Get content from message generated by SignArmoredStringAsync

Question

Get content from message generated by SignArmoredStringAsync

MrPsi opened this issue 10 months ago · comments

MrPsi commented 10 months ago

Hi,

Is it possible to get the content from the message generated by the SignArmoredStringAsync method?

When we run SignArmoredStringAsync("our message") PgpCore will generate a message as below.

-----BEGIN PGP MESSAGE-----
Version: BouncyCastle.NET Cryptography (net6.0) v2.1.1+851feee009

...xxx...
-----END PGP MESSAGE-----

We can then verify the message by running VerifyArmoredStringAsync. But is it possible to get the content, in this case "our message" using PgpCore?

Using gnupg we can get the content by running :
gpg --output output.txt --decrypt signed-message.txt

output.txt will in this case contain "our message".

VerifyArmoredStringAsync only returns a bool.
DecryptArmoredStringAsync and DecryptArmoredStringAndVerifyAsync does not work.

MrPsi · Answer 1 · Thu Sep 28 2023 16:51:17 GMT+0800 (China Standard Time)

Hi again,

I am able to get the content of the signed message by doing the following.
In the method: private Task VerifyAsync(Stream inputStream)

If I change this (in two different places in the method):

int ch;
while ((ch = pgpLiteralStream.ReadByte()) >= 0)
{
    pgpOnePassSignature.Update((byte)ch);
}

To this:

int ch;
var stringBuilder = new StringBuilder();
while ((ch = pgpLiteralStream.ReadByte()) >= 0)
{
    pgpOnePassSignature.Update((byte)ch);
    stringBuilder.Append((char)ch);
}

The string builder will contain the content of the signed message. Not sure if this will work for all scenarios. But it works for the message generated with SignArmoredStringAsync, and also another message where pgpObject is PgpSignatureList (not sure how this is generated).

mattosaurus · Answer 2 · Thu Sep 28 2023 17:17:04 GMT+0800 (China Standard Time)

Hi, you should be able to use VerifyAndReadClearArmoredStringAsync for this. Though it looks like I haven't included these in the documentation so that's something for me to update.

MrPsi · Answer 3 · Thu Sep 28 2023 17:32:36 GMT+0800 (China Standard Time)

When I run VerifyAndReadClearArmoredStringAsync for the message generated with SignArmoredStringAsync it throws the following

System.IO.IOException: 'unknown object in stream Reserved'

   at Org.BouncyCastle.Bcpg.OpenPgp.PgpObjectFactory.NextPgpObject()
   at PgpCore.PGP.<VerifyClearAsync>d__299.MoveNext()
   at PgpCore.PGP.<VerifyAndReadClearArmoredStringAsync>d__265.MoveNext()
   at EncryptDecrypt.PgpEncryptionService.<BisTest>d__2.MoveNext()

And when I run VerifyAndReadClearArmoredStringAsync with the other message (not sure how this is generated) it throws the following:

System.IO.IOException: 'invalid header encountered'

   at Org.BouncyCastle.Bcpg.BcpgInputStream.ReadPacket()
   at Org.BouncyCastle.Bcpg.OpenPgp.PgpOnePassSignature..ctor(BcpgInputStream bcpgInput)
   at Org.BouncyCastle.Bcpg.OpenPgp.PgpObjectFactory.NextPgpObject()
   at PgpCore.PGP.<VerifyClearAsync>d__299.MoveNext()
   at PgpCore.PGP.<VerifyAndReadClearArmoredStringAsync>d__265.MoveNext()
   at EncryptDecrypt.PgpEncryptionService.<BisTest>d__2.MoveNext()

However both messages gives the content with the above mentioned "hack".

mattosaurus · Answer 4 · Thu Sep 28 2023 17:45:25 GMT+0800 (China Standard Time)

Hmm, possibly a bug then. When decrypting or verifying we check the type of object in an if statement and then act accordingly so possibly there's something missing here.

I'm currently on holiday but can take a look when I'm back in a couple of weeks. If you're able to provide a test scenario that would make things easier. Or better yet a PR fixing the issue :)

MrPsi · Answer 5 · Thu Sep 28 2023 18:11:30 GMT+0800 (China Standard Time)

Thanks for looking into this.
I just did the following when testing:

        var encryptionKeys = new EncryptionKeys(
            PublicKey,
            PrivateKey,
            PrivateKeyPassword);
        using var pgp = new PGP(encryptionKeys);
        var signedWithContent = await pgp.SignArmoredStringAsync("my content");
        var plainText = (await pgp.VerifyAndReadClearArmoredStringAsync(signedWithContent)).ClearText;

Not sure I know how to fix it though :)
Please enjoy your holiday

mattosaurus · Answer 6 · Tue Oct 10 2023 22:04:37 GMT+0800 (China Standard Time)

Ok, I had a look at this and VerifyAndReadClearArmoredStringAsync produces a VerificationResult containing a bool and the string content for a clear signed file produced using ClearSignArmoredStringAsync.

However you're just looking at a standard signed file not a clear signed one. There's currently no corresponding methods to decrypt and verify these but I agree that it makes sense to add them. What we need are the following additional methods.

VerifyAndReadArmoredStringAsync
VerifyAndReadStreamAsync
VerifyAndReadFileAsync
VerifyAndReadArmoredString
VerifyAndReadStream
VerifyAndReadFile

I'll see if I can add these using your sample code above.

mattosaurus · Answer 7 · Wed Oct 11 2023 00:10:58 GMT+0800 (China Standard Time)

These should now be added in v5.12.0. I'll publish this to NuGet in a few days once I've taken care of a few more issues.

MrPsi · Answer 8 · Thu Oct 12 2023 20:28:01 GMT+0800 (China Standard Time)

Awesome! Seems to be working for both my cases.

Thank you for a great update