Knowledge Base

OpenPGP Knowledge Base (Java, C#, VB.NET examples and solutions)

GnuPG 2.2.8 compatibility with Java

Recent changes in GnuPG version 2.2.8 in response to the EFAIL attack reject all encrypted data that don’t have Modification Detection Code (MDC) packet.

In order to address this as of version 3.1.3.2 DidiSoft OpenPGP Library for Java exposes a new property in the PGPLib class:

PGPLib.isIntegrityProtectArchives()
PGPLib.setIntegrityProtectArchives(boolean)

Example usage:

PGPLib pgp = new PGPLib();
pgp.setIntegrityProtectArchives(true);

Setting this property will have affect on all subsequent encryption or one pass signing and encryption calls that don’t have the integrity check parameter. When the above property is set to true, integrity protection (Modification Detection Code) packet will be added to the encrypted data in the .pgp message to be compatible with GnuPG 2.2.8 and all new upcoming versions.

This change is especially for all methods that produce String output, because in those methods the integrity protection was missing up till now.

Read more...

GnuPG 2.2.8 compatibility for .NET

As of version 2.2.8, GnuPG/gpg will not accept encrypted or signed and encrypted .pgp files which don’t have integrity protection packet, also known as Modification detection code (MDC packet). This will be the default behavior of GnuPG from now on, and is their answer to the EFAIL attack.

Our product OpenPGP Library for .NET exposes methods which allow explicit setting of the integrity protection packet. But up till now the methods where this parameter was absent didn’t used integrity protection and the output from them will not be accepted by all new versions of GnuPG. This applies also to all methods that deal with output as String type.

In order to address this issue, version 1.8.4 of DidiSoft OpenPGP Library for .NET  exposes a new property of the PGPLib class : PGPLib.IntegrityProtectArchives. Sample usage is :

PGPLib pgp = new PGPLib();
pgp.IntegrityProtectArchives = true;

This code block will ensure that all subsequent operations where Integrity protection is not specified explicitly will use it and the output will be accepted from GnuPG 2.2.8 and upper versions. The same applies to Symantec PGP Command Line 10.4.2 and newer versions.

Read more...

Compatibility with Java 7+ RSA signatures

As of Java version 7 and above the RSA digital signatures computation has been changed and signatures that were previously accepted by software build with Java may end being rejected with message like: “unable to verify signature: Signature length not correct: got 511 but was expecting 512

Solutions using DidiSoft OpenPGP Library for .NET may be affected when they send signed or signed and encrypted PGP data with software systems build in Java. A recent example we had was with TIBCO MFT, throwing the above mentioned error.

The technical explanation of the problem is that a digital signature consists of MPI (multi precision integers) which are kept in array of bits (not bytes!) and when serialized they may end being less then a number power of two.

Version 1.8.3.5 of OpenPGP Library for .NET resolves this issue by padding with leading zero bytes up to a length power of two. If you encounter such behavior then please upgrade.

Read more...

OraSFTP v 1.2.6 now supports current remote folder

DidiSoft OraSFTP prior to version 1.2.6 were limited to either absolute paths or paths relative from the current user remote home directory.

As of version 1.2.6 the current remote folder can be changed this way allowing for easy traversing and manipulation of complex remote folder structures.

The new methods that support this functionality are:

ORA_SFTP.CURRENT_DIRECTORY – retrieves the absolute path of the current remote folder

ORA_SFTP.PWD – alias of ORA_SFTP.CURRENT_DIRECTORY

ORA_SFTP.CD – changes the current remote folder

ORA_SFTP.CD_UP – changes the current remote folder one level up

You can see example usage at:

https://www.didisoft.com/ora-sftp/tutorial/#pwd

Read more...

Should the EFAIL attack concern your PGP applications

A few days ago in the world of applied cryptography especially S/MIME and PGP emails has appeared a new threat – the EFAIL attack.

In this post we are not going to explain again details of the attack itself as a lot has already been published on the Internet, but rather explain do you have to be concerned using any of the DidiSoft OpenPGP products.

The EFAIL attack in breaf

The EFAIL attack in short consists of allowing the receiver to decrypt the data and send it via HTTP request to the intruder. In the examples published in the source article this is done with an image tag artificial inserted by the intruder and the decrypted data sent as an HTTP request parameter for the image tag location (assumed to be on the intruder’s web host).

The main target of the attack is S/MIME and PGP encrypted email messages.

First approach (image tag)

The first approach they use is by modifying the email and introducing a new body part before the encrypted email body part, which contains an unclosed image tag.

Our proposed Solution

When implementing email rendering do not allow unclosed tags in a MIME section and perform HTML purification independently for each MIME body part.

Second approach (CBC/CFB gadget)

The second technique, named CBC/CFB gadget attack, exploits vulnerabilities in OpenPGP (CVE-2017-17688) and S/MIME (CVE-2017-17689).

From the EFAIL article the reader may conclude that the second vulnerability is something that a 12 year old boy can do at home:

“Given the current state of our research, the CFB gadget attack against PGP only has a success rate of approximately one in three attempts”

The reality tends to be different though. This is still an unconfirmed threat to PGP/MIME emails. The current Security Focus state regarding exploits is “Currently, we are not aware of any working exploits“. PGP/MIME emails with Integrity protection packet cannot be modified as of the time of this writing.

Our proposed Solution

When receiving PGP/MIME emails DidiSoft products will rise exception whether or not integrity protection has been set on the incoming data.

