calccrypto / openpgp Goto Github PK

https://gist.github.com/mugwort-rc/c14c0c2d9a8c60aefa9b
https://gist.github.com/mugwort-rc/33043345669294eb5135

Fo some reason this code produce compressed message even if we don't want it:

// consider key loaded
PGPPublicKey publicKey;
const std::string data = "Hello!";
// set compression to 0
PGPMessage message = encrypt_pka(publicKey, data, "", 9, 0, false);

// at this step we have compressed packet with Tag8
std::string output = message.write();

To avoid this I have to do this:

// we have to switch off compression manually
message.set_comp(0);
std::string output = message.write();

Maybe it is by design, but then you need to add comment for encrypt_pka() function.

If possible:
http://docs.travis-ci.com/user/status-images/

ex.
https://github.com/mugwort-rc/pyXerces/blob/master/README.md

RSA primary keys generated seem fine, but GPG believes that the self signature is incorrect. However, hardcoding values into the primary key works.

Thank you for writing this! I've been in a rabbit hole of trying to understand the in's and outs of openpgp for days now. This project is extremely helpful. I've learned more from reading the source than the documentation on the web.

One thing I'm not sure on though is the Message implementation. It seems that the current implementation reads the entire message or message stream. I'd really like to understand how I can implement message as a source/sink. Ultimately I'd like to implement something like Botan's Pipe class. My use case is more or less memory mapped file->message codec->decrypt->decompress->parse clear text for a very large file.

Is this currently possible?

Which platforms are supported?

Hi,
I have tried to cross-compile it for ARM (very restricted) architecture.
The cross compilation was successful. But when trying to run the application I get always std::bad_alloc exception.
The very same code works just fine on my laptop.
Can you suggest a way to find the error?

Thanks and regards

https://gist.github.com/mugwort-rc/46cf754611577d318bf8

gpg --sign creates a binary signature file which it can verify without the original text file (I'm not sure exactly what the uses of this are if you can't see what it is that's signed, but that's not the issue).

I assume the OpenPGP executable should be able to recognize when a signature is binary and properly read it in, but that appears to not be the case:

verify-message text.gpg abcde.pub
Error: Data does not contain message section. Use PGP to parse this data.

abcde.pub: http://pastebin.com/DwJR1eer
text.gpg: http://pastebin.com/q1h4ryNE
(This is the base64 encoded version of the binary file. Use base64 -d to convert it back to its original format)

Symmetrically encrypted data follows the standard, but something is missing, and GPG is catching it.

Hi,

First, thanks for making this project. I can't believe that libgcrypt and gpgme don't expose this kind of thing through their APIs... Second, the project clones and builds super clean (in Ubuntu 16.04), looks great.

I'm building an application in Qt, linked to gpgme and libgcrypt, that sort of hit a wall when I wanted to export the "meat" of the public keys from the gpg keyring in a format like X9.62 or similar that could be later passed to libgcrypt to validate signatures... that's when I found your project.

The issue I'm having is: when I link libOpenPGP.a to my project, I start getting linker errors as soon as I add a Key object to my code:

/usr/bin/ld: /home/mango/MainCore/OpenPGP/libOpenPGP.a(pgpzlib.o): undefined reference to symbol 'inflateInit2_'
/usr/lib/x86_64-linux-gnu/libz.so: error adding symbols: DSO missing from command line

I've messed around, tried adding -lz and -ldl to the linker arguments at various places, tried making a -shared libOpenPGP.so, but this one is stubborn, it just refuses to see the symbols in libz.so, even though the linker error is calling out a symlink that points right at the the /lib/x86_64-linux-gnu/libz.so.1.2.8 file. I've also tried installing the lib64z1-dev package, still no help - though installing libbz2-dev was required to get it OpenPGP to compile.

I looked briefly at the idea of bringing the OpenPGP source into my project, but I'm building with .pro/.pri files, and they're not too easy (possible?) to work with things like multiple files named Key.cpp, or some of the inclusion orders implemented in the makefiles.

Do you have any prior experience with these kinds of issues? The error messages center around zlib, and I think Qt also compiles in their own zlib, so that may be a source of trouble.

Thanks for any help or insight.

I'd like to try and use this in my visual c++ project in vs 2017, but all my attempts at building with things like MinGW have been no good. Any advice?

This project is not compiling for mac.

Tag2.cpp:365:39: warning: suggest braces around initialization of subobject [-Wmissing-braces]
std::array <uint32_t, 3> times = {0, 0, 0};
^~~~~~~
{ }
1 warning generated.

Sub32.cpp:53:45: warning: all paths through this function will call itself [-Winfinite-recursion]
Sub32 & Sub32::operator=(const Sub32 & copy){
^
1 warning generated.
Subpacket.cpp:7:36: warning: all paths through this function will call itself [-Winfinite-recursion]
std::string Sub::show_title() const{
^
1 warning generated.
ar: creating archive libOpenPGP.a
/Volumes/2ndDisk/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libOpenPGP.a(Sub33.o) has no symbols

Sub33.o has 200B

-rw-r--r-- 1 user staff 200B Mar 21 03:07 Sub33.o

make.txt

If a literal data packet contains the string "-----BEGIN PGP", it will parse incorrectly in PGP::read, since PGP::read will find the string instead of treating it like text.

