Discussion:
Exctract PgpPublicKey object from signed public key.
Alexander Voronin
2013-04-18 20:21:16 UTC
Permalink
Hi! Unfortunately wiki is down and I did not found anything related in
internet. I have following issue.
I have GnuPG signed public key that contains signed public key:

***@ubuntu:~# gpg --import < pkey.asc
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 771E0A0E: public key "User (User) <user-9IKiO1iGCm/QT0dZR+***@public.gmane.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
***@ubuntu:~#


***@ubuntu:~# gpg --encrypt -r User
gpg: 91A942AE: There is no assurance this key belongs to the named user

pub 4096g/91A942AE 2010-10-29 User (User) <user-9IKiO1iGCm/QT0dZR+***@public.gmane.org>
Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E 0A0E
Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9 42AE
....

And so on. So key is correct and usable. To extract PgpPublicKey object
from key I'm using following method:

public static PgpPublicKey PublicKeyFromString(string keyString) {
using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
PgpPublicKeyRingBundle pgpPub = new PgpPublicKeyRingBundle(inputStream);
foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
if (pKey.IsEncryptionKey) {
return pKey;
}
}
}
}
}
// not found
throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
}

The problem I see - kRing.GetPublicKeys() returns two elements - one of
them public key itself and second one is key sign. But public key returned
with attribute IsEncryptionKey set to false, and sign returned with
IsEncryptionKey set to true. I can't use this PgpPublicKey object for
encryption, and of course can't use sign for this puprose.
kRing.GetPublicKey() also returns public key with IsEncryptionKey set to
false.

When I got public key using this method it looks usable (untill I'm trying
to encrypt anything) and I can even save them in armored format. But after
this GnuPG import says:

***@ubuntu:~# gpg --import < pkey-extracted.asc
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 771E0A0E: public key "User (User) <user-9IKiO1iGCm/QT0dZR+***@public.gmane.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
***@ubuntu:~# gpg --encrypt -r User
gpg: Darkterror: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
***@ubuntu:~#

Is is bug or I missunderstood something? What is correct way to extract
signed public key form keyring?
Thanks in advance!
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
Alexander Voronin
2013-04-22 18:48:32 UTC
Permalink
Could anyone comment this? I found unresolved bug
http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this issue?
Post by Alexander Voronin
Hi! Unfortunately wiki is down and I did not found anything related in
internet. I have following issue.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: 91A942AE: There is no assurance this key belongs to the named user
Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E 0A0E
Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9 42AE
....
And so on. So key is correct and usable. To extract PgpPublicKey object
public static PgpPublicKey PublicKeyFromString(string keyString) {
using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
PgpPublicKeyRingBundle pgpPub = new PgpPublicKeyRingBundle(inputStream);
foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
if (pKey.IsEncryptionKey) {
return pKey;
}
}
}
}
}
// not found
throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
}
The problem I see - kRing.GetPublicKeys() returns two elements - one of
them public key itself and second one is key sign. But public key returned
with attribute IsEncryptionKey set to false, and sign returned with
IsEncryptionKey set to true. I can't use this PgpPublicKey object for
encryption, and of course can't use sign for this puprose.
kRing.GetPublicKey() also returns public key with IsEncryptionKey set to
false.
When I got public key using this method it looks usable (untill I'm trying
to encrypt anything) and I can even save them in armored format. But after
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: Darkterror: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
Is is bug or I missunderstood something? What is correct way to extract
signed public key form keyring?
Thanks in advance!
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
Christoph Hannebauer
2013-04-23 05:59:42 UTC
Permalink
Hi Alexander,

I reported the bug you referred to. Indeed, I observed the same
behaviour as you did when I imported the PGP keys with GnuPG, but it
only affects secret keys IIRC. Anyway, I have some code snippets that
may help you with your issue. However, I haven't had the time to search
for those, because I have been quite busy.

Maybe you can use the tool pgpdump to find out more about the original
and exported keys?

Also, I believe that the patch I had provided with the bug report has
some disadvantages that I found out about later. Maybe the KeyID changed
in the process of lifting the PGP version from 3 to 4 or something like
that. I will have a look at this and write another email when I have a
little more time (in 10 hours I hope).


