Unknown packet type encountered: 20

[FaezSubmarine]

Hi, I know that there's a closed issue with the same name as this one but I still got this error when I was trying to decrypt a .zip.pgp file. Note that I cannot modify how a key is generated as it is provided by a third party. How would I work around this issue?

[mattosaurus]

Hi,

If this is the same as the previous issue then I don't think there's anything that can be done until AEAD decryption is supported in Bouncy Castle.

If you're able to send me some demo keys and code that allow me to replicate the issue then I'll take a look and see if I can figure out any more details.

[FaezSubmarine]

Hi,

Thank you so much for the speedy response. Unfortunately, I do not have the allowance to create a demo key and the code is this:

        public async Task<MemoryStream> DecryptFile(MemoryStream input)
        {
            string privateKey = await SecurityHelper.GetKeyContent(SHPRIVATEKEY);
            EncryptionKeys encryptionKeys = new(privateKey, SHPRIVATEPW);

            // Decrypt
            PGP pgp = new(encryptionKeys);
            var outputMemStream = new MemoryStream();
            _log.Information("Start decrypting");
            pgp.DecryptStream(input, outputMemStream);
            _log.Information("Finished decrypting");
            outputMemStream.Position = 0;

            return outputMemStream;
        }

So if Bouncy Castle is not an option, is there any encryption library that supports AEAD decryption?

[magnusakselvoll]

Creating a new key with gpg (GnuPG) 2.4.3 (tested on Mac) will create a key that supports AEAD and thus reproduces this issue. The only workaround I have found is this.

I believe that this is related to this issue in Bouncy Castle.

If it is easier for you @FaezSubmarine, I have created a throwaway private key that demonstrates this issue. This key was generated using gpg --generate-key with no additional options.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZWR1PRYJKwYBBAHaRw8BAQdAyCkWJeEdzNHV+sqqaFB2kfGqbkctYfUzNNwL
r7b3ooC0LFBncENvcmUgaXNzdWUgIzIxOSA8cGdwY29yZS4yMTlAZXhhbXBsZS5j
b20+iJkEExYKAEEWIQQ+T8CH0q9yL1Y5Fl0r1Je/vdG/pAUCZWR1PQIbAwUJBaOa
gAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRAr1Je/vdG/pJifAQCwylh+
wmXhdEkvNrnN5H1Hrhw3CfDxSX19Sm8VOWqUAgD/QxjgZwAI2NfMcocUTOX0C4Sv
wKQwdBq+gMvIOyLy7A64OARlZHU9EgorBgEEAZdVAQUBAQdASm4+D0ZswW0zvwpN
EKzrMIfMwFt1RRR2Y68VOyWDS2IDAQgHiH4EGBYKACYWIQQ+T8CH0q9yL1Y5Fl0r
1Je/vdG/pAUCZWR1PQIbDAUJBaOagAAKCRAr1Je/vdG/pK3XAQCAUsy1ah+vy6XL
BmC6s7Apc0SqJE76YmdO/uVoIKJeVAEAvqzAYkCSYA9glOt9+qIRr79KSiHX4Taw
WYQn677TNgo=
=yv/n
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP PRIVATE KEY BLOCK-----

lIYEZWR1PRYJKwYBBAHaRw8BAQdAyCkWJeEdzNHV+sqqaFB2kfGqbkctYfUzNNwL
r7b3ooD+BwMC1YCCWncCGCH7TciPph1xvwqzuYUziIJSv81UGx2qbUXtMNAJpUGR
88xiSgB8riLGaBv77j4KDrdnmO8qCMVSxz0f+FKcHTOoC9EbTakbBLQsUGdwQ29y
ZSBpc3N1ZSAjMjE5IDxwZ3Bjb3JlLjIxOUBleGFtcGxlLmNvbT6ImQQTFgoAQRYh
BD5PwIfSr3IvVjkWXSvUl7+90b+kBQJlZHU9AhsDBQkFo5qABQsJCAcCAiICBhUK
CQgLAgQWAgMBAh4HAheAAAoJECvUl7+90b+kmJ8BALDKWH7CZeF0SS82uc3kfUeu
HDcJ8PFJfX1KbxU5apQCAP9DGOBnAAjY18xyhxRM5fQLhK/ApDB0Gr6Ay8g7IvLs
DpyLBGVkdT0SCisGAQQBl1UBBQEBB0BKbj4PRmzBbTO/Ck0QrOswh8zAW3VFFHZj
rxU7JYNLYgMBCAf+BwMC2t8Ue6r8xob73el7yg2WPpmRGLiSIpgRW9aHzCAbo9qN
hSNIG5pwvtoPxk0r1sgvh/44C4rPi8eFb0FSbmQp2Y7IuwX8OBRJpEFdXvXjkYh+
BBgWCgAmFiEEPk/Ah9Kvci9WORZdK9SXv73Rv6QFAmVkdT0CGwwFCQWjmoAACgkQ
K9SXv73Rv6St1wEAgFLMtWofr8ulywZgurOwKXNEqiRO+mJnTv7laCCiXlQBAL6s
wGJAkmAPYJTrffqiEa+/Skoh1+E2sFmEJ+u+0zYK
=2b8o
-----END PGP PRIVATE KEY BLOCK-----

Password: P@assW0rd

As shown using gpg --edit-key -> showpref, this key supports AEAD:

➜ gpg --edit-key [email protected]        
gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2026-11-26
sec  ed25519/2BD497BFBDD1BFA4
     created: 2023-11-27  expires: 2026-11-26  usage: SC  
     trust: ultimate      validity: ultimate
ssb  cv25519/CF6064A557049528
     created: 2023-11-27  expires: 2026-11-26  usage: E   
[ultimate] (1). PgpCore issue #219 <[email protected]>

gpg> showpref
[ultimate] (1). PgpCore issue #219 <[email protected]>
     Cipher: AES256, AES192, AES, 3DES
     AEAD: OCB
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, AEAD, Keyserver no-modify

gpg> 

[BaptX-dev]

Hi guys,

I confirm the problem do not appear if we use PgpCore for encrypt / sign & decrypt / verify with keys which support AEAD (as Kleopatra create by default : ECDSA / EdDSA (ed25519) + ECDH (cv25519)

The problem appears if you use Kleopatra to encrypt and sign a message (via its Notepad) and use PgpCore to decrypt / verify the data. The opposite is valid : encrypt with PgpCore and decrypt with Kleopatra works.

But it is weird because if I check the last Bouncy Castle C# release notes : AEAD is managed.

I updated the Bouncy Castle ticket too.

[manjunathp-jm]

@BaptX-dev -- I'm also same issue. If I encrypt using Kleopatra Notepad, PGPCore is giving decryption error.

I'm using RSA 4096 and no signing.

Did you managed to change any code to make both Kleopatra and Bouncy Castle C# compatible with each other.

Appreciate any response on this.

[BaptX-dev]

Any news @mattosaurus ?

[mattosaurus]

Hi @BaptX-dev, this is still awaiting an update to BouncyCastle to to handle decrypting of AEAD encrypted files so no progress yet unfortunately.

[manjunathp-jm]

@BaptX-dev - We have disabled AEAD block in the keys and able to get both Kleopatra and PGPCore work hand in hand. Cheers!