New Keystore instance failing upon Keystore boolean execution such as: .isInMemory()

[David Brown]

Hello Didisoft, I have an unexpected change in DidiSoft API code used in the initialization of our app.

The code is posted below.

Inside the try/catch the Keystore instance is created OK but when any of the Keystore boolean values are attempted the app blows up with no exceptions caught.

execution stops @: ks.isInMemory()

The ks instance does not appear to be null and upon further examination the ks instance appears to be

I interchanged both pgp lib jars: 2.6.3 and 2.6.4 with the same effect.

Any and all feedback on this will be much appreciated.

*******************************************************************************************************
try {

KeyStore ks = new KeyStore("/home/user/pgp.ks", "somepassword");

System.out.println("PGP Keystore is in memory:                 " + ks.isInMemory()); // <------ blows up on this line
System.out.println("Keystore auto save on:                         " + ks.isAutoSave());
System.out.println("Keystore backup on save:                     " + ks.isBackupOnSave());
System.out.println("Keystore partial match user IDs:             " + ks.isPartialMatchUserIds());
System.out.println("Keystore skip Lucas Lehmer Prime Test:     " + ks.isSkipLucasLehmerPrimeTest());

     } catch (PGPException e) { // <---------- no exceptions caught here.
                    System.out.println("Creation of DidiSoft keystore failed..." + e.getUnderlyingException().getMessage(),
     } catch (IOException e) {

 System.out.println("Creation of DidSoft keystore failed..." + e.getMessage(), null);

     }                   
*******************************************************************************************************

[didisoft]

Hi David,

Unfortunately I am unable to reproduce this exception. 

Can you please tell me the environment you are using to execute the code.

Best Regards,

Peter Kalef

DidiSoft Technical Support

[David Brown]

Hello Peter, I have an exception thrown using my modified DidiSoft_Examples directory code for Keystore.

Please find attached the modified DidiSoft_Examples directory (DidiSoft_Examples_dmbgroup.tar.gz)

Hopefully, this is adequate.

It may very well be the keystore is corrupted or damaged in some way but I would like to know the underlying cause before going back to our production code with any new changes or purging the existing keystore.

The line #s of interest to run Main.java are:
#22 change the value of args[0] as needed.
#150, 159 are the points of invocation of interest.
The keystore after line #159 is the one that throws the exception (please see posted below).

I'm still not sure about the consequences of an empty keystore though there are no issues with this example.
I cannot recreate here either the issue I see in our enterprise app:

• First our enterprise application executes this line of code: KeyStore ks = new KeyStore("pgp.ks", "nxoCs+2ZX33HOsHoS92k+A==");
• Next executed line is: ks.isInMemory() which then jumps to the attach source page for: ServletWrapper.loadServlet() line 1248 (Google doesn't help).
  

The following is the output from DidiSoft_Examples:

***************************************************************************************************************************************

***************************************************

*** OpenPGP Library for Java Demonstration

***************************************************

Encrypt file.
Nov 07, 2013 12:27:10 PM com.didisoft.pgp.bc.BaseLib <clinit>
INFO: BouncyCastle security provider was loaded

Decrypt file.

Sign and Encrypt file.

Decrypt and Verify file.
Signature is valid.

Sign and Encrypt file (old OpenPGP format version 3).

Decrypt and Verify file (old OpenPGP format version 3).
Signature is valid.

Sign file.

Verify file.
Signature is valid.

Sign file (old OpenPGP format version 3).

Verify file (old OpenPGP format version 3).
Signature is valid.

Clear sign file.

Verify clear signed file.
File OUTPUT.sig.txt has a valid signature.

Generate Key Pair.
UID: demo2 <de...@didisoft.com> is trusted: true

Encrypt File with Keystore.

Decrypt File with Keystore.

Sign and Encrypt File with Keystore.

Decrypt and Verify File with Keystore.
Signature is valid.

