/// <summary>
/// Return a copy of the passed in secret key, encrypted using a new password
/// and the passed in algorithm.
/// </summary>
/// <param name="key">The PgpSecretKey to be copied.</param>
/// <param name="oldPassPhrase">The current password for the key.</param>
/// <param name="newPassPhrase">The new password for the key.</param>
/// <param name="newEncAlgorithm">The algorithm to be used for the encryption.</param>
/// <param name="rand">Source of randomness.</param>
public static PgpSecretKey CopyWithNewPassword(IPgpSecretKey key, char[] oldPassPhrase, char[] newPassPhrase, SymmetricKeyAlgorithmTag newEncAlgorithm, SecureRandom rand)
{
var rawKeyData = key.ExtractKeyData(oldPassPhrase);
var s2KUsage = key.SecretPacket.S2KUsage;
byte[] iv = null;
S2k s2K = null;
byte[] keyData;
if (newEncAlgorithm == SymmetricKeyAlgorithmTag.Null)
{
s2KUsage = SecretKeyPacket.UsageNone;
if (key.SecretPacket.S2KUsage == SecretKeyPacket.UsageSha1) // SHA-1 hash, need to rewrite Checksum
{
keyData = new byte[rawKeyData.Length - 18];
Array.Copy(rawKeyData, 0, keyData, 0, keyData.Length - 2);
var check = Checksum(false, keyData, keyData.Length - 2);
keyData[keyData.Length - 2] = check[0];
keyData[keyData.Length - 1] = check[1];
}
else
{
keyData = rawKeyData;
}
}
else
{
try
{
keyData = EncryptKeyData(rawKeyData, newEncAlgorithm, newPassPhrase, rand, out s2K, out iv);
}
catch (PgpException)
{
throw;
}
catch (Exception e)
{
throw new PgpException("Exception encrypting key", e);
}
}
SecretKeyPacket secret;
if (key.SecretPacket is SecretSubkeyPacket)
{
secret = new SecretSubkeyPacket(key.SecretPacket.PublicKeyPacket,
newEncAlgorithm, s2KUsage, s2K, iv, keyData);
}
else
{
secret = new SecretKeyPacket(key.SecretPacket.PublicKeyPacket,
newEncAlgorithm, s2KUsage, s2K, iv, keyData);
}
return(new PgpSecretKey(secret, key.PublicKey));
}
public PgpSecretKeyRing(IPacketReader packetReader)
{
this.keys = new List <PgpSecretKey>();
this.extraPubKeys = new List <PgpPublicKey>();
PacketTag initialTag = packetReader.NextPacketTag();
if (initialTag != PacketTag.SecretKey && initialTag != PacketTag.SecretSubkey)
{
throw new PgpUnexpectedPacketException();
}
SecretKeyPacket secret = (SecretKeyPacket)packetReader.ReadContainedPacket();
keys.Add(new PgpSecretKey(packetReader, secret, subKey: false));
// Read subkeys
while (packetReader.NextPacketTag() == PacketTag.SecretSubkey || packetReader.NextPacketTag() == PacketTag.PublicSubkey)
{
if (packetReader.NextPacketTag() == PacketTag.SecretSubkey)
{
SecretSubkeyPacket sub = (SecretSubkeyPacket)packetReader.ReadContainedPacket();
keys.Add(new PgpSecretKey(packetReader, sub, subKey: true));
}
else
{
PublicSubkeyPacket sub = (PublicSubkeyPacket)packetReader.ReadContainedPacket();
extraPubKeys.Add(new PgpPublicKey(packetReader, sub, subKey: true));
}
}
}
/// <summary>
/// Return a copy of the passed in secret key, encrypted using a new password
/// and the passed in algorithm.
/// </summary>
/// <remarks>
/// Allows the caller to handle the encoding of the passphrase to bytes.
