/// <summary> /// Encrypt the file. /// </summary> /// <param name="encrypted">The encrypted data stream.</param> /// <param name="filename">The path and file name to encrypt.</param> /// <param name="publicKey">The public key used for encryption.</param> /// <param name="protectedKeys">Should the public and secret key data be protected.</param> /// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param> /// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param> public void Encrypt(System.IO.Stream encrypted, string filename, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false, Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256) { // Read the public key data. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey); // If file is protected. if (protectedKeys) { encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted); } System.IO.Stream encOutput = null; try { // Create the encypted data generator. Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator( GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom()); encryptedDataGenerator.AddMethod(pgpPublicKey); // The input data buffer. Key.Bcpg.OpenPgp.PgpCompressedDataGenerator compressedData = new Key.Bcpg.OpenPgp.PgpCompressedDataGenerator(Key.Bcpg.CompressionAlgorithmTag.Uncompressed); // Write the encrypted data. encOutput = encryptedDataGenerator.Open(encrypted, new byte[1 << 16]); Key.Bcpg.OpenPgp.PgpUtilities.WriteFileToLiteralData( compressedData.Open(encOutput), Key.Bcpg.OpenPgp.PgpLiteralData.Binary, new FileInfo(filename), new byte[1 << 16]); // Close the streams. compressedData.Close(); encOutput.Close(); // If file is protected. if (protectedKeys) { encrypted.Close(); } } catch (Exception) { throw; } finally { if (encOutput != null) { encOutput.Close(); } } }
/// <summary> /// Encrypt the stream. /// </summary> /// <param name="encrypted">The encrypted data stream.</param> /// <param name="input">The data to encrypt.</param> /// <param name="publicKey">The public key used for encryption.</param> /// <param name="protectedKeys">Should the public and secret key data be protected.</param> /// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param> /// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param> public void Encrypt(System.IO.Stream encrypted, System.IO.Stream input, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false, Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256) { // Read the public key data. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey); // If file is protected. if (protectedKeys) { encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted); } System.IO.Stream encOutput = null; try { // Create the encypted data generator. Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator( GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom()); encryptedDataGenerator.AddMethod(pgpPublicKey); // The input data buffer. byte[] buffer = Compress(input, Key.Bcpg.CompressionAlgorithmTag.Uncompressed); // Write the encrypted data. encOutput = encryptedDataGenerator.Open(encrypted, (long)buffer.Length); encOutput.Write(buffer, 0, buffer.Length); encOutput.Close(); // If file is protected. if (protectedKeys) { encrypted.Close(); } } catch (Exception) { throw; } finally { if (encOutput != null) { encOutput.Close(); } } }
/// <summary> /// Public and secret key provider. /// </summary> /// <param name="publicKey">The public key data.</param> /// <param name="secretKey">The secret key data.</param> /// <param name="keyID">The unique key id of the public secret key pair.</param> /// <param name="password">The password used to protect the secret key.</param> /// <returns>The RSA cryto service provider.</returns> public RSACryptoServiceProvider PublicKeySecretKey(System.IO.Stream publicKey, System.IO.Stream secretKey, long keyID, string password = null) { // Read the public key data. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey); // Find the secret key Key.Bcpg.OpenPgp.PgpPrivateKey privateKey = null; Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle secretKeyRingBundle = new Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle(Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(secretKey)); // Find the private key (secret key). privateKey = FindSecretKey(secretKeyRingBundle, keyID, password.ToArray()); // Assign the rsa parameters. RSAParameters rsaPrivateParam = new RSAParameters(); Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)pgpPublicKey.GetKey(); Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)privateKey.Key; // Assign the rsa parameters. rsaPrivateParam.D = rsaCrtPrivateParam.Exponent.ToByteArrayUnsigned(); rsaPrivateParam.DP = rsaCrtPrivateParam.DP.ToByteArrayUnsigned(); rsaPrivateParam.DQ = rsaCrtPrivateParam.DQ.ToByteArrayUnsigned(); rsaPrivateParam.InverseQ = rsaCrtPrivateParam.QInv.ToByteArrayUnsigned(); rsaPrivateParam.P = rsaCrtPrivateParam.P.ToByteArrayUnsigned(); rsaPrivateParam.Q = rsaCrtPrivateParam.Q.ToByteArrayUnsigned(); rsaPrivateParam.Modulus = rsaPrivatePublic.Modulus.ToByteArrayUnsigned(); rsaPrivateParam.Exponent = rsaPrivatePublic.Exponent.ToByteArrayUnsigned(); // Create the encyption provider. RSACryptoServiceProvider rsaEncryptProvider = new RSACryptoServiceProvider(); rsaEncryptProvider.ImportParameters(rsaPrivateParam); // Return the rsa provider. return(rsaEncryptProvider); }
/// <summary> /// Verifies that a digital signature is valid by determining the hash value /// in the signature using the provided public key and comparing it to the hash /// value of the provided data. /// </summary> /// <param name="inputStream">The data that was signed.</param> /// <param name="signature">The signature data to be verified.</param> /// <param name="rsaProvider">The RSA crypto service provider.</param> /// <param name="hashAlgorithm">The hash algorithm to use to create the hash value.</param> /// <returns>True if the signature is valid; otherwise, false.</returns> public bool VerifyData(Stream inputStream, byte[] signature, RSACryptoServiceProvider rsaProvider, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512) { Stream signatureInput = null; try { // Export the signer public key parameters. RSAParameters rsaPublicKeySignerParam = rsaProvider.ExportParameters(false); Key.Crypto.Parameters.RsaKeyParameters rsaPublicKeySigner = new Key.Crypto.Parameters.RsaKeyParameters( false, new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Modulus), new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Exponent) ); signatureInput = new MemoryStream(signature); signatureInput = Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(signatureInput); // Get the public key. Key.Bcpg.OpenPgp.PgpPublicKey publicKey = new Key.Bcpg.OpenPgp.PgpPublicKey(Key.Bcpg.PublicKeyAlgorithmTag.RsaGeneral, rsaPublicKeySigner, DateTime.UtcNow); Key.Bcpg.OpenPgp.PgpObjectFactory pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(signatureInput); Key.Bcpg.OpenPgp.PgpSignatureList signatureList = null; Key.Bcpg.OpenPgp.PgpObject pgpObject = pgpFact.NextPgpObject(); // If the message is compressed. if (pgpObject is Key.Bcpg.OpenPgp.PgpCompressedData) { // Get the compression object. Key.Bcpg.OpenPgp.PgpCompressedData compressedData = (Key.Bcpg.OpenPgp.PgpCompressedData)pgpObject; pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(compressedData.GetDataStream()); signatureList = (Key.Bcpg.OpenPgp.PgpSignatureList)pgpFact.NextPgpObject(); } else { // Get the message list. signatureList = (Key.Bcpg.OpenPgp.PgpSignatureList)pgpObject; } // Load the public key into the pgp signer. Key.Bcpg.OpenPgp.PgpSignature pgpSignature = signatureList[0]; pgpSignature.InitVerify(publicKey); int ch; while ((ch = inputStream.ReadByte()) >= 0) { // Update the generator. pgpSignature.Update((byte)ch); } // Verify the signature. if (pgpSignature.Verify()) { // signature verified. return(true); } else { // signature verification failed. return(false); } } catch (Exception) { throw; } finally { if (signatureInput != null) { signatureInput.Close(); } } }