Keystore is in memory:            false
Keystore backup on save:        true
Keystore auto save on:            true
Keystore partial match id:        true
Keystore skip Lucas Lehmer:        false

Type    Bits      Key ID   Date       User ID
DH/DSS  1024      BD8B1479 2013-11-07 David Brown <da...@davidwbrown.name>
 (Signing key) (Trusted)
RSA     1024      E8B96342 2013-11-07 demo2 <de...@didisoft.com>
 (Encryption Key) (Signing key) (Trusted)
RSA     2048      29EF5D31 2013-11-07 David Brown (RSA test import) <david...@dmbgroup.com>
 (Encryption Key) (Signing key) (Trusted)

Import Private Key.

Import Public Key.
Imported key: da...@davidwbrown.name is trusted: true

Sign Public Key as Trusted Introducer

Keystore is in memory:            false
Keystore backup on save:        true
Keystore auto save on:            true
Keystore partial match id:        true
Keystore skip Lucas Lehmer:        false

Type    Bits      Key ID   Date       User ID
DH/DSS  1024      BD8B1479 2013-11-07 David Brown <da...@davidwbrown.name>
 (Signing key) (Trusted)
RSA     1024      E8B96342 2013-11-07 demo2 <de...@didisoft.com>
 (Encryption Key) (Signing key) (Trusted)
RSA     512       26BB9370 2010-02-15 Example Key sup...@didisoft.com
 (Encryption Key) (Signing key) (Trusted)
RSA     2048      29EF5D31 2013-11-07 David Brown (RSA test import) <david...@dmbgroup.com>
 (Encryption Key) (Signing key) (Trusted)
DH/DSS  1024      F2BE4954 2013-10-03 da...@davidwbrown.name
 (Signing key) (Not Trusted)

Assign designated revoker and revoke the key
Before change revoker key UID: David Brown <da...@davidwbrown.name>
Before change revoker key 2 UID: demo2 <de...@didisoft.com>
Revoker 2 key Trust Level: TRUSTED
Revocation Lib threw an exception: No key found matching keyID: 3269088737648068948
Revoker key UID: dxadmin <da...@davidwbrown.name> is changed: true
Revoked key UID: da...@davidwbrown.name
Revoker 2 key UID: demo2 <de...@didisoft.com> is changed: true
Revocation Lib threw an exception: Target key has no designated revoker signature with fingerprint: 22228e0282ca629e88ff9dbacba8e824bd8b1479

Keystore is in memory:            false
Keystore backup on save:        true
Keystore auto save on:            true
Keystore partial match id:        true
Keystore skip Lucas Lehmer:        false

Type    Bits      Key ID   Date       User ID
DH/DSS  1024      BD8B1479 2013-11-07 dxadmin <da...@davidwbrown.name>
 (Signing key) (Trusted)
RSA     512       26BB9370 2010-02-15 Example Key sup...@didisoft.com
 (Encryption Key) (Signing key) (Trusted)
RSA     1024      E8B96342 2013-11-07 dxadmin <de...@didisoft.com
 (Encryption Key) (Signing key) (Trusted)
RSA     2048      29EF5D31 2013-11-07 David Brown (RSA test import) <david...@dmbgroup.com>
 (Encryption Key) (Signing key) (Trusted)
DH/DSS  1024      F2BE4954 2013-10-03 da...@davidwbrown.name
 (Signing key) (Not Trusted)

Delete: keypair, public and private keys...
INPUT.txt     Tue Mar 06 12:33:06 CST 2012
INPUT.txt     Tue Mar 06 12:33:06 CST 2012
Encrypted with Key ID : 26BB9370

Keystore is in memory:            false
Keystore backup on save:        true
Keystore auto save on:            true
Keystore partial match id:        true
Keystore skip Lucas Lehmer:        false