Best,

Christoph
Post by Alexander Voronin
Could anyone comment this? I found unresolved bug
http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this issue?
Hi! Unfortunately wiki is down and I did not found anything
related in internet. I have following issue.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: 91A942AE: There is no assurance this key belongs to the named user
Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E 0A0E
Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9 42AE
....
And so on. So key is correct and usable. To extract PgpPublicKey
public static PgpPublicKey PublicKeyFromString(string keyString) {
using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
PgpPublicKeyRingBundle pgpPub = new
PgpPublicKeyRingBundle(inputStream);
foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
if (pKey.IsEncryptionKey) {
return pKey;
}
}
}
}
}
// not found
throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
}
The problem I see - kRing.GetPublicKeys() returns two elements -
one of them public key itself and second one is key sign. But
public key returned with attribute IsEncryptionKey set to false,
and sign returned with IsEncryptionKey set to true. I can't use
this PgpPublicKey object for encryption, and of course can't use
sign for this puprose. kRing.GetPublicKey() also returns public
key with IsEncryptionKey set to false.
When I got public key using this method it looks usable (untill
I'm trying to encrypt anything) and I can even save them in
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: Darkterror: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
Is is bug or I missunderstood something? What is correct way to
extract signed public key form keyring?
Thanks in advance!
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
Christoph Hannebauer
2013-04-24 06:58:50 UTC
Permalink
Hi Alexander,

now I had the time to look at your issue again, although I realized now
that I do not really understand your problem. Let me try to summarize
what I have understood or at least believe to have understood:

- You have a public PGP key. The key has a self-signature and maybe
signatures from other PGP keys. The PGP key has a primary key and a subkey.
- You want to extract the subkey, but you want to keep all signatures.

If this is correct, then this is not possible -- neither with Bouncy
Castle nor with other PGP libraries, since the PGP format does not allow
this except for some special cases. The primary key must be a signature
key and the subkeys are usually encryption keys that do not allow
signatures. The primary key signs itself and the subkeys to show that
these belong to the primary key. The primary key also signs the user
IDs. Other keys usually sign only the user IDs.

You should not export the subkey without the primary key, as the subkey
cannot sign anything. Especially the self-signature is not possible and
signatures of user IDs are also not possible.

I hope that this clarified how to use primary keys and subkeys in PGP.
If I have misunderstood your problem, maybe you can explain what you
want to achieve eventually.

As I have already written, the command line tool pgpdump helps to
analyze the packets of a PGP key (or other PGP data). There is even a
web interface at www.pgpdump.net, so you do not have to acquire a
command line version if it is difficult to find or compile for your
operating system.


Best,

Christoph
Post by Christoph Hannebauer
Hi Alexander,
I reported the bug you referred to. Indeed, I observed the same
behaviour as you did when I imported the PGP keys with GnuPG, but it
only affects secret keys IIRC. Anyway, I have some code snippets that
may help you with your issue. However, I haven't had the time to
search for those, because I have been quite busy.
Maybe you can use the tool pgpdump to find out more about the original
and exported keys?
Also, I believe that the patch I had provided with the bug report has
some disadvantages that I found out about later. Maybe the KeyID
changed in the process of lifting the PGP version from 3 to 4 or
something like that. I will have a look at this and write another
email when I have a little more time (in 10 hours I hope).
Best,
Christoph
Post by Alexander Voronin
Could anyone comment this? I found unresolved bug
http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this issue?
Hi! Unfortunately wiki is down and I did not found anything
related in internet. I have following issue.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: 91A942AE: There is no assurance this key belongs to the named user
Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E 0A0E
Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9 42AE
....
And so on. So key is correct and usable. To extract PgpPublicKey
public static PgpPublicKey PublicKeyFromString(string keyString) {
using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
PgpPublicKeyRingBundle pgpPub = new
PgpPublicKeyRingBundle(inputStream);
foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
if (pKey.IsEncryptionKey) {
return pKey;
}
}
}
}
}
// not found
throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
}
The problem I see - kRing.GetPublicKeys() returns two elements -
one of them public key itself and second one is key sign. But
public key returned with attribute IsEncryptionKey set to false,
and sign returned with IsEncryptionKey set to true. I can't use
this PgpPublicKey object for encryption, and of course can't use
sign for this puprose. kRing.GetPublicKey() also returns public
key with IsEncryptionKey set to false.
When I got public key using this method it looks usable (untill
I'm trying to encrypt anything) and I can even save them in
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: Darkterror: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
Is is bug or I missunderstood something? What is correct way to
extract signed public key form keyring?
Thanks in advance!
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
Alexander Voronin
2013-04-24 07:40:43 UTC
Permalink
Hi! Thanks for answering.