When sending PGP/MIME emails to other entities using DidiSoft products, please ensure that integrity check has been turned on!

Conclusion

The EFAIL attack exploits weaknesses in the implementation of some PGP email clients. The mass press coverage raised uncertainty in organizations relying on PGP encryption, but the attack targets PGP email client implementations and not PGP encryption as a whole.

We also recommend  you to read the one page official answer from the core PGP developers.

Read more...

Should DidiSoft OpenPGP Library for .NET provide strong name assemblies or unsigned assemblies?

Last week we have sent a short survey to subscribers for our OpenPGP Library for .NET mailing list. The survey had only one question:

Should DidiSoft OpenPGP Library for .NET provide strong name (signed) assemblies (DLL’s) or plain unsigned assemblies?

At the end of this post you will find the results of the survey, but first lets explain why did we made it.

DidiSoft OpenPGP Library for .NET was providing limited PGP emails support due to limitations in the System.Net.Mail namespace implementation regarding the MIME email formats (in fact we supported only PGP-inline emails). Recently we had received a numerous requests for additional support for PGP/MIME email format. In order to implement it we decided to use the open source MimeKit library but this is the moment where we were hit with this case:

+-------+        +---+         +--------+
|   B   +------->+ A +<--------+    D   |
+---+---+        +---+         +--------+
^                               ^
|                               |
|                               |
+---+---+                       +---+---+
|  C.1  |                       |  C.2  |
+-------+                       +-------+

Assembly A needs to use assemblies B and D, which reference different versions of assembly C. Of course this can be resolved with binding redirect in the app.config or dynamically in the AppDomain.CurrentDomain.AssemblyResolve event. But our aim was to provide a DidiSoft.Pgp.Mail.dll which use will be as simple as just referencing it straight away.

Digging for more information in Stackoverflow and MSDN we found out that probably the days when strong named assemblies were a must may have passed away. In order to hear what our community thinks we decided to file the survey. And here are the results:

The results are self explanatory – we must provide both strong named DLLs and unsigned too.

 

Read more...

Weird symbols in emails to BlackBerry clients

Sending PGP/MIME emails to BlackBerry clients may lead to weird symbols in front of given special characters. This is a hard to be solved bug as it has nothing to do with OpenPGP. The OpenPGP messages created with DidiSoft OpenPGP Library for Java and OpenPGP Library for Android are correct and identical when decrypted up to byte array level with those created with other OpenPGP compatible apps including the BlackBerry PGP support.

One of our clients experienced in his Android app this strange behavior when sending encrypted emails to BlackBerry. Digging deeply in this use case we finally resolved the case to be related to a weird expectation in the PGP/MIME format itself, coded in the BlackBerry PGP support.

Read more...

Exchanging encrypted data with Bank of America

Bank of America accepts OpenPGP encrypted files from its clients. Unfortunately in the official technical documentation that they provide it is not very clear how to create the proper format which they will accept. In order to easy you we will show bellow a small code snippet that will illustrate how to create such encrypted file with the help of DidiSoft OpenPGP Library for Java. Similar result can be achieved for other programming environments with the corresponding products offered by DidiSoft.

The example code snippet below will create signed and encrypted data in the format requested by Bank of America:

1
2
3
4
     
  PGPLib pgp = new PGPLib();
  boolean asciiOutput = true;
  pgp.signAndEncryptFileVersion3("c:\\data.txt", "c:\\my_private_key.asc", "my key password", "c:\\BoA_key.asc", "c:\\encrypted.pgp", asciiOutput);

The key file BoA_key.asc is assumed to be the text file containing Bank of America’s public PGP key. The file my_private_key.asc file shall be your private key corresponding to the public key you have uploaded already to Bank of America. The other parameters shall be self explanatory.

Read more...

OraRSA 1.1 offering various SHA based signings

DidiSoft OraRSA version 1.1 was released today. It offers to customize the digital signature algorithm in contrast to version 1.0 where only SHA1withRSA was available.

How to use the new algorithms?

In order to use the new algorithms, you must specify the algorithm needed as the last parameter of the ORA_RSA.SIGN and ORA_RSA.VERIFY methods. Available values are:

ORA_RSA.HASH_SHA1 for SHA1withRSA
ORA_RSA.HASH_SHA224 for SHA224withRSA
ORA_RSA.HASH_SHA256 for SHA256withRSA
ORA_RSA.HASH_SHA384 for SHA384withRSA
ORA_RSA.HASH_SHA512 for SHA512withRSA

Upgrade from version 1.0

In order to upgrade from version 1.0 you must first unload the version 1.0 JAR files:

dropjava.sh/.bat -r -v – u user/pass [extraction folder]\SetupFiles\jce-jdk13-152.jar
dropjava.sh/.bat -r -v – u user/pass [extraction folder]\SetupFiles\ora-rsa-1.0.0.jar

Then continue like a normal Setup.
 

Read more...

IdNotFoundException

Executing procedures from the dbms_java Oracle PL/SQL package may result in a strange IdNotFoundException like:

ORA-29532: Java call terminated by uncaught Java exception: oracle.aurora.vm.IdNotFoundException: user : user or role id does not exist

This is very common when granting java.io.FilePermission:

call dbms_java.grant_permission('user', 'java.io.FilePermission', 'C:/MyFolder/ora-pgp-1.1.0.jar', 'read');

If you experience such error try changing the user(schema) name to Uppercase.

Read more...