DidiSoft Ltd. Software solutions

OpenPGP Library for .NET Roadmap 2012

nasko — Sun, 08 Jan 2012 15:05:33 +0000

This is our official roadmap for DidiSoft OpenPGP Library for .NET for year 2012. As always there can be slight changes during the year but we are going to inform you when a new feature set is ready. Sign up for our newsletter if you haven’t done so yet and stay tuned.

Upcoming features this year

Print diagnostics information (planned for Q1)
Check is a key revoked or expired before usage (planned for Q2)
Analyzing the contents of an OpenPGP archive prior decrypting (planned for Q3)
Ability to use directly X.509 certificates as keys and ADK (additional decryption keys) support (planned for Q4)

OpenPGP Library for Java Roadmap 2012

nasko — Sun, 08 Jan 2012 14:57:18 +0000

Happy New Year 2012

This year we have planned a few new features to be added to DidiSoft OpenPGP Library for Java. Some of them may appear upfront from the schedule, but as always we give a high priority to features that have been requested by our customers. We are going to keep you posted through our official newsletter for OpenPGP Library for Java.

New features planned for this year:

Logging through java.logging (planned for Q1)
Analyzing the contents of an OpenPGP archive prior decrypting (planned for Q3)
Ability to use directly X.509 certificates as keys (planned for Q3)

At the end of the year (Q4) we are planning a release that will migrate to Bouncy Castle version 1.46 and will have separate jars for Java 5 and Java 6.

Winter holidays 2011

nasko — Sat, 24 Dec 2011 19:32:52 +0000

Greetings! As we close out the 2011 year, we want to annouce the official holidays when our support and sales departments will not be available.

Our office will be closed on Monday 26_th of December 2011 and on the 2_nd of January 2011.
We’ll be back on the 3_rd of January!

Happy Holidays from DidiSoft!

Unknown object in stream 21

nasko — Mon, 05 Dec 2011 08:27:13 +0000

We have received recently an email from one of our customers that have encountered an exception with message “Unknown object in stream 21“.

The scenario when this exception occurred was: she tried to encrypt with an ASCII armored public key received from a partner with different operating system. The reason for the above exception was a strange line ending in the public key file.

We have updated OpenPGP Library for .NET to correct in memory the line ending of the public key file and if you encounter the same exception please update your production copy of the library through the Customers’ section.

OpenPGP Library for .NET 1.7.2 is available

nasko — Thu, 10 Nov 2011 09:01:30 +0000

We are happy to announce that version 1.7.2 of OpenPGP Library for .NET is available for download.

Existing customers can download the new version from our customers’ section located at http://didisoft.com/customers/

Below is a list describing the changes in this release. As always the new version is fully backward compatible with the previous one, so you can safely update your current version.

Version 1.7.2
Release date: November 09, 2011

Legend:

[*] : Bug
[+] : New
[-] : Removed
[!] : Modification

List of changes in version 1.7.2

[*] Fixed bug in PGPLib when encrypting with no compression!

[+] Added new exception DidiSoft.Pgp.Exceptions.NonPGPDataException, that indicates that the input is not a valid OpenPGP message

Modified methods that throw NonPGPDataException :

[!] PGPLib.DecryptAndVerifyFile – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptAndVerifyFilePBE – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptAndVerifyString – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input string is not a valid OpenPGP message
[!] PGPLib.DecryptFile – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptStream – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptBytes – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptString – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptTo – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptFilePBE – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptStreamInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptFileInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptStreamPBEInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptFilePBEInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.VerifyString – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.VerifyFile – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.VerifyStream – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptPBETo – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file

DidiSoft.Pgp.KeyPairInformation changes:

[+] Added method KeyPairInformation.CheckPassword(password) – checks if a password for a private key is correct
[+] Added property KeyPairInformation.IsExpired – returns if this key is expired
[+] Added method KeyPairInformation.IsExpiredOnDate(date) – returns whether this key will be expired on a given date

DidiSoft.Pgp.KeyStore changes:

