Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP CommandLine pass-through error with PGP Desktop 10.0 files

Created: 22 Dec 2011 • Updated: 22 Dec 2011 | 10 comments

Hi, 

We're using PGP Command Line 10.0 build 674 in a solution we're building, where we may receive files PGP encrypted or not encrypted. To get around this, we use the  "--pass-through " option, in case we're trying to decrypt a files which is already decrypted. 

We have now started receiving files with the following header:

Version: PGP Desktop 10.0.0 - not licensed for commercial use: www.pgp.com
Charset: utf-8

Every time we receive a file with this type, we get the following errors on decryption:

MyFile.asc:decrypt (3032:input contains unknown data)
MyFile.asc:decrypt (3131:multiple PGP blocks found in single input stream)

Without the pass-through option set, this file is decrypted without a problem. This is the only file we've received with this type of header (we get PGP encrypted files from all different applications), and it fails every time we receive a file of this type.

Is this an issue which is known about? Is there a version we should be using to support this type of file?

Many thanks for any help,

Comments 10 CommentsJump to latest comment

dfinkelstein's picture

Some additional details would be helpful.

- Can you confirm that the file looks like a "regular" ascii armored PGP file?  There is only one "----BEGIN PGP MESSAGE-----" and corresponding END?

- To confirm, the file does not decrypt if you run with "--pass-through" but does decrypt without that option?

- Do you get the same error if you run "pgp --verify" instead of "--decrypt"?

- Any additional interesting output if you run with "--debug --verbose"?

- Do you see anything interesting if you run "pgp --dump-packets" on the input file?  ("Interesting" is hard to clarify.  Compare that output to the output of a "working" file as a starting point.)

Thanks.

--------

David Finkelstein

Symantec R&D

Pita@Sita's picture

Thanks David for the ideas - in answer to your questions:

- Can you confirm that the file looks like a "regular" ascii armored PGP file?  There is only one "----BEGIN PGP MESSAGE-----" and corresponding END?

Yes, apart from the Charset: utf-8 after the version line in the header, it looks like any other armored PGP file I've seen.

- To confirm, the file does not decrypt if you run with "--pass-through" but does decrypt without that option? 

Correct. The commandline pgp --decrypt myfile.asc --passphrase <phrase> works fine, however pgp --decrypt myfile.asc --passphrase <phrase> --pass-through doesn't work, and reports said errors.

- Do you get the same error if you run "pgp --verify" instead of "--decrypt"?

I do, I get exactly the same error. Below is a grab from my PC (names changed):

D:\TestFolder>pgp --verify MyFile.asc --passphrase <phrase>
MyFile.asc:verify (3093:data is encrypted to subkey ID 0x628441EE)
MyFile.asc:verify (3044:subkey ID 0x628441EE belongs to 0x2E370448 mykey)
MyFile.asc:verify (3048:data encrypted with cipher AES-128)
MyFile.asc:verify (0:verify complete)

D:\TestFolder>pgp --verify MyFile.asc --passphrase <phrase> --pass-through
MyFile.asc:verify (3032:input contains unknown data)
MyFile.asc:verify (3093:data is encrypted to subkey ID 0x628441EE)
MyFile.asc:verify (3044:subkey ID 0x628441EE belongs to 0x2E370448 mykey)
MyFile.asc:verify (3048:data encrypted with cipher AES-128)
MyFile.asc:verify (3131:multiple PGP blocks found in single input stream)
 

- Any additional interesting output if you run with "--debug --verbose"?

Nothing I can see which highlights any issues, apart from the fact it appears to be decrypting the file, but not writing an output. Again, please see grab of screen:

D:\TestFolder>pgp --decrypt myfile.asc --passphrase <phrase> --pass-through --debug --verbose
pgp:decrypt (3157:current local time 2011-12-23T10:37:15+00:00)
D:\TestFolder\PGPConfig\pubring.pkr:open keyrings (1006:public keyring)
D:\TestFolder\PGPConfig\secring.skr:open keyrings (1007:private keyring)
Decoding myfile.asc...
 begin lex event
 file contains unknown data
myfile.asc:decrypt (3032:input contains unknown data)
 output event, type=? (4352)
 end lex event
 armor header
myfile.asc:decrypt (3188:Version, PGP Desktop 10.0.0 - not licensed for commerci
al use: www.pgp.com)
 armor header
myfile.asc:decrypt (3188:Charset, utf-8)
 begin lex event
 file is encrypted
 file is asymmetrically encrypted
 trying passphrase
 decrypting file
 output event, type=b (98)
myfile.asc:decrypt (3131:multiple PGP blocks found in single input stream)
Decode complete
Wiping pgp-6332-0.tmp...
Wiping pgp-6332-0.tmp (stream 1)...
Wiping file pgp-6332-0.tmp... 100%
Wipe (stream 1) done
Wipe done
pgp-6332-0.tmp:decrypt (0:file wiped successfully)

 

- Do you see anything interesting if you run "pgp --dump-packets" on the input file?  ("Interesting" is hard to clarify.  Compare that output to the output of a "working" file as a starting point.)

