"block incorrect" when recovering session info

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

"block incorrect" when recovering session info

Paul Schaub
Hi!

I'm currently having a strange problem with my project.

When I try to decrypt a message using BC 1.59 for Java, I often get the
following stacktrace when trying to decrypt a message that has been
encrypted using RSA-4096 bit OpenPGP keys.

org.bouncycastle.openpgp.PGPException: exception encrypting session
info: block incorrect
Caused by: org.bouncycastle.openpgp.PGPException: exception encrypting
session info: block incorrect
    at
org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
Source)
    at
org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getSymmetricAlgorithm(Unknown
Source)
Caused by: org.bouncycastle.crypto.InvalidCipherTextException: block
incorrect
    at
org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown Source)
    at
org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown Source)
    at
org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
Source)
    ... 15 more

The error happens when I try to print out, which symmetric algorithm has
been used
(PGPPublicKeyEncryptedData#getSymmetricAlgorithm(PublicKeyDataDecryptorFactory).

I suspect this happens when an invalid key is being read, but the fact,
that debugging is disabled (I conclude this from the "Unknown Source" in
the stacktrace) makes it hard to get to the cause of the problem.

My questions are:

Am I right in my assumption, that the error is caused by a faulty key?
If so, do you have a hint for me, how I can prevent this from happening?

Do you have an idea, how I could fix the "Unknown Source" in the
stacktrace? And if this is caused by BC releases being compiled with
debugging disabled:

Is is possible to have BC compiled with "-g:source,lines" to allow
easier debugging? Or is this a security feature?

Greetings Paul



Reply | Threaded
Open this post in threaded view
|

Re: "block incorrect" when recovering session info

Paul Schaub
I found the mistake.

I was hitting the same issue as described here:
http://bouncy-castle.1462172.n4.nabble.com/Decryption-issues-InvalidCipherTextException-unknown-block-type-td4656868.html

That is, while iterating through the PGPPublicKeyEncryptedData iterator,
I wanted to get a list of *all* recipient key Ids.

Unfortunately during that process I overwrote the
PGPPublicKeyEncryptedData object which belonged to my key. So any time
the last EncryptedData block would belong to my key, the decryption
would work just fine. Otherwise I would try to decrypt another keys
PGPPublicKeyEncryptedData block using my key, which would obviously fail.

The solution was quite simple in my case. I just used another variable
to store the PGPPublicKeyEncryptedData object belonging to my key.


Am 25.06.2018 um 16:46 schrieb Paul Schaub:

> Hi!
>
> I'm currently having a strange problem with my project.
>
> When I try to decrypt a message using BC 1.59 for Java, I often get the
> following stacktrace when trying to decrypt a message that has been
> encrypted using RSA-4096 bit OpenPGP keys.
>
> org.bouncycastle.openpgp.PGPException: exception encrypting session
> info: block incorrect
> Caused by: org.bouncycastle.openpgp.PGPException: exception encrypting
> session info: block incorrect
>     at
> org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory.recoverSessionData(Unknown
> Source)
>     at
> org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getSymmetricAlgorithm(Unknown
> Source)
> Caused by: org.bouncycastle.crypto.InvalidCipherTextException: block
> incorrect
>     at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.decodeBlock(Unknown Source)
>     at
> org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(Unknown Source)
>     at
> org.bouncycastle.crypto.BufferedAsymmetricBlockCipher.doFinal(Unknown
> Source)
>     ... 15 more
>
> The error happens when I try to print out, which symmetric algorithm has
> been used
> (PGPPublicKeyEncryptedData#getSymmetricAlgorithm(PublicKeyDataDecryptorFactory).
>
> I suspect this happens when an invalid key is being read, but the fact,
> that debugging is disabled (I conclude this from the "Unknown Source" in
> the stacktrace) makes it hard to get to the cause of the problem.
>
> My questions are:
>
> Am I right in my assumption, that the error is caused by a faulty key?
> If so, do you have a hint for me, how I can prevent this from happening?
>
> Do you have an idea, how I could fix the "Unknown Source" in the
> stacktrace? And if this is caused by BC releases being compiled with
> debugging disabled:
>
> Is is possible to have BC compiled with "-g:source,lines" to allow
> easier debugging? Or is this a security feature?
>
> Greetings Paul
>
>
>