private void verify(RopBind rop)
{
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
// we do not load any keys here since we'll use key provider
ses.set_key_provider(this, null);
String err_desc = null;
RopOutput output = null;
try {
// create file input and memory output objects for the signed message
// and verified message
err_desc = "Failed to open file 'signed.asc'. Did you run the sign example?";
RopInput input = rop.create_input("signed.asc");
err_desc = "Failed to create output object";
output = rop.create_output(0);
err_desc = "Failed to create verification context";
RopOpVerify verify = ses.op_verify_create(input, output);
err_desc = "Failed to execute verification operation";
verify.execute();
// now check signatures and get some info about them
err_desc = "Failed to get signature count";
int sigcount = verify.signature_count();
for (int idx = 0; idx < sigcount; idx++)
{
rop.tagging();
err_desc = String.Format("Failed to get signature {0}", idx);
RopVeriSignature sig = verify.get_signature_at(idx);
err_desc = String.Format("failed to get signature's {0} key", idx);
RopKey key = sig.get_key();
err_desc = String.Format("failed to get key id {0}", idx);
Console.WriteLine(String.Format("Status for signature from key {0} : {1}", key.keyid(), sig.status()));
rop.drop();
}
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
}
// get the verified message from the output structure
RopData buf = output.memory_get_buf(false);
Console.WriteLine(String.Format("Verified message: {0}", buf.getString()));
} finally {
rop.drop_from(alt);
}
}
/**
* basic pass provider implementation, which always return 'password' for key protection.
* You may ask for password via stdin, or choose password based on key properties, whatever else
*/
public SessionPassCallBack.Ret PassCallBack(RopSession ses, object ctx, RopKey key, string pgpCtx, int bufLen)
{
if (pgpCtx.CompareTo("protect") == 0)
{
return(new SessionPassCallBack.Ret(true, "password"));
}
return(new SessionPassCallBack.Ret(false, null));
}
private void output_keys(RopBind rop)
{
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
RopInput keyfile = null;
try {
// load keyrings
keyfile = rop.create_input("pubring.pgp");
// actually, we may exclude the public to not check key types
ses.load_keys_public(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to read pubring");
throw ex;
} finally {
rop.drop(keyfile);
}
keyfile = null;
try {
keyfile = rop.create_input("secring.pgp");
ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to read secring");
throw ex;
} finally {
rop.drop(keyfile);
}
try {
// print armored keys to the stdout
print_key(rop, ses, "rsa@key", false);
print_key(rop, ses, "rsa@key", true);
print_key(rop, ses, "25519@key", false);
print_key(rop, ses, "25519@key", true);
} catch (Exception ex) {
Console.WriteLine("Failed to print armored key(s)");
throw ex;
}
try {
// write armored keys to the files, named key-<keyid>-pub.asc/named key-<keyid>-sec.asc
export_key(rop, ses, "rsa@key", false);
export_key(rop, ses, "rsa@key", true);
export_key(rop, ses, "25519@key", false);
export_key(rop, ses, "25519@key", true);
} catch (Exception ex) {
Console.WriteLine("Failed to write armored key(s) to file");
throw ex;
}
} finally {
rop.drop_from(alt);
}
}
private void encrypt(RopBind rop)
{
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
RopInput keyfile = null;
try {
// load public keyring - we do not need secret for encryption
keyfile = rop.create_input("pubring.pgp");
// we may use secret=True and public=True as well
ses.load_keys_public(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to read pubring");
throw ex;
} finally {
rop.drop(keyfile);
}
try {
// create memory input and file output objects for the message and encrypted message
RopInput input = rop.create_input(new RopData(message), false);
RopOutput output = rop.create_output("encrypted.asc");
// create encryption operation
RopOpEncrypt encrpt = ses.op_encrypt_create(input, output);
// setup encryption parameters
encrpt.set_armor(true);
encrpt.set_file_name("message.txt");
encrpt.set_file_mtime(DateTime.Now);
encrpt.set_compression("ZIP", 6);
encrpt.set_cipher(RopBind.ALG_SYMM_AES_256);
encrpt.set_aead("None");
// locate recipient's key and add it to the operation context. While we search by userid
// (which is easier), you can search by keyid, fingerprint or grip.
