Decryption issues - InvalidCipherTextException: unknown block type

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Decryption issues - InvalidCipherTextException: unknown block type

codeanon
Hello,

I am receiving regularly these PGP files from a third party. I made a java service to decrypt them and process the contents and it used to work fine, up to around 2 weeks ago. I am using BC 1.5.

Since 2 weeks I can no longer decrypt the files. I can still decrypt them by using using GNU PG.  I've been searching around, but I can't find anyone with the same problem.

This is the relevant part of my code:

        PGPPublicKeyEncryptedData encryptedData;
        PGPOnePassSignatureList onePassSignatureList;
        PGPSignatureList signatureList;
        try (InputStream decoderStream = PGPUtil.getDecoderStream(encryptedStream)) {
            PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
            Object o = pgpF.nextObject();
            PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
                    ? (PGPEncryptedDataList) o
                    : (PGPEncryptedDataList) pgpF.nextObject();
            encryptedData = null;
            PGPPrivateKey privateKey = null;
            for (Iterator<PGPPublicKeyEncryptedData> iterator = enc.getEncryptedDataObjects(); iterator.hasNext();) {
                encryptedData = iterator.next();                
                PBESecretKeyDecryptor decryptor = new BcPBESecretKeyDecryptorBuilder(
                        new BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
                PGPSecretKey secretKey = pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
                if (secretKey != null) {
                    privateKey = secretKey.extractPrivateKey(decryptor);
                    continue;
                }
            }
            if (privateKey == null) {
                throw new IllegalArgumentException("Unable to find secret key to decrypt the message");
            }            
            PGPObjectFactory plainStream = new PGPObjectFactory(
                    encryptedData.getDataStream(new BcPublicKeyDataDecryptorFactory(privateKey)));

And this is the Exception thrown from the last line of this code:

org.bouncycastle.openpgp.PGPException: exception encrypting session info: unknown block type
        at org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown Source) ~[bcpg-jdk15on-150.jar:1.50.0]
        at org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown Source) ~[bcpg-jdk15on-150.jar:1.50.0]
        at com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160) ~[classes/:?]
        at com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95) [classes/:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [?:1.7.0_21]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [?:1.7.0_21]
        at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown block type
        at org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown Source) ~[bcprov-jdk15on-150.jar:1.50.0]
        at org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown Source) ~[bcprov-jdk15on-150.jar:1.50.0]
        at org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown Source) ~[bcprov-jdk15on-150.jar:1.50.0]
        ... 7 more

Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

David Hook

Hmmm. The time based nature of this sounds an awful lot like a change of
public key at the other end. Are you sure everyone is properly in sync?

Regards,

David

On 19/03/14 22:22, Code Anon wrote:

> Hello,
>
> I am receiving regularly these PGP files from a third party. I made a
> java service to decrypt them and process the contents and it used to
> work fine, up to around 2 weeks ago. I am using BC 1.5.
>
> Since 2 weeks I can no longer decrypt the files. I can still decrypt
> them by using using GNU PG.  I've been searching around, but I can't
> find anyone with the same problem.
>
> This is the relevant part of my code:
>
>         PGPPublicKeyEncryptedData encryptedData;
>         PGPOnePassSignatureList onePassSignatureList;
>         PGPSignatureList signatureList;
>         try (InputStream decoderStream =
> PGPUtil.getDecoderStream(encryptedStream)) {
>             PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
>             Object o = pgpF.nextObject();
>             PGPEncryptedDataList enc = (o instanceof
> PGPEncryptedDataList)
>                     ? (PGPEncryptedDataList) o
>                     : (PGPEncryptedDataList) pgpF.nextObject();
>             encryptedData = null;
>             PGPPrivateKey privateKey = null;
>             for (Iterator<PGPPublicKeyEncryptedData> iterator =
> enc.getEncryptedDataObjects(); iterator.hasNext();) {
>                 encryptedData = iterator.next();
>                 PBESecretKeyDecryptor decryptor = new
> BcPBESecretKeyDecryptorBuilder(
>                         new
> BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>                 PGPSecretKey secretKey =
> pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>                 if (secretKey != null) {
>                     privateKey = secretKey.extractPrivateKey(decryptor);
>                     continue;
>                 }
>             }
>             if (privateKey == null) {
>                 throw new IllegalArgumentException("Unable to find
> secret key to decrypt the message");
>             }
>             PGPObjectFactory plainStream = new PGPObjectFactory(
>                     encryptedData.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> And this is the Exception thrown from the last line of this code:
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: unknown block type
>         at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
> ~[classes/:?]
>         at
> com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
> [classes/:?]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [?:1.7.0_21]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [?:1.7.0_21]
>         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown
> block type
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         ... 7 more
>
> Thanks!


Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

codeanon
Hi David, thank you for taking the time to take a look at it!

It does sound like a change of public key at the other end, that was my initial assumption too. But I asked the provider and they said that they didn't change the key.

On the other hand, I can decrypt using GNU PG. This also invalidates the public key changed theory... right?

Have you ever seen this stacktrace before? I googled around and could not find anything relevant... so frustrating!

Regards,
CodeAnon


On Thu, Mar 20, 2014 at 2:44 AM, David Hook <[hidden email]> wrote:

Hmmm. The time based nature of this sounds an awful lot like a change of public key at the other end. Are you sure everyone is properly in sync?

Regards,

David


On 19/03/14 22:22, Code Anon wrote:
Hello,

I am receiving regularly these PGP files from a third party. I made a java service to decrypt them and process the contents and it used to work fine, up to around 2 weeks ago. I am using BC 1.5.

Since 2 weeks I can no longer decrypt the files. I can still decrypt them by using using GNU PG.  I've been searching around, but I can't find anyone with the same problem.

This is the relevant part of my code:

        PGPPublicKeyEncryptedData encryptedData;
        PGPOnePassSignatureList onePassSignatureList;
        PGPSignatureList signatureList;
        try (InputStream decoderStream = PGPUtil.getDecoderStream(encryptedStream)) {
            PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
            Object o = pgpF.nextObject();
            PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
                    ? (PGPEncryptedDataList) o
                    : (PGPEncryptedDataList) pgpF.nextObject();
            encryptedData = null;
            PGPPrivateKey privateKey = null;
            for (Iterator<PGPPublicKeyEncryptedData> iterator = enc.getEncryptedDataObjects(); iterator.hasNext();) {
                encryptedData = iterator.next();
                PBESecretKeyDecryptor decryptor = new BcPBESecretKeyDecryptorBuilder(
                        new BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
                PGPSecretKey secretKey = pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
                if (secretKey != null) {
                    privateKey = secretKey.extractPrivateKey(decryptor);
                    continue;
                }
            }
            if (privateKey == null) {
                throw new IllegalArgumentException("Unable to find secret key to decrypt the message");
            }
            PGPObjectFactory plainStream = new PGPObjectFactory(
                    encryptedData.getDataStream(new BcPublicKeyDataDecryptorFactory(privateKey)));

And this is the Exception thrown from the last line of this code:

org.bouncycastle.openpgp.PGPException: exception encrypting session info: unknown block type
        at org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown Source) ~[bcpg-jdk15on-150.jar:1.50.0]
        at org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown Source) ~[bcpg-jdk15on-150.jar:1.50.0]
        at com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160) ~[classes/:?]
        at com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95) [classes/:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [?:1.7.0_21]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [?:1.7.0_21]
        at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown block type
        at org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown Source) ~[bcprov-jdk15on-150.jar:1.50.0]
        at org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown Source) ~[bcprov-jdk15on-150.jar:1.50.0]
        at org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown Source) ~[bcprov-jdk15on-150.jar:1.50.0]
        ... 7 more

Thanks!



Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

martijn.list
In reply to this post by codeanon
Hi,

Are you sure that "continue" should not be "break" in the following code:

if (secretKey != null) {
    privateKey = secretKey.extractPrivateKey(decryptor);
    continue;
}

Because now if the message is encrypted for more then one recipient for
which you do not have the private key, there is chance that the
privateKey no longer matches the encryptedData instance since the
encryptedData is changed during the loop.

