EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Key file expiration not enforced

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#31900
Posted: 01/13/2015 12:25:11
by Tom Gauthreaux (Basic support level)
Joined: 07/22/2009
Posts: 6

I have created a new PGP key using RSA with your .NET sample code for version 12 Desktop, PGPKeysDemo sample. I modified the method GenerateKey() to set the expiration parameter to 1.
private void GenerateKey()
{
lFinish.Text = "Generation completed";
Success = true;
try
{
if (keyAlg == 0)
{
SecretKey.Generate(passphrase, bits, SBPGPConstants.Unit.SB_PGP_ALGORITHM_PK_RSA,
username, false, 1);
}
else if (keyAlg == 1)
{
SecretKey.Generate(passphrase, bits, SBPGPConstants.Unit.SB_PGP_ALGORITHM_PK_DSA,
bits, SBPGPConstants.Unit.SB_PGP_ALGORITHM_PK_ELGAMAL_ENCRYPT, username, 1);
}
else
{
SecretKey.Generate(passphrase, bits, SBPGPConstants.Unit.SB_PGP_ALGORITHM_PK_ECDSA,
bits, SBPGPConstants.Unit.SB_PGP_ALGORITHM_PK_ECDH, username, 1);
}
}
catch(Exception ex)
{
lFinish.Text = ex.Message;
Success = false;
}
}
When I load the key in our code, it is not indicating that it is expired and debugging indicates that FSecretList[0].FKey.FExpires = 0, and decryption proceeds anyway.
Per the forum, the expiration is not viewable as part of the exported key file... how can you view the expiration for the key? I see that there is a Signature while displaying the key in the sample app, which the forum indicated has the expiration.
#31902
Posted: 01/13/2015 15:39:33
by Ken Ivanov (EldoS Corp.)

Hi Tom,

The components do not check if the key has expired when performing cryptographic operations (signing, encryption). It is left up to the user to check expiration date of a key before using it.

However, the method you use to set key expiration dates is correct. Could you please load the key in problem into the PGPKeysDemo sample and check if its expiration date is reported correctly? This will help us understand on which stage does the problem happen.

Ken
#31914
Posted: 01/14/2015 09:21:51
by Tom Gauthreaux (Basic support level)
Joined: 07/22/2009
Posts: 6

A screenshot of the loaded keyring is attached. I don't see the expiration date displayed anywhere.


#31915
Posted: 01/14/2015 09:25:16
by Tom Gauthreaux (Basic support level)
Joined: 07/22/2009
Posts: 6

Found the expiration date... see attached.


#31916
Posted: 01/14/2015 09:36:21
by Ken Ivanov (EldoS Corp.)

Hi Tom,

Thank you. This confirms that the expiration date for the generated key is set correctly. Still, I should emphasize once again that it's a task of your code to check key expiration time before using it.

Ken
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 489 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!