EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Decrypt with one key, verify via another

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#1873
Posted: 12/14/2006 14:23:48
by Dylan Moonfire (Basic support level)
Joined: 12/14/2006
Posts: 3

Salutations. I'm trying out the PGP stuff to see if it would work for my application. For this, I want to have this:

There is a master key which is only located at our company (KeyA). There is a second key which is embedded in our application (KeyB).

When we create the file, we encrypt the file for KeyB and sign it with KeyA's file. (gpg -a --encrypt --sign -u KeyA -r KeyB)

I want to be able to send that file and have the application (with only has the public KeyA), decrypt it and verify that the key that signed it was ONLY from KeyA. With gpg, you get a:

gpg: encrypted with 2048-bit ELG-E key, ID 9FD224DB, created 2006-12-14
"KeyB"
gpg: Signature made Thu Dec 14 14:13:40 2006 CST using DSA key ID A331B877
gpg: Good signature from "KeyA"

The account running gpg in this case has the secret key for KeyB and only the public key for KeyA, which is what I think I want. :)

I got the writing bit down (those gpg messages were from creating the file in code), but I'm not sure how to do this on the reading end. I want to read the encrypted file and make sure that the signature only comes from KeyA.

Suggestions or pointers?
#1874
Posted: 12/14/2006 14:34:34
by Eugene Mayevski (EldoS Corp.)

Use TElPGPReader.DecryptAndVerify() method to extract the original file and verify the signature(s).

See the detailed description of the process in the how-to article


Sincerely yours
Eugene Mayevski
#1875
Posted: 12/14/2006 14:46:55
by Dylan Moonfire (Basic support level)
Joined: 12/14/2006
Posts: 3

I think I'm missing something.

Quote
// Create the basic reader
TElPGPReader reader = new TElPGPReader();

// Handle the decryption
TElPGPKeyring dkeys = new TElPGPKeyring();
dkeys.AddPublicKey(applicationSecretKey.PublicKey);
dkeys.AddSecretKey(applicationSecretKey);
reader.DecryptingKeys = dkeys;

// Handle the verification
TElPGPKeyring vkeys = new TElPGPKeyring();
vkeys.AddPublicKey(licensingPublicKey);
reader.VerifyingKeys = vkeys;

// Write it out to the filesystem
reader.OutputFile = fi2.FullName;
reader.DecryptAndVerifyFile(fi.FullName);


When I encrypt the file properly, this works perfectly (i.e. no problems), but when I encrypt the file using a random PGP key, it decrypts without a problem (as I would expect it to), but it doesn't throw an exception since I'm using an entirely different key (KeyC) to sign it. On the Linux side, where I only have pub/sec KeyB and pub KeyA, I get this:

Quote
gpg: Signature made Thu Dec 14 14:36:45 2006 CST using DSA key ID A137E8D7
gpg: Can't check signature: public key not found


I was expecting an exception if I was using a key not in the keyfile (KeyC), but it is just reading the file without problems. Is there a different way of saying it isn't validating properly?
#1876
Posted: 12/14/2006 18:51:26
by Ken Ivanov (EldoS Corp.)

There's no exception thrown if the signature cannot be validated. Please use TElPGPReader.OnSignatures property to handle information about existing signatures and their validity information.
#1878
Posted: 12/14/2006 19:18:37
by Dylan Moonfire (Basic support level)
Joined: 12/14/2006
Posts: 3

You know, I keep reading that page over and over again and I never figured that out (I kept missing point #7). Thank you for helping.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 2805 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!