Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt and Sign is hitting an error #14

Closed
RufusCocoa opened this issue Dec 19, 2018 · 6 comments
Closed

Encrypt and Sign is hitting an error #14

RufusCocoa opened this issue Dec 19, 2018 · 6 comments

Comments

@RufusCocoa
Copy link

When using "EncryptyStreamAndSign" or "EncryptFileAndSign" in Azure Functions I am hitting an error,
[Error] Executed 'Functions.HttpTrigger1' (Failed, Id=6486b525-e10f-4571-b721-85ef66ffecc8)
Org.BouncyCastle.Bcpg.OpenPgp.PgpPublicKeyRing found where PgpSecretKeyRing expected
I don't know how to fix this?
As far as I can tell I am using BouncyCastle version 1.8.2
@mattosaurus
Copy link
Owner

Hi, from the error it sounds like you might be trying to use the public key to sign rather than the private key. If you can provide your code I'll have a look in more detail.

@RufusCocoa
Copy link
Author

RufusCocoa commented Dec 19, 2018
edited

Hi, I'm pretty sure that isn't the case (for the sake of redundancy I tried swapping the private and public keys and the PgpPublicKeyRing and PgpSecretKeyRing sections of the error message flipped).

My code is below, the public key here and private key here bits are temporary / testing keys copied and pasted in. I also tried updating bouncycastle to 1.8.3 (same error) and rolling back bouncycastle to version 1.8.1.3 and pgpcore to 1.1.1 (same error). Note that the EncryptStream function works just fine.

All I could find that was related to this issue was this link to a bc-csharp repo:
bcgit/bc-csharp#143
But I am new to c# and Azure Functions and I don't know how to implement the fix mentioned.

Code:

#r "Newtonsoft.Json"
using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json;
using System;
using System.IO;
using System.Text;
using PgpCore;
public static async Task<IActionResult> Run(HttpRequest req, ILogger log)
{
    byte[] i2pubByteArray = Encoding.ASCII.GetBytes(@"publickey here");
    byte[] i1privByteArray = Encoding.ASCII.GetBytes(@"privatekey here");

    MemoryStream i2pubStream = new MemoryStream( i2pubByteArray );
    MemoryStream i1privStream = new MemoryStream( i1privByteArray );
    MemoryStream outputFileStream = new MemoryStream();
    string passPhrase = "pass";
    using (PGP pgp = new PGP())
    {
   pgp.EncryptStreamAndSign(req.Body,outputFileStream,i2pubStream,i1privStream,passPhrase,true,true);
    }
    outputFileStream.Seek(0, SeekOrigin.Begin);
    return 5 != null
        ? (ActionResult)new OkObjectResult(outputFileStream)
        : new BadRequestObjectResult("Please pass a name on the query string or in the request body");
}

here is the EncryptStream line that works fine (in place of the EncryptStreamAndSign line):
pgp.EncryptStream(req.Body,outputFileStream,i2pubStream,true,true);

@RufusCocoa
Copy link
Author

RufusCocoa commented Dec 20, 2018
edited

Bit strange but I also just attempted to decrypt a message that had been encrypted with EncryptStream and copying that output to the input and running it with DecryptStream and I got a similar error:
[Error] Executed 'Functions.HttpTrigger1' (Failed, Id=4a2f0c8d-df9b-4637-ae50-558faf861cca)
Org.BouncyCastle.Bcpg.OpenPgp.PgpPublicKeyRing found where PgpSecretKeyRing expected

Code line for the encrypt stream:
pgp.EncryptStream(req.Body,outputFileStream,i2pubStream,true,true);
Code Line for the decrypt stream:
pgp.DecryptStream(req.Body,outputFileStream,i2privStream,passPhrase);

@mattosaurus
Copy link
Owner

Your code works for me, the only difference is that I'm encrypting a static string rather than from the function request body. I'm using v1.3.1 of PgpCore and v1.8.2 of BouncyCastle.NetCore.

` private const string PublicKey = @"-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v

mIsEXAUKxwEEANGxXfDrnEpwNzBJcXQLiYm4jYdterwhu8Sb2dzgS5LZVzPVTR6h
UEokaqMkJ6UmznNe9ebeKsoabDsajoNYRb7O5mZXErF2hoeouXcgkZvQ5rzVCo8F
dUyaoTovpprTd8pH0WIxI+D3cQU6XsLzvZTApl2dPzj0uDBsOXMAhLctAAUTtA9l
bWFpbEBlbWFpbC5jb22InAQQAQIABgUCXAUKxwAKCRBzSLqd36HqjIyVA/kB4e0D
6jeIcFWLzoIWRd8vkjB37cOAQn5eReC7lpokIo9GjgWye2MIs4nlIlIafHMwjrmd
j/tX6svTHYH48YVpkxSF7L3R341BkyDzgO7oQQu4ZQHhMobej0M2GsMAQ+Vt1NXK
L3Vp8+jz8uFVg4cXaM4YfEpagzcf6XO1Op07LQ==
=hezx
-----END PGP PUBLIC KEY BLOCK-----";

