[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: [dev-crypto] Use of SHA2 in Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator
From: Carlos Perez <dark0perator () pauldotcom ! com>
Date: 2013-11-15 2:28:42
Message-ID: 3B16DA09-2590-4CE3-94F6-352006FFCCFF () pauldotcom ! com
[Download RAW message or body]
Hi
I have been playing with Bouncy Castle to create a PowerShell Module for OpenPGP, so \
far the library has been great, when I started to play with DSA2 key creation I \
noticed that GPG complained about the key using SHA1 instead of SHA2 when I used \
Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator I see I have the option to tell it \
to use SHA1 would it not net better to change it to use SHA2? I know there is a \
mailing list for C# specifically but I got 0 replies on it and this should also \
affect the Java version since it it is a port.
Here is error in GPG
PS C:\Windows\system32> gpg.exe --import C:\2BADC09B08947C59_pub.asc
gpg: DSA key 08947C59 requires a 256 bit or larger hash
gpg: DSA key 08947C59 requires a 256 bit or larger hash
gpg: DSA key 08947C59 requires a 256 bit or larger hash
gpg: DSA key 08947C59 requires a 256 bit or larger hash
gpg: key 08947C59: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg: w/o user IDs: 1
Here is the PGP Dump output
Old: Public Key Packet(tag 6)(814 bytes)
Ver 4 - new
Public key creation time - Thu Nov 7 16:24:18 UTC 2013
Pub alg - DSA Digital Signature Algorithm(pub 17)
DSA p(2048 bits) - ...
DSA q(256 bits) - ...
DSA g(2047 bits) - ...
DSA y(2048 bits) - ...
Old: User ID Packet(tag 13)(30 bytes)
User ID - Carlos Perez <carlos@test.com>
Old: Signature Packet(tag 2)(113 bytes)
Ver 4 - new
Sig type - Generic certification of a User ID and Public Key packet(0x10).
Pub alg - DSA Digital Signature Algorithm(pub 17)
Hash alg - SHA1(hash 2)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Thu Nov 7 16:24:18 UTC 2013
Hashed Sub: preferred symmetric algorithms(sub 11)(6 bytes)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - AES with 192-bit key(sym 8)
Sym alg - AES with 128-bit key(sym 7)
Sym alg - Twofish with 256-bit key(sym 10)
Sym alg - CAST5(sym 3)
Sym alg - Triple-DES(sym 2)
Hashed Sub: preferred hash algorithms(sub 21)(4 bytes)
Hash alg - SHA256(hash 8)
Hash alg - SHA384(hash 9)
Hash alg - SHA512(hash 10)
Hash alg - RIPEMD160(hash 3)
Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - ZIP <RFC1951>(comp 1)
Comp alg - BZip2(comp 3)
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0xEA9E95D15045567E
Hash left 2 bytes - 82 8b
DSA r(256 bits) - ...
DSA s(252 bits) - ...
-> hash(DSA q bits)
Here is a key from GPG
Old: Public Key Packet(tag 6)(814 bytes)
Ver 4 - new
Public key creation time - Thu Nov 7 15:34:13 UTC 2013
Pub alg - DSA Digital Signature Algorithm(pub 17)
DSA p(2048 bits) - ...
DSA q(256 bits) - ...
DSA g(2046 bits) - ...
DSA y(2046 bits) - ...
Old: User ID Packet(tag 13)(37 bytes)
User ID - Carlos Perez (none) <carlos@test.com>
Old: Signature Packet(tag 2)(123 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - DSA Digital Signature Algorithm(pub 17)
Hash alg - SHA256(hash 8)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Thu Nov 7 15:34:13 UTC 2013
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Flag - This key may be used to sign data
Hashed Sub: preferred symmetric algorithms(sub 11)(6 bytes)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - AES with 192-bit key(sym 8)
Sym alg - AES with 128-bit key(sym 7)
Sym alg - CAST5(sym 3)
Sym alg - Triple-DES(sym 2)
Sym alg - IDEA(sym 1)
Hashed Sub: preferred hash algorithms(sub 21)(5 bytes)
Hash alg - SHA256(hash 8)
Hash alg - SHA1(hash 2)
Hash alg - SHA384(hash 9)
Hash alg - SHA512(hash 10)
Hash alg - SHA224(hash 11)
Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - BZip2(comp 3)
Comp alg - ZIP <RFC1951>(comp 1)
Hashed Sub: features(sub 30)(1 bytes)
Flag - Modification detection (packets 18 and 19)
Hashed Sub: key server preferences(sub 23)(1 bytes)
Flag - No-modify
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x22548888B32E2084
Hash left 2 bytes - e6 50
DSA r(256 bits) - ...
