Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keys with subkeys are causing failed to verify file exception #204

Open
jgornales opened this issue Mar 28, 2023 · 4 comments
Open

Keys with subkeys are causing failed to verify file exception #204

jgornales opened this issue Mar 28, 2023 · 4 comments

Comments

@jgornales
Copy link

jgornales commented Mar 28, 2023
edited
Loading

So the client had signed the payload with the below key with subkeys:
image

and I am suspecting it to cause the Failed to verify file exception in DecryptStreamAndVerify method.

With keys that dont have subkeys it works perfectly fine no matter the algorithm and strength.

Thanks for your insights
@mattosaurus
Copy link
Owner

This is probably because we try and pick the best subkey for signing and verification and I think the 2nd subkey would have priority over the first.

There's currently no way to specify the subkey to be used but that's something I'd like to add at a later date.

@jgornales
Copy link
Author

Thank you for the quick response.
If indeed it was signed by the 2nd key (RSA 2048), it should work just fine? I can confirm that it was signed by the 2nd subkey but it is still failing.

Would the key version which is gnupg 1.4.9 (MingW32) be a factor as well?

Regards

@jgornales
Copy link
Author

Hi Matt,

Is there a way to use this method below instead of just FindPublicKey?
`public static PgpPublicKey FindBestVerificationKey(PgpPublicKeyRing publicKeys)
{
PgpPublicKey[] keys = publicKeys.GetPublicKeys().Cast().ToArray();

		// Has Key Flags for signing content
		PgpPublicKey[] verificationKeys = keys.Where(key => GetSigningScore(key) >= 3).ToArray();
		// Failsafe, get master key with signing capabilities.
		if (!verificationKeys.Any())
			verificationKeys = keys.Where(key => GetSigningScore(key) >= 1).ToArray();

		PgpPublicKey signingKey = verificationKeys.OrderByDescending(GetSigningScore).FirstOrDefault();
		if (signingKey == null)
			throw new ArgumentException("No verification keys in keyring");

		return signingKey;
	}`

Thanks for your help
Gab

@mattosaurus
Copy link
Owner

Apologies, I think the 1st master key would get picked rather than the 2nd key as both are signing keys but the master one would take priority.

I think this is what's causing the error rather than the key version.

Yes, something like your code example would work (and be preferable). I think the whole key section needs a bit of an overhaul TBH as what I'd like is for it to do something like what you're suggesting and to work through all relevant keys rather than just picking one and to also allow a specific key to be specified by ID rather than just trying to pick the best one.

I don't have the time to work on this at the moment but if you'd like to put in a PR to add this functionality that would be much appreciated. If not, I'll hopefully get to it sometime soon.

@mattosaurus mattosaurus mentioned this issue Oct 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgornales @mattosaurus