    private const string PrivateKey = @"-----BEGIN PGP PRIVATE KEY BLOCK-----

Version: BCPG C# v

lQHqBFwFCscBBADRsV3w65xKcDcwSXF0C4mJuI2HbXq8IbvEm9nc4EuS2Vcz1U0e
oVBKJGqjJCelJs5zXvXm3irKGmw7Go6DWEW+zuZmVxKxdoaHqLl3IJGb0Oa81QqP
BXVMmqE6L6aa03fKR9FiMSPg93EFOl7C872UwKZdnT849LgwbDlzAIS3LQAFE/8C
AwLzSZV+JhEUD2AoZSP4rKdymdgvqT6ZWqKXfzyPgFngCBZFs6g7I1jBSGK9zVl/
ZjBSj2ABTuRpaBd5s0EwtVwiZ03iIc7aKX1jC1IpnwS6SAUYpMSk0KyTYaJIDaje
WSs2yoRkfll9bY3vGJNyeE57GT1lsG8LvHz+E1xT9OV+UN3+LCN4142Su05UApRh
BASveOKvPJAVsbQZVTXRdNZRDSPKdT80esw45Pu6V2VVnsJXZlvPKQFlP996lDUI
Q1Mh1abADGE8iKoVVBIxaB/hXjQHGZ3gUNiJSCnnUMqHGm3DXaBKHY+TvfWJM6HS
izjTHt41ZvkfM6htLQZJECw0fcQbGNepkYX7esSOMfRGzpbW3N+CPBvspdJITiRc
4nzx9/2cjG01FH4kBfQKBacxfsSK+SN5BJYors6LecyAzzIfflh0nQgJBQ11mSM2
2B4BG60sf4oDeDEpa7QPZW1haWxAZW1haWwuY29tiJwEEAECAAYFAlwFCscACgkQ
c0i6nd+h6oyMlQP5AeHtA+o3iHBVi86CFkXfL5Iwd+3DgEJ+XkXgu5aaJCKPRo4F
sntjCLOJ5SJSGnxzMI65nY/7V+rL0x2B+PGFaZMUhey90d+NQZMg84Du6EELuGUB
4TKG3o9DNhrDAEPlbdTVyi91afPo8/LhVYOHF2jOGHxKWoM3H+lztTqdOy0=
=6D5x
-----END PGP PRIVATE KEY BLOCK-----";

	byte[] i2pubByteArray = Encoding.ASCII.GetBytes(PublicKey);
	byte[] i1privByteArray = Encoding.ASCII.GetBytes(PrivateKey);
	MemoryStream i2pubStream = new MemoryStream(i2pubByteArray);
	MemoryStream i1privStream = new MemoryStream(i1privByteArray);
	MemoryStream outputFileStream = new MemoryStream();
	string passPhrase = "password";
	using (PGP pgp = new PGP())
	{
		pgp.EncryptStreamAndSign(new MemoryStream(System.Text.Encoding.UTF8.GetBytes("Streaming signed test message")), outputFileStream, i2pubStream, i1privStream, passPhrase, true, true);
		outputFileStream.Seek(0, SeekOrigin.Begin);
		StreamReader encryptedReader = new StreamReader(outputFileStream);
		string encryptedText = encryptedReader.ReadToEnd();
		Console.WriteLine(encryptedText);
	}`

It's possible that your keys are incorrect, does your code run with the test keys in the code above? It could also be a bug in v1.1.1 so I'd recommend updating to v1.3.1 and trying again.

@RufusCocoa
Copy link
Author

RufusCocoa commented Dec 20, 2018
edited

That seems to work. I spun up a new Azure Function with a new storage system behind it and made sure to specify version 1.8.2 of BouncyCastle.NetCore before getting PgpCore 1.3.1 with nuget and it works perfectly... Then I tried with 2048 keys (I noticed that you used the same key pair instead of a different public key to private key) and it worked too. I'm wondering if it was Azure Functions doing something weird.

On another note is there functionality to verify signed files / text? I could only find one decrypt stream and one decrypt file function which each call the same decrypt function.

@mattosaurus
Copy link
Owner

Glad to hear it's working for you now. There's not a specific method for verifying a signed file so feel free to submit a pull request with one if you want, if not I'll try and add one when I get a chance.

@mattosaurus mattosaurus mentioned this issue Dec 27, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RufusCocoa @mattosaurus