Endpoint Encryption

 View Only
Expand all | Collapse all

PGP CommandLine pass-through error with PGP Desktop 10.0 files

  • 1.  PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Dec 22, 2011 12:45 PM

    Hi, 

    We're using PGP Command Line 10.0 build 674 in a solution we're building, where we may receive files PGP encrypted or not encrypted. To get around this, we use the  "--pass-through " option, in case we're trying to decrypt a files which is already decrypted. 

    We have now started receiving files with the following header:

    Version: PGP Desktop 10.0.0 - not licensed for commercial use: www.pgp.com
    Charset: utf-8

    Every time we receive a file with this type, we get the following errors on decryption:

    MyFile.asc:decrypt (3032:input contains unknown data)
    MyFile.asc:decrypt (3131:multiple PGP blocks found in single input stream)

    Without the pass-through option set, this file is decrypted without a problem. This is the only file we've received with this type of header (we get PGP encrypted files from all different applications), and it fails every time we receive a file of this type.

    Is this an issue which is known about? Is there a version we should be using to support this type of file?

    Many thanks for any help,



  • 2.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Dec 22, 2011 07:19 PM

    Some additional details would be helpful.

    - Can you confirm that the file looks like a "regular" ascii armored PGP file?  There is only one "----BEGIN PGP MESSAGE-----" and corresponding END?

    - To confirm, the file does not decrypt if you run with "--pass-through" but does decrypt without that option?

    - Do you get the same error if you run "pgp --verify" instead of "--decrypt"?

    - Any additional interesting output if you run with "--debug --verbose"?

    - Do you see anything interesting if you run "pgp --dump-packets" on the input file?  ("Interesting" is hard to clarify.  Compare that output to the output of a "working" file as a starting point.)

    Thanks.



  • 3.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Dec 23, 2011 05:54 AM

    Thanks David for the ideas - in answer to your questions:

    - Can you confirm that the file looks like a "regular" ascii armored PGP file?  There is only one "----BEGIN PGP MESSAGE-----" and corresponding END?

    Yes, apart from the Charset: utf-8 after the version line in the header, it looks like any other armored PGP file I've seen.

    - To confirm, the file does not decrypt if you run with "--pass-through" but does decrypt without that option? 

    Correct. The commandline pgp --decrypt myfile.asc --passphrase <phrase> works fine, however pgp --decrypt myfile.asc --passphrase <phrase> --pass-through doesn't work, and reports said errors.

    - Do you get the same error if you run "pgp --verify" instead of "--decrypt"?

    I do, I get exactly the same error. Below is a grab from my PC (names changed):

    D:\TestFolder>pgp --verify MyFile.asc --passphrase <phrase>
    MyFile.asc:verify (3093:data is encrypted to subkey ID 0x628441EE)
    MyFile.asc:verify (3044:subkey ID 0x628441EE belongs to 0x2E370448 mykey)
    MyFile.asc:verify (3048:data encrypted with cipher AES-128)
    MyFile.asc:verify (0:verify complete)

    D:\TestFolder>pgp --verify MyFile.asc --passphrase <phrase> --pass-through
    MyFile.asc:verify (3032:input contains unknown data)
    MyFile.asc:verify (3093:data is encrypted to subkey ID 0x628441EE)
    MyFile.asc:verify (3044:subkey ID 0x628441EE belongs to 0x2E370448 mykey)
    MyFile.asc:verify (3048:data encrypted with cipher AES-128)
    MyFile.asc:verify (3131:multiple PGP blocks found in single input stream)
     

    - Any additional interesting output if you run with "--debug --verbose"?

    Nothing I can see which highlights any issues, apart from the fact it appears to be decrypting the file, but not writing an output. Again, please see grab of screen:

    D:\TestFolder>pgp --decrypt myfile.asc --passphrase <phrase> --pass-through --debug --verbose
    pgp:decrypt (3157:current local time 2011-12-23T10:37:15+00:00)
    D:\TestFolder\PGPConfig\pubring.pkr:open keyrings (1006:public keyring)
    D:\TestFolder\PGPConfig\secring.skr:open keyrings (1007:private keyring)
    Decoding myfile.asc...
     begin lex event
     file contains unknown data
    myfile.asc:decrypt (3032:input contains unknown data)
     output event, type=? (4352)
     end lex event
     armor header
    myfile.asc:decrypt (3188:Version, PGP Desktop 10.0.0 - not licensed for commerci
    al use: www.pgp.com)
     armor header
    myfile.asc:decrypt (3188:Charset, utf-8)
     begin lex event
     file is encrypted
     file is asymmetrically encrypted
     trying passphrase
     decrypting file
     output event, type=b (98)
    myfile.asc:decrypt (3131:multiple PGP blocks found in single input stream)
    Decode complete
    Wiping pgp-6332-0.tmp...
    Wiping pgp-6332-0.tmp (stream 1)...
    Wiping file pgp-6332-0.tmp... 100%
    Wipe (stream 1) done
    Wipe done
    pgp-6332-0.tmp:decrypt (0:file wiped successfully)

     

    - Do you see anything interesting if you run "pgp --dump-packets" on the input file?  ("Interesting" is hard to clarify.  Compare that output to the output of a "working" file as a starting point.)

