Hi, list! Christoph gave me good explanation of what could be wrong with my code so I've found logical error and issue is closed for now. I guess there is one important note about PgpPublicKeyRing.GetPublicKey() method. GetPublicKey() returns the primary key. In case of an RSA key, this may be used for encryption. In case of a DSA/ElGamal key pair, it may only be used for signing, but not for encryption. In all cases, the key can be used for signing.
Thanks! 2013/4/24 Christoph Hannebauer <[email protected]> > Hi Alexander, > > now I had the time to look at your issue again, although I realized now > that I do not really understand your problem. Let me try to summarize what > I have understood or at least believe to have understood: > > - You have a public PGP key. The key has a self-signature and maybe > signatures from other PGP keys. The PGP key has a primary key and a subkey. > - You want to extract the subkey, but you want to keep all signatures. > > If this is correct, then this is not possible -- neither with Bouncy > Castle nor with other PGP libraries, since the PGP format does not allow > this except for some special cases. The primary key must be a signature key > and the subkeys are usually encryption keys that do not allow signatures. > The primary key signs itself and the subkeys to show that these belong to > the primary key. The primary key also signs the user IDs. Other keys > usually sign only the user IDs. > > You should not export the subkey without the primary key, as the subkey > cannot sign anything. Especially the self-signature is not possible and > signatures of user IDs are also not possible. > > I hope that this clarified how to use primary keys and subkeys in PGP. If > I have misunderstood your problem, maybe you can explain what you want to > achieve eventually. > > As I have already written, the command line tool pgpdump helps to analyze > the packets of a PGP key (or other PGP data). There is even a web interface > at www.pgpdump.net, so you do not have to acquire a command line version > if it is difficult to find or compile for your operating system. > > > Best, > > Christoph > > > > On 23.04.2013 07:59, Christoph Hannebauer wrote: > > Hi Alexander, > > I reported the bug you referred to. Indeed, I observed the same behaviour > as you did when I imported the PGP keys with GnuPG, but it only affects > secret keys IIRC. Anyway, I have some code snippets that may help you with > your issue. However, I haven't had the time to search for those, because I > have been quite busy. > > Maybe you can use the tool pgpdump to find out more about the original and > exported keys? > > Also, I believe that the patch I had provided with the bug report has some > disadvantages that I found out about later. Maybe the KeyID changed in the > process of lifting the PGP version from 3 to 4 or something like that. I > will have a look at this and write another email when I have a little more > time (in 10 hours I hope). > > > Best, > > Christoph > > > On 22.04.2013 20:48, Alexander Voronin wrote: > > Could anyone comment this? I found unresolved bug > http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this > issue? > > > 2013/4/18 Alexander Voronin <[email protected]> > >> Hi! Unfortunately wiki is down and I did not found anything related in >> internet. I have following issue. >> I have GnuPG signed public key that contains signed public key: >> >> root@ubuntu:~# gpg --import < pkey.asc >> gpg: /root/.gnupg/trustdb.gpg: trustdb created >> gpg: key 771E0A0E: public key "User (User) <[email protected]>" imported >> gpg: Total number processed: 1 >> gpg: imported: 1 >> root@ubuntu:~# >> >> >> root@ubuntu:~# gpg --encrypt -r User >> gpg: 91A942AE: There is no assurance this key belongs to the named user >> >> pub 4096g/91A942AE 2010-10-29 User (User) <[email protected]> >> Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E >> 0A0E >> Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9 >> 42AE >> .... >> >> And so on. So key is correct and usable. To extract PgpPublicKey object >> from key I'm using following method: >> >> public static PgpPublicKey PublicKeyFromString(string keyString) { >> using (Stream mStream = new MemoryStream(StringToBytes(keyString))) { >> using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) { >> PgpPublicKeyRingBundle pgpPub = new PgpPublicKeyRingBundle(inputStream); >> foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) { >> foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) { >> if (pKey.IsEncryptionKey) { >> return pKey; >> } >> } >> } >> } >> } >> // not found >> throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing); >> } >> >> The problem I see - kRing.GetPublicKeys() returns two elements - one of >> them public key itself and second one is key sign. But public key returned >> with attribute IsEncryptionKey set to false, and sign returned with >> IsEncryptionKey set to true. I can't use this PgpPublicKey object for >> encryption, and of course can't use sign for this puprose. >> kRing.GetPublicKey() also returns public key with IsEncryptionKey set to >> false. >> >> When I got public key using this method it looks usable (untill I'm >> trying to encrypt anything) and I can even save them in armored format. But >> after this GnuPG import says: >> >> root@ubuntu:~# gpg --import < pkey-extracted.asc >> gpg: /root/.gnupg/trustdb.gpg: trustdb created >> gpg: key 771E0A0E: public key "User (User) <[email protected]>" imported >> gpg: Total number processed: 1 >> gpg: imported: 1 >> root@ubuntu:~# gpg --encrypt -r User >> gpg: Darkterror: skipped: unusable public key >> gpg: [stdin]: encryption failed: unusable public key >> root@ubuntu:~# >> >> Is is bug or I missunderstood something? What is correct way to extract >> signed public key form keyring? >> Thanks in advance! >> >> -- >> когда я опустился на самое дно, снизу мне постучали.. >> > > > > -- > когда я опустился на самое дно, снизу мне постучали.. > > > > -- когда я опустился на самое дно, снизу мне постучали..