Kind regards,

Martijn Brinkers

On 03/19/2014 12:22 PM, Code Anon wrote:

> Hello,
>
> I am receiving regularly these PGP files from a third party. I made a
> java service to decrypt them and process the contents and it used to
> work fine, up to around 2 weeks ago. I am using BC 1.5.
>
> Since 2 weeks I can no longer decrypt the files. I can still decrypt
> them by using using GNU PG.  I've been searching around, but I can't
> find anyone with the same problem.
>
> This is the relevant part of my code:
>
>         PGPPublicKeyEncryptedData encryptedData;
>         PGPOnePassSignatureList onePassSignatureList;
>         PGPSignatureList signatureList;
>         try (InputStream decoderStream =
> PGPUtil.getDecoderStream(encryptedStream)) {
>             PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
>             Object o = pgpF.nextObject();
>             PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
>                     ? (PGPEncryptedDataList) o
>                     : (PGPEncryptedDataList) pgpF.nextObject();
>             encryptedData = null;
>             PGPPrivateKey privateKey = null;
>             for (Iterator<PGPPublicKeyEncryptedData> iterator =
> enc.getEncryptedDataObjects(); iterator.hasNext();) {
>                 encryptedData = iterator.next();                
>                 PBESecretKeyDecryptor decryptor = new
> BcPBESecretKeyDecryptorBuilder(
>                         new
> BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>
>                 PGPSecretKey secretKey =
> pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>                 if (secretKey != null) {
>                     privateKey = secretKey.extractPrivateKey(decryptor);
>                     continue;
>                 }
>             }
>             if (privateKey == null) {
>                 throw new IllegalArgumentException("Unable to find
> secret key to decrypt the message");
>             }            
>             PGPObjectFactory plainStream = new PGPObjectFactory(
>                     encryptedData.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> And this is the Exception thrown from the last line of this code:
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: unknown block type
>         at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
> ~[classes/:?]
>         at
> com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
> [classes/:?]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [?:1.7.0_21]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [?:1.7.0_21]
>         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown
> block type
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         ... 7 more
>
> Thanks!


--
DJIGZO email encryption

Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

codeanon
Hi Martjin,

It actually makes no difference because each of the files is passing through that condition only one time...

Kind regards,
CodeAnon


On Thu, Mar 20, 2014 at 12:54 PM, martijn.list <[hidden email]> wrote:
Hi,

Are you sure that "continue" should not be "break" in the following code:

if (secretKey != null) {
    privateKey = secretKey.extractPrivateKey(decryptor);
    continue;
}

Because now if the message is encrypted for more then one recipient for
which you do not have the private key, there is chance that the
privateKey no longer matches the encryptedData instance since the
encryptedData is changed during the loop.

Kind regards,

Martijn Brinkers

On 03/19/2014 12:22 PM, Code Anon wrote:
> Hello,
>
> I am receiving regularly these PGP files from a third party. I made a
> java service to decrypt them and process the contents and it used to
> work fine, up to around 2 weeks ago. I am using BC 1.5.
>
> Since 2 weeks I can no longer decrypt the files. I can still decrypt
> them by using using GNU PG.  I've been searching around, but I can't
> find anyone with the same problem.
>
> This is the relevant part of my code:
>
>         PGPPublicKeyEncryptedData encryptedData;
>         PGPOnePassSignatureList onePassSignatureList;
>         PGPSignatureList signatureList;
>         try (InputStream decoderStream =
> PGPUtil.getDecoderStream(encryptedStream)) {
>             PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
>             Object o = pgpF.nextObject();
>             PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
>                     ? (PGPEncryptedDataList) o
>                     : (PGPEncryptedDataList) pgpF.nextObject();
>             encryptedData = null;
>             PGPPrivateKey privateKey = null;
>             for (Iterator<PGPPublicKeyEncryptedData> iterator =
> enc.getEncryptedDataObjects(); iterator.hasNext();) {
>                 encryptedData = iterator.next();
>                 PBESecretKeyDecryptor decryptor = new
> BcPBESecretKeyDecryptorBuilder(
>                         new
> BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>
>                 PGPSecretKey secretKey =
> pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>                 if (secretKey != null) {
>                     privateKey = secretKey.extractPrivateKey(decryptor);
>                     continue;
>                 }
>             }
>             if (privateKey == null) {
>                 throw new IllegalArgumentException("Unable to find
> secret key to decrypt the message");
>             }
>             PGPObjectFactory plainStream = new PGPObjectFactory(
>                     encryptedData.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> And this is the Exception thrown from the last line of this code:
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: unknown block type
>         at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
> ~[classes/:?]
>         at
> com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
> [classes/:?]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [?:1.7.0_21]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [?:1.7.0_21]
>         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown
> block type
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         ... 7 more
>
> Thanks!


--
DJIGZO email encryption

Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

Carlos Perez
Any chance you could do a PGPKeydump to see what the key has in terms of packets and settings? And a --debug-all from GPG, I have found it useful in my own code debugging 

On Mar 20, 2014, at 11:10 AM, Code Anon <[hidden email]> wrote:

Hi Martjin,

It actually makes no difference because each of the files is passing through that condition only one time...

Kind regards,
CodeAnon


On Thu, Mar 20, 2014 at 12:54 PM, martijn.list <[hidden email]> wrote:
Hi,

Are you sure that "continue" should not be "break" in the following code:

if (secretKey != null) {
    privateKey = secretKey.extractPrivateKey(decryptor);
    continue;
}

Because now if the message is encrypted for more then one recipient for
which you do not have the private key, there is chance that the
privateKey no longer matches the encryptedData instance since the
encryptedData is changed during the loop.

Kind regards,

Martijn Brinkers

On 03/19/2014 12:22 PM, Code Anon wrote:
> Hello,
>
> I am receiving regularly these PGP files from a third party. I made a
> java service to decrypt them and process the contents and it used to
> work fine, up to around 2 weeks ago. I am using BC 1.5.
>
> Since 2 weeks I can no longer decrypt the files. I can still decrypt
> them by using using GNU PG.  I've been searching around, but I can't
> find anyone with the same problem.
>
> This is the relevant part of my code:
>
>         PGPPublicKeyEncryptedData encryptedData;
>         PGPOnePassSignatureList onePassSignatureList;
>         PGPSignatureList signatureList;
>         try (InputStream decoderStream =
> PGPUtil.getDecoderStream(encryptedStream)) {
>             PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
>             Object o = pgpF.nextObject();
>             PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
>                     ? (PGPEncryptedDataList) o
>                     : (PGPEncryptedDataList) pgpF.nextObject();
>             encryptedData = null;
>             PGPPrivateKey privateKey = null;
>             for (Iterator<PGPPublicKeyEncryptedData> iterator =
> enc.getEncryptedDataObjects(); iterator.hasNext();) {
>                 encryptedData = iterator.next();
>                 PBESecretKeyDecryptor decryptor = new
> BcPBESecretKeyDecryptorBuilder(
>                         new
> BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>
>                 PGPSecretKey secretKey =
> pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>                 if (secretKey != null) {
>                     privateKey = secretKey.extractPrivateKey(decryptor);
>                     continue;
>                 }
>             }
>             if (privateKey == null) {
>                 throw new IllegalArgumentException("Unable to find
> secret key to decrypt the message");
>             }
>             PGPObjectFactory plainStream = new PGPObjectFactory(
>                     encryptedData.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> And this is the Exception thrown from the last line of this code:
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: unknown block type
>         at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
> ~[classes/:?]
>         at
> com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
> [classes/:?]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [?:1.7.0_21]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [?:1.7.0_21]
>         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown
> block type
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         ... 7 more
>
> Thanks!


--
DJIGZO email encryption

Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

codeanon
Hi Carlos,

I am relatively new to this... how could I do a PGPKeydump?

I'll try the --debug-all from GPG and come back with the results tomorrow.

Regards,
CodeAnon


On Thu, Mar 20, 2014 at 5:21 PM, Carlos Perez <[hidden email]> wrote:
Any chance you could do a PGPKeydump to see what the key has in terms of packets and settings? And a --debug-all from GPG, I have found it useful in my own code debugging 

On Mar 20, 2014, at 11:10 AM, Code Anon <[hidden email]> wrote:

Hi Martjin,

It actually makes no difference because each of the files is passing through that condition only one time...

Kind regards,
CodeAnon


On Thu, Mar 20, 2014 at 12:54 PM, martijn.list <[hidden email]> wrote:
Hi,

Are you sure that "continue" should not be "break" in the following code:

if (secretKey != null) {
    privateKey = secretKey.extractPrivateKey(decryptor);
    continue;
}

Because now if the message is encrypted for more then one recipient for
which you do not have the private key, there is chance that the
privateKey no longer matches the encryptedData instance since the
encryptedData is changed during the loop.

