Camel Crypto Fails PGP Decryption (Invalid

Question

I generated a PGP key pair and gave another party the public key. They are encrypting a message and sending it to me. I am using Camel Crypto/PGP to try to decrypt it. I have a simple route setup in Camel 2.15.0:

from("direct://TestPGPDecrypt")
.routeId("TestPGPDecrypt")
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Calling PGP Decryption Using PGP Key: " + Vault.TestPGP.keyUserId)
.unmarshal(pgpDecryptTest)
.log(LoggingLevel.INFO, "com.company.camel.flows.CryptoFlows", "Decrypted Original ${header[CamelFileName]}")

With this I pass in a .asc (Armored-ASCII) file and I get the following exception:

Exchange[
    Id                  ID-MBProi7-54281-1432247325866-1-12
    ExchangePattern     InOnly
    BodyType            org.apache.camel.component.file.GenericFile
    Body                [Body is file based: GenericFile[2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc]]
]

Stacktrace
------------------------------------------------------------------------------------------------------------------------
java.lang.IllegalArgumentException: The input message body has an invalid format.
The PGP decryption/verification processor expects a sequence of PGP packets of
the form (entries in brackets are optional and ellipses indicate repetition,
comma represents sequential composition, and vertical bar separates
alternatives): Public Key Encrypted Session Key ..., Symmetrically Encrypted Data 
| Sym. Encrypted and Integrity Protected Data, Compressed Data, (One Pass Signature ...,) Literal Data, (Signature ...,)  
    at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getFormatException(PGPKeyAccessDataFormat.java:488)
    at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.getUncompressedData(PGPKeyAccessDataFormat.java:424)
    at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.unmarshal(PGPKeyAccessDataFormat.java:363)

Clearly the problem seems to be with the parsing of the message "somewhere" - the stack shows that it is in this code inside PGPKeyAccessDataFormat:

private InputStream getUncompressedData(InputStream encData) throws IOException, PGPException {
        PGPObjectFactory pgpFactory = new PGPObjectFactory(encData, new BcKeyFingerprintCalculator());
        Object compObj = pgpFactory.nextObject();
        if (!(compObj instanceof PGPCompressedData)) {
            throw getFormatException();
        }

I don't know why this inputstream does not come back as an instanceof PGPCompressedData...

If I decrypt this file locally (Unix/Mac OS X) using gpg - no issue. In fact I can see the output of the verbose run.

If I encrypt a local file and then try to decrypt it through the Camel Crypto, no issues

I only have issues with the this one file. I have even tried to tweak the configuration the PGPDataFormat to no avail:

PGPDataFormat pgpDecryptTest = new PGPDataFormat();
pgpDecryptTest.setKeyFileName(Vault.secret.keyFileName);
pgpDecryptTest.setKeyUserid(Vault.secret.keyUserId);
pgpDecryptTest.setArmored(true);
pgpDecryptTest.setPassword(Vault.secret.getTestKeyRingPwd());
pgpDecryptTest.setIntegrity(false);
pgpDecryptTest.setHashAlgorithm(HashAlgorithmTags.SHA1);
pgpDecryptTest.setAlgorithm(SymmetricKeyAlgorithmTags.TRIPLE_DES);
pgpDecryptTest.setSignatureKeyFileName(Vault.TRDParty.keyFileName);
pgpDecryptTest.setSignatureKeyUserid(Vault.TRDParty.keyUserId);
pgpDecryptTest.setSignatureVerificationOption("ignore");

Any ideas? [edit] As per the request, here is the information on the PGP packets. The encrypted file that has the issue in Camel decryption:

gpg --list-packets 2015-140-1244-yf3ar85p3zsqpfgk73_resp.asc 
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxxxxxxxxx
    data: [2046 bits]

You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID XXXXXXXX, created 2015-05-18 (main key ID YYYYYYYYY)

:encrypted data packet:
    length: 52051
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
      "Your Key <you@company.com>"
:onepass_sig packet: keyid ABVBBBBBBBBBB
    version 3, sigclass 0x00, digest 2, pubkey 17, last=1
:literal data packet:
    mode b (62), created 1432151886, name="",
    raw data: 51945 bytes
:signature packet: algo 17, keyid CCCCCCCCCCCCCC
    version 4, created 1432151886, md5len 0, sigclass 0x00
    digest algo 2, begin of digest e4 5a
    hashed subpkt 2 len 4 (sig created 2015-05-20)
    subpkt 16 len 8 (issuer key ID CCCCCCCCCCCCCC)
    data: [159 bits]
    data: [160 bits]
gpg: WARNING: message was not integrity protected

Then to compare, I encrypted the (clear text version) of the same file's contents using gpg and then ran the list packets on it:

gpg --list-packets encrypted.asc 
:pubkey enc packet: version 3, algo 1, keyid XXXXXXXXXXX
    data: [2045 bits]

You need a passphrase to unlock the secret key for
user: "Your Key <you@company.com>"
2048-bit RSA key, ID 8EFFC26E, created 2015-05-18 (main key ID YYYYYYYYY)

:encrypted data packet:
    length: unknown
    mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created 2015-05-18
      "Your Key <you@company.com>"
:compressed packet: algo=2
:literal data packet:
    mode b (62), created 1432321235, name="clear.out.xml",
    raw data: 51945 bytes

Answer 1

This issue is solved in Apache Camel-2.16.0 or later. Release note: https://issues.apache.org/jira/browse/CAMEL-9163

Answer 2

You should check with the party that is sending you the message and ask them whether the message was compressed while encrypting. For Camel 2.15 (and I assume older versions), Camel requires that PGP encrypted files be compressed. In Camel 2.16, they relaxed the requirement for compressed and encrypted files.

Also, to verify that uncompressed code is causing that error, you can try encrypting a file with "--compress-level 0". A compress level of 0 disables compression.

Source :http://camel.apache.org/crypto.html