"key" argument of BcPublicKeyDataDecryptorFactory.createDataDecryptor()

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

"key" argument of BcPublicKeyDataDecryptorFactory.createDataDecryptor()

Florian Best
Hi folks!

As I found no clear information on my propblem, neither in the API docs nor in the source code itself, I have to ask here:

I don't understand the argument "key" of BcPublicKeyDataDecryptorFactory.createDataDecryptor()
https://www.bouncycastle.org/docs/pgdocs1.5on/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.html#createDataDecryptor-boolean-int-byte:A-

public PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket,
                                            int encAlgorithm,
                                            byte[] key)

key - the bytes of the key for the cipher.

Is "key" the public key, private key, fingerprint or key-id or even something else?
I tried all the combinations but cannot decrypt a message.

I hope someone can help me there!

Best regards
Florian
Reply | Threaded
Open this post in threaded view
|

Re: "key" argument of BcPublicKeyDataDecryptorFactory.createDataDecryptor()

Florian Best
Oh, P.S.:

What I so far reverse engineerd is that depending on the encAlgorithm, the key needs to be e.g. 16 bytes long.
A fingerprint is usually 16 bytes long when represented in hex.

I would expect that the required arguments for createDataFactory() are encoded in a PGP message and there is a method in BC which creates the values automatically.

e.g. I have the following message:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hIwDflL96+nAPR4BBACE01frfm8pAS8zHRCx4uwNfw73d8kga3SJcQXy0xgSLer1
17uE1ReliasREtaIFJY6GuJo5v9F5xippE0sifTDZDZOKwxua1Qbricfsi+fJfCB
w3u7X/CfRp7W5H3Yikfr9jAPuq4wIBuQsWb60rdpjulRcuSFbnLgcy/t9xachIUB
DgNbW9sp0lgyuhAD/1Z/sIt8AGUW4LjVdx4bGSldW0RNCDmKRGQ+x4835oMhilma
h3VbM2dMJlW4OQCejjI1MMFzGtFp2hQnXwc2DJe6TpIfLpnOsVUNSQ707AvMBB27
e1FzDSWPa3j2Y3dzBFCAVvJaQchvdZzxM9kXyvXkSlXEBU5G6XG94tvsYEMeA/4j
uyiTHJKQXn8DFCkjsbgMs6U5/z3ZglkrCLZlo2yl9dTpM3zBR+Y4eDVmflkDm2+v
AD0EvbdOotnHoMtOs+D5lx7gLYjpO4ckldzReQC7cv5LSXgbdWj+ZNWmJTu4BJCZ
jKOcFrV4EzlgmxyOJGlyoNJK1YAb2u18xH/ncFUYYMkrR2KxsQXvYD197a5LYB+3
uTe5byntXP877DZ55R5+PtTJEnmma8MWY7NMRw==
=GSrn
-----END PGP MESSAGE-----

When base64 decode this, it starts with "\x84\x8c\x03~R\xfd\xeb\xe9\xc0=\x1e" which is basically 2 bytes (I still have to find out it's meaning, probably it contains the encAlgorithm), version=3, and the fingerprint 0x7E52FDEBE9C03D1E of the used public key in big-endian unsigned long long format. I guess the rest of the message is the encrypted data?

Thanks for helping!
Florian
(Now I continue reading https://tools.ietf.org/html/rfc4880)...

Am 19.10.2018 um 16:56 schrieb Florian Best:
Hi folks!

As I found no clear information on my problem, neither in the API docs nor in the source code itself, I have to ask here:

I don't understand the argument "key" of BcPublicKeyDataDecryptorFactory.createDataDecryptor()
https://www.bouncycastle.org/docs/pgdocs1.5on/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.html#createDataDecryptor-boolean-int-byte:A-

public PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket,
                                            int encAlgorithm,
                                            byte[] key)

key - the bytes of the key for the cipher.

Is "key" the public key, private key, fingerprint or key-id or even something else?
I tried all the combinations but cannot decrypt a message.

I hope someone can help me there!

