EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Importing SecureBlackbox OpenPGP Public Key to 3rd Party Software

Posted: 09/04/2007 13:10:11
by Dan Hammari (Basic support level)
Joined: 06/27/2006
Posts: 11


I have created a small application in Delphi 7 that uses PGP Blackbox to generate PGP keys, encrypt clear files, and decrypt pgp-encrypted files. The program seems to work well on my company's side; we can use our clients' public keys to encrypt files before we send them and they can decrypt just fine on their side. The problem occurs when we export a public key and share it with our clients. They complain of having difficulties importing our public keys into their PGP software. At first, I attributed problems to user error or problems with my clients' software. However, I've had enough feedback from clients using PGP Corporation's applications that I wonder if there are some options I need to apply to the public keys I create for them to be more compatible. Are you aware of any such features I need to encode in a public key to make it work well with other parties' PGP applications?
Posted: 09/04/2007 13:32:42
by Ken Ivanov (Team)

Thank you for your message. Unfortunately, the information you provided is not enough to answer you. Please specify (a) the details of the problems that your clients do encounter (i.e., the error messages), (b) the version of PGP software used by your clients.
Posted: 09/04/2007 13:54:48
by Dan Hammari (Basic support level)
Joined: 06/27/2006
Posts: 11

Thanks for replying, Innokentiy. These are the responses I've heard from a couple of clients:

CLIENT 1: Uses PGP Corporation's PGP Desktop 9.0; cannot import public key generated by my program; receives a message indicating that PGP doesn't support the version of the public key we sent.

CLIENT 2: Uses PGP Corportation's PGP Desktop 9.6; cannot import public key generated by my program; recevies a message indicating that the PGP version of the key that is being imported is not supported.

I know this is not a lot to go on, so I'll see if I can get more detailed information from my clients. The keys that I have generated are through the PGP module of Secure Blackbox 5.0 and are using SB_PGP_ALGORITHM_PK_ELGAMAL at 2048.

Posted: 09/04/2007 15:50:44
by Dan Hammari (Basic support level)
Joined: 06/27/2006
Posts: 11

Hello again,

Here is some additional information. I am following the instructions in the How To.. for [URL=http://www.eldos.com/sbb/articles/3710.php]Generate the OpenPGP Key[/URL]. I have tried setting the flag to see if making the PGP keys compatible with older versions of PGP made a difference, but it has not. I have attached an example of a key I have generated as well as a screenshot that my client has supplied me with. This client is using PGP Corporation's PGP Desktop version 9.6 on Windows Vista and is trying to import the attached public key. Could you take a look at the attached key and let me know if it looks like there is something wrong with it?


[ Download ]
Posted: 09/05/2007 02:01:41
by Ken Ivanov (Team)

Although OpenPGP specification does not declare any restrictions on the public key algorithms to use, the actual situation is more complicated. Most of existing PGP implementations understand public keys in the following formats:
1. RSA key of version 3, no subkeys (older PGP implementations),
2. RSA key of version 4 with RSA subkey(s),
3. DSA key with Elgamal encryption-only subkey(s).

Other combinations (e.g. Elgamal key with RSA subkey, or generic Elgamal key with no subkeys you have generated) are likely not to be understood correctly. So we recommend to use one of the above formats for the keys generated by your application.

Please use PGPKeys demo to generate test Elgamal key and check if this key is understood correctly by your clients' software. The exact line of code that generates the 'correct' (from the PGP Corp. point of view) Elgamal key follows:

SecretKey.Generate(passphrase, bits, SBPGPConstants.Unit.SB_PGP_ALGORITHM_PK_DSA, bits, SBPGPConstants.Unit.SB_PGP_ALGORITHM_PK_ELGAMAL_ENCRYPT, username, 0);
Posted: 09/05/2007 16:12:39
by Dan Hammari (Basic support level)
Joined: 06/27/2006
Posts: 11

Thanks, Innokentiy!

I changed the algorithms I was using to those you suggested and my clients using PGP Corporation's PGP Desktop were able to import the public keys I created.

Posted: 02/24/2009 20:09:05
by Justin Cook (Standard support level)
Joined: 02/10/2009
Posts: 4

This is a thread dredge,

In the PGPKeys Demo, in step 1 of the new key generation method there are two options for key algorithms.

Why is the Elgamal/DSS algorithm recommended? Is it simply for backwards compatibility with older PGP clients?

Posted: 02/25/2009 00:25:07
by Ken Ivanov (Team)

Elgamal/DSS keys are just more compatible with other OpenPGP-compliant implementations. Some OpenPGP products do not understand RSAv4 keys with subkeys. RSAv3 keys are usually created only for compatibility with older software (such as PGP 2.6.x, which is still in use somewhere due to unknown reasons).



Topic viewed 4922 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!