Good morning,
I'm having some trouble when importing public PGP keys in Ciphermail
(Ubuntu 16) which have been created with EC private keys. These keys
have started to be created by default by Enigmail (PGP extension for
Thunderbird) since some time ago, and for the moment we are instructing
our partners to make sure they select RSA type keys instead of the
default EC when creating their keys.
The error log found in the djigzo log is as follows:
10 Jul 2020 11:24:54 | WARN Error downloading key with key ID
2E78B913BC3C849635F38F357CACB7AA3BEC5AF2. Error message : IOException:
unknown PGP public key algorithm encountered, Class: class
java.io.IOException
(mitm.application.djigzo.ws.impl.KeyServerClientWSImpl)
[defaultEventExecutorGroup-4-6]
By downloading Ciphermail source and tracing a bit, it seems that Bouncy
Castle libraries are used to manage PGP keys, and it also seems that EC
PGP keys are not supported until version 1.60 (Ciphermail ships with BC
1.58).
I have manually substituted the JARs for Bouncy Castle in
/usr/share/djigzo/lib and then restarted the service. Importing EC PGP
keys then worked flawlessly, no errors in log and I could see them on
the web management app.
But then I tried to send a test email to one of the addresses for which
only EC keys existed in Ciphermail, and it did NOT work, so I put bak
the original vesions of the BC libraries, and everything went back to
normal. I had to delete the EC keys from Ciphermail, since they were now
marked as invalid.
My question to Ciphermail developers: are there any plans in the roadmap
to update the Bouncy Castle libraries so that EC PGP keys are supported?
Thanks
Jorge
attachment.htm (2.39 KB)
···
--
*Jorge Gonzalez Villalonga*
Systems Engineer
The International Consortium of Investigative Journalists
<https://www.icij.org>
1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United States
Phone: +34 672 173 200 (Madrid, Spain)
Hi Jorge,
You are right that EC support is long overdue The main reason is
that Bouncycastle did not have support for EC keys. The last time I
checked it could import EC keys but they could not be used with PGP
because of some missing functionality. I will look at this again to see
whether we can support it.
Kind regards,
Martijn Brinkers
···
On Fri, 2020-07-10 at 17:41 +0200, Jorge Gonzalez via Users wrote:
Good morning,
I'm having some trouble when importing public PGP keys in Ciphermail
(Ubuntu 16) which have been created with EC private keys. These keys
have started to be created by default by Enigmail (PGP extension for
Thunderbird) since some time ago, and for the moment we are
instructing our partners to make sure they select RSA type keys
instead of the default EC when creating their keys.
The error log found in the djigzo log is as follows:
10 Jul 2020 11:24:54 | WARN Error downloading key with key ID
2E78B913BC3C849635F38F357CACB7AA3BEC5AF2. Error message :
IOException: unknown PGP public key algorithm encountered, Class:
class java.io.IOException
(mitm.application.djigzo.ws.impl.KeyServerClientWSImpl)
[defaultEventExecutorGroup-4-6]
By downloading Ciphermail source and tracing a bit, it seems that
Bouncy Castle libraries are used to manage PGP keys, and it also
seems that EC PGP keys are not supported until version 1.60
(Ciphermail ships with BC 1.58).
I have manually substituted the JARs for Bouncy Castle in
/usr/share/djigzo/lib and then restarted the service. Importing EC
PGP keys then worked flawlessly, no errors in log and I could see
them on the web management app.
But then I tried to send a test email to one of the addresses for
which only EC keys existed in Ciphermail, and it did NOT work, so I
put bak the original vesions of the BC libraries, and everything went
back to normal. I had to delete the EC keys from Ciphermail, since
they were now marked as invalid.
My question to Ciphermail developers: are there any plans in the
roadmap to update the Bouncy Castle libraries so that EC PGP keys are
supported?
--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger
--
Jorge Gonzalez Villalonga
Systems Engineer
The International Consortium of Investigative Journalists
1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United
States
Phone: +34 672 173 200 (Madrid, Spain)
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com
To unsubscribe send an email to users-leave(a)lists.ciphermail.com
Thanks for the quick response, Martijn, I look forward to your findings.
Please do not hesitate to contact me if you need any help for testing,
etc. I'll be glad to help.
Thanks
Jorge
*Jorge Gonzalez Villalonga*
Systems Engineer
*The International Consortium of Investigative Journalists*
<https://www.icij.org>
1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United States
Phone: +34 672 173 200 (Madrid, Spain)
attachment.htm (3.17 KB)
···
El 10/7/20 a las 17:50, Martijn Brinkers escribió:
On Fri, 2020-07-10 at 17:41 +0200, Jorge Gonzalez via Users wrote:
Good morning,
I'm having some trouble when importing public PGP keys in Ciphermail
(Ubuntu 16) which have been created with EC private keys. These keys
have started to be created by default by Enigmail (PGP extension for
Thunderbird) since some time ago, and for the moment we are
instructing our partners to make sure they select RSA type keys
instead of the default EC when creating their keys.
The error log found in the djigzo log is as follows:
10 Jul 2020 11:24:54 | WARN Error downloading key with key ID
2E78B913BC3C849635F38F357CACB7AA3BEC5AF2. Error message :
IOException: unknown PGP public key algorithm encountered, Class:
class java.io.IOException
(mitm.application.djigzo.ws.impl.KeyServerClientWSImpl)
[defaultEventExecutorGroup-4-6]
By downloading Ciphermail source and tracing a bit, it seems that
Bouncy Castle libraries are used to manage PGP keys, and it also
seems that EC PGP keys are not supported until version 1.60
(Ciphermail ships with BC 1.58).
I have manually substituted the JARs for Bouncy Castle in
/usr/share/djigzo/lib and then restarted the service. Importing EC
PGP keys then worked flawlessly, no errors in log and I could see
them on the web management app.
But then I tried to send a test email to one of the addresses for
which only EC keys existed in Ciphermail, and it did NOT work, so I
put bak the original vesions of the BC libraries, and everything went
back to normal. I had to delete the EC keys from Ciphermail, since
they were now marked as invalid.
My question to Ciphermail developers: are there any plans in the
roadmap to update the Bouncy Castle libraries so that EC PGP keys are
supported?
Hi Jorge,
You are right that EC support is long overdue The main reason is
that Bouncycastle did not have support for EC keys. The last time I
checked it could import EC keys but they could not be used with PGP
because of some missing functionality. I will look at this again to see
whether we can support it.
Kind regards,
Martijn Brinkers