Type    Bits      Key ID   Date       User ID
Exception in thread "main" com.didisoft.pgp.PGPException: Exception creating cipher : null : null
    at com.didisoft.pgp.bc.IOUtil.newPGPException(Unknown Source)
    at com.didisoft.pgp.KeyStore.a(Unknown Source)
    at com.didisoft.pgp.KeyStore.<init>(Unknown Source)
    at KeystoreListKeys.main(KeystoreListKeys.java:21)
    at Main.main(Main.java:162)
Caused by: java.lang.NullPointerException
    at org.bouncycastle.openpgp.PGPPBEEncryptedData.getDataStream(Unknown Source)
    at org.bouncycastle.openpgp.PGPPBEEncryptedData.getDataStream(Unknown Source)
    at org.bouncycastle.openpgp.PGPPBEEncryptedData.getDataStream(Unknown Source)
    ... 4 more
***************************************************************************************************************************************

[DidiSoft Support]

Hi David,

Unfortunately with an empty keystore file (0 bytes) on the local
filesystem this cannot be reproduced.
A corrupted keystore on the other hand throws java.io.IOException.

Comparing the output with the attached sources it seems that the
exception is thrown from the KeyStore.getKeys() method.
But that method just like all the boolean methods does not declare any
exceptions at all (it just returns one of the internal members of the
class).

Can you please clarify is this code executed from a command line
application or from a Servlet container.

Kind Regards
Peter Kalef
Technical Support
DidiSoft Ltd. | Toll free (USA and Canada) 866-253-7568 | (+44)
186-552-1172 | www.didisoft.com

[David Brown]

Hello Peter, thanks for the speedy reply.

Either command-line or in my case from Intellij but the program console output should be the same.

I will run it as command-line and/or rework the examples source such that a shell script is included such that there is no confusion on inputs and expected outputs and I will reply with a new attached tarball.

Regards, David.

[David Brown]

BTW: google is bouncing all of my reply email to DidiSoft.

On Wednesday, November 6, 2013 3:33:34 PM UTC-6, David Brown wrote:

[David Brown]

Hello Peter, thanks for the speedy reply.

Either command-line or in my case from Intellij but should be the same.

I will run it as command-line and/or rework the examples source such
that a shell script is included such that there is no confusion on

inputs and expected outputs and will reply with a new attached tarball.

Regards, David.

[David Brown]

Hello Peter, please find attached a self contained tarball with a simple bash script in the src directory to compile and execute the DidiSoft Main.java.

Please execute  the bash script: ./didisoft.sh for usage message.

If this bash script works well for you I will continue to use this method in the future.

There may very well be nothing to be done about a corrupted keystore as the corruption was the result of heavily debugged environment with starts, stops and termination of the remote debug environment connection to the host server employing the DidiSoft API.

Please advise, David.

On Thursday, November 7, 2013 3:45:46 AM UTC-6, didisoft wrote:

[David Brown]

Please excuse the top-post but you did say environment:
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)
Ubuntu 12.04.3 LTS
pgplib 2.6.3.4

On Thursday, November 7, 2013 3:45:46 AM UTC-6, didisoft wrote:

[didisoft]

Hi David,

It seems that the problematic KeyStore file pgp.ks is really corrupted.

This is really an interesting case, as we've never thought that it could happen.

If you haven't turned the backup off, I guess there should be a working backup keystore file in the same place where the pgp.ks file is.

[David Brown]

Hello Peter, thanks for the reply.

Lesson learned: I don't turn off the backing store but in an effort to return to the development I may have deleted all keystore related files in our target directory and so I don't have the .bak anymore.

In the future I will restore the keystore from the .bak file before deleting.

In any case I have bigger fish to fry. Installing the new 2.6.4.3 in our enterprise development environment (Eclipse Keplar) invokes a runtime error upon instantiation of a new PGPLib object.

However, this is not the case when I replaced the 2.6.4.3 jars in the DidiSoft Examples source and re-running the didisoft.sh (same as you have now) the DidiSoft Examples invokes the following without exception:

PGPLib pgp = new PGPLib();

The following Runtime exception is incurred upon execution of our enterprise app:

java.lang.RuntimeException: Your 30 day evaluation version of DidiSoft OpenPGP Libary for Java has at com.didisoft.pgp.PGPLib.<clinit>(Unknown Source)

Regards, David.