RopKey key = ses.locate_key("userid", "rsa@key");
encrpt.add_recipient(key);
// add encryption password as well
encrpt.add_password("encpassword", RopBind.ALG_HASH_SHA256, 0, RopBind.ALG_SYMM_AES_256);
// execute encryption operation
encrpt.execute();
Console.WriteLine("Encryption succeded. Encrypted message written to file encrypted.asc");
} catch (RopError ex) {
Console.WriteLine("Encryption failed");
throw ex;
}
} finally {
rop.drop_from(alt);
}
}
private void export_key(RopBind rop, RopSession ses, String uid, bool secret)
{
// you may search for the key via userid, keyid, fingerprint, grip
RopKey key = ses.locate_key("userid", uid);
// get key's id and build filename
string filename = String.Format("key-{0}-{1}.asc", key.keyid(), secret? "sec" : "pub");
RopOutput keyfile = rop.create_output(filename);
try {
key.export(keyfile, !secret, secret, true, true);
} finally {
rop.drop(keyfile);
}
}
// this example function generates RSA/RSA and Eddsa/X25519 keypairs
private void generate_keys(RopBind rop)
{
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
try {
// set password provider
ses.set_pass_provider(this, null);
// generate EDDSA/X25519 keypair
RopData key_grips = ses.generate_key_json(new RopData(CURVE_25519_KEY_DESC));
// generate RSA keypair
key_grips = ses.generate_key_json(new RopData(RSA_KEY_DESC));
Console.WriteLine(String.Format("Generated RSA key/subkey:\n%s\n", key_grips));
} catch (RopError ex) {
Console.WriteLine("Failed to generate keys");
throw ex;
}
RopOutput keyfile = null;
try {
// create file output object and save public keyring with generated keys, overwriting
// previous file if any. You may use max_alloc here as well.
keyfile = rop.create_output("pubring.pgp");
ses.save_keys_public(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to save pubring");
throw ex;
} finally {
rop.drop(keyfile);
}
keyfile = null;
try {
// create file output object and save secret keyring with generated keys
keyfile = rop.create_output("secring.pgp");
ses.save_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to save secring");
throw ex;
} finally {
rop.drop(keyfile);
}
} finally {
rop.drop(alt);
}
}
private void decrypt(RopBind rop, bool usekeys)
{
int alt = rop.tagging();
try {
// initialize FFI object
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
// check whether we want to use key or password for decryption
if (usekeys)
{
RopInput keyfile = null;
try {
// load secret keyring, as it is required for public-key decryption. However, you may
// need to load public keyring as well to validate key's signatures.
keyfile = rop.create_input("secring.pgp");
// we may use secret=True and public=True as well
ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to read secring");
throw ex;
} finally {
rop.drop(keyfile);
}
}
// set the password provider
ses.set_pass_provider(this, null);
String buf = null;
try {
// create file input and memory output objects for the encrypted message and decrypted
// message
RopInput input = rop.create_input("encrypted.asc");
RopOutput output = rop.create_output(0);
ses.decrypt(input, output);
// get the decrypted message from the output structure
buf = output.memory_get_buf(false).getString();
} catch (RopError ex) {
Console.WriteLine("Public-key decryption failed");
throw ex;
}
Console.WriteLine(String.Format("Decrypted message ({0}):\n{1}\n", usekeys? "with key" : "with password", buf));
Decrypt.message = buf;
} finally {
rop.drop_from(alt);
}
}
// an example key provider
public void KeyCallBack(RopSession ses, object ctx, string identifier_type, string identifier, bool secret)
{
if (identifier_type.CompareTo("keyid") == 0)
{
String filename = String.Format("key-{0}-{1}.asc", identifier, secret? "sec" : "pub");
String err_desc = null;
try {
WeakReference <RopBind> rop = ses.getBind();
err_desc = String.Format("failed to open key file {0}", filename);
RopInput input = (rop.TryGetTarget(out RopBind bind)? bind.create_input(filename) : null);
err_desc = String.Format("failed to load key from file {0}", filename);
ses.load_keys(RopBind.KEYSTORE_GPG, input, true, true);
} catch (RopError) {
Console.WriteLine(err_desc);
}
}
}
/**
* This simple helper function just prints armored key, searched by userid, to stdout.
