EldoS | Feel safer!

Software components for data protection, secure storage and transfer

No signature

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#24881
Posted: 05/07/2013 23:02:18
by Andy Kim (Basic support level)
Joined: 02/07/2013
Posts: 11

I am trying to send a signed and encrypted text file to a 3rd party. They said the file is not signed. What are some of the most common issues associated with this? I have searched knowledgebase and forums, but I can only find info about using bad keys and Hash algorithms. I am using the TelPGPWriter.EncryptAndSign method, and I believe a property on the TelPGPWriter object is incorrect. Any pointers would be great =). I am trying to output an ascii armor file.

When viewing the encrypted and signed file, should the signature be in its own separate block? Or is is encrypted into the whole message string in one block?

Perhaps I should focus on passphrase. I am a little confused about password vs passphrase vs keypassphrase, and when each should be used also. Any clarification would be great.

Based upon your feedback, I will try to post some code snippets and hopefully a screenshot of a watch on the telpgpwriter object in visual basic 2010.

Thanks, Andy
#24882
Posted: 05/07/2013 23:33:23
by Eugene Mayevski (EldoS Corp.)

EncryptAndSign produces one block of encrypted and signed data. This block is optionally "armored" (strange name for base64-encoding the data). There's no separate signature block.

There are several reasons possible:
1) the recipient's software just does not support Encrypted-and-Signed data.
2) they don't have decryption key (or encryption was not performed right)
3) you don't have a secret key for signing or have not specified the password for the key

Try to start with a simple - sign some test data without encryption and give this data to your recipient for checking. This will ensure that you've setup signing part right. Also you can use our sample project to verify signed data - they you don't even need to ask the 3rdparty to do this.

Quote
Andy Kim wrote:
Perhaps I should focus on passphrase. I am a little confused about password vs passphrase vs keypassphrase, and when each should be used also. Any clarification would be great.


Passphrase is used for password-based encryption. KeyPassphrase is a password to the secret key used for signing or *de*cryption. Password - no idea where you've found it.


Sincerely yours
Eugene Mayevski
#25045
Posted: 05/23/2013 09:18:21
by Andy Kim (Basic support level)
Joined: 02/07/2013
Posts: 11

Here is a screenshot of the quick watch in visual basic just prior to calling TelPgpWriter.Sign(). We tried signing the file with the demo program, and they were able to validate the signature, but they say there is no signature from our code. The watches looks different. On The watch for the demo program, the I have not been prompted for the key pass phrase yet. For our code, the password should already be set?

Do you see anything suspicious why they cannot see a signature using our way? Also, what are the structures starting with f? fArmor, etc.?

Thanks!

Why can't i see the png file that I attached? is there a size limit?
#25046
Posted: 05/23/2013 09:21:23
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Your screenshot is missing. Please re-post it.
#25047
Posted: 05/23/2013 09:23:06
by Andy Kim (Basic support level)
Joined: 02/07/2013
Posts: 11

256kb limit let me see if I'm ok there.
#25048
Posted: 05/23/2013 09:27:07
by Eugene Mayevski (EldoS Corp.)

Quote
Andy Kim wrote:
We tried signing the file with the demo program, and they were able to validate the signature, but they say there is no signature from our code


Does this mean that the sample produced the file with correct signature?

Please re-check that you specify the keyring with private keys for signing, and that the keyring is not empty. If your code does something but you never specify a password for the private key, this means that the private key is not accessed. Why - that's a question for you to find an answer.


Sincerely yours
Eugene Mayevski
#25049
Posted: 05/23/2013 09:28:45
by Vsevolod Ievgiienko (EldoS Corp.)

I've create a helpdesk ticket for you where you can post the screenshot.
#25052
Posted: 05/23/2013 09:55:50
by Andy Kim (Basic support level)
Joined: 02/07/2013
Posts: 11

This is a quick watch just prior to calling telpgpWriter.Sign(). It has not yet prompted me to enter the KeyPassPhrase. This is using the sample program.


#25053
Posted: 05/23/2013 09:57:12
by Andy Kim (Basic support level)
Joined: 02/07/2013
Posts: 11

This is the watch from our code just prior to calling telPgpWriter.Sign().
Keypassphrase is supposed to already be loaded. This signature cannot be found according to our third party.


#25054
Posted: 05/23/2013 10:08:56
by Vsevolod Ievgiienko (EldoS Corp.)

The only significant difference that I see is that in 1st case OnKeyPassphrase event handler is assigned, but in 2nd its not. Most likely the key passphrase is not provided correctly. Please compare your code to sample code.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 3451 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!