Closed seddonym closed 8 years ago
Ah, this is a case of PGPy not having support for partial packet lengths just yet (see #95), but it is something I am planning to implement for the next release.
Depending on how you invoke gpg, it will chunk the data packets using partial packet length headers so it can stream the encrypt/decrypt operations while still receiving input. That looks to be what has happened here:
% pgpdump 161.asc
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0x3E46A25F81612D05
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2046 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(4096 bytes) partial start
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
New: (86 bytes) partial end
I generated a similar file (but slightly larger) and tested a bit like so:
% stat -c "%s" data.txt
8200
% wc -l data.txt
1025 data.txt
% # the options I used here were used to skip compression and encrypt with
% # just a passphrase for easier demonstration purposes
% gpg --armor --symmetric --cipher-algo AES --compress-algo 0 data.txt
% pgpdump data.txt.asc
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
New version(4)
Sym alg - AES with 128-bit key(sym 7)
Iterated and salted string-to-key(s2k 3):
Hash alg - SHA1(hash 2)
Salt - bf 72 81 ce 4f a1 38 eb
Count - 31457280(coded count 238)
New: Symmetrically Encrypted and MDC Packet(tag 18)(8258 bytes)
Ver 1
Encrypted data [sym alg is specified in sym-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
% # now I'll pipe the contents of data.txt into gpg instead,
% # which will cause it to stream
% cat data.txt | gpg --armor --symmetric --cipher-algo AES --compress-algo 0 > piped-data.txt.asc
% pgpdump piped-data.txt.asc
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
New version(4)
Sym alg - AES with 128-bit key(sym 7)
Iterated and salted string-to-key(s2k 3):
Hash alg - SHA1(hash 2)
Salt - b9 18 9b e3 79 21 34 27
Count - 31457280(coded count 238)
New: Symmetrically Encrypted and MDC Packet(tag 18)(8192 bytes) partial start
Ver 1
Encrypted data [sym alg is specified in sym-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
New: (58 bytes) partial end
I was able to force it to not use partial packets by adding the --set-filesize
option like so:
% cat data.txt | gpg --armor --symmetric --cipher-algo AES --compress-algo 0 --set-filesize 8200 > piped-sf-data.txt.asc
gpg: Note: --set-filesize is not for normal use!
% pgpdump piped-sf-data.txt.asc
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
New version(4)
Sym alg - AES with 128-bit key(sym 7)
Iterated and salted string-to-key(s2k 3):
Hash alg - SHA1(hash 2)
Salt - c3 c8 2e 8b 60 54 1e fe
Count - 31457280(coded count 238)
New: Symmetrically Encrypted and MDC Packet(tag 18)(8250 bytes)
Ver 1
Encrypted data [sym alg is specified in sym-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
Since partial packet support is on the roadmap, I'll close this issue for now.
Hi Michael,
Thanks so much for your swift and detailed reply, this is very helpful.
I'll keep an eye on the partial packet support, and will try the workaround for the time being.
David
Incidentally I wonder how difficult it would be to improve the error messages for features that are known to be unsupported. Perhaps a simple way would be to have a page in the docs which lists known encryption formats that don't work, and the exception could point them there. Even better would be for the exception to say what feature it doesn't support - though I imagine that would be more work. Just a suggestion, might save people time.
I've run into a similar issue as reported here: https://github.com/SecurityInnovation/PGPy/issues/160. I think it's might have different causes so I'm reporting it as a separate bug.
The bug is that I get the same
NotImplementedError
when I runPGPMessage.from_blob()
on messages that are not very short. For example:This raises the following exception:
This is a message that consists of 1,000 lines of random 7 digit integers, one on each line. I have no problems with loading a message that is just 100 lines.