Kind regards,

Martijn Brinkers

On 03/19/2014 12:22 PM, Code Anon wrote:
> Hello,
>
> I am receiving regularly these PGP files from a third party. I made a
> java service to decrypt them and process the contents and it used to
> work fine, up to around 2 weeks ago. I am using BC 1.5.
>
> Since 2 weeks I can no longer decrypt the files. I can still decrypt
> them by using using GNU PG.  I've been searching around, but I can't
> find anyone with the same problem.
>
> This is the relevant part of my code:
>
>         PGPPublicKeyEncryptedData encryptedData;
>         PGPOnePassSignatureList onePassSignatureList;
>         PGPSignatureList signatureList;
>         try (InputStream decoderStream =
> PGPUtil.getDecoderStream(encryptedStream)) {
>             PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
>             Object o = pgpF.nextObject();
>             PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
>                     ? (PGPEncryptedDataList) o
>                     : (PGPEncryptedDataList) pgpF.nextObject();
>             encryptedData = null;
>             PGPPrivateKey privateKey = null;
>             for (Iterator<PGPPublicKeyEncryptedData> iterator =
> enc.getEncryptedDataObjects(); iterator.hasNext();) {
>                 encryptedData = iterator.next();
>                 PBESecretKeyDecryptor decryptor = new
> BcPBESecretKeyDecryptorBuilder(
>                         new
> BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>
>                 PGPSecretKey secretKey =
> pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>                 if (secretKey != null) {
>                     privateKey = secretKey.extractPrivateKey(decryptor);
>                     continue;
>                 }
>             }
>             if (privateKey == null) {
>                 throw new IllegalArgumentException("Unable to find
> secret key to decrypt the message");
>             }
>             PGPObjectFactory plainStream = new PGPObjectFactory(
>                     encryptedData.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> And this is the Exception thrown from the last line of this code:
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: unknown block type
>         at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
> ~[classes/:?]
>         at
> com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
> [classes/:?]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [?:1.7.0_21]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [?:1.7.0_21]
>         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown
> block type
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         ... 7 more
>
> Thanks!


--
DJIGZO email encryption


Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

martijn.list
If you are on Linux, you could try pgpdump (on Debian/Ubuntu you can
install the pgpdump package)

Description:

"The pgpdump is a PGP packet visualizer which displays the packet format
of OpenPGP (RFC 2440 + bis) and PGP version 2 (RFC 1991)."

Kind regards,

Martijn Brinkers

On 03/20/2014 05:02 PM, Code Anon wrote:

> Hi Carlos,
>
> I am relatively new to this... how could I do a PGPKeydump?
>
> I'll try the --debug-all from GPG and come back with the results tomorrow.
>
> Regards,
> CodeAnon
>
>
> On Thu, Mar 20, 2014 at 5:21 PM, Carlos Perez
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Any chance you could do a PGPKeydump to see what the key has in
>     terms of packets and settings? And a --debug-all from GPG, I have
>     found it useful in my own code debugging
>
>     On Mar 20, 2014, at 11:10 AM, Code Anon <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>>     Hi Martjin,
>>
>>     It actually makes no difference because each of the files is
>>     passing through that condition only one time...
>>
>>     Kind regards,
>>     CodeAnon
>>
>>
>>     On Thu, Mar 20, 2014 at 12:54 PM, martijn.list
>>     <[hidden email] <mailto:[hidden email]>> wrote:
>>
>>         Hi,
>>
>>         Are you sure that "continue" should not be "break" in the
>>         following code:
>>
>>         if (secretKey != null) {
>>             privateKey = secretKey.extractPrivateKey(decryptor);
>>             continue;
>>         }
>>
>>         Because now if the message is encrypted for more then one
>>         recipient for
>>         which you do not have the private key, there is chance that the
>>         privateKey no longer matches the encryptedData instance since the
>>         encryptedData is changed during the loop.
>>
>>         Kind regards,
>>
>>         Martijn Brinkers
>>
>>         On 03/19/2014 12:22 PM, Code Anon wrote:
>>         > Hello,
>>         >
>>         > I am receiving regularly these PGP files from a third party.
>>         I made a
>>         > java service to decrypt them and process the contents and it
>>         used to
>>         > work fine, up to around 2 weeks ago. I am using BC 1.5.
>>         >
>>         > Since 2 weeks I can no longer decrypt the files. I can still
>>         decrypt
>>         > them by using using GNU PG.  I've been searching around, but
>>         I can't
>>         > find anyone with the same problem.
>>         >
>>         > This is the relevant part of my code:
>>         >
>>         >         PGPPublicKeyEncryptedData encryptedData;
>>         >         PGPOnePassSignatureList onePassSignatureList;
>>         >         PGPSignatureList signatureList;
>>         >         try (InputStream decoderStream =
>>         > PGPUtil.getDecoderStream(encryptedStream)) {
>>         >             PGPObjectFactory pgpF = new
>>         PGPObjectFactory(decoderStream);
>>         >             Object o = pgpF.nextObject();
>>         >             PGPEncryptedDataList enc = (o instanceof
>>         PGPEncryptedDataList)
>>         >                     ? (PGPEncryptedDataList) o
>>         >                     : (PGPEncryptedDataList) pgpF.nextObject();
>>         >             encryptedData = null;
>>         >             PGPPrivateKey privateKey = null;
>>         >             for (Iterator<PGPPublicKeyEncryptedData> iterator =
>>         > enc.getEncryptedDataObjects(); iterator.hasNext();) {
>>         >                 encryptedData = iterator.next();
>>         >                 PBESecretKeyDecryptor decryptor = new
>>         > BcPBESecretKeyDecryptorBuilder(
>>         >                         new
>>         >
>>         BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>>         >
>>         >                 PGPSecretKey secretKey =
>>         >
>>         pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>>         >                 if (secretKey != null) {
>>         >                     privateKey =
>>         secretKey.extractPrivateKey(decryptor);
>>         >                     continue;
>>         >                 }
>>         >             }
>>         >             if (privateKey == null) {
>>         >                 throw new IllegalArgumentException("Unable
>>         to find
>>         > secret key to decrypt the message");
>>         >             }
>>         >             PGPObjectFactory plainStream = new PGPObjectFactory(
>>         >                     encryptedData.getDataStream(new
>>         > BcPublicKeyDataDecryptorFactory(privateKey)));
>>         >
>>         > And this is the Exception thrown from the last line of this
>>         code:
>>         >
>>         > org.bouncycastle.openpgp.PGPException: exception encrypting
>>         session
>>         > info: unknown block type
>>         >         at
>>         >
>>         org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
>>         > Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>>         >         at
>>         >
>>         org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
>>         > Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>>         >         at
>>         >
>>         com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
>>         > ~[classes/:?]
>>         >         at
>>         >
>>         com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
>>         > [classes/:?]
>>         >         at
>>         >
>>         java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>         > [?:1.7.0_21]
>>         >         at
>>         >
>>         java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>         > [?:1.7.0_21]
>>         >         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
>>         > Caused by:
>>         org.bouncycastle.crypto.InvalidCipherTextException: unknown
>>         > block type
>>         >         at
>>         >
>>         org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
>>         > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>         >         at
>>         >
>>         org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
>>         > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>         >         at
>>         >
>>         org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
>>         > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>         >         ... 7 more
>>         >
>>         > Thanks!
>>
>>
>>         --
>>         DJIGZO email encryption
>>
>>
>


--
DJIGZO email encryption

Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

Carlos Perez
In reply to this post by codeanon

On Mar 20, 2014, at 12:02 PM, Code Anon <[hidden email]> wrote:

Hi Carlos,

I am relatively new to this... how could I do a PGPKeydump?

I'll try the --debug-all from GPG and come back with the results tomorrow.

Regards,
CodeAnon


On Thu, Mar 20, 2014 at 5:21 PM, Carlos Perez <[hidden email]> wrote:
Any chance you could do a PGPKeydump to see what the key has in terms of packets and settings? And a --debug-all from GPG, I have found it useful in my own code debugging 

On Mar 20, 2014, at 11:10 AM, Code Anon <[hidden email]> wrote:

Hi Martjin,

It actually makes no difference because each of the files is passing through that condition only one time...

Kind regards,
CodeAnon


On Thu, Mar 20, 2014 at 12:54 PM, martijn.list <[hidden email]> wrote:
Hi,

Are you sure that "continue" should not be "break" in the following code:

if (secretKey != null) {
    privateKey = secretKey.extractPrivateKey(decryptor);
    continue;
}

Because now if the message is encrypted for more then one recipient for
which you do not have the private key, there is chance that the
privateKey no longer matches the encryptedData instance since the
encryptedData is changed during the loop.