    Obviously the data looks very different, but the 'text' around is very different. I don't completely understand it, so any help would be great if you notice anything. Files are below:

    Working :-
    Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
     New version(3)
     Key ID - 0xA04B1F39628441EE
     Pub alg - RSA Encrypt or Sign(pub 1)
     RSA m^e mod n(2045 bits) -
         0: 14 f8 79 1f 1c 13 20 f0 08  75 4b 2f 2e 6e 59 0e  |..y... ..uK/.nY.|

                 ..........
       240: 3a ec 61 be bc 93 d4 0b ae  7f ce b0 99 8d 77 6c  |:.a...........wl|
      -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
    Old: Symmetrically Encrypted Data Packet(tag 9)(100 bytes)
     Encrypted data [sym alg is encrypted in the pub session key above]


    Not working:-
    Old: Marker Packet(tag 10)(3 bytes)
     String - PGP
    New: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
     New version(3)
     Key ID - 0xA04B1F39628441EE
     Pub alg - RSA Encrypt or Sign(pub 1)
     RSA m^e mod n(2048 bits) -
         0: 82 cd 6b ad a6 fc bf 9f 38  12 69 7f 06 9f d7 a2  |..k.....8.i.....|
                 ........
       240: c6 e6 5f dc 98 83 87 25 8e  da 6b eb 1d 4d 23 ae  |.._....%..k..M#.|
      -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
    New: Symmetrically Encrypted and MDC Packet(tag 18)(4096 bytes) partial start
     Ver 1
     Encrypted data [sym alg is encrypted in the pub session key above]
      (plain text + MDC SHA1(20 bytes))
    New:  (919 bytes) partial end

     

    Many Thanks,



  • 4.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Dec 29, 2011 01:15 PM

    We've tried and we can't reproduce this issue locally.  It feels like a strange issue.

    Is there any possiblility the file was modified or corrupted in transit?  Would you be willing to make the file available?



  • 5.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Jan 05, 2012 12:06 PM
      |   view attached

    Hi David,

    Thanks for trying this. We've requested a 'test' file from our provider, and they've sent a small (2kb) file which exhibits the same properties.

    I've attached the file here. Note the file is an Ascii Armored file.

    Best Regards,

    Attachment(s)

    txt
    tsti0AIJ.asc_.txt   1 KB 1 version


  • 6.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Jan 06, 2012 10:53 AM

    Hi there - please can someone help with this issue?  It's causing us a real headache in our production environment.  A test file exhibiting the issue is attached above.

     

    Many thanks for any help/guidance

    Regards

    Dita



  • 7.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Jan 06, 2012 05:00 PM

     

    There's nothing obvious about the publicly visible data in this file.
     
    Can you ask your provider to encrypt the same test data to my key?  It is KeyID 0xA9D925FE as found on keys.symantec.com.  They should encrypt to you too, so you can confirm the issue is present in the file.  Alternately you can generate a new key and post both the example and the key.
     
    Thanks.
     
    Edited:
     
    Actually please generate a new key and use that, as the key will need to passed along with the data.


  • 8.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Jan 11, 2012 04:22 AM

    Hi,

    Thanks for the feedback again. I've attached the test key pair we generated, and the test file encrypted with the public key.

    I've tested with this file, and we experience exactly the same outcome, so the issue can be repeated with this file as well.

    The passphrase for the private key is "symantec".

    Thanks,

    Attachment(s)

    txt
    pgp-test.asc_.txt   4 KB 1 version
    txt
    tsti0AIJ.asc__0.txt   1 KB 1 version


  • 9.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Jan 11, 2012 02:04 PM

    Given the key and data I can reproduce the issue.

    I cannot say how long it will be before the cause is determined and a fix is available.  In the meantime, you may want to adjust your workflow, e.g. to run something like

    pgp --verify "file name" 2>&1 | grep -q "encrypted to subkey" && pgp --decrypt "file name" --passphrase "passphrase"

    If the file contains encrypted data, then the "pgp --decrypt" command will be run; otherwise, it will not.



  • 10.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Jan 18, 2012 05:25 AM

    We have discovered the problem with the file... the very first character in the file is a carriage return. When we remove this, we can decrypt the file with the pass-through option. When we add a carriage return to a file that previously worked the file will not decrypt with the same error message.

    Any fixes/patches would be very useful

    Regards

    Dita



  • 11.  RE: PGP CommandLine pass-through error with PGP Desktop 10.0 files

    Posted Jan 18, 2012 11:32 AM

    Glad you found the issue, and thanks for the error report.