HashAlgorithms repeated when GenerateRsaKeyPair

[Matt Hull]

When generating a key pair using PGPKeyPair.GenerateRsaKeyPair (or the corresponding method on KeyStore) the hash algorithms are repeated:

MD5

SHA1

SHA1

RIPEMD160

SHA1

MD2

When attempting to generate a key pair "the long way"  KeyStore.GenerateKeyPair(size, name, KeyAlrogithm.RSA, password, [ compression ], [hashing], [cyphers] ) things get really screwed up. For example, if I specify all hashing algorithms I get SHA1 repeated several times. If I change to only pass SHA512 I get RIPEMD160.  Depending on the combinations I pass for compression/cyphers  I get varying results in the PreferredHash/Compression/Cypher arrays (sometimes with values I don't specify, sometimes with repeated values and sometimes with NOTHING).

What's going on? Am I doing something wrong here?

[Matt Hull]

The problem appears to occur as part of the KeyPairInformation::InitHashes() method. The FromHash method is called which converts the HashAlgorithmTag enum to a HashAlgorithm enum. The problem here is that the HashAlgorithm enum is defined automatically (values 0-7); their values are not bound to those of the HashAlgorithmTag enum (like Compression/CypherAlgorthm enums are). 

When the mapping back in FromHash() occurs, most of the values are undefined in the Enum so the library is returning Sha1 as the default.

I'm fairly certain that the real fix to this would be to update  DidiSoft.Pgp.HashAlgorithm so that the fields are defined in terms of HashAlgorithmTag:

   

 public enum HashAlgorithm
    {
        /// <summary>
        /// Secure Hash Algorithm (SHA-1)
        /// </summary>
        SHA1 = HashAlgorithmTag.Sha1,
        /// <summary>
        /// Secure Hash Algorithm 256 bit (SHA-2 256)
        /// </summary>
        SHA256 = HashAlgorithmTag.Sha256,
        /// <summary>
        /// Secure Hash Algorithm 384 bit (SHA-2 384)
        /// </summary>
        SHA384 = HashAlgorithmTag.Sha384,
        /// <summary>
        /// Secure Hash Algorithm 512 bit (SHA-2 512)
        /// </summary>
        SHA512  = HashAlgorithmTag.Sha512,
        /// <summary>
        /// Secure Hash Algorithm 224 bit (SHA-2 224)
        /// </summary>
        SHA224 = HashAlgorithmTag.Sha224,
        /// <summary>
        /// Message Digest 5
        /// </summary>
        MD5 = HashAlgorithmTag.MD5,
        /// <summary>
        /// RIPEMD-160, 160-bit message digest algorithm (RACE Integrity Primitives Evaluation Message Digest)
        /// </summary>
        RIPEMD160 = HashAlgorithmTag.RipeMD160,
        /// <summary>
        /// Message Digest 2
        /// </summary>
        MD2 = HashAlgorithmTag.MD2
    }

This is necessary because KeyStore::CreateKeyRingGenerator simply cassts the values of type HashAlgorithm to their integral value. These values won't match the HashAlgorithmTag so when parsing back it fails. 

[DidiSoft Support]

Hi Matt,

Thank you for the suggested code.

Indeed this was the core reason for this unintended behavior.

Please download the updated version 1.8.3.5 released a few minutes ago (either from our customers' section or from our private NuGet repo)

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Phone: +1-256-907-7816 | Fax: +1-256-907-7816 | Web: www.didisoft.com

--
You received this message because you are subscribed to the Google Groups "DidiSoft Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to didisoft_foru...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Matt Hull]

Thank you for the quick update.

I will note however that there is an "issue" with the nuget package. The previous nuget package had a version number of  ".400"; this new package ends with ".5". Unfortunately nuget recognizes the 400 as greater than 5 so the update doesn't show up in the nuget feed when installing/updating. You have to explicitly look for "older versions" in order to pull down the .5 (which is what I had to do).

[DidiSoft Support]

Hi Matt,

This was really a pitfall in our build script version numbering.

This has been changed and as of today the current trial version will always be one revision earlier than the production version.

The current trial published today is 1.8.3.6000 and the production version is 1.8.3.6001.

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Phone: +1-256-907-7816 | Fax: +1-256-907-7816 | Web: www.didisoft.com