OpenPGP Library for Android News

Should the EFAIL attack concern your PGP applications

A few days ago in the world of applied cryptography especially S/MIME and PGP emails has appeared a new threat – the EFAIL attack.

In this post we are not going to explain again details of the attack itself as a lot has already been published on the Internet, but rather explain do you have to be concerned using any of the DidiSoft OpenPGP products.

The EFAIL attack in breaf

The EFAIL attack in short consists of allowing the receiver to decrypt the data and send it via HTTP request to the intruder. In the examples published in the source article this is done with an image tag artificial inserted by the intruder and the decrypted data sent as an HTTP request parameter for the image tag location (assumed to be on the intruder’s web host).

The main target of the attack is S/MIME and PGP encrypted email messages.

First approach (image tag)

The first approach they use is by modifying the email and introducing a new body part before the encrypted email body part, which contains an unclosed image tag.

Our proposed Solution

When implementing email rendering do not allow unclosed tags in a MIME section and perform HTML purification independently for each MIME body part.

Second approach (CBC/CFB gadget)

The second technique, named CBC/CFB gadget attack, exploits vulnerabilities in OpenPGP (CVE-2017-17688) and S/MIME (CVE-2017-17689).

From the EFAIL article the reader may conclude that the second vulnerability is something that a 12 year old boy can do at home:

“Given the current state of our research, the CFB gadget attack against PGP only has a success rate of approximately one in three attempts”

The reality tends to be different though. This is still an unconfirmed threat to PGP/MIME emails. The current Security Focus state regarding exploits is “Currently, we are not aware of any working exploits“. PGP/MIME emails with Integrity protection packet cannot be modified as of the time of this writing.

Our proposed Solution

When receiving PGP/MIME emails DidiSoft products will rise exception whether or not integrity protection has been set on the incoming data.

When sending PGP/MIME emails to other entities using DidiSoft products, please ensure that integrity check has been turned on!


The EFAIL attack exploits weaknesses in the implementation of some PGP email clients. The mass press coverage raised uncertainty in organizations relying on PGP encryption, but the attack targets PGP email client implementations and not PGP encryption as a whole.

We also recommend  you to read the one page official answer from the core PGP developers.


OpenPGP Library for Android 1.1 is online

Fellow developers,
The new OpenPGP Library for Android 1.1 has just been released and we are glad to announce that it is bringing many enhancements and bug fixes.

Below is a list of the changes in this release:

[*] : Bug
[+] : New
[-] : Removed
[!] : Modification


Version 1.1
Release date: 30 January 2013

Changes in package com.didisoft.pgp
[+] Added KeyPairInformation.keyId2Hex – Helper method that converts 8 byte Key ID (of type long)
into a hexadecimal string obtained from the lower 4 bytes and used in PGP(r) and GnuPG/gpg.
[*] KeyStore.generateKeyPair – keys with expiration date are now recognized by Authora EDGE

[!] PGPLib.EncryptFile – the timestamp inside the .pgp archive is taken from the file timestamp instead of the current date time.
[*] PGPLib.signAndEncryptStream – encrypted output stream was not closed correctly in binary mode

Changes in package com.didisoft.pgp.inspect
[+] PGPInspectLib.isSignedOnly(InputStream)
[+] PGPInspectLib.listSigningKeyIds(InputStream)
[+] PGPInspectLib.isPublicKeyEncrypted(InputStream)
[+] PGPInspectLib.listEncryptionKeyIds(InputStream)
[+] PGPInspectLib.isPBEEncrypted(InputStream)

New exception subclasses in com.didisoft.pgp.exceptions
[+] FileIsPBEEncryptedException – thrown in case when decrypting a password encrypted archive with a private key
[+] DetachedSignatureException – thrown in case when trying to verify a detached signature without the data file

Feel free to drop us a line if you have any comments, suggestions or ideas for improvement.


Year 2013 RoadMap – OpenPGP Library for Java and Android

The road map for this year for DidiSoft OpenPGP Library for Java and OpenPGP Library for Android contains a few features that we have planned to include:

Java PGP LibraryQ1 – setting Content type of the archives, accepting Key Hex ID’s interchangeably with User ID’s, partial match of User ID’s.

Q2 – RFC 6637 support

Q3 – Importing X.509 certificates as OpenPGP keys

Q4 – supporting Additional decryption keys (ADK).

As always we are open for your feedback and will gladly include your feature requests.


New! OpenPGP Library for Android

OpenPGP Library for Android demo applicationWe had a few requests for an OpenPGP Library for Android and finally we are ready with version 1.0

The first version of the library has the same set of features as the latest version of OpenPGP Library for Java. The minimal supported Android version is 2.1 (Eclair).

The distribution ZIP archive ships with a demo application that demonstrates how to invoke the basic encryption and key generation features from an Android application.