"Stream Closed" on gpg-decryption

HB283404 · July 25, 2025, 1:07pm

I have a Ciphermail installation 5.5.3.0g99d2faca on Debian 11, installed from the deb-packages.
PGP keys are configured to automatically decrypt incoming mail.
Some messages are not being decrypted by Ciphermail. The error “java.io.IOException: Stream closed” occurs.
I’ve discovered that all affected messages use BZIP2 compression for PGP encryption (compress_algo=3).
Messages using ZLIB (compress_algo=2) decrypt without error.
The problematic emails can be decrypted normally using tools like Kleopatra.

What could be causing this error?

Here is the log:

DEBUG about to open ResultSet (open ResultSets: 0, globally: 1)    (org.hibernate.jdbc.AbstractBatcher) [Spool Thread #2]
DEBUG result row: EntityKey[mitm.common.security.keystore.hibernate.KeyStoreEntryHibernate#72]    (org.hibernate.loader.Loader) [Spool Thread #2]
DEBUG about to close ResultSet (open ResultSets: 1, globally: 2)    (org.hibernate.jdbc.AbstractBatcher) [Spool Thread #2]
DEBUG about to close PreparedStatement (open PreparedStatements: 1, globally: 2)    (org.hibernate.jdbc.AbstractBatcher) [Spool Thread #2]
DEBUG resolving associations for [mitm.common.security.keystore.hibernate.KeyStoreEntryHibernate#72]    (org.hibernate.engine.TwoPhaseLoad) [Spool Thread #2]
DEBUG done materializing entity [mitm.common.security.keystore.hibernate.KeyStoreEntryHibernate#72]    (org.hibernate.engine.TwoPhaseLoad) [Spool Thread #2]
DEBUG initializing non-lazy collections    (org.hibernate.engine.StatefulPersistenceContext) [Spool Thread #2]
DEBUG commit    (org.hibernate.transaction.JDBCTransaction) [Spool Thread #2]
DEBUG processing flush-time cascades    (org.hibernate.event.def.AbstractFlushingEventListener) [Spool Thread #2]
DEBUG dirty checking collections    (org.hibernate.event.def.AbstractFlushingEventListener) [Spool Thread #2]
DEBUG Flushed: 0 insertions, 0 updates, 0 deletions to 1 objects    (org.hibernate.event.def.AbstractFlushingEventListener) [Spool Thread #2]
DEBUG Flushed: 0 (re)creations, 0 updates, 0 removals to 0 collections    (org.hibernate.event.def.AbstractFlushingEventListener) [Spool Thread #2]
DEBUG listing entities:    (org.hibernate.pretty.Printer) [Spool Thread #2]
DEBUG mitm.common.security.keystore.hibernate.KeyStoreEntryHibernate{certificateChain=[Ljava.security.cert.Certificate;@4c4c885, certificate=PGP certificate. Key ID:..., alias=PGP:..., storeName=pgp, id=72, creationDate=2022-03-23 16:13:45}    (org.hibernate.pretty.Printer) [Spool Thread #2]
DEBUG committed JDBC Connection    (org.hibernate.transaction.JDBCTransaction) [Spool Thread #2]
DEBUG aggressively releasing JDBC connection    (org.hibernate.jdbc.ConnectionManager) [Spool Thread #2]
DEBUG releasing JDBC connection [ (open PreparedStatements: 0, globally: 1) (open ResultSets: 0, globally: 1)]    (org.hibernate.jdbc.ConnectionManager) [Spool Thread #2]
DEBUG Closing iterator.    (mitm.common.hibernate.AbstractScrollableResultsIterator) [Spool Thread #2]
DEBUG about to close ResultSet (open ResultSets: 1, globally: 1)    (org.hibernate.jdbc.AbstractBatcher) [Spool Thread #2]
DEBUG about to close PreparedStatement (open PreparedStatements: 1, globally: 1)    (org.hibernate.jdbc.AbstractBatcher) [Spool Thread #2]
DEBUG Closing iterator.    (mitm.common.hibernate.AbstractScrollableResultsIterator) [Spool Thread #2]
DEBUG Closing iterator.    (mitm.common.hibernate.AbstractScrollableResultsIterator) [Spool Thread #2]
DEBUG Key pair(s) for key id ... found    (mitm.common.security.openpgp.PGPHandler) [Spool Thread #2]
DEBUG next PGP object. level: 1, Type: class org.bouncycastle.openpgp.PGPCompressedData    (mitm.common.security.openpgp.PGPHandler) [Spool Thread #2]
DEBUG next PGP object. level: 2, Type: class org.bouncycastle.openpgp.PGPLiteralData    (mitm.common.security.openpgp.PGPHandler) [Spool Thread #2]
DEBUG setSession. Object: com.sun.proxy.$Proxy67@38def13c    (mitm.common.hibernate.SessionManager) [Spool Thread #2]
DEBUG rollback    (org.hibernate.transaction.JDBCTransaction) [Spool Thread #2]
DEBUG rolled back JDBC Connection    (org.hibernate.transaction.JDBCTransaction) [Spool Thread #2]
