0

I'm creating this tool in C# that would take a .gpg file and decrypt it using Windows CNG. I get a .gpg file as my input parameter and it is encrypted with my key using WinPT. Decrypting it works with the tool and I can also decrypt using BouncyCastle and my secret key. The receiving party of the file will always have the rights / key to decrypt it (this is an assumption). We do not want to use the secret key anymore, but would instead like to use the key from Windows CNG store OR the ProtectedData class (preferably).

I've checked this post, where it more or less explains how the encryption and decryption works using Unprotect and Protect, but i cannot get it working when the input file is a .gpg. It does work with byte arrays, and converting the .gpg data to a byte array does not help either.

Link: https://security.stackexchange.com/questions/51519/pgp-private-key-storage-on-windows-server-advice?answertab=active#tab-top

Is it even possible to decrypt a .gpg using this method?

jww
  • 97,681
  • 90
  • 411
  • 885
Tomaz Leopold
  • 75
  • 1
  • 9
  • Yes : CNG is a file created by CryptoNG, a program used for creating encrypted archives. It incorporates an AES-256 encryption algorithm and requires a password in order to decrypt the archive back to the original set of files. Net Library has a AES-256 encryption algorithm and as long as you have the key(s) you should be able to decrypt. – jdweng Mar 26 '19 at 13:18
  • @jdweng in that case, working with CNGKey class in .net, I would still need a secret key? That is the one thing i would like to avoid having - so something in the direction of the ProtectedData class – Tomaz Leopold Mar 26 '19 at 13:23
  • You always need a key if you are encrypting. The question is the number of keys and where the keys are stored. You could have a service provide the key, but then you still need a secure method of connection to server like using a certificate or putting encryption key in a certificate. – jdweng Mar 26 '19 at 13:33
  • Let's say the file gets encrypted by John using WinPT on his laptop. He then uploads it to a folder on some server. When he downloads a tool, the proper encrypted file he previous uploaded also gets downloaded. He does not have the secret key on the PC he is currently on, at least not exported. So it should be saved somewhere in the machine registry/container. Is it possible to decrypt the file without the secret key exported? So that the c# program would know what key to take from the windows key store and decrypt it that way. TL;DR: Encrypt with WinPT, decrypt with ProtectedData / CNG – Tomaz Leopold Mar 26 '19 at 13:43
  • That is why I said to use a certificate and/or wrap it in a SOAP. I said to use key(s). You can have private and public keys. So you can encrypt/decrypt with public keys that do not require a secrete keys or private keys using a secrete key. – jdweng Mar 26 '19 at 13:50
  • In that case i'd have to put the SOAP service on some server and communicate with that in order to decrypt the file? Is there an option to keep it all locally and without the need to specify the secret key on decrypt? Like decrypting with ProtectedData, where the library takes care of key searching. – Tomaz Leopold Mar 26 '19 at 13:59

0 Answers0