Kind regards,

Martijn Brinkers

On 03/19/2014 12:22 PM, Code Anon wrote:
> Hello,
>
> I am receiving regularly these PGP files from a third party. I made a
> java service to decrypt them and process the contents and it used to
> work fine, up to around 2 weeks ago. I am using BC 1.5.
>
> Since 2 weeks I can no longer decrypt the files. I can still decrypt
> them by using using GNU PG.  I've been searching around, but I can't
> find anyone with the same problem.
>
> This is the relevant part of my code:
>
>         PGPPublicKeyEncryptedData encryptedData;
>         PGPOnePassSignatureList onePassSignatureList;
>         PGPSignatureList signatureList;
>         try (InputStream decoderStream =
> PGPUtil.getDecoderStream(encryptedStream)) {
>             PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
>             Object o = pgpF.nextObject();
>             PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
>                     ? (PGPEncryptedDataList) o
>                     : (PGPEncryptedDataList) pgpF.nextObject();
>             encryptedData = null;
>             PGPPrivateKey privateKey = null;
>             for (Iterator<PGPPublicKeyEncryptedData> iterator =
> enc.getEncryptedDataObjects(); iterator.hasNext();) {
>                 encryptedData = iterator.next();
>                 PBESecretKeyDecryptor decryptor = new
> BcPBESecretKeyDecryptorBuilder(
>                         new
> BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>
>                 PGPSecretKey secretKey =
> pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>                 if (secretKey != null) {
>                     privateKey = secretKey.extractPrivateKey(decryptor);
>                     continue;
>                 }
>             }
>             if (privateKey == null) {
>                 throw new IllegalArgumentException("Unable to find
> secret key to decrypt the message");
>             }
>             PGPObjectFactory plainStream = new PGPObjectFactory(
>                     encryptedData.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> And this is the Exception thrown from the last line of this code:
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: unknown block type
>         at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
> ~[classes/:?]
>         at
> com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
> [classes/:?]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [?:1.7.0_21]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [?:1.7.0_21]
>         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown
> block type
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         ... 7 more
>
> Thanks!


--
DJIGZO email encryption


Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

codeanon
Hi,

As I was saying, I am fairly new to this so please bare with me...

I have tried running GPG with --debug-all... but the output is huge. I'm not sure in which part of it you are interested...

I have also tried using bcprov-debug-jdk15on-150.jar instead of bcprov-jdk15on-150.jar, but I get exactly the same stacktrace and no other information. Is there anything specific that I need to do to get more detailed debug messages?

What I have is an .asc file which contains two keys, one private and one public. With this file I am doing this:
        PGPObjectFactory factory = new PGPObjectFactory(PGPUtil.getDecoderStream(ascFileStream));
        Object o = factory.nextObject();
        if (o instanceof PGPSecretKeyRing) {           
            return (PGPSecretKeyRing) o;
        }
This is the PGPSecretKeyRing which is returned by pgpKeyInfo.getSecretKeyRing(), from my initial code.

Here there are the dumps of the two keys from my asc file, as returned by the utility provided by Carlos(Thanks!):

Private key dump:
Old: Secret Key Packet(tag 5)(462 bytes)
        Ver 4 - new
        Public key creation time - Thu Dec 19 21:34:40 UTC 2013
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        DSA p(1024 bits) - ...
        DSA q(160 bits) - ...
        DSA g(1024 bits) - ...
        DSA y(1023 bits) - ...
        Sym alg - CAST5(sym 3)
        Iterated and salted string-to-key(s2k 3):
                Hash alg - SHA1(hash 2)
                Salt - dc 32 7f 43 5d 97 a8 00
                Count - 65536(coded count 96)
        IV - 71 8d cd 40 a7 4f 0c 8a
        Encrypted DSA x
        Encrypted checksum
Old: User ID Packet(tag 13)(16 bytes)
        User ID - <<CENSORED>>
Old: Secret Subkey Packet(tag 7)(593 bytes)
        Ver 4 - new
        Public key creation time - Thu Dec 19 21:34:40 UTC 2013
        Pub alg - ElGamal Encrypt-Only(pub 16)
        ElGamal p(2048 bits) - ...
        ElGamal g(2 bits) - ...
        ElGamal y(2048 bits) - ...
        Sym alg - CAST5(sym 3)
        Iterated and salted string-to-key(s2k 3):
                Hash alg - SHA1(hash 2)
                Salt - d8 77 04 36 f9 3e bb 6b
                Count - 65536(coded count 96)
        IV - 07 70 e3 21 fe 61 7b d0
        Encrypted ElGamal x
        Encrypted checksum   

Public key dump:
Old: Public Key Packet(tag 6)(418 bytes)
        Ver 4 - new
        Public key creation time - Thu Dec 19 21:34:40 UTC 2013
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        DSA p(1024 bits) - ...
        DSA q(160 bits) - ...
        DSA g(1024 bits) - ...
        DSA y(1023 bits) - ...
Old: User ID Packet(tag 13)(16 bytes)
        User ID - <<CENSORED>>
Old: Signature Packet(tag 2)(78 bytes)
        Ver 4 - new
        Sig type - Generic certification of a User ID and Public Key packet(0x10).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA1(hash 2)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Thu Dec 19 21:34:40 UTC 2013
        Hashed Sub: preferred symmetric algorithms(sub 11)(3 bytes)
                Sym alg - CAST5(sym 3)
                Sym alg - Triple-DES(sym 2)
                Sym alg - IDEA(sym 1)
        Hashed Sub: primary User ID(sub 25)(1 bytes)
                Primary - Yes
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xCF2DFE884664F2D5
        Hash left 2 bytes - dc fa
        DSA s(160 bits) - ...
        DSA r(159 bits) - ...
                -> hash(DSA q bits)
Old: Public Subkey Packet(tag 14)(525 bytes)
        Ver 4 - new
        Public key creation time - Thu Dec 19 21:34:40 UTC 2013
        Pub alg - ElGamal Encrypt-Only(pub 16)
        ElGamal p(2048 bits) - ...
        ElGamal g(2 bits) - ...
        ElGamal y(2048 bits) - ...
Old: Signature Packet(tag 2)(70 bytes)
        Ver 4 - new
        Sig type - Subkey Binding Signature(0x18).
        Pub alg - DSA Digital Signature Algorithm(pub 17)
        Hash alg - SHA1(hash 2)
        Hashed Sub: signature creation time(sub 2)(4 bytes)
                Time - Thu Dec 19 21:34:40 UTC 2013
        Sub: issuer key ID(sub 16)(8 bytes)
                Key ID - 0xCF2DFE884664F2D5
        Hash left 2 bytes - 56 48
        DSA r(159 bits) - ...
        DSA s(160 bits) - ...
                -> hash(DSA q bits)   

Thanks again for your time,
CodeAnon


On Thu, Mar 20, 2014 at 6:13 PM, Carlos Perez <[hidden email]> wrote:

On Mar 20, 2014, at 12:02 PM, Code Anon <[hidden email]> wrote:

Hi Carlos,

I am relatively new to this... how could I do a PGPKeydump?

I'll try the --debug-all from GPG and come back with the results tomorrow.

Regards,
CodeAnon


On Thu, Mar 20, 2014 at 5:21 PM, Carlos Perez <[hidden email]> wrote:
Any chance you could do a PGPKeydump to see what the key has in terms of packets and settings? And a --debug-all from GPG, I have found it useful in my own code debugging 

On Mar 20, 2014, at 11:10 AM, Code Anon <[hidden email]> wrote:

Hi Martjin,

It actually makes no difference because each of the files is passing through that condition only one time...

Kind regards,
CodeAnon


On Thu, Mar 20, 2014 at 12:54 PM, martijn.list <[hidden email]> wrote:
Hi,

Are you sure that "continue" should not be "break" in the following code:

if (secretKey != null) {
    privateKey = secretKey.extractPrivateKey(decryptor);
    continue;
}

Because now if the message is encrypted for more then one recipient for
which you do not have the private key, there is chance that the
privateKey no longer matches the encryptedData instance since the
encryptedData is changed during the loop.

