While I can't give a thorough explanation as to the details of the problem, here is a solution that works.
First of all it seems that the different PGP implementations are very sensitive to which program was used to genereate the keys in use.
The failing scenario:
- Create keys in PGP Desktop (RSA v4, 2048/2048)
- Encrypt in BouncyCastle (DH/DSS, Elgamal)
- Sign in BouncyCastle (With the RSA key)
- Decryption and signature verification success in PGP Desktop.
- Decryption success but signature verification fails in McAfee Business Server.
In order to make McAfee Business Server succeed in verifying the keys either create the keys in BouncyCastle using the code from the BouncyCastle source code.(Org.BouncyCastle.Bcpg.OpenPgp.Examples.RsaKeyRingGenerator)
This code can be changed if you need specific key properties.
Another alternative is to use McAfee Business Server to generate the keys. For that you need access to the software. I did my tests with a trial version. (Which by the way was a pain in the neck to get up and running)
Update: I did all my tests on E-Business Server 8.5.3 (trial). I reached the point where I could encrypt and sign in Bounty and decrypt and verify in E-Business Server. Turns out the third party are using E-Business Server 7.0 which refused to verify the signature.
In order to get everything working we needed to create V3 signatures.
We changed from:
PgpSignatureGenerator pgpSignatureGenerator = new PgpSignatureGenerator(m_encryptionKeys.SecretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
to
PgpV3SignatureGenerator pgpV3SignatureGenerator = new PgpV3SignatureGenerator(m_encryptionKeys.SecretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);