Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pgpainless-cli fails extracting a certificate from a pubkey with unknown secret key encryption method #438

Open
dkg opened this issue Apr 9, 2024 · 2 comments
Open

pgpainless-cli fails extracting a certificate from a pubkey with unknown secret key encryption method #438

dkg opened this issue Apr 9, 2024 · 2 comments
Labels
module: cli Issue affects the command line application module: core Issue affects the core module upstream Issue is caused by an upstream package

Comments

@dkg
Copy link

dkg commented Apr 9, 2024

Consider an OpenPGP secret key that uses a form of secret key encryption that is unknown to pgpainless.

Even though pgpainless can't use the secret key, i'd expect it to be able to transform it into a valid OpenPGP certificate.

However:

0 dkg@alice:~$ cat test.key 
-----BEGIN PGP PRIVATE KEY BLOCK-----

xTQEZgWtcxYJKwYBBAHaRw8BAQdAlLK6UPQsVHR2ETk1SwVIG3tBmpiEtikYYlCy
1TIiqzb8zR08aGFyZHdhcmUtc2VjcmV0QGV4YW1wbGUub3JnPsKNBBAWCAA1AhkB
BQJmBa1zAhsDCAsJCAcKDQwLBRUKCQgLAhYCFiEEXlP8Tur0WZR+f0I33/i9Uh4O
HEkACgkQ3/i9Uh4OHEnryAD8CzH2ajJvASp46ApfI4pLPY57rjBX++d/2FQPRyqG
HJUA/RLsNNgxiFYmK5cjtQe2/DgzWQ7R6PxPC6oa3XM7xPcCxzkEZgWtcxIKKwYB
BAGXVQEFAQEHQE1YXOKeaklwG01Yab4xopP9wbu1E+pCrP1xQpiFZW5KAwEIB/zC
eAQYFggAIAUCZgWtcwIbDBYhBF5T/E7q9FmUfn9CN9/4vVIeDhxJAAoJEN/4vVIe
DhxJVTgA/1WaFrKdP3AgL0Ffdooc5XXbjQsj0uHo6FZSHRI4pchMAQCyJnKQ3RvW
/0gm41JCqImyg2fxWG4hY0N5Q7Rc6PyzDQ==
=3w/O
-----END PGP PRIVATE KEY BLOCK-----
0 dkg@alice:~$ pgpainless-cli extract-cert < ./test.key 
java.io.EOFException
1 dkg@alice:~$ pgpainless-cli version --extended
PGPainless-SOP 1.6.7
https://codeberg.org/PGPainless/pgpainless/src/branch/master/pgpainless-sop

Implementation of the Stateless OpenPGP Protocol Version 07
https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-stateless-cli-07

Based on pgpainless-core 1.6.7
https://pgpainless.org

Using Bouncy Castle 1.77
https://www.bouncycastle.org/java.html
0 dkg@alice:~$

(this example was drawn from a proposed test vector for the hardware-secrets draft, but a similar situation likely applies for any unknown secret key encryption format (maybe even for AEAD for secret keys as described in the crypto-refresh, but i haven't tested it yet)
@dkg dkg added the module: cli Issue affects the command line application label Apr 9, 2024
@vanitasvitae vanitasvitae added module: core Issue affects the core module upstream Issue is caused by an upstream package labels Apr 10, 2024
@vanitasvitae
Copy link
Member

Hey!
Thanks for the bug report. It appears that BC 1.77 is currently choking on the test vector. I'll keep this in mind when working on v6 support :)

For the meantime I added a (disabled) test containing the test vector, so we can later make sure BC/PGPainless are handling the key properly.

@vanitasvitae
Copy link
Member

For reference: bcgit/bc-java#1719

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
module: cli Issue affects the command line application module: core Issue affects the core module upstream Issue is caused by an upstream package
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dkg @vanitasvitae