Kind regards,

Martijn Brinkers

On 03/19/2014 12:22 PM, Code Anon wrote:
> Hello,
>
> I am receiving regularly these PGP files from a third party. I made a
> java service to decrypt them and process the contents and it used to
> work fine, up to around 2 weeks ago. I am using BC 1.5.
>
> Since 2 weeks I can no longer decrypt the files. I can still decrypt
> them by using using GNU PG.  I've been searching around, but I can't
> find anyone with the same problem.
>
> This is the relevant part of my code:
>
>         PGPPublicKeyEncryptedData encryptedData;
>         PGPOnePassSignatureList onePassSignatureList;
>         PGPSignatureList signatureList;
>         try (InputStream decoderStream =
> PGPUtil.getDecoderStream(encryptedStream)) {
>             PGPObjectFactory pgpF = new PGPObjectFactory(decoderStream);
>             Object o = pgpF.nextObject();
>             PGPEncryptedDataList enc = (o instanceof PGPEncryptedDataList)
>                     ? (PGPEncryptedDataList) o
>                     : (PGPEncryptedDataList) pgpF.nextObject();
>             encryptedData = null;
>             PGPPrivateKey privateKey = null;
>             for (Iterator<PGPPublicKeyEncryptedData> iterator =
> enc.getEncryptedDataObjects(); iterator.hasNext();) {
>                 encryptedData = iterator.next();
>                 PBESecretKeyDecryptor decryptor = new
> BcPBESecretKeyDecryptorBuilder(
>                         new
> BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>
>                 PGPSecretKey secretKey =
> pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>                 if (secretKey != null) {
>                     privateKey = secretKey.extractPrivateKey(decryptor);
>                     continue;
>                 }
>             }
>             if (privateKey == null) {
>                 throw new IllegalArgumentException("Unable to find
> secret key to decrypt the message");
>             }
>             PGPObjectFactory plainStream = new PGPObjectFactory(
>                     encryptedData.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> And this is the Exception thrown from the last line of this code:
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: unknown block type
>         at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
> Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>         at
> com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
> ~[classes/:?]
>         at
> com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
> [classes/:?]
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [?:1.7.0_21]
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [?:1.7.0_21]
>         at java.lang.Thread.run(Thread.java:722) [?:1.7.0_21]
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: unknown
> block type
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>         ... 7 more
>
> Thanks!


--
DJIGZO email encryption



Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

martijn.list
On 03/21/2014 02:20 PM, Code Anon wrote:

> Hi,
>
> As I was saying, I am fairly new to this so please bare with me...
>
> I have tried running GPG with --debug-all... but the output is huge. I'm
> not sure in which part of it you are interested...
>
> I have also tried using bcprov-debug-jdk15on-150.jar instead of
> bcprov-jdk15on-150.jar, but I get exactly the same stacktrace and no
> other information. Is there anything specific that I need to do to get
> more detailed debug messages?
>
> What I have is an .asc file which contains two keys, one private and one
> public. With this file I am doing this:
>         PGPObjectFactory factory = new
> PGPObjectFactory(PGPUtil.getDecoderStream(ascFileStream));
>         Object o = factory.nextObject();
>         if (o instanceof PGPSecretKeyRing) {          
>             return (PGPSecretKeyRing) o;
>         }
> This is the PGPSecretKeyRing which is returned by
> pgpKeyInfo.getSecretKeyRing(), from my initial code.
>
> Here there are the dumps of the two keys from my asc file, as returned
> by the utility provided by Carlos(Thanks!):

Could you also provide a PGP dump of the encrypted data?

Kind regards,

Martijn Brinkers

>
> Private key dump:
> Old: Secret Key Packet(tag 5)(462 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         DSA p(1024 bits) - ...
>         DSA q(160 bits) - ...
>         DSA g(1024 bits) - ...
>         DSA y(1023 bits) - ...
>         Sym alg - CAST5(sym 3)
>         Iterated and salted string-to-key(s2k 3):
>                 Hash alg - SHA1(hash 2)
>                 Salt - dc 32 7f 43 5d 97 a8 00
>                 Count - 65536(coded count 96)
>         IV - 71 8d cd 40 a7 4f 0c 8a
>         Encrypted DSA x
>         Encrypted checksum
> Old: User ID Packet(tag 13)(16 bytes)
>         User ID - <<CENSORED>>
> Old: Secret Subkey Packet(tag 7)(593 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - ElGamal Encrypt-Only(pub 16)
>         ElGamal p(2048 bits) - ...
>         ElGamal g(2 bits) - ...
>         ElGamal y(2048 bits) - ...
>         Sym alg - CAST5(sym 3)
>         Iterated and salted string-to-key(s2k 3):
>                 Hash alg - SHA1(hash 2)
>                 Salt - d8 77 04 36 f9 3e bb 6b
>                 Count - 65536(coded count 96)
>         IV - 07 70 e3 21 fe 61 7b d0
>         Encrypted ElGamal x
>         Encrypted checksum  
>
> Public key dump:
> Old: Public Key Packet(tag 6)(418 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         DSA p(1024 bits) - ...
>         DSA q(160 bits) - ...
>         DSA g(1024 bits) - ...
>         DSA y(1023 bits) - ...
> Old: User ID Packet(tag 13)(16 bytes)
>         User ID - <<CENSORED>>
> Old: Signature Packet(tag 2)(78 bytes)
>         Ver 4 - new
>         Sig type - Generic certification of a User ID and Public Key
> packet(0x10).
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         Hash alg - SHA1(hash 2)
>         Hashed Sub: signature creation time(sub 2)(4 bytes)
>                 Time - Thu Dec 19 21:34:40 UTC 2013
>         Hashed Sub: preferred symmetric algorithms(sub 11)(3 bytes)
>                 Sym alg - CAST5(sym 3)
>                 Sym alg - Triple-DES(sym 2)
>                 Sym alg - IDEA(sym 1)
>         Hashed Sub: primary User ID(sub 25)(1 bytes)
>                 Primary - Yes
>         Sub: issuer key ID(sub 16)(8 bytes)
>                 Key ID - 0xCF2DFE884664F2D5
>         Hash left 2 bytes - dc fa
>         DSA s(160 bits) - ...
>         DSA r(159 bits) - ...
>                 -> hash(DSA q bits)
> Old: Public Subkey Packet(tag 14)(525 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - ElGamal Encrypt-Only(pub 16)
>         ElGamal p(2048 bits) - ...
>         ElGamal g(2 bits) - ...
>         ElGamal y(2048 bits) - ...
> Old: Signature Packet(tag 2)(70 bytes)
>         Ver 4 - new
>         Sig type - Subkey Binding Signature(0x18).
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         Hash alg - SHA1(hash 2)
>         Hashed Sub: signature creation time(sub 2)(4 bytes)
>                 Time - Thu Dec 19 21:34:40 UTC 2013
>         Sub: issuer key ID(sub 16)(8 bytes)
>                 Key ID - 0xCF2DFE884664F2D5
>         Hash left 2 bytes - 56 48
>         DSA r(159 bits) - ...
>         DSA s(160 bits) - ...
>                 -> hash(DSA q bits)  
>
> Thanks again for your time,
> CodeAnon
>
>
> On Thu, Mar 20, 2014 at 6:13 PM, Carlos Perez
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     http://www.pgpdump.net 
>
>     On Mar 20, 2014, at 12:02 PM, Code Anon <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>>     Hi Carlos,
>>
>>     I am relatively new to this... how could I do a PGPKeydump?
>>
>>     I'll try the --debug-all from GPG and come back with the results
>>     tomorrow.
>>
>>     Regards,
>>     CodeAnon
>>
>>
>>     On Thu, Mar 20, 2014 at 5:21 PM, Carlos Perez
>>     <[hidden email] <mailto:[hidden email]>>
>>     wrote:
>>
>>         Any chance you could do a PGPKeydump to see what the key has
>>         in terms of packets and settings? And a --debug-all from GPG,
>>         I have found it useful in my own code debugging
>>
>>         On Mar 20, 2014, at 11:10 AM, Code Anon <[hidden email]
>>         <mailto:[hidden email]>> wrote:
>>
>>>         Hi Martjin,
>>>
>>>         It actually makes no difference because each of the files is
>>>         passing through that condition only one time...
>>>
>>>         Kind regards,
>>>         CodeAnon
>>>
>>>
>>>         On Thu, Mar 20, 2014 at 12:54 PM, martijn.list
>>>         <[hidden email] <mailto:[hidden email]>> wrote:
>>>
>>>             Hi,
>>>
>>>             Are you sure that "continue" should not be "break" in the
>>>             following code:
>>>
>>>             if (secretKey != null) {
>>>                 privateKey = secretKey.extractPrivateKey(decryptor);
>>>                 continue;
>>>             }
>>>
>>>             Because now if the message is encrypted for more then one
>>>             recipient for
>>>             which you do not have the private key, there is chance
>>>             that the
>>>             privateKey no longer matches the encryptedData instance
>>>             since the
>>>             encryptedData is changed during the loop.
>>>
>>>             Kind regards,
>>>
>>>             Martijn Brinkers
>>>
>>>             On 03/19/2014 12:22 PM, Code Anon wrote:
>>>             > Hello,
>>>             >
>>>             > I am receiving regularly these PGP files from a third
>>>             party. I made a
>>>             > java service to decrypt them and process the contents
>>>             and it used to
>>>             > work fine, up to around 2 weeks ago. I am using BC 1.5.
>>>             >
>>>             > Since 2 weeks I can no longer decrypt the files. I can
>>>             still decrypt
>>>             > them by using using GNU PG.  I've been searching
>>>             around, but I can't
>>>             > find anyone with the same problem.
>>>             >
>>>             > This is the relevant part of my code:
>>>             >
>>>             >         PGPPublicKeyEncryptedData encryptedData;
>>>             >         PGPOnePassSignatureList onePassSignatureList;
>>>             >         PGPSignatureList signatureList;
>>>             >         try (InputStream decoderStream =
>>>             > PGPUtil.getDecoderStream(encryptedStream)) {
>>>             >             PGPObjectFactory pgpF = new
>>>             PGPObjectFactory(decoderStream);
>>>             >             Object o = pgpF.nextObject();
>>>             >             PGPEncryptedDataList enc = (o instanceof
>>>             PGPEncryptedDataList)
>>>             >                     ? (PGPEncryptedDataList) o
>>>             >                     : (PGPEncryptedDataList)
>>>             pgpF.nextObject();
>>>             >             encryptedData = null;
>>>             >             PGPPrivateKey privateKey = null;
>>>             >             for (Iterator<PGPPublicKeyEncryptedData>
>>>             iterator =
>>>             > enc.getEncryptedDataObjects(); iterator.hasNext();) {
>>>             >                 encryptedData = iterator.next();
>>>             >                 PBESecretKeyDecryptor decryptor = new
>>>             > BcPBESecretKeyDecryptorBuilder(
>>>             >                         new
>>>             >
>>>             BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>>>             >
>>>             >                 PGPSecretKey secretKey =
>>>             >
>>>             pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>>>             >                 if (secretKey != null) {
>>>             >                     privateKey =
>>>             secretKey.extractPrivateKey(decryptor);
>>>             >                     continue;
>>>             >                 }
>>>             >             }
>>>             >             if (privateKey == null) {
>>>             >                 throw new
>>>             IllegalArgumentException("Unable to find
>>>             > secret key to decrypt the message");
>>>             >             }
>>>             >             PGPObjectFactory plainStream = new
>>>             PGPObjectFactory(
>>>             >                     encryptedData.getDataStream(new
>>>             > BcPublicKeyDataDecryptorFactory(privateKey)));
>>>             >
>>>             > And this is the Exception thrown from the last line of
>>>             this code:
>>>             >
>>>             > org.bouncycastle.openpgp.PGPException: exception
>>>             encrypting session
>>>             > info: unknown block type
>>>             >         at
>>>             >
>>>             org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
>>>             > Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
>>>             > Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
>>>             > ~[classes/:?]
>>>             >         at
>>>             >
>>>             com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
>>>             > [classes/:?]
>>>             >         at
>>>             >
>>>             java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>>             > [?:1.7.0_21]
>>>             >         at
>>>             >
>>>             java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>>             > [?:1.7.0_21]
>>>             >         at java.lang.Thread.run(Thread.java:722)
>>>             [?:1.7.0_21]
>>>             > Caused by:
>>>             org.bouncycastle.crypto.InvalidCipherTextException: unknown
>>>             > block type
>>>             >         at
>>>             >
>>>             org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
>>>             > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
>>>             > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
>>>             > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>>             >         ... 7 more
>>>             >
>>>             > Thanks!
>>>
>>>
>>>             --
>>>             DJIGZO email encryption
>>>
>>>
>>
>


