OpenPGP Library for .NET News

Articles related to DidiSoft OpenPGP Library for .NET.

OpenPGP Library for .NET 1.8.5.31 fixes RSA signatures problem with Java 7+

Half a year ago we have released version 1.8.3.5 which addressed compatibility with OpenPGP signatures verification with systems build with Java version 7 and above.

Unfortunately it ended that we have introduced an additional bug at that time that brakes signature verification for each 1 out of 500 files created with RSA key and SHA-1 hash digest.

The newest version 1.8.5.31 of OpenPGP Library for .NET finally resolves this issue. Our customers are strongly recommended to update, in order to exchange without any hassle data with OpenPGP systems build and running on Java 7 or above.

Known affected systems so far: Tibco MFT, iWay Integration Services.

Read more...

Recent updates in OpenPGP Library for .NET 1.8.5

The new version of DidiSoft OpenPGP Library for .NET 1.8.5 starts with some new features that simplify key management and enhanced key export.

Below you can see some short code samples illustrating the new features:

KeyStore access by Index

DidiSoft.Pgp.KeyStore items can now be accessed by index. Two new properties have been added to allow this:

KeyStore[index] – access to the keys by insertion order
KeyStore.Count – count of key pairs inside the KeyStore

1
2
3
KeyStore ks = KeyStore.OpenFile(...);
int numberOfKeys = ks.Count;
KeyPairInformation key = ks[1]; // from 0 up to Count-1

Additional signing sub keys

Additional signing sub keys can be added with the help of a new method: KeyStore.AddSigningSubKey

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
using System;
using DidiSoft.Pgp;
 
public class AddEncryptionSubKey
{
 public static void Demo()
 {
  // initialize the key store
  KeyStore keyStore = new KeyStore(@"DataFiles\key.store", "changeit");
 
  // User Id of the signing key, this is usually our private key
  String signUserId = "support@didisoft.com";
  String privateKeyPassword = "changeit";
 
  // add ECC sub key
  KeyPairInformation.SubKey newKey2 = keyStore.AddSigningSubKey(signUserId, privateKeyPassword, EcCurve.P521);
 }
}

Partial private key export

In recent versions of GnuPG, private keys can be exported partially without the master private key material. Such key can be utilized only through its sub keys, but cannot sign other keys.

An example illustrating this can be found here: Exporting partial private keys

Upgrade from previous versions

Version 1.8.5 is 100% code level compatible with all previous 1.8 versions. Just rebuild and redeploy your applications with the new assembly DLL’s.

Read more...

Compatibility with Java 7+ RSA signatures

As of Java version 7 and above the RSA digital signatures computation has been changed and signatures that were previously accepted by software build with Java may end being rejected with message like: “unable to verify signature: Signature length not correct: got 511 but was expecting 512

Solutions using DidiSoft OpenPGP Library for .NET may be affected when they send signed or signed and encrypted PGP data with software systems build in Java. A recent example we had was with TIBCO MFT, throwing the above mentioned error.

The technical explanation of the problem is that a digital signature consists of MPI (multi precision integers) which are kept in array of bits (not bytes!) and when serialized they may end being a number that is not divisible by two without reminder, which is not accepted by Java 7 and upper versions.

Version 1.8.3.5 of OpenPGP Library for .NET resolves this issue by padding with leading zero bytes up to a length power of two. If you encounter such behavior then please upgrade.

Important notice: It ended that in version 1.8.3.5 we have introduced an additional bug. This was finally fixed in version 1.8.5.31 !

Read more...

PGP/MIME support for .NET

In version 1.8.3 of DIdiSoft OpenPGP Library for .NET you will find a full featured PGP/MIME support. The weird thing is that it is designed to be a plugable API for easy integration with third party Mail Libraries for .NET.

The solution in brief

The PGP/MIME support is located in a new class PGPMailLib located in the namespace DidiSoft.Pgp.Mail in additional DLL DidiSoft.Pgp.Mail.dll.

