Quantcast

bug in PGPSecretKey when using SHA256?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

bug in PGPSecretKey when using SHA256?

Lou Wynn

Hi,

I'm new to BC and trying to figure out if this is a bug in PGPSecretKey.extractKeyData(), or people started using a unsupported feature. After I tried few examples, I noticed something strange.

When I run the RSAGen example posted here:

https://bouncycastle-pgp-cookbook.blogspot.com/

It generates a secret key ring, dummy.skr. When I used this key ring to sign a public key with the

org.bouncycastle.openpgp.examples.DirectKeySignature

example, I got an exception of

PGPException: invalid key: Illegal key size

However, if I change the encryption algorithm in the RSAGen code from AES_256 to AES_128 like the following:

    // bcpg 1.48 exposes this API that includes s2kcount. Earlier
    // versions use a default of 0x60.
    PBESecretKeyEncryptor pske =
        (new BcPBESecretKeyEncryptorBuilder
         (PGPEncryptedData.AES_128, sha256Calc, s2kcount))
        .build(pass);

Then the DirectKeySignature succeeded. I'm using bc*-jdk15on-155.jar files downloaded from http://www.bouncycastle.org/latest_releases.html.

Thanks,

Lou


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: bug in PGPSecretKey when using SHA256?

Uri Blumenthal
To use AES keys longer than 128 bits, you have to install the Unlimited Crypto Policy (two jar files) in jre/lib/security directory. Your JRE (or JDK) does not allow stronger crypto.

Sent from my iPad

On Dec 12, 2016, at 17:46, Lou Wynn <[hidden email]> wrote:

Hi,

I'm new to BC and trying to figure out if this is a bug in PGPSecretKey.extractKeyData(), or people started using a unsupported feature. After I tried few examples, I noticed something strange.

When I run the RSAGen example posted here:

https://bouncycastle-pgp-cookbook.blogspot.com/

It generates a secret key ring, dummy.skr. When I used this key ring to sign a public key with the

org.bouncycastle.openpgp.examples.DirectKeySignature

example, I got an exception of

PGPException: invalid key: Illegal key size

However, if I change the encryption algorithm in the RSAGen code from AES_256 to AES_128 like the following:

    // bcpg 1.48 exposes this API that includes s2kcount. Earlier
    // versions use a default of 0x60.
    PBESecretKeyEncryptor pske =
        (new BcPBESecretKeyEncryptorBuilder
         (PGPEncryptedData.AES_128, sha256Calc, s2kcount))
        .build(pass);

Then the DirectKeySignature succeeded. I'm using bc*-jdk15on-155.jar files downloaded from http://www.bouncycastle.org/latest_releases.html.

Thanks,

Lou


Loading...