--
DJIGZO email encryption

Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

codeanon
Here is the pgpdump of the encrypted data:

C:\>gpg --list-packets <<PATH_TO_MY_FILE>>
:marker packet: PGP
:pubkey enc packet: version 3, algo 16, keyid 65DF289A6C045FD1
        data: [2048 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid BEE6707125422773
        data: [2048 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid 095204D28518C205
        data: [2048 bits]
        data: [2046 bits]
:pubkey enc packet: version 3, algo 16, keyid 12B322756060D614
        data: [2048 bits]
        data: [2047 bits]
:pubkey enc packet: version 3, algo 16, keyid 20942F795E92DC5B
        data: [2048 bits]
        data: [2047 bits]
:pubkey enc packet: version 3, algo 16, keyid 3135F201D7060F15
        data: [2048 bits]
        data: [2047 bits]
:pubkey enc packet: version 3, algo 16, keyid C9534D062A01C8DC
        data: [2048 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid 1894E2D8D57008A0
        data: [2047 bits]
        data: [2046 bits]
:pubkey enc packet: version 3, algo 16, keyid 71886EF77D86CF08
        data: [2048 bits]
        data: [2046 bits]
:pubkey enc packet: version 3, algo 16, keyid E032C78BEA97F0A8
        data: [2048 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid 2671BA4DF4BBFC22
        data: [2044 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid 0910D909CBA4F8C7
        data: [2046 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid 2D998913ED555E23
        data: [2046 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid B5EC20532DC0F594
        data: [2048 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid 9EC5217ABDC137F5
        data: [2048 bits]
        data: [2048 bits]
:pubkey enc packet: version 3, algo 16, keyid 91761F39830683E7
        data: [2048 bits]
        data: [2047 bits]

You need a passphrase to unlock the secret key for
user: <<USER>>
2048-bit ELG key, ID 830683E7, created 2013-12-19 (main key ID 4664F2D5)

:pubkey enc packet: version 3, algo 16, keyid 03AD48F25059E38D
        data: [2048 bits]
        data: [2047 bits]
:encrypted data packet:
        length: unknown
gpg: encrypted with ELG key, ID 5059E38D
gpg: encrypted with ELG key, ID BDC137F5
gpg: encrypted with ELG key, ID 2DC0F594
gpg: encrypted with ELG key, ID ED555E23
gpg: encrypted with ELG key, ID CBA4F8C7
gpg: encrypted with ELG key, ID F4BBFC22
gpg: encrypted with ELG key, ID EA97F0A8
gpg: encrypted with ELG key, ID 7D86CF08
gpg: encrypted with ELG key, ID D57008A0
gpg: encrypted with ELG key, ID 2A01C8DC
gpg: encrypted with ELG key, ID D7060F15
gpg: encrypted with ELG key, ID 5E92DC5B
gpg: encrypted with ELG key, ID 6060D614
gpg: encrypted with ELG key, ID 8518C205
gpg: encrypted with ELG key, ID 25422773
gpg: encrypted with ELG key, ID 6C045FD1
gpg: encrypted with 2048-bit ELG key, ID 830683E7, created 2013-12-19
      <<USER>>
:literal data packet:
        mode b (62), created 0, name="<<FILE_NAME>>",
        raw data: unknown length

Regards,
CodeAnon



On Fri, Mar 21, 2014 at 3:58 PM, martijn.list <[hidden email]> wrote:
On 03/21/2014 02:20 PM, Code Anon wrote:
> Hi,
>
> As I was saying, I am fairly new to this so please bare with me...
>
> I have tried running GPG with --debug-all... but the output is huge. I'm
> not sure in which part of it you are interested...
>
> I have also tried using bcprov-debug-jdk15on-150.jar instead of
> bcprov-jdk15on-150.jar, but I get exactly the same stacktrace and no
> other information. Is there anything specific that I need to do to get
> more detailed debug messages?
>
> What I have is an .asc file which contains two keys, one private and one
> public. With this file I am doing this:
>         PGPObjectFactory factory = new
> PGPObjectFactory(PGPUtil.getDecoderStream(ascFileStream));
>         Object o = factory.nextObject();
>         if (o instanceof PGPSecretKeyRing) {
>             return (PGPSecretKeyRing) o;
>         }
> This is the PGPSecretKeyRing which is returned by
> pgpKeyInfo.getSecretKeyRing(), from my initial code.
>
> Here there are the dumps of the two keys from my asc file, as returned
> by the utility provided by Carlos(Thanks!):

Could you also provide a PGP dump of the encrypted data?

