Ejemplo n.º 1
0
        private void verify(RopBind rop)
        {
            int alt = rop.tagging();

            try {
                // initialize
                RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);

                // we do not load any keys here since we'll use key provider
                ses.set_key_provider(this, null);

                String    err_desc = null;
                RopOutput output   = null;
                try {
                    // create file input and memory output objects for the signed message
                    // and verified message
                    err_desc = "Failed to open file 'signed.asc'. Did you run the sign example?";
                    RopInput input = rop.create_input("signed.asc");

                    err_desc = "Failed to create output object";
                    output   = rop.create_output(0);

                    err_desc = "Failed to create verification context";
                    RopOpVerify verify = ses.op_verify_create(input, output);

                    err_desc = "Failed to execute verification operation";
                    verify.execute();

                    // now check signatures and get some info about them
                    err_desc = "Failed to get signature count";
                    int sigcount = verify.signature_count();

                    for (int idx = 0; idx < sigcount; idx++)
                    {
                        rop.tagging();

                        err_desc = String.Format("Failed to get signature {0}", idx);
                        RopVeriSignature sig = verify.get_signature_at(idx);

                        err_desc = String.Format("failed to get signature's {0} key", idx);
                        RopKey key = sig.get_key();

                        err_desc = String.Format("failed to get key id {0}", idx);

                        Console.WriteLine(String.Format("Status for signature from key {0} : {1}", key.keyid(), sig.status()));
                        rop.drop();
                    }
                } catch (RopError ex) {
                    Console.WriteLine(err_desc);
                    throw ex;
                }

                // get the verified message from the output structure
                RopData buf = output.memory_get_buf(false);
                Console.WriteLine(String.Format("Verified message: {0}", buf.getString()));
            } finally {
                rop.drop_from(alt);
            }
        }
Ejemplo n.º 2
0
        private void output_keys(RopBind rop)
        {
            int alt = rop.tagging();

            try {
                // initialize
                RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);

                RopInput keyfile = null;
                try {
                    // load keyrings
                    keyfile = rop.create_input("pubring.pgp");
                    // actually, we may exclude the public  to not check key types
                    ses.load_keys_public(RopBind.KEYSTORE_GPG, keyfile);
                } catch (RopError ex) {
                    Console.WriteLine("Failed to read pubring");
                    throw ex;
                } finally {
                    rop.drop(keyfile);
                }

                keyfile = null;
                try {
                    keyfile = rop.create_input("secring.pgp");
                    ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
                } catch (RopError ex) {
                    Console.WriteLine("Failed to read secring");
                    throw ex;
                } finally {
                    rop.drop(keyfile);
                }

                try {
                    // print armored keys to the stdout
                    print_key(rop, ses, "rsa@key", false);
                    print_key(rop, ses, "rsa@key", true);
                    print_key(rop, ses, "25519@key", false);
                    print_key(rop, ses, "25519@key", true);
                } catch (Exception ex) {
                    Console.WriteLine("Failed to print armored key(s)");
                    throw ex;
                }

                try {
                    // write armored keys to the files, named key-<keyid>-pub.asc/named key-<keyid>-sec.asc
                    export_key(rop, ses, "rsa@key", false);
                    export_key(rop, ses, "rsa@key", true);
                    export_key(rop, ses, "25519@key", false);
                    export_key(rop, ses, "25519@key", true);
                } catch (Exception ex) {
                    Console.WriteLine("Failed to write armored key(s) to file");
                    throw ex;
                }
            } finally {
                rop.drop_from(alt);
            }
        }
Ejemplo n.º 3
0
        private void encrypt(RopBind rop)
        {
            int alt = rop.tagging();

            try {
                // initialize
                RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);

