Hi! Thanks for answering.
Actual problem is that I can't use this public key for encryption with
Bouncy castle library. After public key extraction with code provided in
initial message and encryption attempt I'm getting exception
"[System.ArgumentException] = {"passed in key not an encryption key!"}".
How can I use PgpPublicKeyRing for encryption? PgpEncryptedDataGenerator
allows only AddMethod(PgpPublicKey key) so I can't use whole PgpPublicKeyRing
for encryption. Is there any other method? I used key export for test
purposes only, but my main goal is encryption.
Here is problematic key dump I got using pgpdump.net perhaps this will help?
PGPdump Results
Old: Public Key Packet(tag 6)(418 bytes) Ver 4 - new Public key creation
time - Fri Oct 29 12:38:31 UTC 2010 Pub alg - DSA Digital Signature
Algorithm(pub 17) DSA p(1024 bits) - ... DSA q(160 bits) - ... DSA g(1024
bits) - ... DSA y(1020 bits) - ... Old: User ID Packet(tag 13)(40 bytes)
User ID - User (User) <[email protected]> Old: Signature Packet(tag 2)(96
bytes) Ver 4 - new Sig type - Positive certification of a User ID and
Public Key packet(0x13). Pub alg - DSA Digital Signature Algorithm(pub 17)
Hash alg - SHA1(hash 2) Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Fri Oct 29 12:38:31 UTC 2010 Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys Flag - This key may be
used to sign data Hashed Sub: preferred symmetric algorithms(sub 11)(5
bytes) Sym alg - AES with 256-bit key(sym 9) Sym alg - AES with 192-bit
key(sym 8) Sym alg - AES with 128-bit key(sym 7) Sym alg - CAST5(sym 3) Sym
alg - Triple-DES(sym 2) Hashed Sub: preferred hash algorithms(sub 21)(3
bytes) Hash alg - SHA1(hash 2) Hash alg - SHA256(hash 8) Hash alg -
RIPEMD160(hash 3) Hashed Sub: preferred compression algorithms(sub 22)(3
bytes) Comp alg - ZLIB <RFC1950>(comp 2) Comp alg - BZip2(comp 3) Comp alg
- ZIP <RFC1951>(comp 1) Hashed Sub: features(sub 30)(1 bytes) Flag -
Modification detection (packets 18 and 19) Hashed Sub: key server
preferences(sub 23)(1 bytes) Flag - No-modify Sub: issuer key ID(sub 16)(8
bytes) Key ID - 0xCCD017AF771E0A0E Hash left 2 bytes - ae 2d DSA r(160
bits) - ... DSA s(159 bits) - ... -> hash(DSA q bits) Old: Public Subkey
Packet(tag 14)(1037 bytes) Ver 4 - new Public key creation time - Fri Oct
29 12:38:31 UTC 2010 Pub alg - ElGamal Encrypt-Only(pub 16) ElGamal p(4096
bits) - ... ElGamal g(3 bits) - ... ElGamal y(4096 bits) - ... Old:
Signature Packet(tag 2)(73 bytes) Ver 4 - new Sig type - Subkey Binding
Signature(0x18). Pub alg - DSA Digital Signature Algorithm(pub 17) Hash alg
- SHA1(hash 2) Hashed Sub: signature creation time(sub 2)(4 bytes) Time -
Fri Oct 29 12:38:31 UTC 2010 Hashed Sub: key flags(sub 27)(1 bytes) Flag -
This key may be used to encrypt communications Flag - This key may be used
to encrypt storage Sub: issuer key ID(sub 16)(8 bytes) Key ID -
0xCCD017AF771E0A0E Hash left 2 bytes - b1 20 DSA r(159 bits) - ... DSA
s(160 bits) - ... -> hash(DSA q bits)
2013/4/24 Christoph Hannebauer <[email protected]>
> Hi Alexander,
>
> now I had the time to look at your issue again, although I realized now
> that I do not really understand your problem. Let me try to summarize what
> I have understood or at least believe to have understood:
>
> - You have a public PGP key. The key has a self-signature and maybe
> signatures from other PGP keys. The PGP key has a primary key and a subkey.
> - You want to extract the subkey, but you want to keep all signatures.
>
> If this is correct, then this is not possible -- neither with Bouncy
> Castle nor with other PGP libraries, since the PGP format does not allow
> this except for some special cases. The primary key must be a signature key
> and the subkeys are usually encryption keys that do not allow signatures.
> The primary key signs itself and the subkeys to show that these belong to
> the primary key. The primary key also signs the user IDs. Other keys
> usually sign only the user IDs.
