Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/didisoft/public_html/wp-includes/wp-db.php on line 3091

Knowledge Base

OpenPGP Knowledge Base (Java, C#, VB.NET examples and solutions)

02 Mar

Weird symbols in emails to BlackBerry clients

Sending PGP/MIME emails to BlackBerry clients may lead to weird symbols in front of given special characters. This is a hard to be solved bug as it has nothing to do with OpenPGP. The OpenPGP messages created with DidiSoft OpenPGP Library for Java and OpenPGP Library for Android are correct and identical when decrypted up to byte array level with those created with other OpenPGP compatible apps including the BlackBerry PGP support.

One of our clients experienced in his Android app this strange behavior when sending encrypted emails to BlackBerry. Digging deeply in this use case we finally resolved the case to be related to a weird expectation in the PGP/MIME format itself, coded in the BlackBerry PGP support.

Java PGP
Read more...
01 Mar

Exchanging encrypted data with Bank of America

Bank of America accepts OpenPGP encrypted files from its clients. Unfortunately in the official technical documentation that they provide it is not very clear how to create the proper format which they will accept. In order to easy you we will show bellow a small code snippet that will illustrate how to create such encrypted file with the help of DidiSoft OpenPGP Library for Java. Similar result can be achieved for other programming environments with the corresponding products offered by DidiSoft.

The example code snippet below will create signed and encrypted data in the format requested by Bank of America:

1
2
3
4

     
  PGPLib pgp = new PGPLib();
  boolean asciiOutput = true;
  pgp.signAndEncryptFileVersion3("c:\\data.txt", "c:\\my_private_key.asc", "my key password", "c:\\BoA_key.asc", "c:\\encrypted.pgp", asciiOutput);

The key file BoA_key.asc is assumed to be the text file containing Bank of America’s public PGP key. The file my_private_key.asc file shall be your private key corresponding to the public key you have uploaded already to Bank of America. The other parameters shall be self explanatory.

Java PGP
Read more...
11 Dec

OraRSA 1.1 offering various SHA based signings

DidiSoft OraRSA version 1.1 was released today. It offers to customize the digital signature algorithm in contrast to version 1.0 where only SHA1withRSA was available.

How to use the new algorithms?

In order to use the new algorithms, you must specify the algorithm needed as the last parameter of the ORA_RSA.SIGN and ORA_RSA.VERIFY methods. Available values are:

ORA_RSA.HASH_SHA1 for SHA1withRSA
ORA_RSA.HASH_SHA224 for SHA224withRSA
ORA_RSA.HASH_SHA256 for SHA256withRSA
ORA_RSA.HASH_SHA384 for SHA384withRSA
ORA_RSA.HASH_SHA512 for SHA512withRSA

Upgrade from version 1.0

In order to upgrade from version 1.0 you must first unload the version 1.0 JAR files:

dropjava.sh/.bat -r -v – u user/pass [extraction folder]\SetupFiles\jce-jdk13-152.jar
dropjava.sh/.bat -r -v – u user/pass [extraction folder]\SetupFiles\ora-rsa-1.0.0.jar

Then continue like a normal Setup.
 

Oracle
Read more...
17 Nov

IdNotFoundException

Executing procedures from the dbms_java Oracle PL/SQL package may result in a strange IdNotFoundException like:

ORA-29532: Java call terminated by uncaught Java exception: oracle.aurora.vm.IdNotFoundException: user : user or role id does not exist

This is very common when granting java.io.FilePermission:

call dbms_java.grant_permission('user', 'java.io.FilePermission', 'C:/MyFolder/ora-pgp-1.1.0.jar', 'read');

If you experience such error try changing the user(schema) name to Uppercase.

Oracle
Read more...
27 Oct

OpenPGP Library for .NET 1.7.14 with Web of Trust

DidiSoft OpenPGP Library for .NET 1.7.14 was released today offering extended support for OpenPGP Web of Trust.

In previous versions of the library only setting own trust was available and plain signing of keys.

With this new release keys status can be checked by Trust amount and Verified status. We can also sign public keys with plain and trust signatures, with the option for specifying trust depth.

Check the online Tutorial for Web of Trust in order to learn this new functionality.

