Fixed PGP encryption bug (invalid)
I created a PGP key pair and gave the other party a public key. They encrypt the message and send it to me. I am using Camel Crypto / PGP to try and decrypt it. I have a simple route setup in Camel 2.15.0:
from("direct://TestPGPDecrypt")
.routeId("TestPGPDecrypt")
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Calling PGP Decryption Using PGP Key: " + Vault.TestPGP.keyUserId)
.unmarshal(pgpDecryptTest)
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Decrypted Original ${header[CamelFileName]}")
With this, I pass the .asc file (Armored-ASCII) and I get the following exception:
Exchange[
Id ID-MBProi7-54281-1432247325866-1-12
ExchangePattern InOnly
BodyType org.apache.camel.component.file.GenericFile
Body [Body is file based: GenericFile[2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc]]
]
Stacktrace
------------------------------------------------------------------------------------------------------------------------
java.lang.IllegalArgumentException: The input message body has an invalid format.
The PGP decryption/verification processor expects a sequence of PGP packets of
the form (entries in brackets are optional and ellipses indicate repetition,
comma represents sequential composition, and vertical bar separates
alternatives): Public Key Encrypted Session Key ..., Symmetrically Encrypted Data
| Sym. Encrypted and Integrity Protected Data, Compressed Data, (One Pass Signature ...,) Literal Data, (Signature ...,)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getFormatException(PGPKeyAccessDataFormat.java:488)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getUncompressedData(PGPKeyAccessDataFormat.java:424)
at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.unmarshal(PGPKeyAccessDataFormat.java:363)
Obviously, the problem is parsing the message "somewhere" - the stack shows that it is in this code inside the PGPKeyAccessDataFormat:
private InputStream getUncompressedData(InputStream encData) throws IOException, PGPException {
PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
Object compObj = pgpFactory.nextObject();
if (!(compObj instanceof PGPCompressedData)) {
throw getFormatException();
}
I don't know why this input stream is not being returned as a PGPCompressedData instance ...
If I decrypt this file locally (Unix / Mac OS X) using gpg, no problem. Actually I can see the result of the multi-country run.
If I encrypt a local file and then try to decrypt it via Camel Crypto, no problem
I only have problems with this one file. I even tried to tweak the PGPDataFormat config to no avail:
PGPDataFormat pgpDecryptTest = new PGPDataFormat();
pgpDecryptTest.setKeyFileName(Vault.secret.keyFileName);
pgpDecryptTest.setKeyUserid(Vault.secret.keyUserId);
pgpDecryptTest.setArmored(true);
pgpDecryptTest.setPassword(Vault.secret.getTestKeyRingPwd());
pgpDecryptTest.setIntegrity(false);
pgpDecryptTest.setHashAlgorithm(HashAlgorithmTags.SHA1);
pgpDecryptTest.setAlgorithm(SymmetricKeyAlgorithmTags.TRIPLE_DES);
pgpDecryptTest.setSignatureKeyFileName(Vault.TRDParty.keyFileName);
pgpDecryptTest.setSignatureKeyUserid(Vault.TRDParty.keyUserId);
pgpDecryptTest.setSignatureVerificationOption("ignore");
Any ideas? [edit] As requested, here is information on PGP packages. Encrypted file that has Camel decryption problem:
gpg --list-packets 2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxxxxxxxxx
data: [2046 bits]
You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID XXXXXXXX, created 2015-05-18 (main key ID YYYYYYYYY)
:encrypted data packet:
length: 52051
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
"Your Key <you@company.com>"
:onepass_sig packet: keyid ABVBBBBBBBBBB
version 3, sigclass 0x00, digest 2, pubkey 17, last=1
:literal data packet:
mode b (62), created 1432151886, name="",
raw data: 51945 bytes
:signature packet: algo 17, keyid CCCCCCCCCCCCCC
version 4, created 1432151886, md5len 0, sigclass 0x00
digest algo 2, begin of digest e4 5a
hashed subpkt 2 len 4 (sig created 2015-05-20)
subpkt 16 len 8 (issuer key ID CCCCCCCCCCCCCC)
data: [159 bits]
data: [160 bits]
gpg: WARNING: message was not integrity protected
Then, to compare, I encrypted the (text version) of the same file content using gpg and then ran the list packages on it:
gpg --list-packets encrypted.asc
:pubkey enc packet: version 3, algo 1, keyid XXXXXXXXXXX
data: [2045 bits]
You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID 8EFFC26E, created 2015-05-18 (main key ID YYYYYYYYY)
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
"Your Key <you@company.com>"
:compressed packet: algo=2
:literal data packet:
mode b (62), created 1432321235, name="clear.out.xml",
raw data: 51945 bytes
source to share
You should check with the party sending you the message and ask them if the message was compressed during encryption. For Camel 2.15 (and I assume older versions), Camel requires encrypted PGP files to be compressed. In Camel 2.16, they relaxed the requirements for compressed and encrypted files.
Alternatively, to verify that uncompressed code is causing this error, you can try encrypting the file with "-compress-level 0". Compression level 0 disables compression.
source to share