Best regards
Florian

Reply | Threaded
Open this post in threaded view
|

Re: "key" argument of BcPublicKeyDataDecryptorFactory.createDataDecryptor()

Eckenfels. Bernd
In reply to this post by Florian Best

You can run it through gpg –list-packets:

 

# off=0 ctb=84 tag=1 hlen=2 plen=140

:pubkey enc packet: version 3, algo 1, keyid 7E52FDEBE9C03D1E

        data: [1024 bits]

# off=142 ctb=85 tag=1 hlen=3 plen=270

:pubkey enc packet: version 3, algo 16, keyid 5B5BDB29D25832BA

        data: [1023 bits]

        data: [1022 bits]

# off=415 ctb=c9 tag=9 hlen=2 plen=43 new-ctb

:encrypted data packet:

        length: 43

 

The encrypted data is encrypted with a session key and that key is encrypted with a RSA and an ELG key. This would be the actual key you need to give to PGPDataDecryptor, however you don’t do that normally* yourself, instead you would normally set the Factory for it on one of the  PublicKeyEnctrypted Data packets you have actually the key for. See for example https://github.com/bcgit/bc-java/blob/master/pg/src/main/java/org/bouncycastle/openpgp/examples/KeyBasedFileProcessor.java#L122

 

Gruss

Bernd

 

* reasons could be if you remember the key for some reason

 

 

 

Von: Florian Best <[hidden email]>
Gesendet: Freitag, 19. Oktober 2018 17:19
An: [hidden email]
Betreff: Re: [dev-crypto] "key" argument of BcPublicKeyDataDecryptorFactory.createDataDecryptor()

 

Oh, P.S.:

What I so far reverse engineerd is that depending on the encAlgorithm, the key needs to be e.g. 16 bytes long.
A fingerprint is usually 16 bytes long when represented in hex.

I would expect that the required arguments for createDataFactory() are encoded in a PGP message and there is a method in BC which creates the values automatically.

e.g. I have the following message:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hIwDflL96+nAPR4BBACE01frfm8pAS8zHRCx4uwNfw73d8kga3SJcQXy0xgSLer1
17uE1ReliasREtaIFJY6GuJo5v9F5xippE0sifTDZDZOKwxua1Qbricfsi+fJfCB
w3u7X/CfRp7W5H3Yikfr9jAPuq4wIBuQsWb60rdpjulRcuSFbnLgcy/t9xachIUB
DgNbW9sp0lgyuhAD/1Z/sIt8AGUW4LjVdx4bGSldW0RNCDmKRGQ+x4835oMhilma
h3VbM2dMJlW4OQCejjI1MMFzGtFp2hQnXwc2DJe6TpIfLpnOsVUNSQ707AvMBB27
e1FzDSWPa3j2Y3dzBFCAVvJaQchvdZzxM9kXyvXkSlXEBU5G6XG94tvsYEMeA/4j
uyiTHJKQXn8DFCkjsbgMs6U5/z3ZglkrCLZlo2yl9dTpM3zBR+Y4eDVmflkDm2+v
AD0EvbdOotnHoMtOs+D5lx7gLYjpO4ckldzReQC7cv5LSXgbdWj+ZNWmJTu4BJCZ
jKOcFrV4EzlgmxyOJGlyoNJK1YAb2u18xH/ncFUYYMkrR2KxsQXvYD197a5LYB+3
uTe5byntXP877DZ55R5+PtTJEnmma8MWY7NMRw==
=GSrn
-----END PGP MESSAGE-----

When base64 decode this, it starts with "\x84\x8c\x03~R\xfd\xeb\xe9\xc0=\x1e" which is basically 2 bytes (I still have to find out it's meaning, probably it contains the encAlgorithm), version=3, and the fingerprint 0x7E52FDEBE9C03D1E of the used public key in big-endian unsigned long long format. I guess the rest of the message is the encrypted data?

Thanks for helping!
Florian
(Now I continue reading https://tools.ietf.org/html/rfc4880)...

Am 19.10.2018 um 16:56 schrieb Florian Best:

Hi folks!