Actual problem is that I can't use this public key for encryption with
Bouncy castle library. After public key extraction with code provided in
initial message and encryption attempt I'm getting exception
"[System.ArgumentException] = {"passed in key not an encryption key!"}".
How can I use PgpPublicKeyRing for encryption? PgpEncryptedDataGenerator
allows only AddMethod(PgpPublicKey key) so I can't use whole PgpPublicKeyRing
for encryption. Is there any other method? I used key export for test
purposes only, but my main goal is encryption.

Here is problematic key dump I got using pgpdump.net perhaps this will help?
PGPdump Results

Old: Public Key Packet(tag 6)(418 bytes) Ver 4 - new Public key creation
time - Fri Oct 29 12:38:31 UTC 2010 Pub alg - DSA Digital Signature
Algorithm(pub 17) DSA p(1024 bits) - ... DSA q(160 bits) - ... DSA g(1024
bits) - ... DSA y(1020 bits) - ... Old: User ID Packet(tag 13)(40 bytes)
User ID - User (User) <user-9IKiO1iGCm/QT0dZR+***@public.gmane.org> Old: Signature Packet(tag 2)(96
bytes) Ver 4 - new Sig type - Positive certification of a User ID and
Public Key packet(0x13). Pub alg - DSA Digital Signature Algorithm(pub 17)
Hash alg - SHA1(hash 2) Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Fri Oct 29 12:38:31 UTC 2010 Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys Flag - This key may be
used to sign data Hashed Sub: preferred symmetric algorithms(sub 11)(5
bytes) Sym alg - AES with 256-bit key(sym 9) Sym alg - AES with 192-bit
key(sym 8) Sym alg - AES with 128-bit key(sym 7) Sym alg - CAST5(sym 3) Sym
alg - Triple-DES(sym 2) Hashed Sub: preferred hash algorithms(sub 21)(3
bytes) Hash alg - SHA1(hash 2) Hash alg - SHA256(hash 8) Hash alg -
RIPEMD160(hash 3) Hashed Sub: preferred compression algorithms(sub 22)(3
bytes) Comp alg - ZLIB <RFC1950>(comp 2) Comp alg - BZip2(comp 3) Comp alg
- ZIP <RFC1951>(comp 1) Hashed Sub: features(sub 30)(1 bytes) Flag -
Modification detection (packets 18 and 19) Hashed Sub: key server
preferences(sub 23)(1 bytes) Flag - No-modify Sub: issuer key ID(sub 16)(8
bytes) Key ID - 0xCCD017AF771E0A0E Hash left 2 bytes - ae 2d DSA r(160
bits) - ... DSA s(159 bits) - ... -> hash(DSA q bits) Old: Public Subkey
Packet(tag 14)(1037 bytes) Ver 4 - new Public key creation time - Fri Oct
29 12:38:31 UTC 2010 Pub alg - ElGamal Encrypt-Only(pub 16) ElGamal p(4096
bits) - ... ElGamal g(3 bits) - ... ElGamal y(4096 bits) - ... Old:
Signature Packet(tag 2)(73 bytes) Ver 4 - new Sig type - Subkey Binding
Signature(0x18). Pub alg - DSA Digital Signature Algorithm(pub 17) Hash alg
- SHA1(hash 2) Hashed Sub: signature creation time(sub 2)(4 bytes) Time -
Fri Oct 29 12:38:31 UTC 2010 Hashed Sub: key flags(sub 27)(1 bytes) Flag -
This key may be used to encrypt communications Flag - This key may be used
to encrypt storage Sub: issuer key ID(sub 16)(8 bytes) Key ID -
0xCCD017AF771E0A0E Hash left 2 bytes - b1 20 DSA r(159 bits) - ... DSA
s(160 bits) - ... -> hash(DSA q bits)
Post by Christoph Hannebauer
Hi Alexander,
now I had the time to look at your issue again, although I realized now
that I do not really understand your problem. Let me try to summarize what
- You have a public PGP key. The key has a self-signature and maybe
signatures from other PGP keys. The PGP key has a primary key and a subkey.
- You want to extract the subkey, but you want to keep all signatures.
If this is correct, then this is not possible -- neither with Bouncy
Castle nor with other PGP libraries, since the PGP format does not allow
this except for some special cases. The primary key must be a signature key
