Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG Compatibility #26

Closed
ben-foster-cko opened this issue Jul 23, 2019 · 10 comments
Closed

GPG Compatibility #26

ben-foster-cko opened this issue Jul 23, 2019 · 10 comments

Comments

@ben-foster-cko
Copy link

Hi,

First of all, great job on the library, it certainly takes the pain out of using the BouncyCastle APIs directly.

It looks like others have run into this issue but it seems that I can't sign and verify (+ encrypt/decrypt variants) when using keys generated using gpg. I am however able to encrypt and decrypt without signing/verifying.

I'm using the gpg command line tool and

gpg --generate-key

To generate the key pairs. Then the following commands to export the keys so I can use them in my test app:

gpg --export -a --openpgp test@testing.com > test_pub.asc 
gpg --export-secret-key -a --openpgp test@testing.com > test.asc

I figured it may be a compatibility issue with PGP hence the --openpgp flag but this doesn't seem to make a difference.

Keys generated with https://pgpkeygen.com/ do work as expected.

Also, on a different topic, would you be open to a PR that makes the library truly async as currently the sync calls are just being wrapped in a Task.Run?
@mattosaurus
Copy link
Owner

Yes, I've so far been stumped by the GPG issue, I need to have a look into it again when I have more time but so far I've been using the library with PGP keys so it hasn't been a high priority for me.

I'm happy to accept a PR for making it properly async so feel free to submit one whenever you get a chance.

@mattosaurus
Copy link
Owner

This seems to have been due to not scanning the sub-keys of a signature for the public key ID to compare against. I've updated the code, tests and package now and it works as expected for keys I've generated using GPG. Let me know if it works for you now or if you're still experiencing issues.

@EmperorCy
Copy link

EmperorCy commented Jul 24, 2019
edited

I don't know if is the same problem.
I encrypt and sign files also with keys from https://pgpkeygen.com/.
With "pgp4win" encrypt/sign and decrypt/verify ok.

Within my C# app:
When i decrypt without sign is ok.
When i go to decrypt/verify a signed file, I get error "Failed_ to verify".
I debug and see that publicKey.KeyId and publicKeyED.KeyId is not same in function "verify".

Could you advise me if make something wrong?
The library have any function make trust the public key like pgp4win??

Thank you

@mattosaurus
Copy link
Owner

What version of the package are you using? I just updated it to v1.7.0 this morning to fix this issue.

I just ran the unit tests using a key pair generated at https://pgpkeygen.com/ and they all passed so hopefully this update has fixed your issue.

@EmperorCy
Copy link

I couldn't install because my app is in ".NETFramework,Version=v4.0"
I had download the file "PGP" and "EncryptionKeys" from repository.

@mattosaurus
Copy link
Owner

These files were updated yesterday as part of the v1.7.0 update, are you using the latest versions?

@EmperorCy
Copy link

Yes, I download today and the problem still the same.

@mattosaurus
Copy link
Owner

Are you able to create a test .NET Core application to see if it works when using the NuGet package?

@ben-foster-cko
Copy link
Author

@mattosaurus thanks for this. I'll test and get back to you

@ben-foster-cko
Copy link
Author

It works, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EmperorCy @ben-foster-cko @mattosaurus