You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Daniel Gredler (JIRA)" <ji...@apache.org> on 2013/12/10 00:48:07 UTC
[jira] [Updated] (CAMEL-7052) PGPDataFormat: Unable to encrypt
using subkey
[ https://issues.apache.org/jira/browse/CAMEL-7052?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Gredler updated CAMEL-7052:
----------------------------------
Attachment: camel-7052.patch
All tests (including the ignored Elgamal test) pass for me with this patch.
> PGPDataFormat: Unable to encrypt using subkey
> ---------------------------------------------
>
> Key: CAMEL-7052
> URL: https://issues.apache.org/jira/browse/CAMEL-7052
> Project: Camel
> Issue Type: Bug
> Components: camel-crypto
> Affects Versions: 2.12.2
> Reporter: Daniel Gredler
> Attachments: camel-7052.patch
>
>
> Generate a keyring with a DSA key for signing and an Elgamal key for encryption, using the password "secret":
> {code}>gpg --gen-key
> gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Please select what kind of key you want:
> (1) RSA and RSA (default)
> (2) DSA and Elgamal
> (3) DSA (sign only)
> (4) RSA (sign only)
> Your selection? 2
> DSA keys may be between 1024 and 3072 bits long.
> What keysize do you want? (2048) 2048
> Requested keysize is 2048 bits
> Please specify how long the key should be valid.
> 0 = key does not expire
> <n> = key expires in n days
> <n>w = key expires in n weeks
> <n>m = key expires in n months
> <n>y = key expires in n years
> Key is valid for? (0) 0
> Key does not expire at all
> Is this correct? (y/N) y
> GnuPG needs to construct a user ID to identify your key.
> Real name: Testing
> Email address: testing@foo.com
> Comment:
> You selected this USER-ID:
> "Testing <te...@foo.com>"
> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
> You need a Passphrase to protect your secret key.
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> gpg: key C49B82A0 marked as ultimately trusted
> public and secret key created and signed.
> gpg: checking the trustdb
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> pub 2048D/C49B82A0 2013-12-09
> Key fingerprint = AB15 5E15 768E E6FE 96AB 2423 6488 CEA7 C49B 82A0
> uid Testing <te...@foo.com>
> sub 2048g/361D9AA1 2013-12-09{code}
> List the keys to make sure they look OK:
> {code}>gpg --list-keys
> pubring.gpg
> ---------------
> pub 2048D/C49B82A0 2013-12-09
> uid Testing <te...@foo.com>
> sub 2048g/361D9AA1 2013-12-09{code}
> Export to a file and then check the contents of the file:
> {code}>gpg --export > pubring.pgp
> >gpg pubring.pgp
> pub 2048D/C49B82A0 2013-12-09 Testing <te...@foo.com>
> sub 2048g/361D9AA1 2013-12-09{code}
> We now have a keyring that contains a primary DSA key for signing, and an Elgamal subkey for encryption. The subkey does not have a user ID associated with it, because the user ID is associated with the corresponding primary / master key.
> The latest code in {{PGPDataFormatUtil.findPublicKeys(InputStream, List<String>, boolean)}} cannot handle this scenario, because it expects the subkey to also have a user ID. Only the first key in a keychain (which is the primary / master key) will have a user ID. The subkeys don't have user IDs directly associated with them, and so they are not recognized as usable by Camel, when in fact they are usable.
> See this discussion for more info on how primary keys and subkeys are represented in the BouncyCastle model, and how this relates to user IDs:
> http://bouncy-castle.1462172.n4.nabble.com/How-to-find-PGP-subkeys-td1465289.html
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)