EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Compatibility. PGP 6.5.2 BSAFE

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#3836
Posted: 09/21/2007 07:42:18
by Paul Webb (Basic support level)
Joined: 07/30/2007
Posts: 9

We are using Secure Black Box Open PGP for sending files to a client. We have encrypted and signed the file but our client is unable to decrypt the file (actually i think its more in the verification but they dont see it like that).

We encrypt/sign like this:

Code
      pgpWriter.Armor = true;
            pgpWriter.ArmorHeaders.Clear();
            pgpWriter.ArmorHeaders.Add("Version: EldoS OpenPGPBlackbox");
            pgpWriter.ArmorBoundary = "PGP MESSAGE";
            pgpWriter.EncryptingKeys = encryptingKeyRing;
            pgpWriter.SigningKeys = signingKeyRing;
            pgpWriter.EncryptionType = TSBPGPEncryptionType.etPublicKey;
            pgpWriter.Timestamp = DateTime.Now;
            pgpWriter.CompressionAlgorithm = __Global.SB_PGP_ALGORITHM_CM_UNCOMPRESSED;
            pgpWriter.Compress = compress;
            pgpWriter.UseNewFeatures = false;
            pgpWriter.UseOldPackets = true;

            pgpWriter.OnKeyPassphrase += pgpWriter_OnKeyPassphrase;


            encryptedStream = new MemoryStream();

            try
            {
                pgpWriter.EncryptAndSign(streamToEncrypt, encryptedStream, 0);
            }
            finally
            {
                streamToEncrypt.Close();
            }


... where compress = false. We also set a passprhase to our secret key etc using . I have been tweaking the UseNewFeatures/UseOldPackets combination to not much avail.

Our clients PGP software produces the following output and error...


Pretty Good Privacy™ Version 6.5.2
© 1999 Network Associates Inc.
Uses the BSafe™ Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.


event 1: initial
event 13: BeginLex
event 8: Analyze
File is encrypted. event 9: Recipients
Secret key is required to read it.

Key for user ID: -- REMOVED --
1024-bit RSA key, Key ID -- REMOVED --, created -- REMOVED --
Key can sign.
event 6: Passphrase
You need a pass phrase to unlock your secret key.

Enter pass phrase:
event 23: Decryption
symmetric cipher used: CAST5
event 11: Output options
typecode: 0062
for your eyes only


This message is marked "For your eyes only". Display now (Y/n)? Y
event 12: Signature
Good signature from user "-- REMOVED --".
Signature made 2007/09/21 11:30 GMT
event 3: error -11491
event 2: final

0 memory frags found
exitPGP: exitcode = 32

Can you let me know of any compatibility issues known with PGP 6.5.2. I am presuming there arent any but i'd like to hear if there are. Also does the error message mean anything to you?

Finally... from our code sample, are we doing this correctly?

Many thanks.
#3837
Posted: 09/21/2007 08:32:06
by Ken Ivanov (EldoS Corp.)

Thank you for your message.

PGP 6.5 is quite old, and that's why there's a number of compatibility issues with it (most of which are caused by newer algorithms/features not supported by PGP 6.5). According to PGP documentation, error -11491 stands for kPGPError_OutputBufferTooSmall constant. It is likely to be caused by some buffer overflow in PGP 6.5 (is the signing or encryption key too long?) Please answer the following questions so that we could try to find the exact reason for the problem:
a) what software was used to generate signing and encryption key?
b) what are the algorithms and the lengths of these keys?
c) please try to set TElPGPWriter.FileName property to some non-empty value and check if it results in the same error,
d) please try to encrypt and sign the file using SecureBlackbox sample PGP keys and check if it results in the same error.

Your code is correct and should work with PGP 6.5 (encrypted files produced with UseOldPackets=true and UseNewFeatures=false should be understood correctly by it).
#3838
Posted: 09/21/2007 09:12:59
by Paul Webb (Basic support level)
Joined: 07/30/2007
Posts: 9

Thanks for your response. I will try to get some of this info for you. Do the signing keys need to be the same length as the encryption keys?

We tried sending it encrypted only (Not signed) and it still failed. They seem to be using RSA 1024 bit keys according to the output.
#3839
Posted: 09/21/2007 09:25:48
by Ken Ivanov (EldoS Corp.)

Thank you.

Quote
Do the signing keys need to be the same length as the encryption keys?

No, encryption and signing operations are independent.

Quote
We tried sending it encrypted only (Not signed) and it still failed.

