Thanks for the quick response, Martijn, I look forward to your findings.
Please do not hesitate to contact me if you need any help for
testing, etc. I'll be glad to help.
Thanks
Jorge
On Fri, 2020-07-10 at 17:41 +0200, Jorge Gonzalez via Users wrote:Good morning, I'm having some trouble when importing public PGP keys in Ciphermail (Ubuntu 16) which have been created with EC private keys. These keys have started to be created by default by Enigmail (PGP extension for Thunderbird) since some time ago, and for the moment we are instructing our partners to make sure they select RSA type keys instead of the default EC when creating their keys. The error log found in the djigzo log is as follows: 10 Jul 2020 11:24:54 | WARN Error downloading key with key ID 2E78B913BC3C849635F38F357CACB7AA3BEC5AF2. Error message : IOException: unknown PGP public key algorithm encountered, Class: class java.io.IOException (mitm.application.djigzo.ws.impl.KeyServerClientWSImpl) [defaultEventExecutorGroup-4-6] By downloading Ciphermail source and tracing a bit, it seems that Bouncy Castle libraries are used to manage PGP keys, and it also seems that EC PGP keys are not supported until version 1.60 (Ciphermail ships with BC 1.58). I have manually substituted the JARs for Bouncy Castle in /usr/share/djigzo/lib and then restarted the service. Importing EC PGP keys then worked flawlessly, no errors in log and I could see them on the web management app. But then I tried to send a test email to one of the addresses for which only EC keys existed in Ciphermail, and it did NOT work, so I put bak the original vesions of the BC libraries, and everything went back to normal. I had to delete the EC keys from Ciphermail, since they were now marked as invalid. My question to Ciphermail developers: are there any plans in the roadmap to update the Bouncy Castle libraries so that EC PGP keys are supported?Hi Jorge, You are right that EC support is long overdue :( The main reason is that Bouncycastle did not have support for EC keys. The last time I checked it could import EC keys but they could not be used with PGP because of some missing functionality. I will look at this again to see whether we can support it. Kind regards, Martijn Brinkers