bcgit
PGP verification of signature with SHA3 algorithm
Does anyone know when Bouncy Castle will be providing support for OpenPGP data that has been signed with a SHA3 algorithm? I can get the Bouncy Castle library to sign data using a SHA3 algorithm e.g. SHA3_256. The HashAlgorithmTags file includes the SHA3 algorithms i.e. https://github.com/bcgit/bc-java/blob/main/pg/src/main/java/org/bouncycastle/bcpg/HashAlgorithmTags.java .
But on a verify operation, it accesses the org.bouncycastle.openpgp.operator.jcajce.OperatorHelper#getDigestName method (https://github.com/bcgit/bc-java/blob/main/pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/OperatorHelper.java). This method doesn't have the SHA3 algorithms, so the operation fails with:
throw new PGPException("unknown hash algorithm tag in getDigestName: " + hashAlgorithm);
Strange that BC can sign but not verify.
I haven't got to that stage of testing with a non-BC SHA-3 signed document as yet. @dghgit what's your line of thinking? It's quite clear from the org.bouncycastle.openpgp.operator.jcajce.OperatorHelper class, that SHA-3 is not supported i.e. from the above source link:
String getDigestName(
int hashAlgorithm)
throws PGPException
{
switch (hashAlgorithm)
{
case HashAlgorithmTags.SHA1:
return "SHA-1";
case HashAlgorithmTags.MD2:
return "MD2";
case HashAlgorithmTags.MD5:
return "MD5";
case HashAlgorithmTags.RIPEMD160:
return "RIPEMD160";
case HashAlgorithmTags.SHA256:
return "SHA-256";
case HashAlgorithmTags.SHA384:
return "SHA-384";
case HashAlgorithmTags.SHA512:
return "SHA-512";
case HashAlgorithmTags.SHA224:
return "SHA-224";
case HashAlgorithmTags.TIGER_192:
return "TIGER";
default:
throw new PGPException("unknown hash algorithm tag in getDigestName: " + hashAlgorithm);
}
}
The above exception is what my code fails with when it tries to validate the signed data.