Upgrade notes

With this version of the library newly generated keys have Trust value of Ultimate automatically. Unfortunately if we have key pairs generated with previous versions of the library, they have Trust value Unknown. We can upgrade them with a one time execution of the code below:

C#

// ks1 is of type DidiSoft.Pgp.KeyStore
foreach (KeyPairInformation k in ks1.GetKeys())
{
      if (key.HasPrivateKey)
      {
            ks1.SetTrust(k.KeyIdHex, TrustLevel.Ultimate);
      }
}

VB.NET

' ks1 is of type DidiSoft.Pgp.KeyStore
For Each k As KeyPairInformation In ks1.GetKeys()
  If key.HasPrivateKey Then
    ks1.SetTrust(k.KeyIdHex, TrustLevel.Ultimate)
  End If
Next

 

.NET PGP
Read more...
12 Oct

OpenPGP Library for .NET in Mono

DidiSoft OpenPGP Library for .NET can be used without any problems in Mono projects under Mac OSX and Linux.

The library DLL files that you have to reference in your Mono project are the ones located in the root of the \Bin folder.

A limitation for Mono developers is that they have to first install the library setup on a Windows machine in order to get the DLL files and then copy them on their Mac OSX or Linux development station.

 

.NET PGP
Read more...
24 Feb

Using a public key by mistake when decrypting

A common scenario that we have evidenced in our technical support practice for DidiSoft OpenPGP Library for .NET is that some customers by mistake try to decrypt .pgp files with an OpenPGP public key.

Although the exception was of class DidiSoft.Pgp.Exceptions.WrongPrivateKeyException,  the exception text so far wasn’t very helpful and it stated: “Decryption of data encrypted using KEY-ID(s) : XXX failed, The provided key is not a valid OpenPGP private key.”.

As of version 1.7.11.11 the library was updated to check if the supplied key is a public key and in that case the exception will be “Decryption of data encrypted using KEY-ID(s) : XXX failed, The provided key is a Public Key (You need a Private Key for decryption!)

.NET PGP
Read more...
19 Jul

Invoking OpenPGP Library for .NET from MS SQL Server

In this article we are going to illustrate how to invoke DidiSoft OpenPGP Library for .NET from MS SQL Server (tm) stored procedures and T-SQL code.

We also provide a dedicated set of Transact-SQL routines in the product MsSqlPGP.

Note: This information applies to MS SQL Server 2005 and above. All the demonstrated code below should be executed from SQL Server Management Studio ™ or similar environment, if not specified otherwise.

Table of Contents

Database configuration

In order to allow execution of .NET CLR code in a database, a special setting has to be activated for it:

1
2
3

sp_configure 'clr enabled', 1;
GO
RECONFIGURE;

The database must allow unsafe code:

1

ALTER DATABASE MyDatabase SET TRUSTWORTHY ON;

Assembly registration

The next step is to register the DLL files of the library:

1
2
3
4
5
6
7

CREATE ASSEMBLY [BouncyCastle.CryptoExt]
FROM 'C:\Program Files (x86)\OpenPGP Library for .NET 1.7.10\Bin\BouncyCastle.CryptoExt.dll'
WITH PERMISSION_SET = UNSAFE;
 
CREATE ASSEMBLY [DidiSoft.Pgp]
FROM 'C:\Program Files (x86)\OpenPGP Library for .NET 1.7.10\Bin\DidiSoft.Pgp.dll'
WITH PERMISSION_SET = UNSAFE;

Wrapping the OpenPGP functionality in Stored procedures

In order to use the functionality provided by the library, we have to create wrappers as managed Stored procedures. Below is an example that exposes the basic encryption and decryption methods offered by the library:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

using System;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
 
using DidiSoft.Pgp;
 
namespace MyStoredProcedures
{
    public partial class MsSqlPgp
    {
        [SqlProcedure()]
        public static void EncryptFile(SqlString data, SqlString publicKey, SqlString outFile)
        {
            PGPLib pgp = new PGPLib();
            pgp.EncryptFile(data.Value, publicKey.Value, outFile.Value);
        }
 
        [SqlProcedure()]
        public static void DecryptFile(SqlString data, 
                                       SqlString privateKey, 
                                       SqlString keyPassword, 
                                       SqlString outFile)
        {
            PGPLib pgp = new PGPLib();
            pgp.DecryptFile(data.Value, privateKey.Value, keyPassword.Value, outFile.Value);
        }
    }
}

Of course, the assembly where the above code resides must also be registered in the same database. Let’s assume that it is registered with the alias MyStoredProcedures. Each of its methods must be registered as a stored procedure:

1
2
3
4
5
6
7
8
9
10
11
12

CREATE PROCEDURE usp_PgpEncryptFile
@dataFile nvarchar(MAX),
@publicKey nvarchar(MAX),
@OUTFILE nvarchar(MAX)
AS EXTERNAL NAME [MyStoredProcedures].[MyStoredProcedures].EncryptFile;
 
