Good morning,
I'm having some trouble when importing public PGP keys in Ciphermail
(Ubuntu 16) which have been created with EC private keys. These keys
have started to be created by default by Enigmail (PGP extension for
Thunderbird) since some time ago, and for the moment we are instructing
our partners to make sure they select RSA type keys instead of the
default EC when creating their keys.
The error log found in the djigzo log is as follows:
10 Jul 2020 11:24:54 | WARN Error downloading key with key ID
2E78B913BC3C849635F38F357CACB7AA3BEC5AF2. Error message : IOException:
unknown PGP public key algorithm encountered, Class: class
java.io.IOException
(mitm.application.djigzo.ws.impl.KeyServerClientWSImpl)
[defaultEventExecutorGroup-4-6]
By downloading Ciphermail source and tracing a bit, it seems that Bouncy
Castle libraries are used to manage PGP keys, and it also seems that EC
PGP keys are not supported until version 1.60 (Ciphermail ships with BC
1.58).
I have manually substituted the JARs for Bouncy Castle in
/usr/share/djigzo/lib and then restarted the service. Importing EC PGP
keys then worked flawlessly, no errors in log and I could see them on
the web management app.
But then I tried to send a test email to one of the addresses for which
only EC keys existed in Ciphermail, and it did NOT work, so I put bak
the original vesions of the BC libraries, and everything went back to
normal. I had to delete the EC keys from Ciphermail, since they were now
marked as invalid.
My question to Ciphermail developers: are there any plans in the roadmap
to update the Bouncy Castle libraries so that EC PGP keys are supported?
Thanks
Jorge
--
*Jorge Gonzalez Villalonga*
Systems Engineer
The International Consortium of Investigative Journalists
<https://www.icij.org>
1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United States
Phone: +34 672 173 200 (Madrid, Spain)
