InvocationTargetException in WebMethods

If you are using DidiSoft OpenPGP Library for Java in a  Software AG WebMethods project you may encounter strange exceptions like: java.lang.reflect.InvocationTargetException:org.bouncycastle.util.Arrays.constantTimeAreEqual The reason for such exceptions is that WebMethods ships with an older version of the BouncyCastle jar files and a class loading mismatch occurs. The resolution is to remove the default BouncyCastle jar files […]

Continue reading


Migration guide from version 2.5.x to version 2.6

As of version 2.6.0 the plain encrypt methods (PGPLib.encrypt…) throw java.io.IOException in addition to com.didisoft.pgp.PGPException. In order to migrate from version 2.5 you will also have to catch java.io.IOException into an additional catch clause. Methods affected: PGPLib.encryptStream PGPLib.encryptFile PGPLib.encryptStreamPBE PGPLib.encryptFilePBE

Continue reading


Unknown KeySpec type ElGamalPrivateKeySpec

Some customers that have deployed DidiSoft OpenPGP Library for Java as part of a web application, have noticed that the exception below is thrown when they perform a hot deploy on the application server: org.bouncycastle.openpgp.PGPException: Exception constructing key    at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Source)    at org.bouncycastle.openpgp.PGPSecretKey.extractPrivateKey(Unknown Source) … Caused by: java.security.spec.InvalidKeySpecException: Unknown KeySpec type: org.bouncycastle.jce.spec.ElGamalPrivateKeySpec    […]

Continue reading


unknown object in stream 9

This exception is equivalent to unknown object in stream SymmetricKeyEncrypted. Usually occurs when we try to decrypt a conventionally OpenPGP encrypted file (also known as password encrypted or PBE) that was created with PGP 2.x or McAfee E-Business Server 7.x. This issue has been addressed in OpenPGP Library for Java version 2.5.6 and upper and […]

Continue reading


Deploy OpenPGP Library for Java executable JAR

If you wish to deploy a single executable JAR application that embeds DidiSoft OpenPGP Library for Java (and the BouncyCastle jars as well) the only solution is to embed (package) the three jars of the library within the final executable JAR application. The reason for this is that the BouncyCastle java security provider must be […]

Continue reading


Sign files for PGP 6.5 and below

The default methods for OpenPGP signing and one pass sign and encrypt provided byDidiSoft OpenPGP Library for Java and OpenPGP Library for  .NET produce version 4 OpenPGP digital signatures (for more information, please refer to the OpenPGP specification RFC 4880 ). Unfortunately PGP version 6.5 and below recognize only version 3 digital signatures. In order […]

Continue reading