and the subkeys are usually encryption keys that do not allow signatures.
The primary key signs itself and the subkeys to show that these belong to
the primary key. The primary key also signs the user IDs. Other keys
usually sign only the user IDs.
You should not export the subkey without the primary key, as the subkey
cannot sign anything. Especially the self-signature is not possible and
signatures of user IDs are also not possible.
I hope that this clarified how to use primary keys and subkeys in PGP. If
I have misunderstood your problem, maybe you can explain what you want to
achieve eventually.
As I have already written, the command line tool pgpdump helps to analyze
the packets of a PGP key (or other PGP data). There is even a web interface
at www.pgpdump.net, so you do not have to acquire a command line version
if it is difficult to find or compile for your operating system.
Best,
Christoph
Hi Alexander,
I reported the bug you referred to. Indeed, I observed the same behaviour
as you did when I imported the PGP keys with GnuPG, but it only affects
secret keys IIRC. Anyway, I have some code snippets that may help you with
your issue. However, I haven't had the time to search for those, because I
have been quite busy.
Maybe you can use the tool pgpdump to find out more about the original and
exported keys?
Also, I believe that the patch I had provided with the bug report has some
disadvantages that I found out about later. Maybe the KeyID changed in the
process of lifting the PGP version from 3 to 4 or something like that. I
will have a look at this and write another email when I have a little more
time (in 10 hours I hope).
Best,
Christoph
Could anyone comment this? I found unresolved bug
http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this issue?
Post by Alexander Voronin
Hi! Unfortunately wiki is down and I did not found anything related in
internet. I have following issue.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: 91A942AE: There is no assurance this key belongs to the named user
Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E 0A0E
Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9 42AE
....
And so on. So key is correct and usable. To extract PgpPublicKey object
public static PgpPublicKey PublicKeyFromString(string keyString) {
using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
PgpPublicKeyRingBundle pgpPub = new PgpPublicKeyRingBundle(inputStream);
foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
if (pKey.IsEncryptionKey) {
return pKey;
}
}
}
}
}
// not found
throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
}
The problem I see - kRing.GetPublicKeys() returns two elements - one of
them public key itself and second one is key sign. But public key returned
with attribute IsEncryptionKey set to false, and sign returned with
IsEncryptionKey set to true. I can't use this PgpPublicKey object for
encryption, and of course can't use sign for this puprose.
kRing.GetPublicKey() also returns public key with IsEncryptionKey set to
false.
When I got public key using this method it looks usable (untill I'm
trying to encrypt anything) and I can even save them in armored format. But
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: Darkterror: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
Is is bug or I missunderstood something? What is correct way to extract
signed public key form keyring?
Thanks in advance!
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
Alexander Voronin
2013-04-24 13:40:04 UTC
Permalink
Hi, list!