A new tutorial chapter describes the PGP/MIME functionality.

Why not your own solution instead of plugable API?

A decent nowadays Email library must provide a good Email MIME (Multipurpose Internet Mail Extensions) parser and implementation of the network communication (Mail Send/Receive – POP3/IMAP, SMTP protocols). We can judge the complexity of those tasks by observing the implementation of the System.Net.Mail namespace in the .NET Framework – its MIME parser supports only a limited set of the MIME standard and this is the main reason why so many third party Mail APIs for .NET exist !

Which third party Mail Libraries are supported ?

Every library with a good MIME parser will integrate fine with DidiSoft.Pgp.Mail.dll. We have tested so far with Aspose.Email, Rebex.Mail, OpenPop and MimeKit. Even an Outlook plugin was created during the beta testing period from one of our clients who needed this functionality at that moment, when it was still under development.

Where to get more information

You can continue from here to the tutorial chapter dedicated to the PGP/MIME support for .NET.

Read more...

New features in OpenPGP for .NET 1.8.2.2

In version 1.8.2.2 of DidiSoft OpenPGP Library for .NET version you will find support for 2048 and 3076 bit DSA master signing keys, Elliptic Curve OpenPGP keys based on the Brainpool curves and some other extras.

Brainpool ECC keys

With the new version we can create an Elliptic Curve OpenPGP key just like the standard ECC keys based on NIST curves :

C# example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
using System;
using DidiSoft.Pgp;
 
public class GenerateEccKeyPairDemo
{
   public void Demo()			
   {
       KeyStore ks = new KeyStore();
 
       // EC curve for this key   
       EcCurve curve = EcCurve.Brainpool256;
       // primary User Id of the key
       string userId = "Demo <demo@didisoft.com>";
       // password for the private key
       string privateKeyPassword = "changeit";
 
       ks.GenerateEccKeyPair(curve, userId, privateKeyPassword);
   }
}

VB.NET example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Imports System
Imports DidiSoft.Pgp
 
Public Class GenerateEccKeyPairDemo
   Public Sub Test()
       Dim ks As New KeyStore()
 
       '  EC curve for this key
       Dim curve As EcCurve = EcCurve.Brainpool256
       ' primary User Id of the key
       Dim userId As String = "Demo <demo@didisoft.com>"
       ' password for the private key
       Dim privateKeyPassword As String = "changeit"
 
       ks.GenerateEccKeyPair(curve, userId, privateKeyPassword)
   End Sub
End Class

Large DSA based keys

Large DH/DSS (DSA) based keys can be generated with the method KeyStore.GenerateDhDssKeyPair. Here we can specify the size of the master signing key (DSA key) and the encryption key Diffie-Hellman (DH key) separately. And overloaded version of the more general KeyStore.GenerateKeyPair has also be added for specifying separately the size of the encryption and signing keys, or the Elliptic curves respectively for ECC OpenPGP keys.

Brainpool ECC keys in PowerShell

Brainpool curves based OpenPGP keys can be created in PowerShell now too:

New-PgpKeyEcc -Curve Brainpool-512 -Name “Richard Koosh” -Password “my key pass” -Output c:\my_key.asc

What symmetric cipher was used?

Did you wondered what is the symmetric cipher used to encrypt the data in a given pgp archive? Now you can find out with the help of DidiSoft.Pgp.Inspect.PGPInspectLib:

1
2
3
4
5
6
7
8
9
10
11
FileInfo pgpFile = new FileInfo(OutputFolder + "output.pgp");
pgpFile.Delete();
pgp.EncryptFile(SmallText, PublicKey, pgpFile, true, true);
 
using (Stream dataStream = pgpFile.OpenRead())
using (Stream keyStream = PrivateKey.OpenRead())
{
	DidiSoft.Pgp.Inspect.PGPInspectLib inspect = new DidiSoft.Pgp.Inspect.PGPInspectLib();
 
	Console.WriteLine(inspect.GetEncryptionCypher(dataStream, keyStream, Password));
}

What else

Check the Release notes for all the new additions or drop us a line if you have any comments a questions?