Hi, I have two windows C++ applications that pass a string of values back and forth, how can I use your stuff to create a pgp signed version of this so that the communication has another layer of protection? Basically I want the entire pgp password/keys etc to be baked into the two different small applications at compile time, and the end-user it will be completely transparent to them. The two programs communicate back and forth a series of numbers but instead of plaintext it will be PGP encrypted. Is it possible to bake this into the programs internally ?

veracrypt/VeraCrypt#614

CMakeFiles/zm.dir/main.cpp.o: In function __static_initialization_and_destruction_0(int, int)': /home/soncemvo/zm/OpenPGP/Packets/../Subpackets/Tag2/../../Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)'
/home/soncemvo/zm/OpenPGP/Packets/../Subpackets/Tag2/../../Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)' /home/soncemvo/zm/OpenPGP/Packets/../Subpackets/Tag2/../../Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)'
/home/soncemvo/zm/OpenPGP/Packets/../Subpackets/Tag2/../../Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)' /home/soncemvo/zm/OpenPGP/Packets/../Subpackets/Tag2/../../Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)'
CMakeFiles/zm.dir/main.cpp.o:/home/soncemvo/zm/OpenPGP/Packets/../Subpackets/Tag2/../../Encryptions/Camellia_Const.h:33: more undefined references to `unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)' follow

Can you give the tests a quick look? I found a few test cases that were missing \n characters, but there are still 2 I haven't fixed. Maybe my code is not following the standard and the changes I made are wrong. Maybe not. Either way, I would appreciate a second pair of eyes checking the code.

Hello,

I freshly built your library and I'm doing some tests. When incorporated to my project, I do the following:

void generateKeypair(std::string user, std::string password) {
OpenPGP::KeyGen::Config config;
config.passphrase = password;
config.bits       = 2048;
config.sym        = OpenPGP::Sym::ID::TRIPLEDES;
config.hash       = OpenPGP::Hash::ID::SHA1;
config.pka        = OpenPGP::PKA::ID::RSA_ENCRYPT_OR_SIGN;

OpenPGP::KeyGen::Config::UserID uid;
uid.user          = user;
uid.comment       = "N/A";
uid.email         = "N/A";
uid.sig           = OpenPGP::Hash::ID::SHA1;
config.uids.push_back(uid);

OpenPGP::KeyGen::Config::SubkeyGen subkey;
subkey.pka        = OpenPGP::PKA::ID::RSA_ENCRYPT_OR_SIGN;
subkey.bits       = 2048;
subkey.sym        = OpenPGP::Sym::ID::TRIPLEDES;
subkey.hash       = OpenPGP::Hash::ID::SHA1;
subkey.sig        = OpenPGP::Hash::ID::SHA1;
config.subkeys.push_back(subkey);

const OpenPGP::SecretKey pri = OpenPGP::KeyGen::generate_key(config); //FAILS <--------
if (!pri.meaningful()) {
    throw ERROR_CANNOT_CREATE_KEYPAIR;
}

(...)

The generate_key(config) function crashes with a "map::at" exception. Haven't dug any further today, I thought it might be something I was doing bad.

Additionally, if I set the sym to AES192 or AES256, I get a "Data must be at least 128 bits long" error, before getting the map::at error.

I can provide more details

Hi,
Am I doing something wrong or there is indeed an error in CleartextSignature class?
The definition of write() member function of this class doesn't match its implementation.

Regards

verify-message textjason.sig abcde.pub
map::at
verify-message textcs.asc abcde.pub
map::at

textcs.asc is the output from using gpg to clearsign a text file. textjason.sig is the equivalent file produced by the OpenPGP executable, and properly verified by gpg.

It correctly produces an error if I do something like, say:

verify-message textcs.asc main.cpp

It recognizes that there's no header in main.cpp and bails. Beyond that, "map::at" doesn't provide many clues as to what's going on.

textcs.asc: http://pastebin.com/RkNDRkQK
textjason.sig: http://pastebin.com/zpBwuA1R
abcde.pub: http://pastebin.com/DwJR1eer

I'm trying to decrypt a message with the command line tool, using the decrypt-pka command. It fails inside Message::meaningful. In Message::match p->get_tag() returns 254.

The message was sent using GnuPG. I've built with gpg-debug to enable compatibility.

"OpenPGP show" reports:

Old: Public-Key Encrypted Session Key (Tag 1)
Version: 3
KeyID: ...
Public Key Algorithm: RSA (Encrypt or Sign) (pka 1)
RSA me mod n (3072 bits): ...
Old: Public-Key Encrypted Session Key (Tag 1)
Version: 3
KeyID: ...
Public Key Algorithm: RSA (Encrypt or Sign) (pka 1)
RSA me mod n (4090 bits): ...
New: Symmetrically (Conventional) Encrypted Data (Tag 9) (partial start)
Encrypted Data (2048 octets): ...
Old: (partial end)
...

"pgpdump" reports:

Old: Public-Key Encrypted Session Key Packet(tag 1)(396 bytes)
New version(3)
Key ID - ...
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(3072 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
Old: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - ...
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4090 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted Data Packet(tag 9)(2048 bytes) partial start
Encrypted data [sym alg is specified in pub-key encrypted session key]
New: (1024 bytes) partial continue
New: (475 bytes) partial end

https://github.com/calccrypto/OpenPGP/blob/master/verify.cpp#L71

Hello,
I got an error when using the library.
Here my environment:

• Ubuntu 18.04
• cmake version 3.10.2
• g++ (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0

cpp test file:

#include <iostream>
#include "OpenPGP.h"
int main()
{
  std::cout << "Hello, \n";
  return 1;
}

Then build the test.cpp :
g++ -Wall -g -std=c++11 test.cpp

Finally, i got the error:

/tmp/cccmQHCv.o: In function __static_initialization_and_destruction_0(int, int)': /usr/local/include/Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)'
/usr/local/include/Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)' /usr/local/include/Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)'
/usr/local/include/Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)' /usr/local/include/Encryptions/Camellia_Const.h:33: undefined reference to unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)'
/tmp/cccmQHCv.o:/usr/local/include/Encryptions/Camellia_Const.h:33: more undefined references to `unhexlify(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&)' follow
collect2: error: ld returned 1 exit status

Any help?