Encrypt and Sign is hitting an error about pgpcore HOT 6 CLOSED

Hi, from the error it sounds like you might be trying to use the public key to sign rather than the private key. If you can provide your code I'll have a look in more detail.

from pgpcore.

Hi, I'm pretty sure that isn't the case (for the sake of redundancy I tried swapping the private and public keys and the PgpPublicKeyRing and PgpSecretKeyRing sections of the error message flipped).

My code is below, the public key here and private key here bits are temporary / testing keys copied and pasted in. I also tried updating bouncycastle to 1.8.3 (same error) and rolling back bouncycastle to version 1.8.1.3 and pgpcore to 1.1.1 (same error). Note that the EncryptStream function works just fine.

All I could find that was related to this issue was this link to a bc-csharp repo:
bcgit/bc-csharp#143
But I am new to c# and Azure Functions and I don't know how to implement the fix mentioned.

Code:

#r "Newtonsoft.Json"
using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json;
using System;
using System.IO;
using System.Text;
using PgpCore;
public static async Task<IActionResult> Run(HttpRequest req, ILogger log)
{
    byte[] i2pubByteArray = Encoding.ASCII.GetBytes(@"publickey here");
    byte[] i1privByteArray = Encoding.ASCII.GetBytes(@"privatekey here");

    MemoryStream i2pubStream = new MemoryStream( i2pubByteArray );
    MemoryStream i1privStream = new MemoryStream( i1privByteArray );
    MemoryStream outputFileStream = new MemoryStream();
    string passPhrase = "pass";
    using (PGP pgp = new PGP())
    {
   pgp.EncryptStreamAndSign(req.Body,outputFileStream,i2pubStream,i1privStream,passPhrase,true,true);
    }
    outputFileStream.Seek(0, SeekOrigin.Begin);
    return 5 != null
        ? (ActionResult)new OkObjectResult(outputFileStream)
        : new BadRequestObjectResult("Please pass a name on the query string or in the request body");
}

here is the EncryptStream line that works fine (in place of the EncryptStreamAndSign line):
pgp.EncryptStream(req.Body,outputFileStream,i2pubStream,true,true);

from pgpcore.

Bit strange but I also just attempted to decrypt a message that had been encrypted with EncryptStream and copying that output to the input and running it with DecryptStream and I got a similar error:
[Error] Executed 'Functions.HttpTrigger1' (Failed, Id=4a2f0c8d-df9b-4637-ae50-558faf861cca)
Org.BouncyCastle.Bcpg.OpenPgp.PgpPublicKeyRing found where PgpSecretKeyRing expected

Code line for the encrypt stream:
pgp.EncryptStream(req.Body,outputFileStream,i2pubStream,true,true);
Code Line for the decrypt stream:
pgp.DecryptStream(req.Body,outputFileStream,i2privStream,passPhrase);

from pgpcore.

Your code works for me, the only difference is that I'm encrypting a static string rather than from the function request body. I'm using v1.3.1 of PgpCore and v1.8.2 of BouncyCastle.NetCore.

` private const string PublicKey = @"-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v

mIsEXAUKxwEEANGxXfDrnEpwNzBJcXQLiYm4jYdterwhu8Sb2dzgS5LZVzPVTR6h
UEokaqMkJ6UmznNe9ebeKsoabDsajoNYRb7O5mZXErF2hoeouXcgkZvQ5rzVCo8F
dUyaoTovpprTd8pH0WIxI+D3cQU6XsLzvZTApl2dPzj0uDBsOXMAhLctAAUTtA9l
bWFpbEBlbWFpbC5jb22InAQQAQIABgUCXAUKxwAKCRBzSLqd36HqjIyVA/kB4e0D
6jeIcFWLzoIWRd8vkjB37cOAQn5eReC7lpokIo9GjgWye2MIs4nlIlIafHMwjrmd
j/tX6svTHYH48YVpkxSF7L3R341BkyDzgO7oQQu4ZQHhMobej0M2GsMAQ+Vt1NXK
L3Vp8+jz8uFVg4cXaM4YfEpagzcf6XO1Op07LQ==
=hezx
-----END PGP PUBLIC KEY BLOCK-----";