Read more...

OpenPGP Library for .NET 1.8

We are glad to announce the release of DidiSoft OpenPGP Library for .NET version 1.8

The new version is based on BouncyCastle crypto toolkit version 1.8 and provides DLL files for the following platforms:

  • .NET Framework 2.0 – 4.6
  • Universal Windows (UWP)
  • Windows Store (WinRT)
  • Windows Phone 8.1
  • .NET Core 1.1
  • Xamarin Android and iOS
  • Compact Framework 3.5

Async support

The .NET 4.6 assemblies now support asynchronous OpenPGP cryptography methods. In order to utilize them you must use the PGPLibAsync class (subclass of DidiSoft.Pgp.PGPLib)

using DidiSoft.Pgp;
 
public class AsyncDemo 
{
  public async void MyAsyncMethod() 
  {
    PGPLibAsync pgp = new PGPLibAsync();
    await pgp.EncryptFileAsync(...);
  }
}

LDAP, SEMS and Xamarin

DidiSoft.Pgp.Net.LdapClient is now available for Xamarin too. Keys upload to Symantec Encryption Management Server (SEMS) is now possible if the connection is authenticated with a write access user account credentials and PGP Verified Directory is enabled on the SEMS server.

PowerShell additions

The PowerShell cmdlets now support keys from a KeyStore as well. The syntax is as follows:

PS C:\> ConvertTo-PgpSignedFile -Path C:\Temp\0xC4262702-pub.asc -Key DidiSoft -Password test -KeyStore C:\PGPKeys\my.keystore -KeyStorePassword test

Information for a pgp key file

A new cmdlet Get-PgpKeyInfo is available that obtains information for pgp key files. More information can be found in the PowerShell tutorial.

What’s next this year

Support for 3072 master DSA keys is on the go, additional PowerShell cmdlets, example applications for UWP, Azure and Xamarin and support for the Brainpool Elliptic curves.

Read more...

Long Hex Key ID’s in OpenPGP for .NET

Recent posts on the Internet described hacks that allowed intruders to fake Linus Torvalds OpenPGP key by providing a key that has the same short hexadecimal representation. A full Key ID is 64 bit long (8 bytes) but represented as a hexadecimal string it takes 16 characters (2 for each byte) and this was initially considered hard for typing.

"08A321B6" // short key id
"3D4761A008A321B6" // long key id

GnuPG and command line versions of PGP used all over their tutorials short key ID’s, produced by the lower 32 bits of the real Key ID. But after the recent threats this may become obsolete and probably in the future the full hexadecimal Key ID’s may become mandatory.

Support for long key ID’s

In order to address this issue today we have shipped a new version 1.7.15.5 of DidiSoft OpenPGP Library for .NET that fully supports long hexadecimal Key ID’s. Check below a short code snippet that illustrates the difference between short and link key id’s:

// C# example
KeyStore ks = KeyStore.OpenFile(@"c:\mykeys.keystore", "my keystore pass");
PGPLib pgp = new PGPLib();
// short key id
string encryptedMessage = pgp.EncryptString("Hello World!", ks, "08A321B6"); 
// long key id
string encryptedMessage2 = pgp.EncryptString("Hello World!", ks, "3D4761A008A321B6");
// VB.NET example
Dim ks As KeyStore = KeyStore.OpenFile("c:\mykeys.keystore", "my keystore pass")
Dim pgp As New PGPLib()
' short key id
Dim encryptedMessage As String = pgp.EncryptString("Hello World!", ks, "08A321B6")
' long key id
Dim encryptedMessage2 As String = pgp.EncryptString("Hello World!", ks, "3D4761A008A321B6")

Print long hexadecimal key ID’s

Both DidiSoft.Pgp.KeyStore and DidiSoft.Pgp.KeypairInformation classes provide a static method KeyIdToLongHex that converts a raw key ID of type long (Int64) into a full hexadecimal representation:

long keyId = ...
string longHexKeyId = KeyStore.KeyIdToLongHex(keyId);

Convert line endings of text files

Another recent change that was introduced is the automatic conversion of line endings of decrypted text files to the default for the current operating system, which is CrLf (/r/n) for Windows.