DEBUG aggressively releasing JDBC connection    (org.hibernate.jdbc.ConnectionManager) [Spool Thread #2]
DEBUG releasing JDBC connection [ (open PreparedStatements: 0, globally: 0) (open ResultSets: 0, globally: 0)]    (org.hibernate.jdbc.ConnectionManager) [Spool Thread #2]
ERROR Database error servicing email.    (mitm.application.djigzo.james.mailets.PGPHandler) [Spool Thread #2]
mitm.common.hibernate.DatabaseException: javax.mail.MessagingException: Error handling message;
  nested exception is:
        java.io.IOException: Stream closed
        at mitm.application.djigzo.james.mailets.AbstractTransactedMailet$1.doAction(AbstractTransactedMailet.java:140) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.hibernate.DatabaseActionExecutorImpl$1.doAction(DatabaseActionExecutorImpl.java:164) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:81) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.hibernate.DatabaseActionExecutorImpl.executeTransaction(DatabaseActionExecutorImpl.java:158) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.application.djigzo.james.mailets.AbstractTransactedMailet.serviceMail(AbstractTransactedMailet.java:122) [ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.application.djigzo.james.mailets.AbstractDjigzoMailet.service(AbstractDjigzoMailet.java:281) [ciphermail-core.jar:5.5.3.0g99d2faca]
        at org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:424) [james-2.3.1.jar:?]
        at org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:405) [james-2.3.1.jar:?]
        at org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:309) [james-2.3.1.jar:?]
        at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: javax.mail.MessagingException: Error handling message
        at mitm.application.djigzo.james.mailets.PGPHandler.serviceMailTransacted(PGPHandler.java:501) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.application.djigzo.james.mailets.AbstractTransactedMailet$1.doAction(AbstractTransactedMailet.java:137) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        ... 9 more
Caused by: java.io.IOException: Stream closed
        at java.io.BufferedInputStream.getBufIfOpen(BufferedInputStream.java:176) ~[?:?]
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:220) ~[?:?]
        at java.io.BufferedInputStream.read(BufferedInputStream.java:271) ~[?:?]
        at org.bouncycastle.bcpg.BCPGInputStream.read(Unknown Source) ~[bcpg-jdk18on-1.81.jar:?]
        at org.bouncycastle.bcpg.BCPGInputStream.nextPacketTag(Unknown Source) ~[bcpg-jdk18on-1.81.jar:?]
        at org.bouncycastle.openpgp.PGPObjectFactory.nextObject(Unknown Source) ~[bcpg-jdk18on-1.81.jar:?]
        at mitm.common.security.openpgp.PGPHandler.handle(PGPHandler.java:163) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.security.openpgp.PGPHandler.handleEncryptedDataList(PGPHandler.java:283) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.security.openpgp.PGPHandler.handle(PGPHandler.java:180) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.security.openpgp.PGPHandler.handle(PGPHandler.java:141) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.security.openpgp.PGPMIMEHandler.handlePGPMIMEEncrypted(PGPMIMEHandler.java:706) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.security.openpgp.PGPMIMEHandler.handleMessage(PGPMIMEHandler.java:270) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler.handleMessage(PGPRecursiveValidatingMIMEHandler.java:1125) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.common.security.openpgp.PGPRecursiveValidatingMIMEHandler.handleMessage(PGPRecursiveValidatingMIMEHandler.java:1102) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.application.djigzo.james.mailets.PGPHandler.serviceMailTransacted(PGPHandler.java:498) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        at mitm.application.djigzo.james.mailets.AbstractTransactedMailet$1.doAction(AbstractTransactedMailet.java:137) ~[ciphermail-core.jar:5.5.3.0g99d2faca]
        ... 9 more
INFO  Message handling is finished. Sending to final recipient(s); MailID: 1f6c8cd3-c951-4893-b9e9-733e8d09de9c; Recipients: [...]; Originator: ...; Sender: ...; Remote address: ...; Subject: Test 1357 algo3; Message-ID: ;     (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