/// </remarks>
/// <param name="key">The PgpSecretKey to be copied.</param>
/// <param name="rawOldPassPhrase">The current password for the key.</param>
/// <param name="rawNewPassPhrase">The new password for the key.</param>
public static PgpSecretKey CopyWithNewPassword(
PgpSecretKey key,
ReadOnlySpan <byte> rawOldPassPhrase,
ReadOnlySpan <byte> rawNewPassPhrase)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (key.IsPrivateKeyEmpty)
{
throw new PgpException("no private key in this SecretKey - public key present only.");
}
byte[] rawKeyData = CryptoPool.Rent(key.keyPacket.KeyBytes.Length - key.keyPacket.PublicKeyLength + 0x20);
try
{
S2kBasedEncryption.DecryptSecretKey(
rawOldPassPhrase,
key.keyPacket.KeyBytes.AsSpan(key.keyPacket.PublicKeyLength),
rawKeyData,
out int rawKeySize,
key.keyPacket.Version);
// Use the default S2K parameters
var s2kParameters = new S2kParameters();
var newKeyData = new byte[S2kBasedEncryption.GetEncryptedLength(s2kParameters, rawKeySize, key.keyPacket.Version) + key.keyPacket.PublicKeyLength];
key.keyPacket.KeyBytes.AsSpan(0, key.keyPacket.PublicKeyLength).CopyTo(newKeyData);
S2kBasedEncryption.EncryptSecretKey(
rawNewPassPhrase,
s2kParameters,
rawKeyData.AsSpan(0, rawKeySize),
newKeyData.AsSpan(key.keyPacket.PublicKeyLength),
key.keyPacket.Version);
SecretKeyPacket newKeyPacket;
if (key.keyPacket is SecretSubkeyPacket)
{
newKeyPacket = new SecretSubkeyPacket(key.Algorithm, key.CreationTime, newKeyData);
}
else
{
newKeyPacket = new SecretKeyPacket(key.Algorithm, key.CreationTime, newKeyData);
}
return(new PgpSecretKey(newKeyPacket, key));
}
finally
{
CryptoPool.Return(rawKeyData);
}
}
} //IL_0002: Unknown result type (might be due to invalid IL or missing references)
//IL_000c: Expected O, but got Unknown
public PgpSecretKeyRing(Stream inputStream)
{
//IL_004b: Unknown result type (might be due to invalid IL or missing references)
keys = Platform.CreateArrayList();
extraPubKeys = Platform.CreateArrayList();
BcpgInputStream bcpgInputStream = BcpgInputStream.Wrap(inputStream);
PacketTag packetTag = bcpgInputStream.NextPacketTag();
if (packetTag != PacketTag.SecretKey && packetTag != PacketTag.SecretSubkey)
{
int num = (int)packetTag;
throw new IOException("secret key ring doesn't start with secret key tag: tag 0x" + num.ToString("X"));
}
SecretKeyPacket secretKeyPacket = (SecretKeyPacket)bcpgInputStream.ReadPacket();
while (bcpgInputStream.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInputStream.ReadPacket();
}
TrustPacket trustPk = PgpKeyRing.ReadOptionalTrustPacket(bcpgInputStream);
global::System.Collections.IList keySigs = PgpKeyRing.ReadSignaturesAndTrust(bcpgInputStream);
PgpKeyRing.ReadUserIDs(bcpgInputStream, out var ids, out var idTrusts, out var idSigs);
keys.Add((object)new PgpSecretKey(secretKeyPacket, new PgpPublicKey(secretKeyPacket.PublicKeyPacket, trustPk, keySigs, ids, idTrusts, idSigs)));
while (bcpgInputStream.NextPacketTag() == PacketTag.SecretSubkey || bcpgInputStream.NextPacketTag() == PacketTag.PublicSubkey)
{
if (bcpgInputStream.NextPacketTag() == PacketTag.SecretSubkey)
{
SecretSubkeyPacket secretSubkeyPacket = (SecretSubkeyPacket)bcpgInputStream.ReadPacket();
