DidiSoft Ltd. OpenPGP solutions

OpenPGP Library for .NET version 1.7.3 is available

nasko — Wed, 21 Mar 2012 10:53:12 +0000

We are happy to announce that version 1.7.3 of OpenPGP Library for .NET is available for download.

This version ships with additional functionality and we have fixed a few bugs that we have found recently. Below is a short introduction to the new features that you can find in this release.

Inspecting the contents of an OpenPGP archive

This features is useful if we want to investigate the contents of an OpenPGP archive without decrypting it. The classes that provide this functionality are located in the DidiSoft.Pgp.Inspect namespace. Below is a quick example in C#.

String privateKey = @"DataFiles/private.key";
String privateKeyPassword = "changeit";
String encryptedFile = @"DataFiles/encrypted.pgp";
 
PGPInspectLib inspectLib = new PGPInspectLib();
ContentItem[] files = inspectLib.ListOpenPgpFile(encryptedFile, privateKey, privateKeyPassword);
foreach (ContentItem file in files)
{
	Console.Write(file.FileName);
	Console.Write(file.IsDirectory ? " DIR" : " ");
        Console.WriteLine(file.ModificationTime);
}

Operations with detached signatures
Below is a C# example that demonstrates how to create a detached OpenPGP signature for a file.

using System;
using DidiSoft.Pgp;
 
public class DetachedSignDemo
{
   public void Demo()
   {
       PGPLib pgp = new PGPLib();
       bool asciiArmor = true;
       pgp.DetachedSignFile(@"C:\Test\INPUT.txt",
                            @"C:\Test\private_key.asc",
                            "private key password",
                            @"C:\Test\INPUT.txt.sig",
                           asciiArmor);
   }
}

Methods for achieving the OpenPGP Web of Trust

The OpenPGP Web of Trust is a concept introduced first in 1992 by Phil Zimmermann. It provides a decentralized way of maintaining trust relationship between OpenPGP keys with signatures.

Below is a list of all the changes in this version.

[*] : Bug
[+] : New
[-] : Removed
[!] : Modification

Version 1.7.3
Published on March 20, 2012

I. Fixed bugs

[*] Fixed encrypting folders with long names (more than 100 characters)

[*] Fixed cleanup of half encrypted files after an exception for all methods.

[*] Fixed bug when creating an uncompressed one pass signed and encrypted archive.

[!] Decripting methods now check the integrity protection of the data and throws Didisoft.Pgp.Exceptions.IntegrityCheckException

II. KeyStore modifications

[!] KeyStore.GenerateKeyPair now returns a KeyPairInformation instance representing the generated key
[!] KeyStore.ImportKeyRing now returns an array of KeyPairInformation instances representing the imported key(s)
[!] KeyStore.ImportPublicKey now returns an array of KeyPairInformation instances representing the imported key
[!] KeyStore.ImportPrivateKey now returns an array of KeyPairInformation instances representing the imported key

III. Inspecting the contents of OpenPGP encrypted data

Added namespace Didisoft.Pgp.Inspect

[+] Added class Didisoft.Pgp.PGPInspectLib that provides methods for inspecting the content of OpenPGP data
[+] Added class Didisoft.Pgp.ContentItem that represents information for an item in an OpenPGP archive

IV. Web of Trust

[+] Added enum TrustLevel that holds supported trust values

Added methods for marking a public key as Trusted introducer
[+] KeyStore.SignPublicKeyAsTrustedIntroducer(long keyId, long signKeyId, String signPassword)
[+] KeyStore.SignPublicKeyAsTrustedIntroducer(String keyUserId, String signKeyUserId, String signPassword)

Added methods for signing a public key
[+] KeyStore.SignPublicKey(long keyId, long signKeyId, String signPassword)
[+] KeyStore.SignPublicKey(String keyUserId, String signKeyUserId, String signPassword)

Added methods for explicitly setting the Trust of a key located in a KeyStore
[+] KeyStore.SetTrust(String keyUserId, TrustLevel trustValue)
[+] KeyStore.SetTrust(long keyId, TrustLevel trustValue)

Added methods and property for checking the trust value of a given key
[+] KeyStore.IsTrusted(String keyUserId)
[+] KeyStore.IsTrusted(long keyId)
[+] KeyPairInformation.Trust

V. Detached signatures

[+] PGPLib.DetachedSignFile creates a detached OpenPGP signature for a file
[+] PGPLib.DetachedSignStream creates a detached OpenPGP signature for a data stream
[+] PGPLib.DetachedSignString creates a detached OpenPGP signature for string message
[+] PGPLib.DetachedVerifyStream verifies a detached OpenPGP signature against a data stream
[+] PGPLib.DetachedVerifyString verifies a detached OpenPGP signature against a string message

