If we have:

Case A: stringToSign
Case B: stringToSign\r\n

the produced output in the PGP SIGNED MESSAGE part is the same:

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

stringToSign
—–BEGIN PGP SIGNATURE—–
(signature goes here)

So in theory there is no way to determine was it Case A or B when we try to decode and extract the message. This can be verified if we try to extract the message with gpg/WinPT and PGP Desktop. PGP Desktop returns Case A as result in both cases, and gpg on the other hand Case B.

We were in doubt which of the two to choose as our implementation and finally decided to choose GnuPG/gpg compatibility. The conclusion is that if you will be expecting messages with no new lines you have to explicitly trim the result.

1.
Download and unpack pgplib.zip. (or pgplib_prod.zip if you have already purchased it)

2.
Start a new Eclipse project and reference the three jars located in the /Bin folder in the location from step 1.

3.
In your project Referenced Libraries section in the Eclipse Package Explorer tab right click pgplib-2.4.jar, select Properties and in the JavaDoc dialog enter the location of the /JavaDoc folder where the library was extracted in step 1.

4. Now the JavaDoc should appear when you type methods or properties of the objects from the library, or simply press F2 when you are over an already typed method.

That’s it.

Here is a simple example:

<cfset pgp = createObject(”java”,”com.didisoft.pgp.PGPLib”).init()>

<cfset root = “c:\WWW\site\htdocs\example_PGP”>
<cfset private_key = root & “\private_key.skr”>
<cfset input = root & “\INPUT.txt”>
<cfset output = root & “\OUTPUT.pgp”>

<cfset pgp.signFile(input, private_key, “password123″, output, false)>

Fore more information on how to use Java classes from ColdFusion see
http://articles.techrepublic.com.com/5100-10878_11-5177283.html

This version contains full support of key store functions, clear signing (version 3 too) and verification of clear signed messages.
Also a few bugs from previous releases are fixed.

DidiSoft Development Team

Some of the new features are verification and generating clear signed messages (both version 4 and version 3 format) and  generation of OpenPGP keys with expiration date. Speed of operations with large files, bigger than 10 MB is improved.

DidiSoft Development Team

The article can bee seen at http://3d2f.com/smartreviews/1-280…

The key points were using SHA1 as hashing algorithm parameter, when clear signing the message for Nominet and use OpenPGP signature version 3 format.

]]> http://www.didisoft.com/didisoft/didisoft-with-new-site/feed/ http://www.didisoft.com/java-openpgp-library/openpgp-library-for-java-version-23-is-out/ http://www.didisoft.com/java-openpgp-library/openpgp-library-for-java-version-23-is-out/#comments Sun, 24 Jan 2010 16:54:57 +0000 nasko http://www.didisoft.com/?p=196 Now the library supports key generation as well as export to disk of the generated keys. Also support for the OpenPGP version 3 signature format has been added.

An updated version can be downloaded from Here.

]]> http://www.didisoft.com/java-openpgp-library/openpgp-library-for-java-version-23-is-out/feed/ http://www.didisoft.com/net-openpgp-library/version-14-of-net-openpgp-library-is-out/ http://www.didisoft.com/net-openpgp-library/version-14-of-net-openpgp-library-is-out/#comments Mon, 21 Dec 2009 09:25:29 +0000 nasko http://67.15.255.7/~didisoft/?p=52

.NET OpenPGP Library Version 1.4 is ready for download.

Included are

Method GenerateKeyPair - generates public and private OpenPGP key pair with specified key size.
Methods ExportPublicKey and ExportPrivateKey for exporting generated in a key store key pairs into standalone files.