[dev-crypto-csharp] Use SHA 256 instead of SHA1 or Checksum OpenPGP Key

Sat, 07 Jun 2014 18:25:27 -0700 

Hi 

Currently when using  PgpKeyRingGenerator that later calls PGPSecrectKey it 
only has the option of using the  old checksum or SHA1. Problem is that 
according to http://tools.ietf.org/html/rfc4880#section-13.6 if I use DSA2 for 
my key so I can go above 1024 my hash has to higher than SHA1, Sha-256 being 
the lowest in the all 2048 and 3072 key sizes. How would one go about to 
generate the key pair with SHA256 at least? I can generate the DSA2 key but as 
expected it fails to import to GPG and Symantec PGP Desktop do to this:

gpg2 --import -v ~/Desktop/9379B62B9FF38C62_pub.asc 
Version: BCPG C# v1.7.5056.37991
gpg: armor header: 
gpg: pub  2048D/9FF38C62 2014-06-07  Carlos Perez <t...@dsa2test.com>
gpg: DSA key 9FF38C62 requires a 256 bit or larger hash
gpg: DSA key 9FF38C62 requires a 256 bit or larger hash
gpg: key 9FF38C62: invalid self-signature on user ID "Carlos Perez 
<t...@dsa2test.com>"
gpg: DSA key 9FF38C62 requires a 256 bit or larger hash
gpg: DSA key 9FF38C62 requires a 256 bit or larger hash
gpg: key 9FF38C62: invalid subkey binding
gpg: key 9FF38C62: skipped user ID "Carlos Perez <t...@dsa2test.com>"
gpg: key 9FF38C62: skipped subkey
gpg: key 9FF38C62: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

The code I wrote to generate the key pair is:

public AsymmetricCipherKeyPair DSA2KeyGen(int KeySize)
        {
            // Check that we got a proper key size
            int[] allowedKeySizes = {1024, 2048, 3072};
            if (!(allowedKeySizes.Contains(KeySize)))
            {
                throw new ArgumentException("KeySize provided is not 1024, 2048 
or 3072.", "KeySize");
            }

            // Set the proper N parameter depending on the bit key size.
            int DSA2NParam;
            if (KeySize == 1024)
            {
                DSA2NParam = 160;
            }
            else
            {
                DSA2NParam = 256;
            }

            var secRand = new SecureRandom();
            var dsa2Genertor = GeneratorUtilities.GetKeyPairGenerator("DSA");

            // Generate the proper parameters for the DSA2 Key.
            var digest = new Sha256Digest();
            var paramGen = new DsaParametersGenerator(digest);
            var dsaParamsList = new DsaParameterGenerationParameters(KeySize, 
DSA2NParam, 80, secRand);
            paramGen.Init(dsaParamsList);

            // This will take a while since it has to find a valid random prime 
number for use.
            var dsaParams = paramGen.GenerateParameters();

            var dsaOptions = new DsaKeyGenerationParameters(secRand,dsaParams);
            AsymmetricCipherKeyPair keyPair = dsa2Genertor.GenerateKeyPair();

            return keyPair;
        }
Any ideas on how to fix this are more than welcomed. 

Thanks,
Carlos

Reply via email to