    private const string PrivateKey = @"-----BEGIN PGP PRIVATE KEY BLOCK-----

Version: BCPG C# v

lQHqBFwFCscBBADRsV3w65xKcDcwSXF0C4mJuI2HbXq8IbvEm9nc4EuS2Vcz1U0e
oVBKJGqjJCelJs5zXvXm3irKGmw7Go6DWEW+zuZmVxKxdoaHqLl3IJGb0Oa81QqP
BXVMmqE6L6aa03fKR9FiMSPg93EFOl7C872UwKZdnT849LgwbDlzAIS3LQAFE/8C
AwLzSZV+JhEUD2AoZSP4rKdymdgvqT6ZWqKXfzyPgFngCBZFs6g7I1jBSGK9zVl/
ZjBSj2ABTuRpaBd5s0EwtVwiZ03iIc7aKX1jC1IpnwS6SAUYpMSk0KyTYaJIDaje
WSs2yoRkfll9bY3vGJNyeE57GT1lsG8LvHz+E1xT9OV+UN3+LCN4142Su05UApRh
BASveOKvPJAVsbQZVTXRdNZRDSPKdT80esw45Pu6V2VVnsJXZlvPKQFlP996lDUI
Q1Mh1abADGE8iKoVVBIxaB/hXjQHGZ3gUNiJSCnnUMqHGm3DXaBKHY+TvfWJM6HS
izjTHt41ZvkfM6htLQZJECw0fcQbGNepkYX7esSOMfRGzpbW3N+CPBvspdJITiRc
4nzx9/2cjG01FH4kBfQKBacxfsSK+SN5BJYors6LecyAzzIfflh0nQgJBQ11mSM2
2B4BG60sf4oDeDEpa7QPZW1haWxAZW1haWwuY29tiJwEEAECAAYFAlwFCscACgkQ
c0i6nd+h6oyMlQP5AeHtA+o3iHBVi86CFkXfL5Iwd+3DgEJ+XkXgu5aaJCKPRo4F
sntjCLOJ5SJSGnxzMI65nY/7V+rL0x2B+PGFaZMUhey90d+NQZMg84Du6EELuGUB
4TKG3o9DNhrDAEPlbdTVyi91afPo8/LhVYOHF2jOGHxKWoM3H+lztTqdOy0=
=6D5x
-----END PGP PRIVATE KEY BLOCK-----";

	byte[] i2pubByteArray = Encoding.ASCII.GetBytes(PublicKey);
	byte[] i1privByteArray = Encoding.ASCII.GetBytes(PrivateKey);
	MemoryStream i2pubStream = new MemoryStream(i2pubByteArray);
	MemoryStream i1privStream = new MemoryStream(i1privByteArray);
	MemoryStream outputFileStream = new MemoryStream();
	string passPhrase = "password";
	using (PGP pgp = new PGP())
	{
		pgp.EncryptStreamAndSign(new MemoryStream(System.Text.Encoding.UTF8.GetBytes("Streaming signed test message")), outputFileStream, i2pubStream, i1privStream, passPhrase, true, true);
		outputFileStream.Seek(0, SeekOrigin.Begin);
		StreamReader encryptedReader = new StreamReader(outputFileStream);
		string encryptedText = encryptedReader.ReadToEnd();
		Console.WriteLine(encryptedText);
	}`

It's possible that your keys are incorrect, does your code run with the test keys in the code above? It could also be a bug in v1.1.1 so I'd recommend updating to v1.3.1 and trying again.

from pgpcore.

That seems to work. I spun up a new Azure Function with a new storage system behind it and made sure to specify version 1.8.2 of BouncyCastle.NetCore before getting PgpCore 1.3.1 with nuget and it works perfectly... Then I tried with 2048 keys (I noticed that you used the same key pair instead of a different public key to private key) and it worked too. I'm wondering if it was Azure Functions doing something weird.

On another note is there functionality to verify signed files / text? I could only find one decrypt stream and one decrypt file function which each call the same decrypt function.

from pgpcore.

Glad to hear it's working for you now. There's not a specific method for verifying a signed file so feel free to submit a pull request with one if you want, if not I'll try and add one when I get a chance.

from pgpcore.