search

mattosaurus / PgpCore

.NET Core class library for using PGP
MIT License
238 stars 100 forks source link

Support Network stream #287

Open Noragad94 opened 6 months ago

Noragad94 commented 6 months ago

Is there a way to encrypt network stream without loading the entire file into memory stream first?

mattosaurus commented 6 months ago

Yes, you can just pass the network stream object directly to the method. Use of memory stream in the docs is just as an example.

rinzed commented 5 months ago

I ran into a similar problem today and I have found at least one case in which a non-seekable input stream is not working.

I was using Azure Blob storage and was using a Azure.Storage.NonDisposingStream, which I was trying to Encrypt & Sign using EncryptStreamAndSignAsync.

This resulted in the following exception:

System.NotSupportedException: Specified method is not supported.
   at Azure.Core.Pipeline.RetriableStream+RetriableStreamImpl.get_Length (Azure.Storage.Blobs, Version=12.19.1.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at Azure.Storage.NonDisposingStream.get_Length (Azure.Storage.Blobs, Version=12.19.1.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at PgpCore.PGP.ChainLiteralStreamOut (PgpCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=e84be4b896fe5158)
   at PgpCore.PGP+<OutputEncryptedAsync>d__36.MoveNext (PgpCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=e84be4b896fe5158)
   ...
   at PgpCore.PGP+<EncryptAndSignAsync>d__101.MoveNext (PgpCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=e84be4b896fe5158)
   ...
   at PgpCore.PGP+<EncryptStreamAndSignAsync>d__104.MoveNext (PgpCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=e84be4b896fe5158)
   ...

Some streams are not seakable and can throw an Exception while checking for the Length of the stream. This is documented by Microsoft, see Stream.Length.

I have worked around this issue by copying the data from my Blob storage stream to a MemoryStream before passing it to PGPCore.

using var seekableInputStream = new MemoryStream();
await inputStream.CopyToAsync(seekableInputStream);
await pgp.EncryptStreamAndSignAsync(inputStream, outputStream);

Not sure of more changes are needed, but looking at the PGPCore code, the issue is with the initialization of PGPLiteralDataGenerator using the Length of the input stream, without checking if the input stream CanSeek equals true. Looking at bouncycastle documentation, there should also be an option to initialize without specifiling the length of the input stream. https://javadoc.io/static/org.bouncycastle/bcpg-jdk15on/1.64/index.html?org/bouncycastle/openpgp/PGPLiteralDataGenerator.html

mattosaurus commented 5 months ago

Thanks for doing some initial investigation on this. I seem to remember that there's some other points where we need a seekable stream but I'll take a look when I get a chance to see if changes to PGPLiteralDataGenerator is enough to resolve it.