Thanks for the quick response, Martijn, I look forward to your findings. Please do not hesitate to contact me if you need any help for testing, etc. I'll be glad to help.
Thanks Jorge *Jorge Gonzalez Villalonga* Systems Engineer *The International Consortium of Investigative Journalists* <https://www.icij.org> 1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United States Phone: +34 672 173 200 (Madrid, Spain) El 10/7/20 a las 17:50, Martijn Brinkers escribió: > On Fri, 2020-07-10 at 17:41 +0200, Jorge Gonzalez via Users wrote: >> Good morning, >> I'm having some trouble when importing public PGP keys in Ciphermail >> (Ubuntu 16) which have been created with EC private keys. These keys >> have started to be created by default by Enigmail (PGP extension for >> Thunderbird) since some time ago, and for the moment we are >> instructing our partners to make sure they select RSA type keys >> instead of the default EC when creating their keys. >> The error log found in the djigzo log is as follows: >> 10 Jul 2020 11:24:54 | WARN Error downloading key with key ID >> 2E78B913BC3C849635F38F357CACB7AA3BEC5AF2. Error message : >> IOException: unknown PGP public key algorithm encountered, Class: >> class java.io.IOException >> (mitm.application.djigzo.ws.impl.KeyServerClientWSImpl) >> [defaultEventExecutorGroup-4-6] >> By downloading Ciphermail source and tracing a bit, it seems that >> Bouncy Castle libraries are used to manage PGP keys, and it also >> seems that EC PGP keys are not supported until version 1.60 >> (Ciphermail ships with BC 1.58). >> I have manually substituted the JARs for Bouncy Castle in >> /usr/share/djigzo/lib and then restarted the service. Importing EC >> PGP keys then worked flawlessly, no errors in log and I could see >> them on the web management app. >> But then I tried to send a test email to one of the addresses for >> which only EC keys existed in Ciphermail, and it did NOT work, so I >> put bak the original vesions of the BC libraries, and everything went >> back to normal. I had to delete the EC keys from Ciphermail, since >> they were now marked as invalid. >> My question to Ciphermail developers: are there any plans in the >> roadmap to update the Bouncy Castle libraries so that EC PGP keys are >> supported? > Hi Jorge, > > You are right that EC support is long overdue :( The main reason is > that Bouncycastle did not have support for EC keys. The last time I > checked it could import EC keys but they could not be used with PGP > because of some missing functionality. I will look at this again to see > whether we can support it. > > Kind regards, > > Martijn Brinkers >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