while (bcpgInputStream.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInputStream.ReadPacket();
}
TrustPacket trustPk2 = PgpKeyRing.ReadOptionalTrustPacket(bcpgInputStream);
global::System.Collections.IList sigs = PgpKeyRing.ReadSignaturesAndTrust(bcpgInputStream);
keys.Add((object)new PgpSecretKey(secretSubkeyPacket, new PgpPublicKey(secretSubkeyPacket.PublicKeyPacket, trustPk2, sigs)));
}
else
{
PublicSubkeyPacket publicPk = (PublicSubkeyPacket)bcpgInputStream.ReadPacket();
TrustPacket trustPk3 = PgpKeyRing.ReadOptionalTrustPacket(bcpgInputStream);
global::System.Collections.IList sigs2 = PgpKeyRing.ReadSignaturesAndTrust(bcpgInputStream);
extraPubKeys.Add((object)new PgpPublicKey(publicPk, trustPk3, sigs2));
}
}
}
public PgpSecretKeyRing(Stream inputStream)
{
keys = Platform.CreateArrayList();
extraPubKeys = Platform.CreateArrayList();
BcpgInputStream bcpgInputStream = BcpgInputStream.Wrap(inputStream);
PacketTag packetTag = bcpgInputStream.NextPacketTag();
if (packetTag != PacketTag.SecretKey && packetTag != PacketTag.SecretSubkey)
{
int num = (int)packetTag;
throw new IOException("secret key ring doesn't start with secret key tag: tag 0x" + num.ToString("X"));
}
SecretKeyPacket secretKeyPacket = (SecretKeyPacket)bcpgInputStream.ReadPacket();
while (bcpgInputStream.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInputStream.ReadPacket();
}
TrustPacket trustPk = PgpKeyRing.ReadOptionalTrustPacket(bcpgInputStream);
IList keySigs = PgpKeyRing.ReadSignaturesAndTrust(bcpgInputStream);
PgpKeyRing.ReadUserIDs(bcpgInputStream, out IList ids, out IList idTrusts, out IList idSigs);
keys.Add(new PgpSecretKey(secretKeyPacket, new PgpPublicKey(secretKeyPacket.PublicKeyPacket, trustPk, keySigs, ids, idTrusts, idSigs)));
while (bcpgInputStream.NextPacketTag() == PacketTag.SecretSubkey || bcpgInputStream.NextPacketTag() == PacketTag.PublicSubkey)
{
if (bcpgInputStream.NextPacketTag() == PacketTag.SecretSubkey)
{
SecretSubkeyPacket secretSubkeyPacket = (SecretSubkeyPacket)bcpgInputStream.ReadPacket();
while (bcpgInputStream.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInputStream.ReadPacket();
}
TrustPacket trustPk2 = PgpKeyRing.ReadOptionalTrustPacket(bcpgInputStream);
IList sigs = PgpKeyRing.ReadSignaturesAndTrust(bcpgInputStream);
keys.Add(new PgpSecretKey(secretSubkeyPacket, new PgpPublicKey(secretSubkeyPacket.PublicKeyPacket, trustPk2, sigs)));
}
else
{
PublicSubkeyPacket publicPk = (PublicSubkeyPacket)bcpgInputStream.ReadPacket();
TrustPacket trustPk3 = PgpKeyRing.ReadOptionalTrustPacket(bcpgInputStream);
IList sigs2 = PgpKeyRing.ReadSignaturesAndTrust(bcpgInputStream);
extraPubKeys.Add(new PgpPublicKey(publicPk, trustPk3, sigs2));
}
}
}
public PgpSecretKeyRing(
Stream inputStream)
{
this.keys = Platform.CreateArrayList();
this.extraPubKeys = Platform.CreateArrayList();
BcpgInputStream bcpgInput = BcpgInputStream.Wrap(inputStream);
PacketTag initialTag = bcpgInput.NextPacketTag();
if (initialTag != PacketTag.SecretKey && initialTag != PacketTag.SecretSubkey)
{
throw new IOException("secret key ring doesn't start with secret key tag: "
+ "tag 0x" + ((int)initialTag).ToString("X"));
}
SecretKeyPacket secret = (SecretKeyPacket)bcpgInput.ReadPacket();
//
// ignore GPG comment packets if found.
