#20232
Posted: 05/23/2012 18:46:47
by PaDelphiDev (Standard support level)
Joined: 03/23/2011
Posts: 12

Hi Mykola,

Thanks for your reply. I can now set the PrefferedSymAlgs property successfully but am noticing weird behaviour when trying to set both PrefferedSymAlgs AND PrefferedHashAlgs.

It looks as though the PrefferedHASHAlgs property is referencing PrefferedSYMAlgs instead of its own. For example in my code below I have commented out the section that adds my Preferred Hash Algorithm as a signature extension. Yet when I inspect the PublicKey.PrefferedHashAlgCount property of the created key the values returned are those from PrefferedSymAlgCount and likewise for PrefferedSymAlgs[0] and PrefferedSymAlgs[1]

Code
procedure TFwPGPEncryptionItem.BeforeSecretKeySign(Sender: TObject; Signature: TElPGPSignature; Subject: TObject);
var
  IndexHashAlg, IndexSymAlg: Integer;
begin
  if Subject is TElPGPUserID then
    begin
//      IndexHashAlg := Signature.AddExtension(sePrefferedHashAlg);
//      ElPGPPreferredHashAlgorithmsSignatureSubpacket(Signature.Extensions[IndexHashAlg]).PreferredCount:=1;
//      ElPGPPreferredHashAlgorithmsSignatureSubpacket(Signature.Extensions[IndexHashAlg]).Preferred[0]:=SB_PGP_ALGORITHM_MD_SHA256;

      IndexSymAlg := Signature.AddExtension(sePrefferedSymAlg);
      ElPGPPreferredSymmetricAlgorithmsSignatureSubpacket(Signature.Extensions[IndexSymAlg]).PreferredCount:=2;
      ElPGPPreferredSymmetricAlgorithmsSignatureSubpacket(Signature.Extensions[IndexSymAlg]).Preferred[0]:=SB_PGP_ALGORITHM_SK_AES128;
      ElPGPPreferredSymmetricAlgorithmsSignatureSubpacket(Signature.Extensions[IndexSymAlg]).Preferred[1]:=SB_PGP_ALGORITHM_SK_AES256;
    end;
end;


And conversely if I add only a PreferredHashAlgorithm extension (commenting out the PrefferedSymAlgorithm code) and then inspect the count and array properties on the public key the PrefferedHashAlgCount returns 0 and the PrefferedHashAlgs array returns -1

I'm using a precompiled version of SecureBlackbox - version 6.1.149.

Thanks


#20233
Posted: 05/23/2012 18:48:43
by PaDelphiDev (Standard support level)
Joined: 03/23/2011
Posts: 12

Heres a screenshot of the Debug Inspector for the public key showing the Preffered Count properties


#20236
Posted: 05/24/2012 04:38:13
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Just tried the same with the latest code and everything goes fine.
Please try the latest 10 beta build. Please note, that in this build we fixed constant name to be 'preferred'.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 1942 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!