potential bug: premature end of stream exception in pgp message

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

potential bug: premature end of stream exception in pgp message

Nico Bredenbals
Hi list,

I want to encrypt and decrypt pgp messages with the BouncyCastle java
lib 1.46 (Java 1.5). This worked fine until now. I encountered a message
which yields the following exception upon decryption:

java.io.EOFException: premature end of stream in PartialInputStream
at org.bouncycastle.bcpg.BCPGInputStream$PartialInputStream.read(Unknown
Source)
(cf. also the complete stacktrace [7])

This exception occurs regardless of signing or compression, with ascii
armored or binary encoded keys.

The message was encrypted with bouncy castle, the keys were created with
GnuPG(tested with different keys). GnuPG is able to correctly decrypt
the message, which hints me to a bug in the bcpg lib. I created a minmal
snippet to reproduce the error [1][2].
The plain text of the encrypted message is "Hallo du Welt!" without
quotation marks. As you can see in the output file [6] only "Hallo du W"
is printed out, then on the second read functioncall (line 78) the
exception occurs.

You also find the encrypted message (aatestmsg.2) along with the key
((private|public)_key_receiver, Password pgptest) attached [3][4][5].

Can you confirm that this is a BC issue? Or is there an error in my
coding? Or, even worse, is the encrypted message invalid and GnuPG uses
a workaround to decrypt it? If so, is there a way for me to also achieve
this?

Thanks in advance,

Nico

BTW: Great Job with the BC java libraries. Been using them for years now
without any greater issues.

[1] http://nopaste.info/a6e0349d6d.html - Example src nopast
[2] http://bredenbals.net/bc/TestSoloEncryption.java - Example src
[3] http://bredenbals.net/bc/aatestmsg.2 - The encrypted testmessage
[4] http://bredenbals.net/bc/public_key_receiver - used to encrypt
[5] http://bredenbals.net/bc/private_key_receiver - pw: pgptest
[6] http://bredenbals.net/bc/output
[7] http://bredenbals.net/bc/stacktrace


Reply | Threaded
Open this post in threaded view
|

Re: potential bug: premature end of stream exception in pgp message

David Hook-2

The message is invalid - the encrypted data packet length is clearly
wrong, my guess is GPG decrypts it because it just gives up.

You can see the problem if you look at the dump:

gpg --list-packets aatestmsg.2
gpg: WARNING: unsafe permissions on homedir `/tmp/pgp'
:pubkey enc packet: version 3, algo 1, keyid 85E3271008177641
        data: [2047 bits]

You need a passphrase to unlock the secret key for
user: "Party A <[hidden email]>"
2048-bit RSA key, ID 08177641, created 2012-01-16

:encrypted data packet:
        length: 1048586
gpg: encrypted with 2048-bit RSA key, ID 08177641, created 2012-01-16
      "Party A <[hidden email]>"
:literal data packet:
        mode b (62), created 1326738160,
name="523b6975-966f-4c6b-0623-a215989e72d5",
        raw data: 14 bytes
gpg: WARNING: message was not integrity protected

Note that it thinks the encrypted data is 1048586 bytes long. I'd guess
GPG is just giving up, in BC's case it's trying to read the partial
input stream that's underpinning the data, the last 4 bytes kicking the
read into the next packet which isn't there, and so it's telling there's
something wrong with the stream.

Regards,

David

On Tue, 2012-01-17 at 01:44 +0100, Nico Bredenbals wrote:

> Hi list,
>
> I want to encrypt and decrypt pgp messages with the BouncyCastle java
> lib 1.46 (Java 1.5). This worked fine until now. I encountered a message
> which yields the following exception upon decryption:
>
> java.io.EOFException: premature end of stream in PartialInputStream
> at org.bouncycastle.bcpg.BCPGInputStream$PartialInputStream.read(Unknown
> Source)
> (cf. also the complete stacktrace [7])
>
> This exception occurs regardless of signing or compression, with ascii
> armored or binary encoded keys.
>
> The message was encrypted with bouncy castle, the keys were created with
> GnuPG(tested with different keys). GnuPG is able to correctly decrypt
> the message, which hints me to a bug in the bcpg lib. I created a minmal
> snippet to reproduce the error [1][2].
> The plain text of the encrypted message is "Hallo du Welt!" without
> quotation marks. As you can see in the output file [6] only "Hallo du W"
> is printed out, then on the second read functioncall (line 78) the
> exception occurs.
>
> You also find the encrypted message (aatestmsg.2) along with the key
> ((private|public)_key_receiver, Password pgptest) attached [3][4][5].
>
> Can you confirm that this is a BC issue? Or is there an error in my
> coding? Or, even worse, is the encrypted message invalid and GnuPG uses
> a workaround to decrypt it? If so, is there a way for me to also achieve
> this?
>
> Thanks in advance,
>
> Nico
>
> BTW: Great Job with the BC java libraries. Been using them for years now
> without any greater issues.
>
> [1] http://nopaste.info/a6e0349d6d.html - Example src nopast
> [2] http://bredenbals.net/bc/TestSoloEncryption.java - Example src
> [3] http://bredenbals.net/bc/aatestmsg.2 - The encrypted testmessage
> [4] http://bredenbals.net/bc/public_key_receiver - used to encrypt
> [5] http://bredenbals.net/bc/private_key_receiver - pw: pgptest
> [6] http://bredenbals.net/bc/output
> [7] http://bredenbals.net/bc/stacktrace
>
>



