Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot select non-default PublicKeyAlgorithmTag #285

Open
pcgitjo opened this issue Apr 11, 2024 · 2 comments
Open

Cannot select non-default PublicKeyAlgorithmTag #285

pcgitjo opened this issue Apr 11, 2024 · 2 comments

Comments

@pcgitjo
Copy link

pcgitjo commented Apr 11, 2024

I am having issues generating keys with different PublicKeyAlgorithmTag and HasAlgorithmTag. The code below produces an error (see below). If I remove the line "pgp.PublicKeyAlgorithm.." everything works but it does not seem to be using SHA256 as the Hash Algorithm and rather continuing to default to SHA1.

The following code:
BouncyCastle Version: BouncyCastle.NET Cryptography (net6.0) v2.1.1+851feee009
PgpCore Version: 6.3.1

`using (PGP pgp = new())
{

pgp.PublicKeyAlgorithm = Org.BouncyCastle.Bcpg.PublicKeyAlgorithmTag.Dsa;
pgp.GenerateKey(publicKeyFileInfo, privateKeyFileInfo, config.UserID, config.UserID, 4096, 12, true, false, 0, 0, null,
new Org.BouncyCastle.Bcpg.HashAlgorithmTag[] { Org.BouncyCastle.Bcpg.HashAlgorithmTag.Sha256 },
new Org.BouncyCastle.Bcpg.SymmetricKeyAlgorithmTag[] { Org.BouncyCastle.Bcpg.SymmetricKeyAlgorithmTag.Aes128 });
};`

produces "invalid key" from BouncyCastle.Cryptography at:

at Org.BouncyCastle.Bcpg.OpenPgp.PgpSignatureGenerator.InitSign(Int32 sigType, PgpPrivateKey privKey, SecureRandom random)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpSignatureGenerator.InitSign(Int32 sigType, PgpPrivateKey privKey)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpSecretKey.CertifiedPublicKey(Int32 certificationLevel, PgpKeyPair keyPair, String id, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpSecretKey..ctor(Int32 certificationLevel, PgpKeyPair keyPair, String id, SymmetricKeyAlgorithmTag encAlgorithm, Byte[] rawPassPhrase, Boolean clearPassPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator..ctor(Int32 certificationLevel, PgpKeyPair masterKey, String id, SymmetricKeyAlgorithmTag encAlgorithm, Byte[] rawPassPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator..ctor(Int32 certificationLevel, PgpKeyPair masterKey, String id, SymmetricKeyAlgorithmTag encAlgorithm, Boolean utf8PassPhrase, Char[] passPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator..ctor(Int32 certificationLevel, PgpKeyPair masterKey, String id, SymmetricKeyAlgorithmTag encAlgorithm, Char[] passPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at PgpCore.PGP.GenerateKey(Stream publicKeyStream, Stream privateKeyStream, String username, String password, Int32 strength, Int32 certainty, Boolean armor, Boolean emitVersion, Int64 keyExpirationInSeconds, Int64 signatureExpirationInSeconds, CompressionAlgorithmTag[] preferredCompressionAlgorithms, HashAlgorithmTag[] preferredHashAlgorithmTags, SymmetricKeyAlgorithmTag[] preferredSymetricKeyAlgorithms)
at PgpCore.PGP.GenerateKey(FileInfo publicKeyFileInfo, FileInfo privateKeyFileInfo, String username, String password, Int32 strength, Int32 certainty, Boolean armor, Boolean emitVersion, Int64 keyExpirationInSeconds, Int64 signatureExpirationInSeconds, CompressionAlgorithmTag[] preferredCompressionAlgorithms, HashAlgorithmTag[] preferredHashAlgorithmTags, SymmetricKeyAlgorithmTag[] preferredSymetricKeyAlgorithms)
at PGPCLI.Program.GenKeys(Config config) in C:\p\data\DataAndAnalytics\console\cli\pgp\Program.cs:line 165
@mattosaurus mattosaurus mentioned this issue Jun 10, 2024
Merged
@mattosaurus
Copy link
Owner

I think there's a few bugs here.

We're currently ignoring the specified public key algorithim and just defaulting to RSA.

PgpCore/PgpCore/PGP.KeySync.cs

Lines 98 to 100 in c95cf17

IAsymmetricCipherKeyPairGenerator kpg = new RsaKeyPairGenerator();
kpg.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(0x13), new SecureRandom(), strength, certainty));

We were also ignoring the passed through hash algorithim and so were defaulting to SHA1 for all key generation.

I've fixed the hash algorithim bug #292 but allowing the use of anything but RSA (DSA in your case) looks like quite a bit more work so will take me a while to figure out.

@pcgitjo
Copy link
Author

pcgitjo commented Jun 10, 2024

Thanks @mattosaurus the reason this came up was for various compliance reasons and requirements from different vendors to select specific algorithms. Additionally, I'm not sure it's part of the documentation, but your library works well with decrypting or encrypting with keys from other sources, i.e. using a GPG key generated in Linux to encrypt and decrypt files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattosaurus @pcgitjo