Hi Alexander,
now I had the time to look at your issue again, although I realized now
that I do not really understand your problem. Let me try to summarize
what I have understood or at least believe to have understood:
- You have a public PGP key. The key has a self-signature and maybe
signatures from other PGP keys. The PGP key has a primary key and a subkey.
- You want to extract the subkey, but you want to keep all signatures.
If this is correct, then this is not possible -- neither with Bouncy
Castle nor with other PGP libraries, since the PGP format does not allow
this except for some special cases. The primary key must be a signature
key and the subkeys are usually encryption keys that do not allow
signatures. The primary key signs itself and the subkeys to show that
these belong to the primary key. The primary key also signs the user
IDs. Other keys usually sign only the user IDs.
You should not export the subkey without the primary key, as the subkey
cannot sign anything. Especially the self-signature is not possible and
signatures of user IDs are also not possible.
I hope that this clarified how to use primary keys and subkeys in PGP.
If I have misunderstood your problem, maybe you can explain what you
want to achieve eventually.
As I have already written, the command line tool pgpdump helps to
analyze the packets of a PGP key (or other PGP data). There is even a
web interface at www.pgpdump.net, so you do not have to acquire a
command line version if it is difficult to find or compile for your
operating system.
Best,
Christoph
On 23.04.2013 07:59, Christoph Hannebauer wrote:
Hi Alexander,
I reported the bug you referred to. Indeed, I observed the same
behaviour as you did when I imported the PGP keys with GnuPG, but it
only affects secret keys IIRC. Anyway, I have some code snippets that
may help you with your issue. However, I haven't had the time to
search for those, because I have been quite busy.
Maybe you can use the tool pgpdump to find out more about the original
and exported keys?
Also, I believe that the patch I had provided with the bug report has
some disadvantages that I found out about later. Maybe the KeyID
changed in the process of lifting the PGP version from 3 to 4 or
something like that. I will have a look at this and write another
email when I have a little more time (in 10 hours I hope).
Best,
Christoph
On 22.04.2013 20:48, Alexander Voronin wrote:
Could anyone comment this? I found unresolved bug
http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this
issue?
2013/4/18 Alexander Voronin <[email protected]
<mailto:[email protected]>>
Hi! Unfortunately wiki is down and I did not found anything
related in internet. I have following issue.
I have GnuPG signed public key that contains signed public key:
root@ubuntu:~# gpg --import < pkey.asc
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 771E0A0E: public key "User (User) <[email protected]
<mailto:[email protected]>>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@ubuntu:~#
root@ubuntu:~# gpg --encrypt -r User
gpg: 91A942AE: There is no assurance this key belongs to the
named user
pub 4096g/91A942AE 2010-10-29 User (User) <[email protected]
<mailto:[email protected]>>
Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0
17AF 771E 0A0E
Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745
91A9 42AE
....
And so on. So key is correct and usable. To extract PgpPublicKey
object from key I'm using following method:
public static PgpPublicKey PublicKeyFromString(string keyString) {
using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
PgpPublicKeyRingBundle pgpPub = new
PgpPublicKeyRingBundle(inputStream);
foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
if (pKey.IsEncryptionKey) {
return pKey;
}
}
}
}
}
// not found
throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
}
The problem I see - kRing.GetPublicKeys() returns two elements -
one of them public key itself and second one is key sign. But
public key returned with attribute IsEncryptionKey set to false,
and sign returned with IsEncryptionKey set to true. I can't use
this PgpPublicKey object for encryption, and of course can't use
sign for this puprose. kRing.GetPublicKey() also returns public
key with IsEncryptionKey set to false.
When I got public key using this method it looks usable (untill
I'm trying to encrypt anything) and I can even save them in
armored format. But after this GnuPG import says:
root@ubuntu:~# gpg --import < pkey-extracted.asc
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 771E0A0E: public key "User (User) <[email protected]
<mailto:[email protected]>>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@ubuntu:~# gpg --encrypt -r User
gpg: Darkterror: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
root@ubuntu:~#
Is is bug or I missunderstood something? What is correct way to
extract signed public key form keyring?
Thanks in advance!
--
когда я опустился на самое дно, снизу мне постучали..
--
когда я опустился на самое дно, снизу мне постучали..