martijn · August 19, 2025, 10:12am

My apologies for the delay.

It’s hard to test what’s causing this without the email and private key. It could be that the issues has been fixed in a newer version of BouncyCastle (this is used for PGP).

We are close to releasing a new version. Would it be possible for you to test this with the new version? I can provide a pre-configured VM

HB283404 · August 21, 2025, 12:38pm

A new version of BouncyCastle probably won’t help. I had already replaced the included version with bcpg-jdk18on-1.81.
The logs in the first post were already with this version. However, the error was identical in both the original and the new version.

I could try the new version of Ciphermail. Where can I download it?

I once created emails with a test PGP key.

gpg --quick-generate-key test@excample.com
	-> Password123

gpg --output test-public.pgp --armor --export test@excample.com
gpg --output test-private.pgp --armor --export-secret-key test@excample.com
	-> Imported the private key into Ciphermail.

- create pgp-msg
gpg --armor --compress-algo 2 -e --recipient  test@excample.com --output ./secret_algo2.txt.gpg ./secret.txt
gpg --armor --compress-algo 3 -e --recipient  test@excample.com --output ./secret_algo3.txt.gpg ./secret.txt

- mail with pgp-msg
mail_algo2_test.txt
mail_algo3_test.txt

I created the key on Debian 12. I then sent these test emails to Ciphermail using netcat. Everything works with Algo 2, but the error occurs with Algo 3.

Here are the files used for this example. I can’t upload attachments to the forum yet.

the keys

mail_algo2_test.txt

TO: test@excample.com
Date: Thu, 3 Jul 2025 13:25:53 +0000
Accept-Language: de-DE, en-US
Content-Type: multipart/encrypted; micalg=pgp-sha1; protocol="application/pgp-encrypted"; boundary="-----CC=_kcyuwxhhhurxrVJLBOXJJTG012221247"
MIME-Version: 1.0

-------CC=_kcyuwxhhhurxrVJLBOXJJTG012221247
Content-Type: application/pgp-encrypted

Version: 1

-------CC=_kcyuwxhhhurxrVJLBOXJJTG012221247
Content-Type: application/octet-stream

-----BEGIN PGP MESSAGE-----

hQGMA7wX/dbFJhEhAQv/SihTEVbNpsYnesNe2o/tFWjHykmEo0EM9sEKfpio9bCT
NBfYotV0q4EoI7DD9af3HOjl5LH/5AoBZAXQ80kXPt87/KyoMuC6jlTIgTcl7t1F
kcMNKq/bx6uScJeiZ6lt9NU/XsPXTNCKfwAfiCiOTSs1vjEK0ZsyFaiUDS5zRC42
aWGt5nX/mWgDVx7BAJD7TydXWulHmUgEZcAMChIKXO1YcLhsnRguM7KDm8zo8Fpt
VfaimI+tqfDhSbmujCQzdYpx+diG3JeQPQtGMPWRBv/nlEZdiFZ00FyAdcGm1k/C
eMRPmGEdT9LAqw9J3VxILZtqHV2rOfVUyFF8pLDvjGcSzpeKvcDhhXKBIz2tKb/9
34YQ6ZIa/62Iwj85dpFiWiPXMvbdw5+wNh6GKciEyyJN/YpF3tshaLYX064WFJWu
YLmSHdHlJV8irI07F5sRdU9r3ogicVRUR3bie95v3A1mKvXOawbNUshqE+qpAhvc
ifnG5MYlbbJjN8kJzXhO0p8BQBdUr0fA/7J175P2VWTYE4wT/kNddU2gKxcaj5pk
eCoA7gbK5Y0gA7ZfISc58RUbZ1K1kCvWeE+yYVL5pfFrrRQSzx9FFUGpf2ZBGdna
HowjOw4VBUkyo6Nf0mAZXCxzEXBWY5MFScd00un3R3tYYMvMcLcEDszHxRwqgYe0
m3nVWGpFXFN3OVz4tlMR9YXIsKon5B8w/DBCG74Vffc=
=xtc0
-----END PGP MESSAGE-----