[+] Added static method KeyStore.OpenInMemory() – creates an in memory KeyStore
[+] Added static method KeyStore.OpenFile(file, password) – equivalent to the constructor KeyStore(file, password)
[+] Added method KeyStore.IsInMemory – checks if this KeyStore is located in memory
[+] Added method KeyStore.GetSecretKeysData() – returns the private keys containing in this KeyStore serialized as bytes
[+] Added method KeyStore.GetPublicKeysData() – returns the public keys containing in this KeyStore serialized as bytes
[+] Added method KeyStore.GetPublicKeysWithUserId(userId) – returns the public keys with the specified userId serialized as bytes
[+] Added method KeyStore.GetPublicKeyWithKeyId(keyId) – returns the public keys with the specified keyId serialized as bytes
[!] KeyStore.ImportPublicKey now throws a WrongPublicKeyException if there is no public key in the input file
[!] KeyStore.ImportPrivateKey now throws a WrongPrivateKeyException if there is no private key in the input file
[+] Added overloaded method KeyStore.ImportPrivateKey(file)
[+] Added overloaded method KeyStore.ImportPrivateKey(file)
[+] Added method KeyStore.ExportPublicKeyStream(userId) – exports a public key into a Stream
[+] Added method KeyStore.ExportPublicKeyStream(keyId) – exports a public key into a Stream
[+] Added method KeyStore.LoadFromStream(stream) – suitable for loading a previously serialized in memory Keystore
[+] Added method KeyStore.SaveToStream(stream) – suitable for storing an in memory Keystore
[+] Added method KeyStore.CheckPassword(file, password) – checks if a password for a KeyStore is correct

[*] Fixed bug in PGPLib when encrypting with no compression!

[+] Added new exception DidiSoft.Pgp.Exceptions.NonPGPDataException, that indicates that the input is not a valid OpenPGP message

Modified methods that throw NonPGPDataException :

Unknown KeySpec type ElGamalPrivateKeySpec

nasko — Fri, 21 Oct 2011 19:34:55 +0000

Some customers that have deployed DidiSoft OpenPGP Library for Java as part of a web application, have noticed that the exception below is thrown when they perform a hot deploy on the application server:

org.bouncycastle.openpgp.PGPException: Exception constructing key
   at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Source)
   at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Source)
…
Caused by: java.security.spec.InvalidKeySpecException: Unknown KeySpec type: org.bouncycastle.jce.spec.ElGamalPrivateKeySpec
   at org.bouncycastle.jce.provider.JDKKeyFactory.engineGeneratePrivate(Unknown Source)
   at org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal.engineGeneratePrivate(Unknown Source)

The reason for the above exceptions is that the library JAR files are bundled with the web application. Hence after an application is stopped/started, they are loaded in another class loader, while the BouncyCastle security provider is already registered with a class loader that is now unavailable (has been destroyed after the web application has stopped).

The solution to this situation is to ship the application without the library JAR files.
They must be placed in a folder shared for all applications running on the Application server.

Below are listed the shared folders for some application servers.

Tomcat 5.x
/shared/lib/

Tomcat 6.x
$CATALINA_BASE/lib/

Web Sphere
/lib

WebLogic
/common/lib

unknown object in stream 9

nasko — Mon, 26 Sep 2011 19:39:11 +0000

This exception is equivalent to unknown object in stream SymmetricKeyEncrypted. Usually occurs when we try to decrypt a conventionally OpenPGP encrypted file (also known as password encrypted or PBE) that was created with PGP 2.x or McAfee E-Business Server 7.x.

This issue has been addressed in OpenPGP Library for Java version 2.5.6 and upper and OpenPGP Library for .NET 1.7.1 and upper versions. Please update your version in order to resolve this issue.

Private key not compatible with PGP 6.5 and McAfee E-Business Server 7.1

nasko — Thu, 25 Aug 2011 11:36:00 +0000

DH/DSS Private keys created with new implementations of the OpenPGP specification like PGP Desktop 9 (r) and newer, and DidiSoft OpenPGP Library for Java and OpenPGP Library for .NET as well may raise exceptions.

Such private key imports successfully in PGP Freeware 6.5.8, but when we try to decrypt a file with it the following error message box is shows:

“PGP Error”
“The passphrase you entered does not match any of the usable listed keys.”