Kind regards,

Martijn Brinkers

>
> Private key dump:
> Old: Secret Key Packet(tag 5)(462 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         DSA p(1024 bits) - ...
>         DSA q(160 bits) - ...
>         DSA g(1024 bits) - ...
>         DSA y(1023 bits) - ...
>         Sym alg - CAST5(sym 3)
>         Iterated and salted string-to-key(s2k 3):
>                 Hash alg - SHA1(hash 2)
>                 Salt - dc 32 7f 43 5d 97 a8 00
>                 Count - 65536(coded count 96)
>         IV - 71 8d cd 40 a7 4f 0c 8a
>         Encrypted DSA x
>         Encrypted checksum
> Old: User ID Packet(tag 13)(16 bytes)
>         User ID - <<CENSORED>>
> Old: Secret Subkey Packet(tag 7)(593 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - ElGamal Encrypt-Only(pub 16)
>         ElGamal p(2048 bits) - ...
>         ElGamal g(2 bits) - ...
>         ElGamal y(2048 bits) - ...
>         Sym alg - CAST5(sym 3)
>         Iterated and salted string-to-key(s2k 3):
>                 Hash alg - SHA1(hash 2)
>                 Salt - d8 77 04 36 f9 3e bb 6b
>                 Count - 65536(coded count 96)
>         IV - 07 70 e3 21 fe 61 7b d0
>         Encrypted ElGamal x
>         Encrypted checksum
>
> Public key dump:
> Old: Public Key Packet(tag 6)(418 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         DSA p(1024 bits) - ...
>         DSA q(160 bits) - ...
>         DSA g(1024 bits) - ...
>         DSA y(1023 bits) - ...
> Old: User ID Packet(tag 13)(16 bytes)
>         User ID - <<CENSORED>>
> Old: Signature Packet(tag 2)(78 bytes)
>         Ver 4 - new
>         Sig type - Generic certification of a User ID and Public Key
> packet(0x10).
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         Hash alg - SHA1(hash 2)
>         Hashed Sub: signature creation time(sub 2)(4 bytes)
>                 Time - Thu Dec 19 21:34:40 UTC 2013
>         Hashed Sub: preferred symmetric algorithms(sub 11)(3 bytes)
>                 Sym alg - CAST5(sym 3)
>                 Sym alg - Triple-DES(sym 2)
>                 Sym alg - IDEA(sym 1)
>         Hashed Sub: primary User ID(sub 25)(1 bytes)
>                 Primary - Yes
>         Sub: issuer key ID(sub 16)(8 bytes)
>                 Key ID - 0xCF2DFE884664F2D5
>         Hash left 2 bytes - dc fa
>         DSA s(160 bits) - ...
>         DSA r(159 bits) - ...
>                 -> hash(DSA q bits)
> Old: Public Subkey Packet(tag 14)(525 bytes)
>         Ver 4 - new
>         Public key creation time - Thu Dec 19 21:34:40 UTC 2013
>         Pub alg - ElGamal Encrypt-Only(pub 16)
>         ElGamal p(2048 bits) - ...
>         ElGamal g(2 bits) - ...
>         ElGamal y(2048 bits) - ...
> Old: Signature Packet(tag 2)(70 bytes)
>         Ver 4 - new
>         Sig type - Subkey Binding Signature(0x18).
>         Pub alg - DSA Digital Signature Algorithm(pub 17)
>         Hash alg - SHA1(hash 2)
>         Hashed Sub: signature creation time(sub 2)(4 bytes)
>                 Time - Thu Dec 19 21:34:40 UTC 2013
>         Sub: issuer key ID(sub 16)(8 bytes)
>                 Key ID - 0xCF2DFE884664F2D5
>         Hash left 2 bytes - 56 48
>         DSA r(159 bits) - ...
>         DSA s(160 bits) - ...
>                 -> hash(DSA q bits)
>
> Thanks again for your time,
> CodeAnon
>
>
> On Thu, Mar 20, 2014 at 6:13 PM, Carlos Perez
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     http://www.pgpdump.net
>
>     On Mar 20, 2014, at 12:02 PM, Code Anon <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>>     Hi Carlos,
>>
>>     I am relatively new to this... how could I do a PGPKeydump?
>>
>>     I'll try the --debug-all from GPG and come back with the results
>>     tomorrow.
>>
>>     Regards,
>>     CodeAnon
>>
>>
>>     On Thu, Mar 20, 2014 at 5:21 PM, Carlos Perez
>>     <[hidden email] <mailto:[hidden email]>>
>>     wrote:
>>
>>         Any chance you could do a PGPKeydump to see what the key has
>>         in terms of packets and settings? And a --debug-all from GPG,
>>         I have found it useful in my own code debugging
>>
>>         On Mar 20, 2014, at 11:10 AM, Code Anon <[hidden email]
>>         <mailto:[hidden email]>> wrote:
>>
>>>         Hi Martjin,
>>>
>>>         It actually makes no difference because each of the files is
>>>         passing through that condition only one time...
>>>
>>>         Kind regards,
>>>         CodeAnon
>>>
>>>
>>>         On Thu, Mar 20, 2014 at 12:54 PM, martijn.list
>>>         <[hidden email] <mailto:[hidden email]>> wrote:
>>>
>>>             Hi,
>>>
>>>             Are you sure that "continue" should not be "break" in the
>>>             following code:
>>>
>>>             if (secretKey != null) {
>>>                 privateKey = secretKey.extractPrivateKey(decryptor);
>>>                 continue;
>>>             }
>>>
>>>             Because now if the message is encrypted for more then one
>>>             recipient for
>>>             which you do not have the private key, there is chance
>>>             that the
>>>             privateKey no longer matches the encryptedData instance
>>>             since the
>>>             encryptedData is changed during the loop.
>>>
>>>             Kind regards,
>>>
>>>             Martijn Brinkers
>>>
>>>             On 03/19/2014 12:22 PM, Code Anon wrote:
>>>             > Hello,
>>>             >
>>>             > I am receiving regularly these PGP files from a third
>>>             party. I made a
>>>             > java service to decrypt them and process the contents
>>>             and it used to
>>>             > work fine, up to around 2 weeks ago. I am using BC 1.5.
>>>             >
>>>             > Since 2 weeks I can no longer decrypt the files. I can
>>>             still decrypt
>>>             > them by using using GNU PG.  I've been searching
>>>             around, but I can't
>>>             > find anyone with the same problem.
>>>             >
>>>             > This is the relevant part of my code:
>>>             >
>>>             >         PGPPublicKeyEncryptedData encryptedData;
>>>             >         PGPOnePassSignatureList onePassSignatureList;
>>>             >         PGPSignatureList signatureList;
>>>             >         try (InputStream decoderStream =
>>>             > PGPUtil.getDecoderStream(encryptedStream)) {
>>>             >             PGPObjectFactory pgpF = new
>>>             PGPObjectFactory(decoderStream);
>>>             >             Object o = pgpF.nextObject();
>>>             >             PGPEncryptedDataList enc = (o instanceof
>>>             PGPEncryptedDataList)
>>>             >                     ? (PGPEncryptedDataList) o
>>>             >                     : (PGPEncryptedDataList)
>>>             pgpF.nextObject();
>>>             >             encryptedData = null;
>>>             >             PGPPrivateKey privateKey = null;
>>>             >             for (Iterator<PGPPublicKeyEncryptedData>
>>>             iterator =
>>>             > enc.getEncryptedDataObjects(); iterator.hasNext();) {
>>>             >                 encryptedData = iterator.next();
>>>             >                 PBESecretKeyDecryptor decryptor = new
>>>             > BcPBESecretKeyDecryptorBuilder(
>>>             >                         new
>>>             >
>>>             BcPGPDigestCalculatorProvider()).build(pgpKeyInfo.getSecretKeyPassword().toCharArray());
>>>             >
>>>             >                 PGPSecretKey secretKey =
>>>             >
>>>             pgpKeyInfo.getSecretKeyRing().getSecretKey(encryptedData.getKeyID());
>>>             >                 if (secretKey != null) {
>>>             >                     privateKey =
>>>             secretKey.extractPrivateKey(decryptor);
>>>             >                     continue;
>>>             >                 }
>>>             >             }
>>>             >             if (privateKey == null) {
>>>             >                 throw new
>>>             IllegalArgumentException("Unable to find
>>>             > secret key to decrypt the message");
>>>             >             }
>>>             >             PGPObjectFactory plainStream = new
>>>             PGPObjectFactory(
>>>             >                     encryptedData.getDataStream(new
>>>             > BcPublicKeyDataDecryptorFactory(privateKey)));
>>>             >
>>>             > And this is the Exception thrown from the last line of
>>>             this code:
>>>             >
>>>             > org.bouncycastle.openpgp.PGPException: exception
>>>             encrypting session
>>>             > info: unknown block type
>>>             >         at
>>>             >
>>>             org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
>>>             > Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown
>>>             > Source) ~[bcpg-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             com.qwi.signatures.decrypter.DecryptTask.decryptAndVerify(DecryptTask.java:160)
>>>             > ~[classes/:?]
>>>             >         at
>>>             >
>>>             com.qwi.signatures.decrypter.DecryptTask.run(DecryptTask.java:95)
>>>             > [classes/:?]
>>>             >         at
>>>             >
>>>             java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>>             > [?:1.7.0_21]
>>>             >         at
>>>             >
>>>             java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>>             > [?:1.7.0_21]
>>>             >         at java.lang.Thread.run(Thread.java:722)
>>>             [?:1.7.0_21]
>>>             > Caused by:
>>>             org.bouncycastle.crypto.InvalidCipherTextException: unknown
>>>             > block type
>>>             >         at
>>>             >
>>>             org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown
>>>             > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown
>>>             > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>>             >         at
>>>             >
>>>             org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
>>>             > Source) ~[bcprov-jdk15on-150.jar:1.50.0]
>>>             >         ... 7 more
>>>             >
>>>             > Thanks!
>>>
>>>
>>>             --
>>>             DJIGZO email encryption
>>>
>>>
>>
>


