EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Decrypt with one key, verify via another

Posted: 12/14/2006 14:23:48
by Dylan Moonfire (Basic support level)
Joined: 12/14/2006
Posts: 3

Salutations. I'm trying out the PGP stuff to see if it would work for my application. For this, I want to have this:

There is a master key which is only located at our company (KeyA). There is a second key which is embedded in our application (KeyB).

When we create the file, we encrypt the file for KeyB and sign it with KeyA's file. (gpg -a --encrypt --sign -u KeyA -r KeyB)

I want to be able to send that file and have the application (with only has the public KeyA), decrypt it and verify that the key that signed it was ONLY from KeyA. With gpg, you get a:

gpg: encrypted with 2048-bit ELG-E key, ID 9FD224DB, created 2006-12-14
gpg: Signature made Thu Dec 14 14:13:40 2006 CST using DSA key ID A331B877
gpg: Good signature from "KeyA"

The account running gpg in this case has the secret key for KeyB and only the public key for KeyA, which is what I think I want. :)

I got the writing bit down (those gpg messages were from creating the file in code), but I'm not sure how to do this on the reading end. I want to read the encrypted file and make sure that the signature only comes from KeyA.

Suggestions or pointers?
Posted: 12/14/2006 14:34:34
by Eugene Mayevski (Team)

Use TElPGPReader.DecryptAndVerify() method to extract the original file and verify the signature(s).

See the detailed description of the process in the how-to article

Sincerely yours
Eugene Mayevski
Posted: 12/14/2006 14:46:55
by Dylan Moonfire (Basic support level)
Joined: 12/14/2006
Posts: 3

I think I'm missing something.

// Create the basic reader
TElPGPReader reader = new TElPGPReader();

// Handle the decryption
TElPGPKeyring dkeys = new TElPGPKeyring();
reader.DecryptingKeys = dkeys;

// Handle the verification
TElPGPKeyring vkeys = new TElPGPKeyring();
reader.VerifyingKeys = vkeys;

// Write it out to the filesystem
reader.OutputFile = fi2.FullName;

When I encrypt the file properly, this works perfectly (i.e. no problems), but when I encrypt the file using a random PGP key, it decrypts without a problem (as I would expect it to), but it doesn't throw an exception since I'm using an entirely different key (KeyC) to sign it. On the Linux side, where I only have pub/sec KeyB and pub KeyA, I get this:

gpg: Signature made Thu Dec 14 14:36:45 2006 CST using DSA key ID A137E8D7
gpg: Can't check signature: public key not found

I was expecting an exception if I was using a key not in the keyfile (KeyC), but it is just reading the file without problems. Is there a different way of saying it isn't validating properly?
Posted: 12/14/2006 18:51:26
by Ken Ivanov (Team)

There's no exception thrown if the signature cannot be validated. Please use TElPGPReader.OnSignatures property to handle information about existing signatures and their validity information.
Posted: 12/14/2006 19:18:37
by Dylan Moonfire (Basic support level)
Joined: 12/14/2006
Posts: 3

You know, I keep reading that page over and over again and I never figured that out (I kept missing point #7). Thank you for helping.



Topic viewed 3323 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!