DSA s(255 bits) - ...
-> hash(DSA q bits)
[Attachment #3 (unknown)]
<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space;">Hi <div><br></div><div>I have been \
playing with Bouncy Castle to create a PowerShell Module for OpenPGP, so far the \
library has been great, when I started to play with DSA2 key creation I noticed \
that GPG complained about the key using SHA1 instead of SHA2 when I used \
Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator I see I have the option to \
tell it to use SHA1 would it not net better to change it to use SHA2? I know there is \
a mailing list for C# specifically but I got 0 replies on it and this should also \
affect the Java version since it it is a \
port. </div><div><br></div><div><br></div><div><div>Here is error in \
GPG</div><div><br></div><div><div>PS C:\Windows\system32> gpg.exe --import \
C:\2BADC09B08947C59_pub.asc</div><div><b>gpg: DSA key 08947C59 requires a 256 bit or \
larger hash</b></div><div><b>gpg: DSA key 08947C59 requires a 256 bit or larger \
hash</b></div><div><b>gpg: DSA key 08947C59 requires a 256 bit or larger \
hash</b></div><div><b>gpg: DSA key 08947C59 requires a 256 bit or larger \
hash</b></div><div>gpg: key 08947C59: no valid user IDs</div><div>gpg: this may be \
caused by a missing self-signature</div><div>gpg: Total number processed: \
1</div><div>gpg: w/o user IDs: \
1</div></div><div><br></div><div><br></div><div>Here is the PGP Dump \
output </div><div><br></div><div><div>Old: Public Key Packet(tag 6)(814 \
bytes)</div><div> Ver 4 - new</div><div> \
Public key creation time - Thu Nov 7 16:24:18 UTC \
2013</div><div> Pub alg - DSA Digital Signature \
Algorithm(pub 17)</div><div> DSA p(2048 bits) - \
...</div><div> DSA q(256 bits) - ...</div><div> \
DSA g(2047 bits) - ...</div><div> DSA \
y(2048 bits) - ...</div><div>Old: User ID Packet(tag 13)(30 bytes)</div><div> \
User ID - Carlos Perez <<a \
href="mailto:carlos@test.com">carlos@test.com</a>></div><div>Old: Signature \
Packet(tag 2)(113 bytes)</div><div> Ver 4 - \
new</div><div> Sig type - Generic certification of a User \
ID and Public Key packet(0x10).</div><div> Pub alg - DSA \
Digital Signature Algorithm(pub 17)</div><div> \
<b>Hash alg - SHA1(hash 2)</b></div><div> \
Hashed Sub: signature creation time(sub 2)(4 bytes)</div><div> \
Time - Thu Nov 7 16:24:18 UTC \
2013</div><div> Hashed Sub: preferred symmetric \
algorithms(sub 11)(6 bytes)</div><div> \
Sym alg - AES with 256-bit key(sym 9)</div><div> \
Sym alg - AES with 192-bit key(sym \
8)</div><div> Sym alg - AES \
with 128-bit key(sym 7)</div><div> \
Sym alg - Twofish with 256-bit key(sym 10)</div><div> \
Sym alg - CAST5(sym 3)</div><div> \
Sym alg - Triple-DES(sym \
2)</div><div> Hashed Sub: preferred hash algorithms(sub \
21)(4 bytes)</div><div> Hash \
alg - SHA256(hash 8)</div><div> \
Hash alg - SHA384(hash 9)</div><div> \
Hash alg - SHA512(hash 10)</div><div> \