*/
private void print_key(RopBind rop, RopSession ses, string uid, bool secret)
{
// you may search for the key via userid, keyid, fingerprint, grip
RopKey key = ses.locate_key("userid", uid);
// create in-memory output structure to later use buffer
RopOutput keydata = rop.create_output(0);
try {
if (secret)
{
key.export_secret(keydata, true, true);
}
else
{
key.export_public(keydata, true, true);
}
// get key's contents from the output structure
RopData buf = keydata.memory_get_buf(false);
Console.WriteLine(buf.getString());
} finally {
rop.drop(keydata);
}
}
private void sign(RopBind rop)
{
string message = "ROP signing sample message";
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
RopInput keyfile = null;
string err_desc = null;
try {
// load secret keyring, as it is required for signing. However, you may need
// to load public keyring as well to validate key's signatures.
err_desc = "Failed to open secring.pgp. Did you run Generate.java sample?";
keyfile = rop.create_input("secring.pgp");
// we may use public=True and secret=True as well
err_desc = "Failed to read secring.pgp";
ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
} finally {
rop.drop(keyfile);
}
// set the password provider - we'll need password to unlock secret keys
ses.set_pass_provider(this, null);
// create file input and memory output objects for the encrypted message
// and decrypted message
RopOpSign sign = null;
try {
err_desc = "Failed to create input object";
RopInput input = rop.create_input(new RopData(message), false);
err_desc = "Failed to create output object";
RopOutput output = rop.create_output("signed.asc");
// initialize and configure sign operation, use op_sign_create(cleartext/detached)
// for cleartext or detached signature
err_desc = "Failed to create sign operation";
sign = ses.op_sign_create(input, output);
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
}
// armor, file name, compression
sign.set_armor(true);
sign.set_file_name("message.txt");
sign.set_file_mtime(DateTime.Now);
sign.set_compression("ZIP", 6);
// signatures creation time - by default will be set to the current time as well
sign.set_creation_time(DateTime.Now);
// signatures expiration time - by default will be 0, i.e. never expire
sign.set_expiration(TimeSpan.FromDays(365));
// set hash algorithm - should be compatible for all signatures
sign.set_hash(RopBind.ALG_HASH_SHA256);
try {
// now add signatures. First locate the signing key, then add and setup signature
// RSA signature
err_desc = "Failed to locate signing key rsa@key.";
RopKey key = ses.locate_key("userid", "rsa@key");
Sign.key_ids[0] = key.keyid();
Sign.key_fprints[0] = key.fprint();
err_desc = "Failed to add signature for key rsa@key.";
sign.add_signature(key);
// EdDSA signature
err_desc = "Failed to locate signing key 25519@key.";
key = ses.locate_key("userid", "25519@key");
Sign.key_ids[1] = key.keyid();
Sign.key_fprints[1] = key.fprint();
err_desc = "Failed to add signature for key 25519@key.";
sign.add_signature(key);
// finally do signing
err_desc = "Failed to add signature for key 25519@key.";
sign.execute();
Console.WriteLine("Signing succeeded. See file signed.asc.");
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
}
} finally {
rop.drop_from(alt);
}
}
// an example pass provider
public SessionPassCallBack.Ret PassCallBack(RopSession ses, object ctx, RopKey key, string pgpCtx, int bufLen)
{
return(new SessionPassCallBack.Ret(true, "password"));
}
