While I cannot give a detailed explanation of the details of the problem, here is a solution that works. First of all, it seems that various PGP implementations are very sensitive to which program was used to generate the keys used.
Script Failure:
- Creating Keys in PGP Desktop (RSA v4, 2048/2048)
- BouncyCastle Encryption (DH / DSS, Elgamal)
- BouncyCastle input (with RSA key)
- Success of decryption and signature verification in PGP Desktop.
- Decryption success, but signature verification fails on McAfee Business Server.
So that McAfee Business Server can verify the keys, either create the keys in BouncyCastle using the code from the BouncyCastle source code (Org.BouncyCastle.Bcpg.OpenPgp.Examples.RsaKeyRingGenerator) This code can be changed if you need certain key properties.
Another alternative is to use McAfee Business Server to generate keys. To do this, you need access to the software. I conducted tests with a trial version. (Which, by the way, was a pain in the neck to get up and run)
Update: all my tests were performed on E-Business Server 8.5.3 (trial version). I reached the point where I could encrypt and sign Bounty, decrypt and verify on the E-Business Server. It turns out that the third party uses E-Business Server 7.0, which refused to verify the signature. To get everything we needed, we had to create a V3 signature.
We changed from:
PgpSignatureGenerator pgpSignatureGenerator = new PgpSignatureGenerator(m_encryptionKeys.SecretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
to
PgpV3SignatureGenerator pgpV3SignatureGenerator = new PgpV3SignatureGenerator(m_encryptionKeys.SecretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);