Decrypting Signed + Encrypted Files

[WrightLiam]

Hi, I'm sorry if this is a repeat of issue #6 but I just wanted to clarify.

Does PgpCore have the ability to decrypt signed files? In issue #6 it specifies that it cannot decrypt files that were created from the EncryptFileandSign method, but does that extend to any files that are encrypted and signed period?

In your read me file you provide an example of decrypting a signed file but it doesn't show where it would acquire reference to the public key so I figured it couldn't hurt to ask.

Thanks in advance for your insight.

[mattosaurus]

Hi, it can decrypt signed and encrypted files but currently it will only decrypt the file to its signed state, it will not verify the signature on the file using the public key or output the plain text content of the signed message. #6 was in relation to not being able to decrypt the encrypted message to it's signed state.

Decrypting and verifying files is something that I've meant to add in but haven't got around to yet. Feel free to submit a PR if you like or I'll add it in when I get a chance.

[mattosaurus]

Actually, I've just added this in now though I haven't tested the code yet, will hopefully be able to push this live soon.

[WrightLiam]

Hi,

I figured I might be able to help on the testing front of things. This could be my specific use-case (The public key I'm using is formatted as dsa1024) but I seem to lose it while it's adding to the public key ring.

Specifically in Utilities in ReadPublicKey(Stream inputStream) when it's going through the List keys = kRing.GetPublicKeys()
.Cast()
.Where(k => k.IsEncryptionKey).ToList();

It loses the 1 key that it had in the kRing object.

[mattosaurus]

I've added in a Verify method (as well as some better tests) in #24 but from the sound of it this won't fix your issue. If you're able to send me a dsa1024 public key and your signed file I'll have a look at it and see if I can figure out what's going wrong.

[WrightLiam]

Sure thing, I've attached the public key and the file in question below.

[mattosaurus]

From looking at your WrightLiamSignedFile.gpg message file it appears that it's compressed, is that correct?

The verify/decrypt methods only work with standard message blocks so this might be where it's going wrong. I tried verifying here as well using the files provided and that also threw an error.

[WrightLiam]

I didn't think it was, I've been able to decrypt/verify it using gpg4win with the relevant public and private keys on the key chain. Does gpg4win automatically decompress files as well?

Though the compressed file IS an xls file, would that cause the same kind of problem?

[mattosaurus]

Ah, I think you've signed and encrypted it without ASCII armor which is why it doesn't look like standard text. However PGPCore is able to decrypt and verify unarmored files so it may be down to you using GPG rather than PGP for this as they're not entirely compatible.

[WrightLiam]

I'm not actually the one encrypting and signing the file so I can't really confirm whether or not that is the case, but basically are you saying there's a sort of a fundamental incompatibility with my file and your tool?

[mattosaurus]

Unfortunately I think that's probably the case, though I'm not ruling out it being a bug I'm not sure how best to replicate it. There does seem to be a couple of options for calling GPG4Win directly so maybe these would be better options.

https://forums.asp.net/t/2080593.aspx?Encrypting+with+GPG4Win
https://github.com/Baggykiin/Gpg.NET

[ankurDawada]

Does it decrypt pdf files?