Verifying each PGPPublicKeyEncryptedData is valid

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Verifying each PGPPublicKeyEncryptedData is valid

Cory Hardman
Hello,

I would like to implement a check that all of the PGPPublicKeyEncryptedData blocks that I have the private key to decrypt are not malformed. It is easy to insert a fake PGPPublicKeyEncryptedData segment into a PGP encrypted file. If we have the real private key you can pretty easily verify that the session key your private key can decrypt is not a usable session key. However with BouncyCastle when you do this:

BcPGPObjectFactory(block.getDataStream(new BcPublicKeyDataDecryptorFactory(privateKey)));

You decrypt the rest of the stream and can no longer attempt to verify other PGPPublicKeyEncryptedData blocks. 

Is there a way around this?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Verifying each PGPPublicKeyEncryptedData is valid

David Hook

No, you do need to reset the stream. It is possible to build up a list
of matches using the keyID up front, but if you want to be really sure
you need to make sure the decrypted session key really does give you
back the right data.

Regards,

David

On 19/08/16 02:49, Cory Hardman wrote:

> Hello,
>
> I would like to implement a check that all of the
> PGPPublicKeyEncryptedData blocks that I have the private key to
> decrypt are not malformed. It is easy to insert a fake
> PGPPublicKeyEncryptedData segment into a PGP encrypted file. If we
> have the real private key you can pretty easily verify that the
> session key your private key can decrypt is not a usable session key.
> However with BouncyCastle when you do this:
>
> BcPGPObjectFactory(block.getDataStream(new
> BcPublicKeyDataDecryptorFactory(privateKey)));
>
> You decrypt the rest of the stream and can no longer attempt to verify
> other PGPPublicKeyEncryptedData blocks.
>
> Is there a way around this?



Loading...