VI. Partial match User Id’s

[+] Added property KeyStore.PartialMatchuserIds – if enabled the methods that search keys in a KeyStore by User Id
will match them on part of the User Id as well

VII. Expired and revoked keys

[+] Added property PGPLib.UseExpiredKeys – check are the encryption keys expired
[+] Added property PGPLib.UseRevokedKeys – check are the encryption keys revoked

VIII. New Exceptions:

[+] Added class Didisoft.Pgp.Exceptions.IntegrityCheckException (extends PGPException)
thrown if an integrity protected OpenPGP archive is corrupted

[+] Added Didisoft.Pgp.Exceptions.KeyIsExpiredException (extends PGPException)
thrown from all Encrypt and SignAndEncrypt methods when the supplied public key is expired.
Can be suppressed with PGPLib.UseExpiredKeys

[+] Added Didisoft.Pgp.Exceptions.KeyIsRevokedException (extends PGPException)
thrown from all Encrypt and SignAndEncrypt methods when the supplied public key is revoked.
Can be suppressed with PGPLib.UseRevokedKeys

OpenPGP Library for Java version 2.5.8 is out

nasko — Thu, 08 Mar 2012 10:08:47 +0000

We are happy to announce that a new improved version of OpenPGP Library for Java is available for download.

This new version offers some new features and improvements that we hope will help you in your OpenPGP related software development.

Below is a quick introduction to some of the new features that you will find in version 2.5.8.

OpenPGP archive content inspection tools

In this release we have added a new package com.didisoft.pgp.inspect that offers classes that can be used to inspect the contents of an OpenPGP archive without decrypting it. Here is a quick example that shows how we can use it:

import com.didisoft.pgp.inspect.*;
 
public class InspectEncryptedFileContents {
    public static void main(String[] args) throws Exception {
        // create an isntance of the inspection library
        PGPInspectLib inspectLib = new PGPInspectLib();
 
        String privateKey = "private_key.asc";
        String privateKeyPassword = "password";
        String encryptedFile = "encrypted.pgp";
 
        // Inspect the contents of an OpenPGP archive
        ContentItem[] files = inspectLib.listOpenPGPFile(encryptedFile, privateKey, privateKeyPassword);
        for (int i=0; i &lt; files.length; i++) {
            System.out.print(files[i].getFileName());
            System.out.print(files[i].isDirectory() ? "directory" : "  file  ");
            System.out.println(files[i].getModificationDate());
        }
    }
}

Logging

The library now offers logging on level FINE. The default logging level provided by JRE is INFO, so we have to explicitly enable level FINE for the library by adding the line below to our logging configuration file:

com.didisoft.pgp.level=FINE

Web of Trust

This version of the library provides methods that assign trust value to your partners’ keys and thus you can create your local Web of Trust. An additional tutorial will explain in details the OpenPGP web of trust because this is a more wide subject.

Below is a list of changes in version 2.5.8:

[*] : Bug
[+] : New
[-] : Removed
[!] : Modification

[+] Introduced Java logging on livel FINE for inspecting the internal work of the Library

[*] Fixed bug when creating an uncompressed one pass signed and encrypted archive.
[!] Decripting methods now check the integrity protection of the data

[!] KeyStore.generateKeyPair now returns a KeyPairInformation instance representing the generated key
[!] KeyStore.importKeyRing now returns an array of KeyPairInformation instances representing the imported keys
[!] KeyStore.importPublicKey now returns an array of KeyPairInformation instances representing the imported keys
[!] KeyStore.importPrivateKey now returns an array of KeyPairInformation instances representing the imported keys

[+] Added interface TrustLevel that holds constants for the most common trust values

Added package com.didisoft.pgp.inspect
[+] Added class com.didisoft.pgp.inspect.PGPInspectLib that provides methods for inspecting the content of OpenPGP data
[+] Added class com.didisoft.pgp.inspect.ConteentItem that represents information for an item in an OpenPGP archive

Added methods for marking a public key as trusted introducer
[+] KeyStore.signPublicKeyAsTrustedIntroducer(long keyId, long signKeyId, String signPassword)
[+] KeyStore.signPublicKeyAsTrustedIntroducer(String keyUserId, String signKeyUserId, String signPassword)

Added methods for explicitly setting the trust of a key located in a KeyStore
[+] KeyStore.setTrust(String keyUserId, byte trustValue)
[+] KeyStore.setTrust(long keyId, byte trustValue)

Added methods for checking the trust value of a given key
[+] KeyStore.isTrusted(String keyUserId)
[+] KeyStore.isTrusted(long keyId)
[+] KeyPairInformation.getTrust()

OpenPGP is evolving

nasko — Thu, 23 Feb 2012 10:55:21 +0000

The OpenPGP standard is evolving. In the near future the OpenPGP standard will be expanded with Eliptic Curve cryptography also knows as ECC.