Hash alg - RIPEMD160(hash 3)</div><div> \
Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)</div><div> \
Comp alg - ZLIB <RFC1950>(comp \
2)</div><div> Comp alg - ZIP \
<RFC1951>(comp 1)</div><div> \
Comp alg - BZip2(comp 3)</div><div> Sub: issuer key \
ID(sub 16)(8 bytes)</div><div> \
Key ID - 0xEA9E95D15045567E</div><div> Hash left 2 bytes - \
82 8b </div><div> DSA r(256 bits) - \
...</div><div> DSA s(252 bits) - ...</div><div> \
-> hash(DSA q \
bits)</div></div><div><br></div><div>Here is a key from \
GPG</div><div><br></div><div><div>Old: Public Key Packet(tag 6)(814 \
bytes)</div><div> Ver 4 - new</div><div> \
Public key creation time - Thu Nov 7 15:34:13 UTC \
2013</div><div> Pub alg - DSA Digital Signature \
Algorithm(pub 17)</div><div> DSA p(2048 bits) - \
...</div><div> DSA q(256 bits) - ...</div><div> \
DSA g(2046 bits) - ...</div><div> DSA \
y(2046 bits) - ...</div><div>Old: User ID Packet(tag 13)(37 bytes)</div><div> \
User ID - Carlos Perez (none) <<a \
href="mailto:carlos@test.com">carlos@test.com</a>></div><div>Old: Signature \
Packet(tag 2)(123 bytes)</div><div> Ver 4 - \
new</div><div> Sig type - Positive certification of a User \
ID and Public Key packet(0x13).</div><div> Pub alg - DSA \
Digital Signature Algorithm(pub 17)</div><div> \
<b>Hash alg - SHA256(hash 8)</b></div><div> \
Hashed Sub: signature creation time(sub 2)(4 bytes)</div><div> \
Time - Thu Nov 7 15:34:13 UTC \
2013</div><div> Hashed Sub: key flags(sub 27)(1 \
bytes)</div><div> Flag - This \
key may be used to certify other keys</div><div> \
Flag - This key may be used to sign data</div><div> \
Hashed Sub: preferred symmetric algorithms(sub 11)(6 \
bytes)</div><div> Sym alg - \
AES with 256-bit key(sym 9)</div><div> \
Sym alg - AES with 192-bit key(sym 8)</div><div> \
Sym alg - AES with 128-bit key(sym \
7)</div><div> Sym alg - \
CAST5(sym 3)</div><div> Sym \
alg - Triple-DES(sym 2)</div><div> \
Sym alg - IDEA(sym 1)</div><div> Hashed Sub: \
preferred hash algorithms(sub 21)(5 bytes)</div><div> \
Hash alg - SHA256(hash 8)</div><div> \
Hash alg - SHA1(hash 2)</div><div> \
Hash alg - SHA384(hash 9)</div><div> \
Hash alg - SHA512(hash \
10)</div><div> Hash alg - \
SHA224(hash 11)</div><div> Hashed Sub: preferred \
compression algorithms(sub 22)(3 bytes)</div><div> \
Comp alg - ZLIB <RFC1950>(comp 2)</div><div> \
Comp alg - BZip2(comp 3)</div><div> \
Comp alg - ZIP <RFC1951>(comp \
1)</div><div> Hashed Sub: features(sub 30)(1 \
bytes)</div><div> Flag - \
Modification detection (packets 18 and 19)</div><div> \
Hashed Sub: key server preferences(sub 23)(1 bytes)</div><div> \
Flag - No-modify</div><div> \
Sub: issuer key ID(sub 16)(8 bytes)</div><div> \
Key ID - 0x22548888B32E2084</div><div> \
Hash left 2 bytes - e6 50 </div><div> \
DSA r(256 bits) - ...</div><div> DSA s(255 bits) - \
...</div><div> -> hash(DSA \
q bits)</div></div></div></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic