5

I am attempting to decrypt a file using BouncyCastle in C# that has been encrypted with RSA via Kleopatra. Unfortunately, I am receiving an error that states "Unknown packet type encountered: 20" when processing through the first few lines of decryption. The (pseudo) code:

   using (Stream inputStream = File.OpenRead(test.txt.gpg))
   {
       using (Stream keyIn = File.OpenRead(privatekey.asc))
       {
                PgpObject o = null;

                PgpObjectFactory pgpF = new PgpObjectFactory(PgpUtilities.GetDecoderStream(inputStream));
                
                PgpSecretKeyRingBundle pgpSec = new PgpSecretKeyRingBundle(PgpUtilities.GetDecoderStream(privateKeyStream));

                if (pgpF != null)
                {
                    o = pgpF.NextPgpObject(); -- THIS LINE THROWS THE UNKNOWN PACKET TYPE ERROR
                }
       }
   }

After googling, I have seen examples that the above code snippet models, but I have not yet seen any information about unknown packet types.

Does anyone know if I am doing anything wrong, or can point me in the direction of documentation of the error code numbers?

Thank you in advance for your time.

mherr
  • 348
  • 1
  • 7
  • 25
  • 1
    I'm having a similar issue. I can encrypt/decrypt files with code I found here on SO, and I can encrypt files with code and then use Kleopatra to decrypt, but I can't use the code to decrypt anything encrypted with Kleopatra. I got my code from the bouncy castle tests and here: https://stackoverflow.com/questions/6987699/pgp-encryption-and-decryption-using-bouncycastle-c-sharp/69194776#69194776 – LoveMeSomeCode May 11 '22 at 14:44
  • I'm currently facing the same issue. Have you found a working solution? – ChrisK Feb 14 '23 at 11:37

2 Answers2

6

This packet type is not part of the official OpenPGP standard as defined in RFC 4880, which defines packet types only up to 19 (see section 4.3).

However, there is a Work in progress to update the OpenPGP specification from RFC4880 which defines packet type 20 as AEAD Encrypted Data Packet (see section 5.16).

AEAD means Authenticated Encryption with Associated Data. It allows to include data from outside the actual encryption data in the authentication part. This aims at making it impossible to use the encrypted data outside its original context, effectively disabling a replay attack. For details, see this answer.

Obviously, said draft has not been approved (yet?), but also has expired. I'm unsure about what exactly this means. Nevertheless, GnuPG seems to have implemented the proposal in its new version 2.3 (which Kleopatra uses under the hood), and even made it default, as I understand the docs (quoted from OpenPGP protocol specific options):

The MDC is always used unless the keys indicate that an AEAD algorithm can be used in which case AEAD is used.

By default, GnuPG 2.3+ generates keys that support AEAD, and when a key claims support for AEAD, GnuPG will use it to encrypt data.

BouncyCastle does not currently support PGP encryption with AEAD. As a work-around for this problem, PGP keys should be generated using GnuPG with the --rfc4880 or --openpgp flag which makes sure that the key adheres to RFC 4880.

In version 1.72 of BouncyCastle, support for PGP with AEAD has been added.

not2savvy
  • 2,902
  • 3
  • 22
  • 37
  • 1
    I'm not the OP but had the exact same issue, changing method to `gpg --full-generate-key --openpgp` has resolved this issue on my end, thank you – enzed01 Aug 03 '22 at 17:16
  • This explained the problem well, but I tried both `--rfc4880` and `--openpgp` and the gpg app still seemed to generate a public key that allowed the packet 20 issue. The latest NuGet versions of BouncyCastle (and libs that used it under the covers) still had the issue. I only ended up fixing it by removing version 2.4 of gnupg.exe and installing version 2.2 instead (pre-AEAD), and keys generated with that version worked OK. – Danny May 22 '23 at 17:48
0

In case there are any Java Devs having this same issue, BouncyCastle is implementing a solution that is currently in a beta jar (version 172b18 at the time of writing this).

Issue: https://github.com/bcgit/bc-java/issues/1140

Beta jars linked in the above issue: https://downloads.bouncycastle.org/betas/

Allegedly there will be an official release in the coming weeks with these changes.

I can confirm I was able to decrypt a file encrypted by Kleopatra using bcpg-jdk18on-172b18.jar

Squatch
  • 1
  • 2