Christoph gave me good explanation of what could be wrong with my code so
I've found logical error and issue is closed for now. I guess there is one
important note about PgpPublicKeyRing.GetPublicKey() method. GetPublicKey()
returns the primary key. In case of an RSA key, this may be used for
encryption. In case of a DSA/ElGamal key pair, it may only be used for
signing, but not for encryption. In all cases, the key can be used for
signing.

Thanks!
Post by Christoph Hannebauer
Hi Alexander,
now I had the time to look at your issue again, although I realized now
that I do not really understand your problem. Let me try to summarize what
- You have a public PGP key. The key has a self-signature and maybe
signatures from other PGP keys. The PGP key has a primary key and a subkey.
- You want to extract the subkey, but you want to keep all signatures.
If this is correct, then this is not possible -- neither with Bouncy
Castle nor with other PGP libraries, since the PGP format does not allow
this except for some special cases. The primary key must be a signature key
and the subkeys are usually encryption keys that do not allow signatures.
The primary key signs itself and the subkeys to show that these belong to
the primary key. The primary key also signs the user IDs. Other keys
usually sign only the user IDs.
You should not export the subkey without the primary key, as the subkey
cannot sign anything. Especially the self-signature is not possible and
signatures of user IDs are also not possible.
I hope that this clarified how to use primary keys and subkeys in PGP. If
I have misunderstood your problem, maybe you can explain what you want to
achieve eventually.
As I have already written, the command line tool pgpdump helps to analyze
the packets of a PGP key (or other PGP data). There is even a web interface
at www.pgpdump.net, so you do not have to acquire a command line version
if it is difficult to find or compile for your operating system.
Best,
Christoph
Hi Alexander,
I reported the bug you referred to. Indeed, I observed the same behaviour
as you did when I imported the PGP keys with GnuPG, but it only affects
secret keys IIRC. Anyway, I have some code snippets that may help you with
your issue. However, I haven't had the time to search for those, because I
have been quite busy.
Maybe you can use the tool pgpdump to find out more about the original and
exported keys?
Also, I believe that the patch I had provided with the bug report has some
disadvantages that I found out about later. Maybe the KeyID changed in the
process of lifting the PGP version from 3 to 4 or something like that. I
will have a look at this and write another email when I have a little more
time (in 10 hours I hope).
Best,
Christoph
Could anyone comment this? I found unresolved bug
http://www.bouncycastle.org/jira/browse/BMA-98 could it lead to this issue?
Post by Alexander Voronin
Hi! Unfortunately wiki is down and I did not found anything related in
internet. I have following issue.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: 91A942AE: There is no assurance this key belongs to the named user
Primary key fingerprint: BB08 D13A 1AEB 2F23 1767 D912 CCD0 17AF 771E 0A0E
Subkey fingerprint: E87A 27D3 A3D8 6489 70D8 2D19 2C65 0745 91A9 42AE
....
And so on. So key is correct and usable. To extract PgpPublicKey object
public static PgpPublicKey PublicKeyFromString(string keyString) {
using (Stream mStream = new MemoryStream(StringToBytes(keyString))) {
using (Stream inputStream = PgpUtilities.GetDecoderStream(mStream)) {
PgpPublicKeyRingBundle pgpPub = new PgpPublicKeyRingBundle(inputStream);
foreach (PgpPublicKeyRing kRing in pgpPub.GetKeyRings()) {
foreach (PgpPublicKey pKey in kRing.GetPublicKeys()) {
if (pKey.IsEncryptionKey) {
return pKey;
}
}
}
}
}
// not found
throw new ArgumentException(SJ.Resources.ErrorPGPNoKeysInKeyRing);
}
The problem I see - kRing.GetPublicKeys() returns two elements - one of
them public key itself and second one is key sign. But public key returned
with attribute IsEncryptionKey set to false, and sign returned with
IsEncryptionKey set to true. I can't use this PgpPublicKey object for
encryption, and of course can't use sign for this puprose.
kRing.GetPublicKey() also returns public key with IsEncryptionKey set to
false.
When I got public key using this method it looks usable (untill I'm
trying to encrypt anything) and I can even save them in armored format. But
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
gpg: Darkterror: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
Is is bug or I missunderstood something? What is correct way to extract
signed public key form keyring?
Thanks in advance!
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
--
кПгЎа я ПпустОлся Ма саЌПе ЎМП, сМОзу ЌМе пПстучалО..
Christoph Hannebauer
2013-04-24 08:56:34 UTC
Permalink
Hello Alexander,

the PGP key looks good. As you have already tried it with GnuPG, it
seems to be a valid key. I thought you might throw the exported key into
pgpdump, but since you do not really want to export a key, this is
unnecessary. As I have explained, you cannot export only the subkey,
thus I am afraid the test with GnuPG will not help.

Everything else you said sounds reasonable, so I don't see why there
should be an exception. In fact, if you have a look at the source code
of AddMethod(PGPPublicKey), you see that the exception you described
occurrs only if IsEncryptionKey is false:

public void AddMethod(
PgpPublicKey key)
{
if (!key.IsEncryptionKey)
{
throw new ArgumentException("passed in key not an
encryption key!");
}

methods.Add(new PubMethod(key));
}


So does your method PublicKeyFromString return a PgpPublicKey object
with IsEncryptionKey set to false? I have tried your code on my machine
with one of my keys that seemed similar to yours (primary DSA, subkey
ElGamal) and it worked for me. The key had IsEncryptionKey set to true.


Best,

Christoph
Loading...