The same key is imported within the McAfee E-Business Server 7.1 key store but the following errors appear when we try to list the keys:

Internal error #896 in key list, could not read shared property -11418.
Internal error #4548 in key list, could not set property -11418.

The simplest solution to the above situation is to generate the keys with the elder system.

OpenPGP Library for Java 2.5.7 is ready

nasko — Thu, 25 Aug 2011 06:24:30 +0000

Version 2.5.7 of DidiSoft OpenPGP Library for Java is available for download.

Existing customers can download the updated production version from our Customers’ Service portal located at:
http://www.didisoft.com/customers/

A key change in this release is that by default expired and revoked public keys are not accepted for encryption. If you still wish to use such keys you will have to enable them by calling PGPLib.setUseExpiredKeys(true) and PGPLib.setUseRevokedKeys(true)

Below is the list of all changes in this release:

[*] : Bug
[+] : New
[-] : Removed
[!] : Modification

——–

CHANGES:

[*] Fixed cleanup of half encrypted files after an exception for all methods.
[*] Fixed bug when importing keys from PGP 6.5 into a KeyStore

[!] KeyStore.importPrivateKey now throws also NoPrivateKeyFoundException (extends PGPException)
if the specified file does not contain a private key.

[+] Added method static KeyStore.checkPassword(keystoreFile, password) – checks is a given password for a keystore file correct.

[+] Added method PGPLib.decryptAndVerifyFileTo – decrypts a file content with its original name(s) into a folder
[+] Added method PGPLib.decryptAndVerifyStreamTo – decrypts a stream content with its original name(s) into a folder
[+] Added method PGPLib.setUseExpiredKeys(true) – switches on/off the check are the encryption keys expired
[+] Added method PGPLib.setUseRevokedKeys(true) – switches on/off the check are the encryption keys revoked
[+] Added method PGPLib.isUseExpiredKeys() – returns the state of the check are the encryption keys expired
[+] Added method PGPLib.isUseRevokedKeys() – returns the state of the check are the encryption keys revoked

[+] Added method KeyPairInformation.checkPassword(password) – checks is a given password for a private key correct.
[+] Added method KeyPairInformation.hasPrivateKey() – returns is there a private key in this key pair.
[+] Added method KeyPairInformation.isExpired() – indicates is the public key expired
[+] Added method KeyPairInformation.isExpiredOnDate(java.util.Date) – checks will the key be expired on a given date

New Exceptions:

[+] Added class com.didisoft.pgp.exceptions.NonPGPDataException (extends PGPException)
thrown from all decrypt and decryptAndVerify methods when the supplied for decryption data is not an OpenPGP message.

[+] Added class com.didisoft.pgp.exceptions.KeyIsExpiredException (extends PGPException)
thrown from all encrypt and signAndEncrypt methods when the supplied public key is expired.
Can be suppressed with PGPLib.setUseExpiredKeys(true)

[+] Added class com.didisoft.pgp.exceptions.KeyIsRevokedException (extends PGPException)
thrown from all encrypt and signAndEncrypt methods when the supplied public key is revoked.
Can be suppressed with PGPLib.setUseRevokedKeys(true)

McAfee EBusiness Server 7.1 error -11391

nasko — Mon, 15 Aug 2011 10:06:32 +0000

If you encrypt data for recipients that use McAfee EBusiness Server 7.1 you may receive complaints that they cannot decrypt the file. Below is a common log if the other party uses info level VERBOSE (with command line parameter –info VERBOSE or in the pgp.cfg file):

Enter pass phrase:
event 23: Decryption

symmetric cipher used: CAST5
event 3: error -11391
event 2: final
Error decrypting file ‘test.pgp’.
Corrupt data.
bad packet

exitcode = 32

In order to create compatible encrypted messages with DidiSoft OpenPGP Library for .NET and OpenPGP Library for Java, please set explicitly the PGPLib class to use ZIP compression before encrypting (if you have changed it to something else). Refer to the online documentation below for examples how to do it:

Set compression in OpenPGP Library for Java

Set compression in OpenPGP Library for .NET

Drop us a line if your recipients have trouble decrypting a file that you have encrypted.