//
while (bcpgInput.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInput.ReadPacket();
}
TrustPacket trust = ReadOptionalTrustPacket(bcpgInput);
// revocation and direct signatures
IList keySigs = ReadSignaturesAndTrust(bcpgInput);
IList ids, idTrusts, idSigs;
ReadUserIDs(bcpgInput, out ids, out idTrusts, out idSigs);
keys.Add(new PgpSecretKey(secret, new PgpPublicKey(secret.PublicKeyPacket, trust, keySigs, ids, idTrusts, idSigs)));
// Read subkeys
while (bcpgInput.NextPacketTag() == PacketTag.SecretSubkey ||
bcpgInput.NextPacketTag() == PacketTag.PublicSubkey)
{
if (bcpgInput.NextPacketTag() == PacketTag.SecretSubkey)
{
SecretSubkeyPacket sub = (SecretSubkeyPacket)bcpgInput.ReadPacket();
//
// ignore GPG comment packets if found.
//
while (bcpgInput.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInput.ReadPacket();
}
TrustPacket subTrust = ReadOptionalTrustPacket(bcpgInput);
IList sigList = ReadSignaturesAndTrust(bcpgInput);
keys.Add(new PgpSecretKey(sub, new PgpPublicKey(sub.PublicKeyPacket, subTrust, sigList)));
}
else
{
PublicSubkeyPacket sub = (PublicSubkeyPacket)bcpgInput.ReadPacket();
TrustPacket subTrust = ReadOptionalTrustPacket(bcpgInput);
IList sigList = ReadSignaturesAndTrust(bcpgInput);
extraPubKeys.Add(new PgpPublicKey(sub, subTrust, sigList));
}
}
}
public PgpSecretKeyRing(
Stream inputStream)
{
this.keys = new ArrayList();
BcpgInputStream bcpgInput = BcpgInputStream.Wrap(inputStream);
PacketTag initialTag = bcpgInput.NextPacketTag();
if (initialTag != PacketTag.SecretKey && initialTag != PacketTag.SecretSubkey)
{
throw new IOException(
"secret key ring doesn't start with secret key tag: " +
"tag 0x" + initialTag.ToString("X"));
}
SecretKeyPacket secret = (SecretKeyPacket)bcpgInput.ReadPacket();
TrustPacket trust = null;
ArrayList keySigs = new ArrayList();
ArrayList ids = new ArrayList();
ArrayList idTrusts = new ArrayList();
ArrayList idSigs = new ArrayList();
IDigest sha;
try
{
sha = DigestUtilities.GetDigest("SHA1");
}
catch (Exception)
{
throw new IOException("can't find SHA1 digest");
}
//
// ignore GPG comment packets if found.
//
while (bcpgInput.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInput.ReadPacket();
}
if (bcpgInput.NextPacketTag() == PacketTag.Trust)
{
trust = (TrustPacket)bcpgInput.ReadPacket(); // ignore for the moment
}
//
// revocation and direct signatures
//
while (bcpgInput.NextPacketTag() == PacketTag.Signature)
{
try
{
keySigs.Add(new PgpSignature(bcpgInput));
}
catch (PgpException e)
{
throw new IOException("can't create signature object: " + e.Message + ", cause: " + e.InnerException.ToString());
}
}
while (bcpgInput.NextPacketTag() == PacketTag.UserId ||
bcpgInput.NextPacketTag() == PacketTag.UserAttribute)
{
object obj = bcpgInput.ReadPacket();
ArrayList sigList = new ArrayList();
if (obj is UserIdPacket)
{
UserIdPacket id = (UserIdPacket)obj;
ids.Add(id.GetId());
}
else
{
UserAttributePacket user = (UserAttributePacket)obj;
ids.Add(new PgpUserAttributeSubpacketVector(user.GetSubpackets()));
}
if (bcpgInput.NextPacketTag() == PacketTag.Trust)
{
idTrusts.Add(bcpgInput.ReadPacket());
}
else
{
idTrusts.Add(null);
}
idSigs.Add(sigList);
while (bcpgInput.NextPacketTag() == PacketTag.Signature)
{
SignaturePacket s = (SignaturePacket)bcpgInput.ReadPacket();
if (bcpgInput.NextPacketTag() == PacketTag.Trust)
{
sigList.Add(new PgpSignature(s, (TrustPacket)bcpgInput.ReadPacket()));
}
else
{
sigList.Add(new PgpSignature(s));
}
}
}
keys.Add(new PgpSecretKey(secret, trust, sha, keySigs, ids, idTrusts, idSigs));
while (bcpgInput.NextPacketTag() == PacketTag.SecretSubkey)
{
SecretSubkeyPacket sub = (SecretSubkeyPacket)bcpgInput.ReadPacket();
TrustPacket subTrust = null;
ArrayList sigList = new ArrayList();
//
// ignore GPG comment packets if found.