CREATE PROCEDURE usp_PgpDecryptFile
@pgpFile nvarchar(MAX),
@privateKey nvarchar(MAX),
@keyPassword nvarchar(MAX),
@OUTFILE nvarchar(MAX)
AS EXTERNAL NAME [MyStoredProcedures].[MyStoredProcedures.MsSqlPgp].DecryptFile;

Invoking the wrapped Stored procedures

The invocation of the wrapped code is no different than any other stored procedure call:

1
2
3

EXEC usp_PgpEncryptFile 'c:\Test\mydata.txt', 'c:\Test\public.asc', 'c:\Test\output.pgp';
 
EXEC usp_PgpDecryptFile 'c:\Test\input.pgp', 'c:\Test\private.asc', 'my password', 'c:\Test\output.txt';

Upgrading the library

In order to upgrade the library to a newer version we have to first DROP any linked stored procedure, and afterwards DROP the assemblies, but in reverse order:

1
2

DROP ASSEMBLY [DidiSoft.Pgp];
DROP ASSEMBLY [BouncyCastle.CryptoExt];

After that we shall proceed as the normal setup.

Summary

This chapter illustrated how to invoke functionality from DidiSoft OpenPGP Library for .NET in MS SQL Server ™ hosted environment.

If you need a complete solution with Transact-SQL OpenPGP cryptography, check our dedicated product MsSqlPGP.

.NET PGP
Read more...
09 Jun

premature end of stream in PartialInputStream

The latest release of DidiSoft OpenPGP Library for .NET (1.7.9.14) and OpenPGP Library for Java (2.6.6.3) ship with bug fix for the error “premature end of stream in PartialInputStream“.

The error “premature end of stream in PartialInputStream” may be observed when trying to decrypt .pgp data with wrong internal length indicators , usually when the encrypted content is text data. Example of such data can be found at http://bouncy-castle.1462172.n4.nabble.com/potential-bug-premature-end-of-stream-exception-in-pgp-message-td4302017.html

In order to avoid this error, please make sure that you are using the latest version of the libraries.

The DidiSoft Team.

.NET PGP, Java PGP, Knowledge Base
Read more...
21 Feb

PGP 2.x compatibility

The early releases of the original PGP program from the 2.x version product line operate according to the RFC 1991 format.

Unfortunately the current OpenPGP standard is not backward compatible with PGP 2.x software and if you need to exchange encrypted or signed and encrypted data with such systems you will have to take actions in order to produce compatible output.

In this article we will show how to enable PGP 2.x compatible output with our OpenPGP libraries and will mention some errors that indicate that the PGP 2.x compatibility mode hasn’t been tuned on. To receive data with our products you don’t have to do anything as they recognize the format automatically.

1. Enable PGP 2.x compatibility
2. Common errors

Enable PGP 2.x compatibility

In order to enable PGP 2.x compatibility a special property has to be turned on:

C# example (OpenPGP Library for .NET)

1
2
3
4

    PGPLib pgp = new PGPLib();           
    pgp.Pgp2Compatible = true;
    // now in subsequent encryption or sign and encrypt calls 
    // the data will be compatible with PGP 2.x systems

VB.NET example (OpenPGP Library for .NET)

1
2
3
4

    Dim pgp As New PGPLib()           
    pgp.Pgp2Compatible = True
    ' now in subsequent encryption or sign and encrypt calls 
    ' the data will be compatible with PGP 2.x systems

Java example (OpenPGP Library for Java)

1
2
3
4

    PGPLib pgp = new PGPLib();           
    pgp.setPgp2Compatible(true);
    // now in subsequent encryption or sign and encrypt calls 
    // the data will be compatible with PGP 2.x systems

Common errors

Bad or missing CTB_CKE byte

This error displayed by PGP 2.x software is caused by encrypted or signed and encrypted OpenPGP data produced by newer software implementations. The solution is to enable PGP 2.x compatibility as shown above.

Badly-formed or corrupted signature certificate

This error is produced when the signed and encrypted data is not compatible with PGP 2.x. The solution is to enable PGP 2.x compatibility as shown above.

Summary

This post illustrates how to produce PGP 2.x compatible output with DidiSoft OpenPGP Library for .NET and OpenPGP Library for Java. Usually you will have to take the steps described here only if you are certain that the recipient of the encrypted data uses such old software.

To receive PGP 2.x encrypted data, you don’t have to do anything, because our libraries recognize the format automatically.

Knowledge Base
Read more...