At the moment still as a draft is a new change proposal for extending the bucket of OpenPGP symmetric cipher algorithms with Eliptic Curve Diffie Hellman (ECDH) and Eliptic Curve Digital Signature algorithm (ECDSA) is being developed.

The author of the draft is Mr. Jivsov from Symantec. The ECDSA algorithm packet will have value 19 and the ECDH packet will probably be (yet to be assigned) 18. The proposed named curves that will be used are NIST P-256, NIST P-384 and NIST P-521.

We will be looking forward this great change to become an official IETF standard.

OpenPGP Library for .NET Roadmap 2012

nasko — Sun, 08 Jan 2012 15:05:33 +0000

This is our official roadmap for DidiSoft OpenPGP Library for .NET for year 2012.

As always there can be slight changes during the year but we are going to inform you when a new feature set is ready.

Upcoming features this year

Check is a key revoked or expired before usage. Manage keys’ trust. (planned for Q1)
Print diagnostics information (planned for Q2)
Analyzing the contents of an OpenPGP archive prior decrypting (planned for Q3)
Ability to use directly X.509 certificates as keys and ADK (additional decryption keys) support (planned for Q4)

OpenPGP Library for Java Roadmap 2012

nasko — Sun, 08 Jan 2012 14:57:18 +0000

Happy New Year 2012

This year we have planned a few new features to be added to DidiSoft OpenPGP Library for Java.

Some of them may appear upfront from the schedule, but as always we give a high priority to features that have been requested by our customers.

We are going to keep you posted through our official newsletter for OpenPGP Library for Java.

New features planned for this year:

Logging through java.logging (planned for Q1)
Analyzing the contents of an OpenPGP archive prior decrypting (planned for Q3)
Ability to use directly X.509 certificates as keys (planned for Q3)

At the end of the year (Q4) the library will ship by default with Bouncy Castle jar files version 1.46 (at the moment you can replace manually version 1.45 with 1.46) and will have a separate builds optimized for Java 5 and Java 6.

Winter holidays 2011

nasko — Sat, 24 Dec 2011 19:32:52 +0000

Greetings! As we close out the 2011 year, we want to announce the official holidays when our support and sales departments will not be available.

Our office will be closed on Monday 26_th of December 2011 and on the 2_nd of January 2011.
We’ll be back on the 3_rd of January!

Happy Holidays from DidiSoft!

Unknown object in stream 21

nasko — Mon, 05 Dec 2011 08:27:13 +0000

We have received recently an email from one of our customers that have encountered an exception with message “Unknown object in stream 21“.

The scenario when this exception occurred was: she tried to encrypt with an ASCII armored public key received from a partner with different operating system. The reason for the above exception was a strange line ending in the public key file.

We have updated OpenPGP Library for .NET to correct in memory the line ending of the public key file and if you encounter the same exception please update your production copy of the library through the Customers’ section.

OpenPGP Library for .NET 1.7.2 is available

nasko — Thu, 10 Nov 2011 09:01:30 +0000

We are happy to announce that version 1.7.2 of OpenPGP Library for .NET is available for download.

Existing customers can download the new version from our customers’ section located at http://didisoft.com/customers/

Below is a list describing the changes in this release. As always the new version is fully backward compatible with the previous one, so you can safely update your current version.

Version 1.7.2
Release date: November 09, 2011

Legend:

[*] : Bug
[+] : New
[-] : Removed
[!] : Modification

List of changes in version 1.7.2

[*] Fixed bug in PGPLib when encrypting with no compression!