                RopInput keyfile = null;
                try {
                    // load public keyring - we do not need secret for encryption
                    keyfile = rop.create_input("pubring.pgp");
                    // we may use secret=True and public=True as well
                    ses.load_keys_public(RopBind.KEYSTORE_GPG, keyfile);
                } catch (RopError ex) {
                    Console.WriteLine("Failed to read pubring");
                    throw ex;
                } finally {
                    rop.drop(keyfile);
                }

                try {
                    // create memory input and file output objects for the message and encrypted message
                    RopInput  input  = rop.create_input(new RopData(message), false);
                    RopOutput output = rop.create_output("encrypted.asc");
                    // create encryption operation
                    RopOpEncrypt encrpt = ses.op_encrypt_create(input, output);

                    // setup encryption parameters
                    encrpt.set_armor(true);
                    encrpt.set_file_name("message.txt");
                    encrpt.set_file_mtime(DateTime.Now);
                    encrpt.set_compression("ZIP", 6);
                    encrpt.set_cipher(RopBind.ALG_SYMM_AES_256);
                    encrpt.set_aead("None");

                    // locate recipient's key and add it to the operation context. While we search by userid
                    // (which is easier), you can search by keyid, fingerprint or grip.
                    RopKey key = ses.locate_key("userid", "rsa@key");
                    encrpt.add_recipient(key);
                    // add encryption password as well
                    encrpt.add_password("encpassword", RopBind.ALG_HASH_SHA256, 0, RopBind.ALG_SYMM_AES_256);

                    // execute encryption operation
                    encrpt.execute();

                    Console.WriteLine("Encryption succeded. Encrypted message written to file encrypted.asc");
                } catch (RopError ex) {
                    Console.WriteLine("Encryption failed");
                    throw ex;
                }
            } finally {
                rop.drop_from(alt);
            }
        }
Ejemplo n.º 4
0
        // this example function generates RSA/RSA and Eddsa/X25519 keypairs
        private void generate_keys(RopBind rop)
        {
            int alt = rop.tagging();

            try {
                // initialize
                RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);

                try {
                    // set password provider
                    ses.set_pass_provider(this, null);
                    // generate EDDSA/X25519 keypair
                    RopData key_grips = ses.generate_key_json(new RopData(CURVE_25519_KEY_DESC));
                    // generate RSA keypair
                    key_grips = ses.generate_key_json(new RopData(RSA_KEY_DESC));
                    Console.WriteLine(String.Format("Generated RSA key/subkey:\n%s\n", key_grips));
                } catch (RopError ex) {
                    Console.WriteLine("Failed to generate keys");
                    throw ex;
                }

                RopOutput keyfile = null;
                try {
                    // create file output object and save public keyring with generated keys, overwriting
                    // previous file if any. You may use max_alloc here as well.
                    keyfile = rop.create_output("pubring.pgp");
                    ses.save_keys_public(RopBind.KEYSTORE_GPG, keyfile);
                } catch (RopError ex) {
                    Console.WriteLine("Failed to save pubring");
                    throw ex;
                } finally {
                    rop.drop(keyfile);
                }

                keyfile = null;
                try {
                    // create file output object and save secret keyring with generated keys
                    keyfile = rop.create_output("secring.pgp");
                    ses.save_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
                } catch (RopError ex) {
                    Console.WriteLine("Failed to save secring");
                    throw ex;
                } finally {
                    rop.drop(keyfile);
                }
            } finally {
                rop.drop(alt);
            }
        }
Ejemplo n.º 5
0
        private void decrypt(RopBind rop, bool usekeys)
        {
            int alt = rop.tagging();

            try {
                // initialize FFI object
                RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);

                // check whether we want to use key or password for decryption
                if (usekeys)
                {
                    RopInput keyfile = null;
                    try {
                        // load secret keyring, as it is required for public-key decryption. However, you may
                        // need to load public keyring as well to validate key's signatures.
                        keyfile = rop.create_input("secring.pgp");
                        // we may use secret=True and public=True as well
                        ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
                    } catch (RopError ex) {
                        Console.WriteLine("Failed to read secring");
                        throw ex;
                    } finally {
                        rop.drop(keyfile);
                    }
                }