>
> You should not export the subkey without the primary key, as the subkey
> cannot sign anything. Especially the self-signature is not possible and
> signatures of user IDs are also not possible.
>
> I hope that this clarified how to use primary keys and subkeys in PGP. If
> I have misunderstood your problem, maybe you can explain what you want to
> achieve eventually.
>
> As I have already written, the command line tool pgpdump helps to analyze
> the packets of a PGP key (or other PGP data). There is even a web interface
> at www.pgpdump.net, so you do not have to acquire a command line version
> if it is difficult to find or compile for your operating system.
>
>
> Best,
>
> Christoph
>
>
>
> On 23.04.2013 07:59, Christoph Hannebauer wrote:
>
> Hi Alexander,
>
> I reported the bug you referred to. Indeed, I observed the same behaviour
> as you did when I imported the PGP keys with GnuPG, but it only affects
> secret keys IIRC. Anyway, I have some code snippets that may help you with
> your issue. However, I haven't had the time to search for those, because I
> have been quite busy.
>
> Maybe you can use the tool pgpdump to find out more about the original and
> exported keys?
>
> Also, I believe that the patch I had provided with the bug report has some
> disadvantages that I found out about later. Maybe the KeyID changed in the
> process of lifting the PGP version from 3 to 4 or something like that. I
> will have a look at this and write another email when I have a little more
> time (in 10 hours I hope).
>
>
> Best,
>
> Christoph
>
>
> On 22.04.2013 20:48, Alexander Voronin wrote:
>
> Could anyone comment this? I found unresolved bug
> http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this
> issue?
>
>
> 2013/4/18 Alexander Voronin <[email protected]>
>
>> Hi! Unfortunately wiki is down and I did not found anything related in
>> internet. I have following issue.
>> I have GnuPG signed public key that contains signed public key:
>>
>> root@ubuntu:~# gpg --import < pkey.asc
>> gpg: /root/.gnupg/trustdb.gpg: trustdb created
>> gpg: key 771E0A0E: public key "User (User) <[email protected]>" imported
>> gpg: Total number processed: 1
>> gpg: imported: 1
>> root@ubuntu:~#
>>
>>
>> root@ubuntu:~# gpg --encrypt -r User
>> gpg: 91A942AE: There is no assurance this key belongs to the named user
>>
>> pub 4096g/91A942AE 2010-10-29 User (User) <[email protected]>
>> Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E
>> 0A0E
>> Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9
>> 42AE
>> ....
>>
>> And so on. So key is correct and usable. To extract PgpPublicKey object
>> from key I'm using following method:
>>
>> public static PgpPublicKey PublicKeyFromString(string keyString) {
>> using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
>> using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
>> PgpPublicKeyRingBundle pgpPub = new PgpPublicKeyRingBundle(inputStream);
>> foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
>> foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
>> if (pKey.IsEncryptionKey) {
>> return pKey;
>> }
>> }
>> }
>> }
>> }
>> // not found
>> throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
>> }
>>
>> The problem I see - kRing.GetPublicKeys() returns two elements - one of
>> them public key itself and second one is key sign. But public key returned
>> with attribute IsEncryptionKey set to false, and sign returned with
>> IsEncryptionKey set to true. I can't use this PgpPublicKey object for
>> encryption, and of course can't use sign for this puprose.
>> kRing.GetPublicKey() also returns public key with IsEncryptionKey set to
>> false.
>>
>> When I got public key using this method it looks usable (untill I'm
>> trying to encrypt anything) and I can even save them in armored format. But
>> after this GnuPG import says:
>>
>> root@ubuntu:~# gpg --import < pkey-extracted.asc
>> gpg: /root/.gnupg/trustdb.gpg: trustdb created
>> gpg: key 771E0A0E: public key "User (User) <[email protected]>" imported
>> gpg: Total number processed: 1
>> gpg: imported: 1
>> root@ubuntu:~# gpg --encrypt -r User
>> gpg: Darkterror: skipped: unusable public key
>> gpg: [stdin]: encryption failed: unusable public key
>> root@ubuntu:~#
>>
>> Is is bug or I missunderstood something? What is correct way to extract
>> signed public key form keyring?
>> Thanks in advance!
>>
>> --
>> когда я опустился на самое дно, снизу мне постучали..
>>
>
>
>
> --
> когда я опустился на самое дно, снизу мне постучали..
>
>
>
>
--
когда я опустился на самое дно, снизу мне постучали..
