Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private key not found exception (PGP, ASP.NET, XSP) #120

Closed
polterguy opened this issue Mar 27, 2015 · 5 comments
Closed

Private key not found exception (PGP, ASP.NET, XSP) #120

polterguy opened this issue Mar 27, 2015 · 5 comments
Labels
bug Something isn't working

Comments

@polterguy
Copy link

Howdy, I've got this web app running on xsp web server/ubuntu, where I've implemented a GnuPGContext derived class as you show in the readme file;

public class PfGnuPGContext : GnuPGContext
{
    protected override string GetPasswordForKey (PgpSecretKey key)
    {
        return "password";
    }

    [ActiveEvent (Name = "pf.core.application-start")]
    private static void pf_core_application_start (ApplicationContext context, ActiveEventArgs e)
    {
        CryptographyContext.Register (typeof (PfGnuPGContext));
    }

    [ActiveEvent (Name = "pf.crypto.pgp.sign")]
    private static void pf_crypto_pgp_sign (ApplicationContext context, ActiveEventArgs e)
    {
        var entity = e.Args.Get<MimeEntity> (context);
        using (var ctx = new PfGnuPGContext ()) {
            var result = MultipartSigned.Create (
                ctx, 
                new MailboxAddress ("John Doe", "xxx@xxx.com"), 
                DigestAlgorithm.Sha1,
                entity);
        }
    }
}

Now the "pf_core_application_start" method above is basically called from Global.asax.cs when app starts, and I have verified it is invoked. And I am of course using a real email address, name and password, which I know I have a private key for, and certificate, which was created in Thunderbird using "Enigmail", but when invoked, on the line "MultipartSigned.Create", I get a "The private key could not be found" exception ...?

I've check, and the "ctx.SecretKeyRingPath" seems to be pointing in the right direction, I've tripple checked the email address, name and password (my password sink isn't even called btw), and I cannot figure out where I go wrong ...?

The last point in the stack trace, where the exception is raised, is "OpenPgpContext.GetSigningKey" ...

Suggestions ...?

@jstedfast
Copy link
Owner

If you could step through the OpenPgpContext.GetSigningKey() method, that would be the best.

I'm going to assume that the logic that matches the email address is working correctly (although it's possible that it's not) and that one of the other checks is more likely to be the issue.

There are 3 checks that the code does and any one of them may be wrong:

if (!key.IsSigningKey)
    continue;
var pubkey = key.PublicKey;
if (pubkey.IsRevoked ())
    continue;

and thirdly:

long seconds = pubkey.GetValidSeconds ();
if (seconds != 0) {
    var expires = pubkey.CreationTime.AddSeconds ((double) seconds);
    if (expires >= DateTime.Now)
        continue;
}

I assume that your pgp key is probably not revoked or expired, but it might be that the code is miscalculating the expiration date and so the check fails when it shouldn't.

@polterguy
Copy link
Author

Howdy,

I never got to debug that method, I did however create another key/certificate, but this time with KGpg, and it worked. I suspect that probably Enigmail is doing something wrong when creating a key/certificate. either that, or that it for some reasons wouldn't handle a xxx@gmail.com address. If you wish to test it, you can create a key/certificate with the Enigmail plugin for Thunderbird, and see if you can reproduce it locally for yourself.

BTW, I followed the "wizard" when starting Enigmail for the first time when creating my gmail.com key/certificate. It did however work when using my certificate/key for signing emails from Thunderbird ...

BTW, how do I explicitly choose an explicit key when for instance signing a message, and I don't want to use "email lookups", but rather use the exact fingerprint (for instance) ...?

I tried doing as the FAQ told me, which is to create a SecureMailboxAddress, but regardless of what I set the "name" and "email" to, it couldn't find me certificate even though I gave it the correct fingerprint ...?

@jstedfast
Copy link
Owner

Yea, it looks like I never implemented the fingerprint lookup for PGP. I'll look into doing that.

jstedfast added a commit that referenced this issue Mar 28, 2015
@jstedfast
Copy link
Owner

I had the logic backwards for checking expiration. I also added support for fingerprint lookups for PGP.

@jstedfast jstedfast added the bug Something isn't working label Mar 28, 2015
@polterguy
Copy link
Author

Great!!
You're the Champ :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants