Quantcast
Bouncy Castle Bouncy Castle - Dev

Incorrect Hash header gets added for SHA256 in signed message

classic Classic list List threaded Threaded
5 messages Options
Parmjeet Kaur
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Incorrect Hash header gets added for SHA256 in signed message

Parmjeet Kaur
Incorrect Hash header gets added for SHA256 in signed message

I am using RSA with SHA256 to sign a message and generate aa ArmoredOutput. The SHA header that gets added to the asc file is SHA265.

Then I am using this signed message for verification with GnuPGP 1.4.2.2 and there it complains about the incorrect Armor header: Hash 265 and is unable to verify the signature.

I have checked in the bcpg source for the header getting added with SHA256 and found that it is SHA265. I guess this is where the problem lies.

So the Armor SHA256 files generated by Bouncycastle cannot the verified by other providers due to this conflict in the SHA Header.

Is there any workaround for this??

Thanks
Parmjeet

David Hook-4
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Incorrect Hash header gets added for SHA256 in signed message

David Hook-4

http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-15.txt

Section 7, Section 9.4

GnuPGP 1.4.2.1 recognised this correctly, have you tried a

gpg --clearsign --digest-algo SHA256 some_text_file

to see what it produces?

Did you specify SHA256 for both the armor and the signature
generation? If the two are
different you'll generate an invalid file.

Regards,

David

----- Original Message Follows -----
From: "Parmjeet Kaur" <[hidden email]>
To: <[hidden email]>
Subject: [dev-crypto] Incorrect Hash header gets added for
SHA256 in signed message
Date: Thu, 23 Mar 2006 03:22:03 +0530

> I am using RSA with SHA256 to sign a message and generate
> aa ArmoredOutput. The SHA header that gets added to the
> asc file is SHA265.
>
> Then I am using this signed message for verification with
> GnuPGP 1.4.2.2 and there it complains about the incorrect
> Armor header: Hash 265 and is unable to verify the
> signature.
>
> I have checked in the bcpg source for the header getting
> added with SHA256 and found that it is SHA265. I guess
> this is where the problem lies.
>
> So the Armor SHA256 files generated by Bouncycastle cannot
> the verified by other providers due to this conflict in
> the SHA Header.
>
> Is there any workaround for this??
>
> Thanks
> Parmjeet
>  



Parmjeet Kaur
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Incorrect Hash header gets added for SHA256 in signed message

Parmjeet Kaur
In reply to this post by Parmjeet Kaur
 
I am generating the signed message from BouncyCastle and then verifyiing
the signed message in GnuPGP. It is the SHA256 header generated by
BouncyCastle that is causing the problem.

If I generate the file from GnuPGP and verify it there only then it has
no problems.

Thanks
Parm

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
David Hook
Sent: Wednesday, March 22, 2006 6:27 PM
To: Parmjeet Kaur; [hidden email]
Subject: Re: [dev-crypto] Incorrect Hash header gets added for SHA256 in
signed message


http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-15.txt

Section 7, Section 9.4

GnuPGP 1.4.2.1 recognised this correctly, have you tried a

gpg --clearsign --digest-algo SHA256 some_text_file

to see what it produces?

Did you specify SHA256 for both the armor and the signature
generation? If the two are
different you'll generate an invalid file.

Regards,

David

----- Original Message Follows -----
From: "Parmjeet Kaur" <[hidden email]>
To: <[hidden email]>
Subject: [dev-crypto] Incorrect Hash header gets added for
SHA256 in signed message
Date: Thu, 23 Mar 2006 03:22:03 +0530

> I am using RSA with SHA256 to sign a message and generate
> aa ArmoredOutput. The SHA header that gets added to the
> asc file is SHA265.
>
> Then I am using this signed message for verification with
> GnuPGP 1.4.2.2 and there it complains about the incorrect
> Armor header: Hash 265 and is unable to verify the
> signature.
>
> I have checked in the bcpg source for the header getting
> added with SHA256 and found that it is SHA265. I guess
> this is where the problem lies.
>
> So the Armor SHA256 files generated by Bouncycastle cannot
> the verified by other providers due to this conflict in
> the SHA Header.
>
> Is there any workaround for this??
>
> Thanks
> Parmjeet
>  


David Hook-4
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Incorrect Hash header gets added for SHA256 in signed message

David Hook-4
In reply to this post by Parmjeet Kaur

Ah, I get it! 265, it should be 256. I'll update the beta
tonight.

Regards,

David

----- Original Message Follows -----
From: "Parmjeet Kaur" <[hidden email]>
To: <[hidden email]>
Subject: [dev-crypto] Incorrect Hash header gets added for
SHA256 in signed message
Date: Thu, 23 Mar 2006 03:22:03 +0530

> I am using RSA with SHA256 to sign a message and generate
> aa ArmoredOutput. The SHA header that gets added to the
> asc file is SHA265.
>
> Then I am using this signed message for verification with
> GnuPGP 1.4.2.2 and there it complains about the incorrect
> Armor header: Hash 265 and is unable to verify the
> signature.
>
> I have checked in the bcpg source for the header getting
> added with SHA256 and found that it is SHA265. I guess
> this is where the problem lies.
>
> So the Armor SHA256 files generated by Bouncycastle cannot
> the verified by other providers due to this conflict in
> the SHA Header.
>
> Is there any workaround for this??
>
> Thanks
> Parmjeet
>  

Parmjeet Kaur
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Incorrect Hash header gets added for SHA256 in signed message

Parmjeet Kaur
In reply to this post by Parmjeet Kaur

That will be great.

My requirement is to generate the signed and encrypted armored output
from bouncycastle and verify and decrypt it with GnuPGP and vice versa.
 
When I sign the message and generate the Armored output from
bouncycastle, then the signature doesn't get verified with GnuPGP
1.4.2.2(irrespective of any Hash algorithm I use) but when the output is
not armored with bouncycastle (output is simply signed by bouncycastle
with binary signature or text signature) then GnuPGP is able to verify
the generated signed message.

I am using this command in GnuPGP to verify

Gpg -v --verify abc    (abc is a file without any extension but I have
also tried this with abc.asc file)

Please let me know if I am doing anything wrong here.


NOTE: I need the beta updated version immediately as Friday is the
deadline for my project. Can you please let me know the location from
where I can get the updated bita and by when?

I will really appreciate if I can get the updated API in time.

Thanks and regards
Parm

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
David Hook
Sent: Wednesday, March 22, 2006 7:40 PM
To: [hidden email]
Subject: Re: [dev-crypto] Incorrect Hash header gets added for SHA256 in
signed message


Ah, I get it! 265, it should be 256. I'll update the beta
tonight.

Regards,

David

----- Original Message Follows -----
From: "Parmjeet Kaur" <[hidden email]>
To: <[hidden email]>
Subject: [dev-crypto] Incorrect Hash header gets added for
SHA256 in signed message
Date: Thu, 23 Mar 2006 03:22:03 +0530

> I am using RSA with SHA256 to sign a message and generate
> aa ArmoredOutput. The SHA header that gets added to the
> asc file is SHA265.
>
> Then I am using this signed message for verification with
> GnuPGP 1.4.2.2 and there it complains about the incorrect
> Armor header: Hash 265 and is unable to verify the
> signature.
>
> I have checked in the bcpg source for the header getting
> added with SHA256 and found that it is SHA265. I guess
> this is where the problem lies.
>
> So the Armor SHA256 files generated by Bouncycastle cannot
> the verified by other providers due to this conflict in
> the SHA Header.
>
> Is there any workaround for this??
>
> Thanks
> Parmjeet
>  


Loading...
Powered by Nabble Edit this page