Please try to send signed-only message too and check if it fails.

Quote
They seem to be using RSA 1024 bit keys according to the output.

Messages encrypted with RSA keys should be understood correctly. We will try to reproduce the problem in our conditions too.
#3840
Posted: 09/21/2007 09:42:32
by Paul Webb (Basic support level)
Joined: 07/30/2007
Posts: 9

Thanks for this. Thats basically what i thought. Just to verify.. my encryption only code looks like the following:


Code
            TElPGPWriter pgpWriter = new TElPGPWriter();

            pgpWriter.Armor = true;
            pgpWriter.ArmorHeaders.Clear();
            pgpWriter.ArmorHeaders.Add("Version: EldoS OpenPGPBlackbox");
            pgpWriter.ArmorBoundary = "PGP MESSAGE";
            pgpWriter.EncryptingKeys = encryptingKeyRing;
            //pgpWriter.SigningKeys = signingKeyRing;
            pgpWriter.EncryptionType = TSBPGPEncryptionType.etPublicKey;
            pgpWriter.Timestamp = DateTime.Now;
            pgpWriter.CompressionAlgorithm = __Global.SB_PGP_ALGORITHM_CM_UNCOMPRESSED;
            pgpWriter.Compress = compress;
            pgpWriter.UseNewFeatures = false;
            pgpWriter.UseOldPackets = true; //NOTE CHANGE BACK
            pgpWriter.Filename = "XXX";
            

            if (pgpWriter.EncryptingKeys.get_SecretKeys(0) != null)
            {
                pgpWriter.EncryptingKeys.get_SecretKeys(0).Passphrase = encryptionPassword;
            }

//            if (pgpWriter.SigningKeys.get_SecretKeys(0) != null)
//            {
//                pgpWriter.SigningKeys.get_SecretKeys(0).Passphrase = signingPassword;
//            }

            pgpWriter.OnKeyPassphrase += pgpWriter_OnKeyPassphrase;


            encryptedStream = new MemoryStream();

            try
            {
                pgpWriter.Encrypt(streamToEncrypt, encryptedStream, 0);
            }
            finally
            {
                streamToEncrypt.Close();
            }



Can you also tell me what the default algorithm is for the encyption used? ie SymmetricKeyAlgorithm .

Thanks
#3841
Posted: 09/21/2007 09:45:35
by Paul Webb (Basic support level)
Joined: 07/30/2007
Posts: 9

btw... pgpWriter.Filename = "XXX"; is set in reference to your comment above "try to set TElPGPWriter.FileName property to some non-empty value" ... in case you were wondering. :)
#3843
Posted: 09/21/2007 10:11:57
by Ken Ivanov (EldoS Corp.)

In general, your code is correct. However, there's no need in setting Passphrase for the encryption key.

Quote
Can you also tell me what the default algorithm is for the encyption used? ie SymmetricKeyAlgorithm.

CAST5 is the default one. This algorithm is supported by most of different PGP versions.

Quote
btw... pgpWriter.Filename = "XXX"; is set in reference to your comment above "try to set TElPGPWriter.FileName property to some non-empty value" ... in case you were wondering. :)

Empty filename forces TElPGPWriter to create a 'for-your-eyes-only' message (i.e., this message cannot be decrypted to the disk file, it can only be displayed on the screen). Since we have to check all the possible reasons for the problem, I asked you to set it to non-empty value.
#3844
Posted: 09/21/2007 10:30:50
by Paul Webb (Basic support level)
Joined: 07/30/2007
Posts: 9

Thanks Innokentiy. We appreicate your fast responses.

If you have any luck testing it in your environment please let us know. I dont think i'll be able to get you a key pair any time soon though. If i can i will send it via your helpdesk support.

regards,
Paul



#3846
Posted: 09/21/2007 10:41:23
by Ken Ivanov (EldoS Corp.)

Sure.

Do you know what PGP software was used to generate the keys? It is possible that the keys contain some extra information which is misunderstood by PGP6.5. Knowing software name we could reproduce the problem faster.
#3848
Posted: 09/21/2007 10:59:00
by Paul Webb (Basic support level)
Joined: 07/30/2007
Posts: 9

I think its some old freeware version but we're not having much luck on getting much from them re the keys. Given 6.5.2 is from 1999 (and from what i read here http://rjmarq.org/pgp/pgp5.html was a dud release) I suspect they dont even know themselves but we will let you know if we can find out.

Thanks again.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 5057 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!