[+] Added new exception DidiSoft.Pgp.Exceptions.NonPGPDataException, that indicates that the input is not a valid OpenPGP message

Modified methods that throw NonPGPDataException :

[!] PGPLib.DecryptAndVerifyFile – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptAndVerifyFilePBE – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptAndVerifyString – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input string is not a valid OpenPGP message
[!] PGPLib.DecryptFile – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptStream – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptBytes – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptString – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptTo – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptFilePBE – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptStreamInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptFileInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptStreamPBEInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.DecryptFilePBEInFolder – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.VerifyString – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.VerifyFile – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file
[!] PGPLib.VerifyStream – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input data is not a valid OpenPGP message
[!] PGPLib.DecryptPBETo – throws DidiSoft.Pgp.Exceptions.NonPGPDataException if the input file is not a valid OpenPGP file

DidiSoft.Pgp.KeyPairInformation changes:

[+] Added method KeyPairInformation.CheckPassword(password) – checks if a password for a private key is correct
[+] Added property KeyPairInformation.IsExpired – returns if this key is expired
[+] Added method KeyPairInformation.IsExpiredOnDate(date) – returns whether this key will be expired on a given date

DidiSoft.Pgp.KeyStore changes:

[+] Added static method KeyStore.OpenInMemory() – creates an in memory KeyStore
[+] Added static method KeyStore.OpenFile(file, password) – equivalent to the constructor KeyStore(file, password)
[+] Added method KeyStore.IsInMemory – checks if this KeyStore is located in memory
[+] Added method KeyStore.GetSecretKeysData() – returns the private keys containing in this KeyStore serialized as bytes
[+] Added method KeyStore.GetPublicKeysData() – returns the public keys containing in this KeyStore serialized as bytes
[+] Added method KeyStore.GetPublicKeysWithUserId(userId) – returns the public keys with the specified userId serialized as bytes
[+] Added method KeyStore.GetPublicKeyWithKeyId(keyId) – returns the public keys with the specified keyId serialized as bytes
[!] KeyStore.ImportPublicKey now throws a WrongPublicKeyException if there is no public key in the input file
[!] KeyStore.ImportPrivateKey now throws a WrongPrivateKeyException if there is no private key in the input file
[+] Added overloaded method KeyStore.ImportPrivateKey(file)
[+] Added overloaded method KeyStore.ImportPrivateKey(file)
[+] Added method KeyStore.ExportPublicKeyStream(userId) – exports a public key into a Stream
[+] Added method KeyStore.ExportPublicKeyStream(keyId) – exports a public key into a Stream
[+] Added method KeyStore.LoadFromStream(stream) – suitable for loading a previously serialized in memory Keystore
[+] Added method KeyStore.SaveToStream(stream) – suitable for storing an in memory Keystore
[+] Added method KeyStore.CheckPassword(file, password) – checks if a password for a KeyStore is correct

[*] Fixed bug in PGPLib when encrypting with no compression!

[+] Added new exception DidiSoft.Pgp.Exceptions.NonPGPDataException, that indicates that the input is not a valid OpenPGP message

Modified methods that throw NonPGPDataException :

Unknown KeySpec type ElGamalPrivateKeySpec

nasko — Fri, 21 Oct 2011 19:34:55 +0000

Some customers that have deployed DidiSoft OpenPGP Library for Java as part of a web application, have noticed that the exception below is thrown when they perform a hot deploy on the application server:

org.bouncycastle.openpgp.PGPException: Exception constructing key
   at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Source)
   at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Source)
…
Caused by: java.security.spec.InvalidKeySpecException: Unknown KeySpec type: org.bouncycastle.jce.spec.ElGamalPrivateKeySpec
   at org.bouncycastle.jce.provider.JDKKeyFactory.engineGeneratePrivate(Unknown Source)
   at org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal.engineGeneratePrivate(Unknown Source)

The reason for the above exceptions is that the library JAR files are bundled with the web application. Hence after an application is stopped/started, they are loaded in another class loader, while the BouncyCastle security provider is already registered with a class loader that is now unavailable (has been destroyed after the web application has stopped).

The solution to this situation is to ship the application without the library JAR files.
They must be placed in a folder shared for all applications running on the Application server.

Below are listed the shared folders for some application servers.

Tomcat 5.x
/shared/lib/

Tomcat 6.x
$CATALINA_BASE/lib/

Web Sphere
/lib

WebLogic
/common/lib

unknown object in stream 9

nasko — Mon, 26 Sep 2011 19:39:11 +0000

This exception is equivalent to unknown object in stream SymmetricKeyEncrypted. Usually occurs when we try to decrypt a conventionally OpenPGP encrypted file (also known as password encrypted or PBE) that was created with PGP 2.x or McAfee E-Business Server 7.x.

This issue has been addressed in OpenPGP Library for Java version 2.5.6 and upper and OpenPGP Library for .NET 1.7.1 and upper versions. Please update your version in order to resolve this issue.