//
while (bcpgInput.NextPacketTag() == PacketTag.Experimental2)
{
bcpgInput.ReadPacket();
}
if (bcpgInput.NextPacketTag() == PacketTag.Trust)
{
subTrust = (TrustPacket)bcpgInput.ReadPacket();
}
while (bcpgInput.NextPacketTag() == PacketTag.Signature)
{
SignaturePacket s = (SignaturePacket)bcpgInput.ReadPacket();
if (bcpgInput.NextPacketTag() == PacketTag.Trust)
{
sigList.Add(new PgpSignature(s, (TrustPacket)bcpgInput.ReadPacket()));
}
else
{
sigList.Add(new PgpSignature(s));
}
}
keys.Add(new PgpSecretKey(sub, subTrust, sha, sigList));
}
}
/// <summary>
/// Return a copy of the passed in secret key, encrypted using a new password
/// and the passed in algorithm.
/// </summary>
/// <param name="key">The PgpSecretKey to be copied.</param>
/// <param name="oldPassPhrase">The current password for the key.</param>
/// <param name="newPassPhrase">The new password for the key.</param>
/// <param name="newEncAlgorithm">The algorithm to be used for the encryption.</param>
/// <param name="rand">Source of randomness.</param>
public static PgpSecretKey CopyWithNewPassword(IPgpSecretKey key, char[] oldPassPhrase, char[] newPassPhrase, SymmetricKeyAlgorithmTag newEncAlgorithm, SecureRandom rand)
{
var rawKeyData = key.ExtractKeyData(oldPassPhrase);
var s2KUsage = key.SecretPacket.S2KUsage;
byte[] iv = null;
S2k s2K = null;
byte[] keyData;
if (newEncAlgorithm == SymmetricKeyAlgorithmTag.Null)
{
s2KUsage = SecretKeyPacket.UsageNone;
if (key.SecretPacket.S2KUsage == SecretKeyPacket.UsageSha1) // SHA-1 hash, need to rewrite Checksum
{
keyData = new byte[rawKeyData.Length - 18];
Array.Copy(rawKeyData, 0, keyData, 0, keyData.Length - 2);
var check = Checksum(false, keyData, keyData.Length - 2);
keyData[keyData.Length - 2] = check[0];
keyData[keyData.Length - 1] = check[1];
}
else
{
keyData = rawKeyData;
}
}
else
{
try
{
keyData = EncryptKeyData(rawKeyData, newEncAlgorithm, newPassPhrase, rand, out s2K, out iv);
}
catch (PgpException)
{
throw;
}
catch (Exception e)
{
throw new PgpException("Exception encrypting key", e);
}
}
SecretKeyPacket secret;
if (key.SecretPacket is SecretSubkeyPacket)
{
secret = new SecretSubkeyPacket(key.SecretPacket.PublicKeyPacket,
newEncAlgorithm, s2KUsage, s2K, iv, keyData);
}
else
{
secret = new SecretKeyPacket(key.SecretPacket.PublicKeyPacket,
newEncAlgorithm, s2KUsage, s2K, iv, keyData);
}
return new PgpSecretKey(secret, key.PublicKey);
}