--
DJIGZO email encryption

Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

martijn.list
On 03/21/2014 03:30 PM, Code Anon wrote:

> Here is the pgpdump of the encrypted data:
>
> C:\>gpg --list-packets <<PATH_TO_MY_FILE>>
> :marker packet: PGP
> :pubkey enc packet: version 3, algo 16, keyid 65DF289A6C045FD1
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid BEE6707125422773
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 095204D28518C205
>         data: [2048 bits]
>         data: [2046 bits]
> :pubkey enc packet: version 3, algo 16, keyid 12B322756060D614
>         data: [2048 bits]
>         data: [2047 bits]
> :pubkey enc packet: version 3, algo 16, keyid 20942F795E92DC5B
>         data: [2048 bits]
>         data: [2047 bits]
> :pubkey enc packet: version 3, algo 16, keyid 3135F201D7060F15
>         data: [2048 bits]
>         data: [2047 bits]
> :pubkey enc packet: version 3, algo 16, keyid C9534D062A01C8DC
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 1894E2D8D57008A0
>         data: [2047 bits]
>         data: [2046 bits]
> :pubkey enc packet: version 3, algo 16, keyid 71886EF77D86CF08
>         data: [2048 bits]
>         data: [2046 bits]
> :pubkey enc packet: version 3, algo 16, keyid E032C78BEA97F0A8
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 2671BA4DF4BBFC22
>         data: [2044 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 0910D909CBA4F8C7
>         data: [2046 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 2D998913ED555E23
>         data: [2046 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid B5EC20532DC0F594
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 9EC5217ABDC137F5
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 91761F39830683E7
>         data: [2048 bits]
>         data: [2047 bits]
>
> You need a passphrase to unlock the secret key for
> user: <<USER>>
> 2048-bit ELG key, ID 830683E7, created 2013-12-19 (main key ID 4664F2D5)
>
> :pubkey enc packet: version 3, algo 16, keyid 03AD48F25059E38D
>         data: [2048 bits]
>         data: [2047 bits]
> :encrypted data packet:
>         length: unknown
> gpg: encrypted with ELG key, ID 5059E38D
> gpg: encrypted with ELG key, ID BDC137F5
> gpg: encrypted with ELG key, ID 2DC0F594
> gpg: encrypted with ELG key, ID ED555E23
> gpg: encrypted with ELG key, ID CBA4F8C7
> gpg: encrypted with ELG key, ID F4BBFC22
> gpg: encrypted with ELG key, ID EA97F0A8
> gpg: encrypted with ELG key, ID 7D86CF08
> gpg: encrypted with ELG key, ID D57008A0
> gpg: encrypted with ELG key, ID 2A01C8DC
> gpg: encrypted with ELG key, ID D7060F15
> gpg: encrypted with ELG key, ID 5E92DC5B
> gpg: encrypted with ELG key, ID 6060D614
> gpg: encrypted with ELG key, ID 8518C205
> gpg: encrypted with ELG key, ID 25422773
> gpg: encrypted with ELG key, ID 6C045FD1
> gpg: encrypted with 2048-bit ELG key, ID 830683E7, created 2013-12-19
>       <<USER>>
> :literal data packet:
>         mode b (62), created 0, name="<<FILE_NAME>>",
>         raw data: unknown length

So it looks like it was encrypted with multiple keys and not just one
key. So it seems my previous comment about using continue instead of
break is still true. Have you tried to replace continue with break to
see whether this works or did you assume it didn't work?

Kind regards,

Martijn Brinkers


--
DJIGZO email encryption

Reply | Threaded
Open this post in threaded view
|

Re: Decryption issues - InvalidCipherTextException: unknown block type

codeanon
Hey Martijn,

Actually neither. I did try both continue and break some months ago, when I first coded it, and it did not make any difference.
And when you noticed that, I added logging which showed me that it passes through there only once.

What I did NOT do was to not realize that if the key is not found on the last encryptedData, then the encryptedData will change.

So yes, adding a break there did fixed my problem.

Thanks for insisting on your initial observation!

Kind regards
CodeAnon


On Fri, Mar 21, 2014 at 5:17 PM, martijn.list <[hidden email]> wrote:
On 03/21/2014 03:30 PM, Code Anon wrote:
> Here is the pgpdump of the encrypted data:
>
> C:\>gpg --list-packets <<PATH_TO_MY_FILE>>
> :marker packet: PGP
> :pubkey enc packet: version 3, algo 16, keyid 65DF289A6C045FD1
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid BEE6707125422773
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 095204D28518C205
>         data: [2048 bits]
>         data: [2046 bits]
> :pubkey enc packet: version 3, algo 16, keyid 12B322756060D614
>         data: [2048 bits]
>         data: [2047 bits]
> :pubkey enc packet: version 3, algo 16, keyid 20942F795E92DC5B
>         data: [2048 bits]
>         data: [2047 bits]
> :pubkey enc packet: version 3, algo 16, keyid 3135F201D7060F15
>         data: [2048 bits]
>         data: [2047 bits]
> :pubkey enc packet: version 3, algo 16, keyid C9534D062A01C8DC
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 1894E2D8D57008A0
>         data: [2047 bits]
>         data: [2046 bits]
> :pubkey enc packet: version 3, algo 16, keyid 71886EF77D86CF08
>         data: [2048 bits]
>         data: [2046 bits]
> :pubkey enc packet: version 3, algo 16, keyid E032C78BEA97F0A8
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 2671BA4DF4BBFC22
>         data: [2044 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 0910D909CBA4F8C7
>         data: [2046 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 2D998913ED555E23
>         data: [2046 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid B5EC20532DC0F594
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 9EC5217ABDC137F5
>         data: [2048 bits]
>         data: [2048 bits]
> :pubkey enc packet: version 3, algo 16, keyid 91761F39830683E7
>         data: [2048 bits]
>         data: [2047 bits]
>
> You need a passphrase to unlock the secret key for
> user: <<USER>>
> 2048-bit ELG key, ID 830683E7, created 2013-12-19 (main key ID 4664F2D5)
>
> :pubkey enc packet: version 3, algo 16, keyid 03AD48F25059E38D
>         data: [2048 bits]
>         data: [2047 bits]
> :encrypted data packet:
>         length: unknown
> gpg: encrypted with ELG key, ID 5059E38D
> gpg: encrypted with ELG key, ID BDC137F5
> gpg: encrypted with ELG key, ID 2DC0F594
> gpg: encrypted with ELG key, ID ED555E23
> gpg: encrypted with ELG key, ID CBA4F8C7
> gpg: encrypted with ELG key, ID F4BBFC22
> gpg: encrypted with ELG key, ID EA97F0A8
> gpg: encrypted with ELG key, ID 7D86CF08
> gpg: encrypted with ELG key, ID D57008A0
> gpg: encrypted with ELG key, ID 2A01C8DC
> gpg: encrypted with ELG key, ID D7060F15
> gpg: encrypted with ELG key, ID 5E92DC5B
> gpg: encrypted with ELG key, ID 6060D614
> gpg: encrypted with ELG key, ID 8518C205
> gpg: encrypted with ELG key, ID 25422773
> gpg: encrypted with ELG key, ID 6C045FD1
> gpg: encrypted with 2048-bit ELG key, ID 830683E7, created 2013-12-19
>       <<USER>>
> :literal data packet:
>         mode b (62), created 0, name="<<FILE_NAME>>",
>         raw data: unknown length

So it looks like it was encrypted with multiple keys and not just one
key. So it seems my previous comment about using continue instead of
break is still true. Have you tried to replace continue with break to
see whether this works or did you assume it didn't work?

Kind regards,

Martijn Brinkers


--
DJIGZO email encryption