ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: openpgp signing encrypting to understand by PGP Desktop.

2009-04-06 15:31:53
from [Jānis Ročāns] [Permanent Link] 

Thanks,
This helped me! I just removed literal data generation from my source and PGP desktop understood it correctly! 
Wim Lewis wrote:


On Apr 3, 2009, at 2:52 PM, Jānis Ročāns wrote:
Last few days I was trying to understand data encryption and signing. I am using JAVA to collect data into String from database, and need to sent them automatically by e-mail in attachment encrypted and signed. I got them first signed, then encrypted, but the PGP Desktop finds it only encrypted. To verify, I need to decrypt, the result is a pgp file again, that now I can verify. But I believe, that this all i did is wrong, so can you tell me, how to make the signed and encrypted file fully recognized by PGP desktop?
I might not correctly understand the problem, but no one else has spoken up, so I will jump in. I think what is happening is that, by signing and then encrypting, you are not generating exactly the same message format that PGP will when told to sign and encrypt at the same time. 

What you want is a message with the following structure:

 [Public-key-encrypted session key]
 [Session-key-encrypted data:
    [Literal packet: "Blah blah blah..."]
    [Signature packet] ]

But what you are probably producing is:

 [Public-key-encrypted session key]
 [Session-key-encrypted data:
    [Literal packet: "[Literal packet: "Blah blah blah..."]
                      [Signature packet]" ] ]
When PGP unwraps the message, it stops when it encounters the "Literal" packet, and considers that packet's contents to be the body of the message.
If for some reason you can't sign and encrypt in the same step, I think you can use gnupg's --no-literal option to tell it not to wrap the contents in a "Literal" packet. Of course this will result in an invalid message unless you are giving it data which is already a properly formed sequence of PGP packets, so it's not the best way to use gnupg in general.
You can use gnupg's --list-packets option to list the sequence of packets in a message. (If you do, you will notice some additional packet types in a normal message, which I ignored for simplicity's sake...)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: openpgp signing encrypting to understand by PGP Desktop., Wim Lewis
Next by Date:  Re: openpgp signing encrypting to understand by PGP Desktop., Arturo 'Buanzo' Busleiman
Previous by Thread:  Re: openpgp signing encrypting to understand by PGP Desktop., Wim Lewis
Next by Thread:  Re: openpgp signing encrypting to understand by PGP Desktop., Arturo 'Buanzo' Busleiman
Indexes:  [Date] [Thread] [Top] [All Lists]