For example a text document encrypted on Mac will have only the new line character (\n) line endings. Decrypted on Windows the new line character will be automatically corrected. This will be done only if the encrypted file is marked internally as text. If for some reason you need to have the line endings intact, just switch the property KeepLineEndingsIntact to true like:

// C# example
PGPLib pgp = new PGPLib();
pgp.KeepLineEndingsIntact = true;
// no conversion will be made for decrypted text files

 

Read more...

OpenPGP Library for .NET 1.7.15.2 offers 2048 bit DSA master signing keys

DidiSoft OpenPGP Library for .NET version 1.7.15.2 was shipped today. It offers creation of 2048 bit DSA master signing keys in DH/DSS (ElGamal) key pairs and signing keys with non exportable (local) signatures.

2048 bit DSAmaster signing keys

By default the library will create a 1024 bit DSA master signing key when generating a DH/DSS (ElGamal) key pair. In order to force the new functionality offering a 2048 bit DSA master key a special property Force2048bitDSA of the KeyStore class must be set:

1
2
3
KeyStore ks = new KeyStore();
ks.Force2048bitDSA = true;
// now newly generated ElGamal keys will have a 2048 bit master signing key

Signing public keys with non exportable signature

If you need to sign public keys just for your own needs, then an overloaded version of the KeyStore.SignPublicKey method offers this functionality through its last parameter which indicates the signature exportability:

C# example

// ks is of type DidiSoft.Pgp.KeyStore
bool exportable = false;
ks.SignPublicKey("ceo@company.com", "my key user id", "my password", exportable);

VB.NET example

' ks is of type DidiSoft.Pgp.KeyStore
Dim exportable As Boolean = False
ks.SignPublicKey("ceo@company.com", "my key user id", "my password", exportable)

Fix in Web of Trust

When adding a new User Id to an Ultimately trusted key, the trust was lost due to a bug in the library. This has been fixed and the trust value will be preserved.

For a complete list of changes in this release, please check the release notes.

Read more...

OpenPGP Library for .NET 1.7.15 provides PowerShell commands

Today has been released version 1.7.15 of OpenPGP Library for .NET .

Windows PowerShell support

The major new thing in this release is a Powershell module with a wide range of OpenPGP related Cmdlets from encryption to creation of keys.

The commands will be available in the Powershell console right after the setup of the new version. Check the complete tutorial chapter dedicated to the usage of the Cmdlets here: www.didisoft.com/net-openpgp/examples/powershell/

Support for Camellia

In this new release the library can handle .pgp archives encrypted with the Camellia cipher (RFC 5581 – The Camellia Cipher in OpenPGP, an outside extension of the  core OpenPGP Standard RFC 4880). Although not very commonly implemented, recently more and more companies adopt the open source GnuPG software, which supports it out of the box. In order to be compatible with them in all possible scenarios we’ve decided to add decryption support for it.

DSA and RepeMD160

DSA based digital signatures require at least 160 bit hash input, so the RipeMD160 (DidiSoft.Pgp.HashAlgorithm.RIPEMD16) is a valid hash for it. We were very surprised to find out that the previous version of the library cannot handle such signatures. This has been fixed in this release.

What’s next?


In the next version we will provide a complete functionality for creation of sub keys. The speed of generating DH/DSS (ElGamal) keys will be dramatically improved using pre-computed prime numbers from RFC 3526 and support for 2048 bit DSS signing keys will be provided.

Read more...