Cannot select non-default PublicKeyAlgorithmTag

[pcgitjo]

I am having issues generating keys with different PublicKeyAlgorithmTag and HasAlgorithmTag. The code below produces an error (see below). If I remove the line "pgp.PublicKeyAlgorithm.." everything works but it does not seem to be using SHA256 as the Hash Algorithm and rather continuing to default to SHA1.

The following code:
BouncyCastle Version: BouncyCastle.NET Cryptography (net6.0) v2.1.1+851feee009
PgpCore Version: 6.3.1

`using (PGP pgp = new())
{

pgp.PublicKeyAlgorithm = Org.BouncyCastle.Bcpg.PublicKeyAlgorithmTag.Dsa;
pgp.GenerateKey(publicKeyFileInfo, privateKeyFileInfo, config.UserID, config.UserID, 4096, 12, true, false, 0, 0, null,
new Org.BouncyCastle.Bcpg.HashAlgorithmTag[] { Org.BouncyCastle.Bcpg.HashAlgorithmTag.Sha256 },
new Org.BouncyCastle.Bcpg.SymmetricKeyAlgorithmTag[] { Org.BouncyCastle.Bcpg.SymmetricKeyAlgorithmTag.Aes128 });
};`

produces "invalid key" from BouncyCastle.Cryptography at:

at Org.BouncyCastle.Bcpg.OpenPgp.PgpSignatureGenerator.InitSign(Int32 sigType, PgpPrivateKey privKey, SecureRandom random)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpSignatureGenerator.InitSign(Int32 sigType, PgpPrivateKey privKey)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpSecretKey.CertifiedPublicKey(Int32 certificationLevel, PgpKeyPair keyPair, String id, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpSecretKey..ctor(Int32 certificationLevel, PgpKeyPair keyPair, String id, SymmetricKeyAlgorithmTag encAlgorithm, Byte[] rawPassPhrase, Boolean clearPassPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator..ctor(Int32 certificationLevel, PgpKeyPair masterKey, String id, SymmetricKeyAlgorithmTag encAlgorithm, Byte[] rawPassPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator..ctor(Int32 certificationLevel, PgpKeyPair masterKey, String id, SymmetricKeyAlgorithmTag encAlgorithm, Boolean utf8PassPhrase, Char[] passPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at Org.BouncyCastle.Bcpg.OpenPgp.PgpKeyRingGenerator..ctor(Int32 certificationLevel, PgpKeyPair masterKey, String id, SymmetricKeyAlgorithmTag encAlgorithm, Char[] passPhrase, Boolean useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
at PgpCore.PGP.GenerateKey(Stream publicKeyStream, Stream privateKeyStream, String username, String password, Int32 strength, Int32 certainty, Boolean armor, Boolean emitVersion, Int64 keyExpirationInSeconds, Int64 signatureExpirationInSeconds, CompressionAlgorithmTag[] preferredCompressionAlgorithms, HashAlgorithmTag[] preferredHashAlgorithmTags, SymmetricKeyAlgorithmTag[] preferredSymetricKeyAlgorithms)
at PgpCore.PGP.GenerateKey(FileInfo publicKeyFileInfo, FileInfo privateKeyFileInfo, String username, String password, Int32 strength, Int32 certainty, Boolean armor, Boolean emitVersion, Int64 keyExpirationInSeconds, Int64 signatureExpirationInSeconds, CompressionAlgorithmTag[] preferredCompressionAlgorithms, HashAlgorithmTag[] preferredHashAlgorithmTags, SymmetricKeyAlgorithmTag[] preferredSymetricKeyAlgorithms)
at PGPCLI.Program.GenKeys(Config config) in C:\p\data\DataAndAnalytics\console\cli\pgp\Program.cs:line 165

[mattosaurus]

I think there's a few bugs here.

We're currently ignoring the specified public key algorithim and just defaulting to RSA.

PgpCore/PgpCore/PGP.KeySync.cs

Lines 98 to 100 in c95cf17

	IAsymmetricCipherKeyPairGenerator kpg = new RsaKeyPairGenerator();
	kpg.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(0x13), new SecureRandom(), strength, certainty));

We were also ignoring the passed through hash algorithim and so were defaulting to SHA1 for all key generation.

I've fixed the hash algorithim bug #292 but allowing the use of anything but RSA (DSA in your case) looks like quite a bit more work so will take me a while to figure out.

[pcgitjo]

Thanks @mattosaurus the reason this came up was for various compliance reasons and requirements from different vendors to select specific algorithms. Additionally, I'm not sure it's part of the documentation, but your library works well with decrypting or encrypting with keys from other sources, i.e. using a GPG key generated in Linux to encrypt and decrypt files.