Reply | Threaded
Open this post in threaded view
|

Re: potential bug: premature end of stream exception in pgp message

Nico Bredenbals
Hi David,

well, the second packet has to be there, otherwise GPG would also miss
the last part of the message? But as you pointed out its length is
obviously totally wrong.
So I will have a look at my encryption function, thanks very much, did
not really know how to debug PGP messages.

Regards,
Nico

On 17.01.2012 03:36, David Hook wrote:

>
> The message is invalid - the encrypted data packet length is clearly
> wrong, my guess is GPG decrypts it because it just gives up.
>
> You can see the problem if you look at the dump:
>
> gpg --list-packets aatestmsg.2
> gpg: WARNING: unsafe permissions on homedir `/tmp/pgp'
> :pubkey enc packet: version 3, algo 1, keyid 85E3271008177641
> data: [2047 bits]
>
> You need a passphrase to unlock the secret key for
> user: "Party A <[hidden email]>"
> 2048-bit RSA key, ID 08177641, created 2012-01-16
>
> :encrypted data packet:
> length: 1048586
> gpg: encrypted with 2048-bit RSA key, ID 08177641, created 2012-01-16
>       "Party A <[hidden email]>"
> :literal data packet:
> mode b (62), created 1326738160,
> name="523b6975-966f-4c6b-0623-a215989e72d5",
> raw data: 14 bytes
> gpg: WARNING: message was not integrity protected
>
> Note that it thinks the encrypted data is 1048586 bytes long. I'd guess
> GPG is just giving up, in BC's case it's trying to read the partial
> input stream that's underpinning the data, the last 4 bytes kicking the
> read into the next packet which isn't there, and so it's telling there's
> something wrong with the stream.
>
> Regards,
>
> David
>
> On Tue, 2012-01-17 at 01:44 +0100, Nico Bredenbals wrote:
>> Hi list,
>>
>> I want to encrypt and decrypt pgp messages with the BouncyCastle java
>> lib 1.46 (Java 1.5). This worked fine until now. I encountered a message
>> which yields the following exception upon decryption:
>>
>> java.io.EOFException: premature end of stream in PartialInputStream
>> at org.bouncycastle.bcpg.BCPGInputStream$PartialInputStream.read(Unknown
>> Source)
>> (cf. also the complete stacktrace [7])
>>
>> This exception occurs regardless of signing or compression, with ascii
>> armored or binary encoded keys.
>>
>> The message was encrypted with bouncy castle, the keys were created with
>> GnuPG(tested with different keys). GnuPG is able to correctly decrypt
>> the message, which hints me to a bug in the bcpg lib. I created a minmal
>> snippet to reproduce the error [1][2].
>> The plain text of the encrypted message is "Hallo du Welt!" without
>> quotation marks. As you can see in the output file [6] only "Hallo du W"
>> is printed out, then on the second read functioncall (line 78) the
>> exception occurs.
>>
>> You also find the encrypted message (aatestmsg.2) along with the key
>> ((private|public)_key_receiver, Password pgptest) attached [3][4][5].
>>
>> Can you confirm that this is a BC issue? Or is there an error in my
>> coding? Or, even worse, is the encrypted message invalid and GnuPG uses
>> a workaround to decrypt it? If so, is there a way for me to also achieve
>> this?
>>
>> Thanks in advance,
>>
>> Nico
>>
>> BTW: Great Job with the BC java libraries. Been using them for years now
>> without any greater issues.
>>
>> [1] http://nopaste.info/a6e0349d6d.html - Example src nopast
>> [2] http://bredenbals.net/bc/TestSoloEncryption.java - Example src
>> [3] http://bredenbals.net/bc/aatestmsg.2 - The encrypted testmessage
>> [4] http://bredenbals.net/bc/public_key_receiver - used to encrypt
>> [5] http://bredenbals.net/bc/private_key_receiver - pw: pgptest
>> [6] http://bredenbals.net/bc/output
>> [7] http://bredenbals.net/bc/stacktrace
>>
>>
>
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: potential bug: premature end of stream exception in pgp message

stko
Hi

is there already a solution or workaround known for the problem with the wrong encrypted data packet length?

I'm asking because I'm just stumbled into the same problem, and it actual blows up my whole program concept  

any ideas?