Obviously the data looks very different, but the 'text' around is very different. I don't completely understand it, so any help would be great if you notice anything. Files are below:

Working :-
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
 New version(3)
 Key ID - 0xA04B1F39628441EE
 Pub alg - RSA Encrypt or Sign(pub 1)
 RSA m^e mod n(2045 bits) -
     0: 14 f8 79 1f 1c 13 20 f0 08  75 4b 2f 2e 6e 59 0e  |..y... ..uK/.nY.|

             ..........
   240: 3a ec 61 be bc 93 d4 0b ae  7f ce b0 99 8d 77 6c  |:.a...........wl|
  -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
Old: Symmetrically Encrypted Data Packet(tag 9)(100 bytes)
 Encrypted data [sym alg is encrypted in the pub session key above]

Not working:-
Old: Marker Packet(tag 10)(3 bytes)
 String - PGP
New: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
 New version(3)
 Key ID - 0xA04B1F39628441EE
 Pub alg - RSA Encrypt or Sign(pub 1)
 RSA m^e mod n(2048 bits) -
     0: 82 cd 6b ad a6 fc bf 9f 38  12 69 7f 06 9f d7 a2  |..k.....8.i.....|
             ........
   240: c6 e6 5f dc 98 83 87 25 8e  da 6b eb 1d 4d 23 ae  |.._....%..k..M#.|
  -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(4096 bytes) partial start
 Ver 1
 Encrypted data [sym alg is encrypted in the pub session key above]
  (plain text + MDC SHA1(20 bytes))
New:  (919 bytes) partial end

 

Many Thanks,

dfinkelstein's picture

We've tried and we can't reproduce this issue locally.  It feels like a strange issue.

Is there any possiblility the file was modified or corrupted in transit?  Would you be willing to make the file available?

--------

David Finkelstein

Symantec R&D

Pita@Sita's picture

Hi David,

Thanks for trying this. We've requested a 'test' file from our provider, and they've sent a small (2kb) file which exhibits the same properties.

I've attached the file here. Note the file is an Ascii Armored file.

Best Regards,

AttachmentSize
tsti0AIJ.asc_.txt 1.17 KB
Dita@Sita's picture

Hi there - please can someone help with this issue?  It's causing us a real headache in our production environment.  A test file exhibiting the issue is attached above.

Many thanks for any help/guidance

Regards

Dita

dfinkelstein's picture
There's nothing obvious about the publicly visible data in this file.
 
Can you ask your provider to encrypt the same test data to my key?  It is KeyID 0xA9D925FE as found on keys.symantec.com.  They should encrypt to you too, so you can confirm the issue is present in the file.  Alternately you can generate a new key and post both the example and the key.
 
Thanks.
 
Edited:
 
Actually please generate a new key and use that, as the key will need to passed along with the data.

--------

David Finkelstein

Symantec R&D

Pita@Sita's picture

Hi,

Thanks for the feedback again. I've attached the test key pair we generated, and the test file encrypted with the public key.

I've tested with this file, and we experience exactly the same outcome, so the issue can be repeated with this file as well.

The passphrase for the private key is "symantec".

Thanks,

AttachmentSize
tsti0AIJ.asc_.txt 1.62 KB
pgp-test.asc_.txt 4.9 KB
dfinkelstein's picture

Given the key and data I can reproduce the issue.

I cannot say how long it will be before the cause is determined and a fix is available.  In the meantime, you may want to adjust your workflow, e.g. to run something like

pgp --verify "file name" 2>&1 | grep -q "encrypted to subkey" && pgp --decrypt "file name" --passphrase "passphrase"

If the file contains encrypted data, then the "pgp --decrypt" command will be run; otherwise, it will not.

--------

David Finkelstein

Symantec R&D

Dita@Sita's picture

We have discovered the problem with the file... the very first character in the file is a carriage return. When we remove this, we can decrypt the file with the pass-through option. When we add a carriage return to a file that previously worked the file will not decrypt with the same error message.

Any fixes/patches would be very useful

Regards

Dita

dfinkelstein's picture

Glad you found the issue, and thanks for the error report.

--------

David Finkelstein

Symantec R&D