search

jerson / flutter-openpgp

OpenPGP for flutter made with golang for fast performance with support for android, ios, macos, linux, windows, web and hover
https://pub.dev/packages/openpgp
MIT License
66 stars 22 forks source link

OpenPGP.generate() pub key is unusable in other openpgp libraries #65

Closed michep closed 12 months ago

michep commented 1 year ago

Hello @jerson

on version 3.7.1 I do something like this:

var keypair = await OpenPGP.generate();
await updateAgentPublicKey(keypair.publicKey); // sends pubkey to the server, where it is verified and checked

And serverside pubkey verification give an error:

"ValueError: 39 is not a valid backing value for enum OpenPGP\Enum\SignatureSubpacketType"
michep commented 1 year ago

here is my newly generated pubkey:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: openpgp-mobile

xsBNBGUGqm4BCADButlcafPCobs53iIHblcMio2on2wZIKX0zsln75YA16EA6AZM
J8MwIOf5zTYaQXJbcYfaYvc6PUcRcJoHhoBtHlOrTVU8TMIFDTN+xKBkJcZlEG6s
aaKVU5RtZKgQQN5/Hj8yiAvWJQOA+fnhb9UiRFz7ABqytoBvUqzjiWNdCSt6NVfv
LJ/hXmN3rLJMwqhEQa0ohskCX9JFKPePZ8ybTg3pbEAbV6alurWzJ3FyHSMrFtmT
JzJfqA4+HJCTXCQZsorEEYQoPZC7Xj61hvC+0NW+uLBtA2Zsgb44miFVWZIqnBAH
Meavgc2tvIGVfO4y7PsdC7IOHI5h5GqetNbhABEBAAHNAMLAiQQTAQgAPQUCZQaq
bgkQvvo/BFI8L/UWIQRjMfb0kq7VxLwGjnK++j8EUjwv9QIbAwIeAQIZAQILBwIV
CAIWAAMnBwIAAAWMB/9PTU681NFsZYxSIWxKeqihgdnFr1GAL/VIbOar1zY2GfH/
A6ZAbuWHcbcraptlQKydaxPEqVo6mX20N74r+wyODrFE1Y7Db9BzPoL3/WPWMcOi
gOMts7W7yiLWzq0HcCThcwprwsip8fPxmm2cth27iYTonDtXC7JobTQDmSitjiX2
85XZv8YzyfKTb/jVCWU0mE5hyb8lJARGH5l41rnUajNb0i6RJZ92/9mjVFLw2iMU
Ze+qr/4m1D+ips2VwY1uHxiyDDtGarUQiNBcnHU4NnbAk61d2osqkrJQ7rw6IrZ4
arvBI6pxDbvJUdzTG8+2DBOCMHGUL5Z9U79MS87czsBNBGUGqm4BCADtLS48qEpk
oqPBC3nLfHF59CpXFF965T6jsf8I2wFJR4WjUAMzJZextAKvrLpKWm5UbayNPruw
UakHz7P6m3chhF26O36zKX38F/tKaSUe4YmX7DChLIqYDmcfnwAtzD//dBDAB3QL
fq5pc3b0v2ga7Mqt28KNGOdLGosnLHwm1lkFZhHrToP1YgJtQV7vthY7xXh1E8oo
rgiSXfGsVMK8BP6Sz2SgQejRYOKZ0CwOCp6p3QfiAStTE07UAiIcnGBOUDMLnl4c
1I+sQxMBAsgyDekgTlng8+puc2j0pikypZWE+NN8caXhnVT7IHSQQdajMPcK1Ief
g8aR6LZ8NpHHABEBAAHCwHYEGAEIACoFAmUGqm4JEL76PwRSPC/1FiEEYzH29JKu
1cS8Bo5yvvo/BFI8L/UCGwwAAPG7B/4mTBZqLtPRGgHrE+HnzQYTmS+RA6Z2z4h6
JlQVxW80A+nZalcMlIfNM9GhFMIhGSI1OoKAwhG14d4TT3Nf/vuGgAFwvrQdXZ+v
E/JMo7dn3oT315M4hQpt1LrSwN4jBWbgHeTt3v9tKEl3lyjxQ/EAH3Jrv3DKU/5/
+d575/wOhsN/5Xp3o5TrzcTLALFXvuVekEXhxJIRVW6wRI7sGaa/hGYNQSR2b+vK
CXogAd1ht60DK5ASZw5IntipDscu0t2sCHZKfQXjtrAW5JjlpebSfzuF+tSERiVY
/3OAZ9rwf4nnuQUi9mpb8EGPq4nwh5XP+yiQzY6j9y0Pqd+NDPE9
=mQv2
-----END PGP PUBLIC KEY BLOCK-----
jerson commented 1 year ago

Hi @michep could you give me more info about which library or language was you using, it seems a compatibility issue with a new specific feature

michep commented 1 year ago

https://packagist.org/packages/php-privacy/openpgp

michep commented 1 year ago

Hi @jerson, here is fancy PGP message decoder - https://cirw.in/gpg-decoder

And if you feed in a pubkey, generated with updated binaries, you will see unknown subpacket type, which is exactly 39:

Signature Packet (0x2)
  ...
  subpackets:
  ...
    subpacketType:"undefined (0x27)"
    data:"0702"

If you generate pubkey with version 3.6.1 or 3.7.0, same part of decoded key will have:

Signature Packet (0x2)
  ...
  subpackets:
  ...
    subpacketType:"Preferred AEAD Algorithms (0x22)"
    data:"01"
gladius-opensort commented 12 months ago

Hi Jerson,

Noticing the same issue

jerson commented 12 months ago

hi @michep , @gladius-opensort could you try with this new branch please https://github.com/jerson/flutter-openpgp/pull/66

michep commented 12 months ago

hi @jerson, I can confirm that with commit b47cd4e keyspair generation is OK, thank you

jerson commented 12 months ago

Thanks a new version was released: https://pub.dev/packages/openpgp/versions/3.7.2 feel free to reopen if you need