Difficulty reading DSA/El Gamal key pair from public key ring collection

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Difficulty reading DSA/El Gamal key pair from public key ring collection

Andy LoPresto-2
Hi, 

I am encountering a surprising issue when attempting to read a DSA & El Gamal key pair from a public key ring file. I generated the keys as per the usual process on the command-line using gpg (GnuPG 2.2.17 on Mac OS X 10.14.2). I have verified that I can encrypt and decrypt arbitrary data using those keys and gpg. However, when trying to read the keys via BC OpenPGP (Java), I either get an IOException (“Unexpected object encountered in stream: 0”) if not using PGPUtil.getDecoderStream(InputStream), or simply an empty PGPPublicKeyRingCollection object if using PGPUtil.getDecoderStream() in the constructor. 

I have verified that the same code works successfully against a public keyring file containing RSA keys, and that if I generate a public key ring collection with a single DSA/El Gamal key pair in Java code and pass those bytes as an InputStream into the same code, it successfully parses and returns the key ring collection. 

I have tried with 2048 bit keys (default), but saw there was a potential compatibility warning with some OpenPGP implementations so tried with 1024 bits as well (same result). 

I have posted the exploratory test code here [1] and selected output from the command-line demonstrating successful operation with the key pair here [2]. I did not see any mention of this issue on BC release notes or the examples, but there is this external post [3] (15 years old) noting there may be a bug here. Thanks in advance for your assistance. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

Reply | Threaded
Open this post in threaded view
|

Re: Difficulty reading DSA/El Gamal key pair from public key ring collection

David Hook-3

Can you send me a copy of the public key ring file that is causing the problem?

Thanks,

David

On 25/9/19 1:57 pm, Andy LoPresto wrote:
Hi, 

I am encountering a surprising issue when attempting to read a DSA & El Gamal key pair from a public key ring file. I generated the keys as per the usual process on the command-line using gpg (GnuPG 2.2.17 on Mac OS X 10.14.2). I have verified that I can encrypt and decrypt arbitrary data using those keys and gpg. However, when trying to read the keys via BC OpenPGP (Java), I either get an IOException (“Unexpected object encountered in stream: 0”) if not using PGPUtil.getDecoderStream(InputStream), or simply an empty PGPPublicKeyRingCollection object if using PGPUtil.getDecoderStream() in the constructor. 

I have verified that the same code works successfully against a public keyring file containing RSA keys, and that if I generate a public key ring collection with a single DSA/El Gamal key pair in Java code and pass those bytes as an InputStream into the same code, it successfully parses and returns the key ring collection. 

I have tried with 2048 bit keys (default), but saw there was a potential compatibility warning with some OpenPGP implementations so tried with 1024 bits as well (same result). 

I have posted the exploratory test code here [1] and selected output from the command-line demonstrating successful operation with the key pair here [2]. I did not see any mention of this issue on BC release notes or the examples, but there is this external post [3] (15 years old) noting there may be a bug here. Thanks in advance for your assistance. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69


Reply | Threaded
Open this post in threaded view
|

Re: Difficulty reading DSA/El Gamal key pair from public key ring collection

Andy LoPresto-2
Hi David, 

Thanks for your quick reply. There are three sample public keyring collection files here [1][2][3]. The first (pubring.gpg) contains an RSA key pair. The second (dsa-pubring.gpg) contains a 2048 bit DSA/El Gamal key pair. The third (dsa-small-pubring.gpg) contains a 1024 bit DSA/El Gamal key pair. The third is the same one referenced during the CLI output I linked to in my previous message. All three work using the gpg command line tool, but neither of the DSA rings work with the Java code I posted. The two DSA keyrings actually contain the secret keys as well. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Sep 25, 2019, at 1:39 AM, David Hook <[hidden email]> wrote:


Can you send me a copy of the public key ring file that is causing the problem?

Thanks,

David

On 25/9/19 1:57 pm, Andy LoPresto wrote:
Hi, 

I am encountering a surprising issue when attempting to read a DSA & El Gamal key pair from a public key ring file. I generated the keys as per the usual process on the command-line using gpg (GnuPG 2.2.17 on Mac OS X 10.14.2). I have verified that I can encrypt and decrypt arbitrary data using those keys and gpg. However, when trying to read the keys via BC OpenPGP (Java), I either get an IOException (“Unexpected object encountered in stream: 0”) if not using PGPUtil.getDecoderStream(InputStream), or simply an empty PGPPublicKeyRingCollection object if using PGPUtil.getDecoderStream() in the constructor. 

I have verified that the same code works successfully against a public keyring file containing RSA keys, and that if I generate a public key ring collection with a single DSA/El Gamal key pair in Java code and pass those bytes as an InputStream into the same code, it successfully parses and returns the key ring collection. 

I have tried with 2048 bit keys (default), but saw there was a potential compatibility warning with some OpenPGP implementations so tried with 1024 bits as well (same result). 

I have posted the exploratory test code here [1] and selected output from the command-line demonstrating successful operation with the key pair here [2]. I did not see any mention of this issue on BC release notes or the examples, but there is this external post [3] (15 years old) noting there may be a bug here. Thanks in advance for your assistance. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69



Reply | Threaded
Open this post in threaded view
|

Re: Difficulty reading DSA/El Gamal key pair from public key ring collection

Andy LoPresto-2
Hi David, 

Following up on this to see if you need any additional information from me or you have any suggestions for where to continue investigating this issue. Thanks. 

Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Sep 25, 2019, at 11:36 AM, Andy LoPresto <[hidden email]> wrote:

Hi David, 

Thanks for your quick reply. There are three sample public keyring collection files here [1][2][3]. The first (pubring.gpg) contains an RSA key pair. The second (dsa-pubring.gpg) contains a 2048 bit DSA/El Gamal key pair. The third (dsa-small-pubring.gpg) contains a 1024 bit DSA/El Gamal key pair. The third is the same one referenced during the CLI output I linked to in my previous message. All three work using the gpg command line tool, but neither of the DSA rings work with the Java code I posted. The two DSA keyrings actually contain the secret keys as well. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Sep 25, 2019, at 1:39 AM, David Hook <[hidden email]> wrote:


Can you send me a copy of the public key ring file that is causing the problem?

Thanks,

David

On 25/9/19 1:57 pm, Andy LoPresto wrote:
Hi, 

I am encountering a surprising issue when attempting to read a DSA & El Gamal key pair from a public key ring file. I generated the keys as per the usual process on the command-line using gpg (GnuPG 2.2.17 on Mac OS X 10.14.2). I have verified that I can encrypt and decrypt arbitrary data using those keys and gpg. However, when trying to read the keys via BC OpenPGP (Java), I either get an IOException (“Unexpected object encountered in stream: 0”) if not using PGPUtil.getDecoderStream(InputStream), or simply an empty PGPPublicKeyRingCollection object if using PGPUtil.getDecoderStream() in the constructor. 

I have verified that the same code works successfully against a public keyring file containing RSA keys, and that if I generate a public key ring collection with a single DSA/El Gamal key pair in Java code and pass those bytes as an InputStream into the same code, it successfully parses and returns the key ring collection. 

I have tried with 2048 bit keys (default), but saw there was a potential compatibility warning with some OpenPGP implementations so tried with 1024 bits as well (same result). 

I have posted the exploratory test code here [1] and selected output from the command-line demonstrating successful operation with the key pair here [2]. I did not see any mention of this issue on BC release notes or the examples, but there is this external post [3] (15 years old) noting there may be a bug here. Thanks in advance for your assistance. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69




Reply | Threaded
Open this post in threaded view
|

Re: Difficulty reading DSA/El Gamal key pair from public key ring collection

David Hook-3

Hi Andy,

Sorry, have been a bit distracted... the two DSA files are in key box format - they're not keyring files.

You'll need to use JcaKeyBoxBuilder to parse these. They are a very different beast from the RFC 4880 key rings.

If it's any help I've added a couple of methods to PGPUtil which will have a look at a byte array and try and guess whether the bytes represent a key box or a key ring, they should appear on github shortly. And in 1.64 when it roles out in the next couple of days.

Regards,

David

On 5/10/19 3:48 am, Andy LoPresto wrote:
Hi David, 

Following up on this to see if you need any additional information from me or you have any suggestions for where to continue investigating this issue. Thanks. 

Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Sep 25, 2019, at 11:36 AM, Andy LoPresto <[hidden email]> wrote:

Hi David, 

Thanks for your quick reply. There are three sample public keyring collection files here [1][2][3]. The first (pubring.gpg) contains an RSA key pair. The second (dsa-pubring.gpg) contains a 2048 bit DSA/El Gamal key pair. The third (dsa-small-pubring.gpg) contains a 1024 bit DSA/El Gamal key pair. The third is the same one referenced during the CLI output I linked to in my previous message. All three work using the gpg command line tool, but neither of the DSA rings work with the Java code I posted. The two DSA keyrings actually contain the secret keys as well. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Sep 25, 2019, at 1:39 AM, David Hook <[hidden email]> wrote:


Can you send me a copy of the public key ring file that is causing the problem?

Thanks,

David

On 25/9/19 1:57 pm, Andy LoPresto wrote:
Hi, 

I am encountering a surprising issue when attempting to read a DSA & El Gamal key pair from a public key ring file. I generated the keys as per the usual process on the command-line using gpg (GnuPG 2.2.17 on Mac OS X 10.14.2). I have verified that I can encrypt and decrypt arbitrary data using those keys and gpg. However, when trying to read the keys via BC OpenPGP (Java), I either get an IOException (“Unexpected object encountered in stream: 0”) if not using PGPUtil.getDecoderStream(InputStream), or simply an empty PGPPublicKeyRingCollection object if using PGPUtil.getDecoderStream() in the constructor. 

I have verified that the same code works successfully against a public keyring file containing RSA keys, and that if I generate a public key ring collection with a single DSA/El Gamal key pair in Java code and pass those bytes as an InputStream into the same code, it successfully parses and returns the key ring collection. 

I have tried with 2048 bit keys (default), but saw there was a potential compatibility warning with some OpenPGP implementations so tried with 1024 bits as well (same result). 

I have posted the exploratory test code here [1] and selected output from the command-line demonstrating successful operation with the key pair here [2]. I did not see any mention of this issue on BC release notes or the examples, but there is this external post [3] (15 years old) noting there may be a bug here. Thanks in advance for your assistance. 



Andy LoPresto
[hidden email]
[hidden email]
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69