                // set the password provider
                ses.set_pass_provider(this, null);
                String buf = null;
                try {
                    // create file input and memory output objects for the encrypted message and decrypted
                    // message
                    RopInput  input  = rop.create_input("encrypted.asc");
                    RopOutput output = rop.create_output(0);
                    ses.decrypt(input, output);
                    // get the decrypted message from the output structure
                    buf = output.memory_get_buf(false).getString();
                } catch (RopError ex) {
                    Console.WriteLine("Public-key decryption failed");
                    throw ex;
                }

                Console.WriteLine(String.Format("Decrypted message ({0}):\n{1}\n", usekeys? "with key" : "with password", buf));
                Decrypt.message = buf;
            } finally {
                rop.drop_from(alt);
            }
        }
Ejemplo n.º 6
0
        private void sign(RopBind rop)
        {
            string message = "ROP signing sample message";

            int alt = rop.tagging();

            try {
                // initialize
                RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);

                RopInput keyfile  = null;
                string   err_desc = null;
                try {
                    // load secret keyring, as it is required for signing. However, you may need
                    // to load public keyring as well to validate key's signatures.
                    err_desc = "Failed to open secring.pgp. Did you run Generate.java sample?";
                    keyfile  = rop.create_input("secring.pgp");

                    // we may use public=True and secret=True as well
                    err_desc = "Failed to read secring.pgp";
                    ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
                } catch (RopError ex) {
                    Console.WriteLine(err_desc);
                    throw ex;
                } finally {
                    rop.drop(keyfile);
                }

                // set the password provider - we'll need password to unlock secret keys
                ses.set_pass_provider(this, null);

                // create file input and memory output objects for the encrypted message
                // and decrypted message
                RopOpSign sign = null;
                try {
                    err_desc = "Failed to create input object";
                    RopInput input = rop.create_input(new RopData(message), false);

                    err_desc = "Failed to create output object";
                    RopOutput output = rop.create_output("signed.asc");

                    // initialize and configure sign operation, use op_sign_create(cleartext/detached)
                    // for cleartext or detached signature
                    err_desc = "Failed to create sign operation";
                    sign     = ses.op_sign_create(input, output);
                } catch (RopError ex) {
                    Console.WriteLine(err_desc);
                    throw ex;
                }

                // armor, file name, compression
                sign.set_armor(true);
                sign.set_file_name("message.txt");
                sign.set_file_mtime(DateTime.Now);
                sign.set_compression("ZIP", 6);
                // signatures creation time - by default will be set to the current time as well
                sign.set_creation_time(DateTime.Now);
                // signatures expiration time - by default will be 0, i.e. never expire
                sign.set_expiration(TimeSpan.FromDays(365));
                // set hash algorithm - should be compatible for all signatures
                sign.set_hash(RopBind.ALG_HASH_SHA256);

                try {
                    // now add signatures. First locate the signing key, then add and setup signature
                    // RSA signature
                    err_desc = "Failed to locate signing key rsa@key.";
                    RopKey key = ses.locate_key("userid", "rsa@key");
                    Sign.key_ids[0]     = key.keyid();
                    Sign.key_fprints[0] = key.fprint();

                    err_desc = "Failed to add signature for key rsa@key.";
                    sign.add_signature(key);

                    // EdDSA signature
                    err_desc            = "Failed to locate signing key 25519@key.";
                    key                 = ses.locate_key("userid", "25519@key");
                    Sign.key_ids[1]     = key.keyid();
                    Sign.key_fprints[1] = key.fprint();

                    err_desc = "Failed to add signature for key 25519@key.";
                    sign.add_signature(key);

                    // finally do signing
                    err_desc = "Failed to add signature for key 25519@key.";
                    sign.execute();

                    Console.WriteLine("Signing succeeded. See file signed.asc.");
                } catch (RopError ex) {
                    Console.WriteLine(err_desc);
                    throw ex;
                }
            } finally {
                rop.drop_from(alt);
            }
        }