-------CC=_kcyuwxhhhurxrVJLBOXJJTG012221247--

mail_algo3_test.txt

TO: test@excample.com
Date: Thu, 3 Jul 2025 13:25:53 +0000
Accept-Language: de-DE, en-US
Content-Type: multipart/encrypted; micalg=pgp-sha1; protocol="application/pgp-encrypted"; boundary="-----CC=_kcyuwxhhhurxrVJLBOXJJTG012221247"
MIME-Version: 1.0

-------CC=_kcyuwxhhhurxrVJLBOXJJTG012221247
Content-Type: application/pgp-encrypted

Version: 1

-------CC=_kcyuwxhhhurxrVJLBOXJJTG012221247
Content-Type: application/octet-stream

-----BEGIN PGP MESSAGE-----

hQGMA7wX/dbFJhEhAQv9EyrfpZsQ1lanilLhbZ0jFhYsAI3Qfhpkt3g54ZXU5dT4
W6nhMIC+FpR+B3tOI1NyMitEXe6zwJe+MrZyZCSn+pO1fl6yN5bWJd07WJRhhIMS
75U81Q43Ds5VtY5oF8KXmCYUbXr/KEjc4F/Qa4/vIWblhKTxmZoyFfmbPCiH6Bdu
JIsVRlEIur7cBoaoTwtftjk9enzeRbWwoPswciqIi98Ng/ayJzXI4VpzBKwvU7Wz
9Je0rPI7acty7Q/s+iFs0t15K3kOKFWLqDTMzIcoLW/TaEauO9CQji4Fje7/P7Sx
RQtKwGAse6u0jbiU2d8CfEhe5SpR3HLP9RCujt5CqXOKCO123BLOpbegI4h93C5O
m15UpOjyYB2h7dN9crfCmHScFRdkwtifrMZ85ObW0ghqSbAYn9NynKNzRMCgIitU
/xfyWocgJsTuUwXCZxup1Fyn/lOMQrhkVcVGRFWqssTkFHyTEn79M6m5vFRlvuZd
60J5KUPrAQIvW72RLnYc0rYBGePcLjifbIzglTKsVfmOah7fCb4vC0m6hPZ1YB1I
xJ2ewEr/Wb3JKqlbYjqUy+0PRiGmUp/6uo8JbUJTe3dayrlKmKRkwlIyL93YpnQI
2ucFJPmGTJNIUzeVrtWUQvXH3QCCKSe7IUvtBTIyzs0HYbDf1hCdPY5Ysm/g5euE
Blgn3GEZmnTXGPS+sTLhVbUXoSNeYatPokcqNxUdeI+ClKVeAMP/+NBk0pJC7O1A
epCOC/sNMA==
=qlCg
-----END PGP MESSAGE-----

-------CC=_kcyuwxhhhurxrVJLBOXJJTG012221247--

martijn · August 22, 2025, 2:15pm

That was really helpful.

The error happens because the compression class closes the underlying input stream when all data is read. I have files a bug report ( CBZip2InputStream closes input stream when all data is read · Issue #2150 · bcgit/bc-java · GitHub )

I have applied a work around for the new release ( CipherMail B.V. / ciphermail-community-gateway · GitLab )

martijn · September 24, 2025, 2:55pm

A new version which fixes this issue has been released A new major update (v6) to CipherMail Email Encryption Gateway - #2

Topic		Replies	Views
Problem with new public Key General pgp	9	147	May 7, 2025
Database error servicing email when decrypting PGP Messages from a specific sender Gateway pgp	4	319	January 6, 2023
No decription Gateway	2	95	March 18, 2015
Cipher Mail not decrypting PGP Gateway	3	126	September 2, 2014
pgp function and enigmail/thunderbird Gateway	6	107	August 7, 2014

"Stream Closed" on gpg-decryption

Related topics