As I found no clear information on my problem, neither in the API docs nor in the source code itself, I have to ask here:

I don't understand the argument "key" of BcPublicKeyDataDecryptorFactory.createDataDecryptor()
https://www.bouncycastle.org/docs/pgdocs1.5on/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.html#createDataDecryptor-boolean-int-byte:A-

public PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket,
                                            int encAlgorithm,
                                            byte[] key)
 
key - the bytes of the key for the cipher.
 

Is "key" the public key, private key, fingerprint or key-id or even something else?
I tried all the combinations but cannot decrypt a message.

I hope someone can help me there!

Best regards
Florian

 






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0 Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de Registergericht/Commercial Register:
e-mail: [hidden email] HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.

Reply | Threaded
Open this post in threaded view
|

Re: "key" argument of BcPublicKeyDataDecryptorFactory.createDataDecryptor()

Florian Best
Thank you Bernd!
I still don't understand it fully but at least I solved my problem :-)

Am 19.10.2018 um 17:38 schrieb Eckenfels. Bernd:

You can run it through gpg –list-packets:

 

# off=0 ctb=84 tag=1 hlen=2 plen=140

:pubkey enc packet: version 3, algo 1, keyid 7E52FDEBE9C03D1E

        data: [1024 bits]

# off=142 ctb=85 tag=1 hlen=3 plen=270

:pubkey enc packet: version 3, algo 16, keyid 5B5BDB29D25832BA

        data: [1023 bits]

        data: [1022 bits]

# off=415 ctb=c9 tag=9 hlen=2 plen=43 new-ctb

:encrypted data packet:

        length: 43

 

The encrypted data is encrypted with a session key and that key is encrypted with a RSA and an ELG key. This would be the actual key you need to give to PGPDataDecryptor, however you don’t do that normally* yourself, instead you would normally set the Factory for it on one of the  PublicKeyEnctrypted Data packets you have actually the key for. See for example https://github.com/bcgit/bc-java/blob/master/pg/src/main/java/org/bouncycastle/openpgp/examples/KeyBasedFileProcessor.java#L122

 

Gruss

Bernd

 

* reasons could be if you remember the key for some reason

 

 

 

Von: Florian Best [hidden email]
Gesendet: Freitag, 19. Oktober 2018 17:19
An: [hidden email]
Betreff: Re: [dev-crypto] "key" argument of BcPublicKeyDataDecryptorFactory.createDataDecryptor()

 

Oh, P.S.:

What I so far reverse engineerd is that depending on the encAlgorithm, the key needs to be e.g. 16 bytes long.
A fingerprint is usually 16 bytes long when represented in hex.

I would expect that the required arguments for createDataFactory() are encoded in a PGP message and there is a method in BC which creates the values automatically.

e.g. I have the following message:
XXX

When base64 decode this, it starts with "\x84\x8c\x03~R\xfd\xeb\xe9\xc0=\x1e" which is basically 2 bytes (I still have to find out it's meaning, probably it contains the encAlgorithm), version=3, and the fingerprint 0x7E52FDEBE9C03D1E of the used public key in big-endian unsigned long long format. I guess the rest of the message is the encrypted data?

Thanks for helping!
Florian
(Now I continue reading https://tools.ietf.org/html/rfc4880)...

Am 19.10.2018 um 16:56 schrieb Florian Best:

Hi folks!

As I found no clear information on my problem, neither in the API docs nor in the source code itself, I have to ask here:

I don't understand the argument "key" of BcPublicKeyDataDecryptorFactory.createDataDecryptor()
https://www.bouncycastle.org/docs/pgdocs1.5on/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.html#createDataDecryptor-boolean-int-byte:A-

public PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket,
                                            int encAlgorithm,
                                            byte[] key)
 
key - the bytes of the key for the cipher.
 

Is "key" the public key, private key, fingerprint or key-id or even something else?
I tried all the combinations but cannot decrypt a message.

I hope someone can help me there!

Best regards
Florian

 






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten
Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0
Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222

Internet: http://www.seeburger.de
Registergericht/Commercial Register:
e-mail: [hidden email]
HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.