/// <summary>
/// Attempt to sign then encrypt a message using PGP with the specified private and public keys.
/// </summary>
/// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param>
/// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param>
/// <param name="recipientPublicKey">BouncyCastle public key to be used for encryption.</param>
/// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param>
/// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param>
/// <returns>Whether the encryption completed successfully.</returns>
public bool PgpSignAndEncrypt(PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, PgpPublicKey recipientPublicKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes)
{
return(PgpSignAndEncrypt(senderPublicKey, senderPrivateKey, new List <PgpPublicKey>()
{
recipientPublicKey
}, hashAlgorithmTag, symmetricKeyAlgorithmTag));
}
/// <summary>
/// Calculates the signature for this package.
/// </summary>
/// <param name="package">
/// The package for whcih to calculate the signature.
/// </param>
/// <param name="privateKey">
/// The private key to use.
/// </param>
/// <param name="compressedPayloadStream">
/// The compressed payload.
/// </param>
public void CalculateSignature(RpmPackage package, PgpPrivateKey privateKey, Stream compressedPayloadStream)
{
RpmSignature signature = new RpmSignature(package);
using (MemoryStream headerStream = this.GetHeaderStream(package))
using (ConcatStream headerAndPayloadStream = new ConcatStream(leaveOpen: true, streams: new Stream[] { headerStream, compressedPayloadStream }))
{
SHA1 sha = SHA1.Create();
signature.Sha1Hash = sha.ComputeHash(headerStream);
MD5 md5 = MD5.Create();
signature.MD5Hash = md5.ComputeHash(headerAndPayloadStream);
// Verify the PGP signatures
// 3 for the header
headerStream.Position = 0;
signature.HeaderPgpSignature = PgpSigner.Sign(privateKey, headerStream);
headerAndPayloadStream.Position = 0;
signature.HeaderAndPayloadPgpSignature = PgpSigner.Sign(privateKey, headerAndPayloadStream);
// Verify the signature size (header + compressed payload)
signature.HeaderAndPayloadSize = (int)headerAndPayloadStream.Length;
}
// Verify the payload size (header + uncompressed payload)
using (Stream payloadStream = RpmPayloadReader.GetDecompressedPayloadStream(package, compressedPayloadStream))
{
signature.UncompressedPayloadSize = (int)payloadStream.Length;
}
}
/// <summary>
/// Helper for creating a PgpSignatureGenerator from private key file and its password
/// </summary>
/// <param name="stream">Stream to use for signature initialization</param>
/// <param name="input">Encryption task input</param>
/// <returns>PgpSignatureGenerator to be used when signing a file</returns>
internal static PgpSignatureGenerator InitPgpSignatureGenerator(Stream stream, PgpEncryptInput input)
{
HashAlgorithmTag hashAlgorithm = input.SigningSettings.SignatureHashAlgorithm.ConvertEnum <HashAlgorithmTag>();
try
{
PgpSecretKey secretKey = ReadSecretKey(input.SigningSettings.PrivateKeyFile);
PgpPrivateKey privateKey = secretKey.ExtractPrivateKey(input.SigningSettings.PrivateKeyPassword.ToCharArray());
var pgpSignatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, hashAlgorithm);
pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, privateKey);
foreach (string userId in secretKey.PublicKey.GetUserIds())
{
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
spGen.SetSignerUserId(false, userId);
pgpSignatureGenerator.SetHashedSubpackets(spGen.Generate());
// Just the first one!
break;
}
pgpSignatureGenerator.GenerateOnePassVersion(false).Encode(stream);
return(pgpSignatureGenerator);
}
catch (PgpException e)
{
throw new Exception("Private key extraction failed, password might be incorrect", e);
}
}
/*.......................................................................數位簽章開始*/
private static void SignFile(
string fileName, //欲作簽章的檔案名稱及位置
Stream keyIn, // Private key 的 File Stream
Stream outputStream, //簽章後的檔案 File Stream
char[] pass, // private Key 的 password
bool armor, //用途不明?? 範例預設true
bool compress //用途不明?? 範例預設true
)
{
if (armor)
{
outputStream = new ArmoredOutputStream(outputStream);
}
PgpSecretKey pgpSec = PgpExampleUtilities.ReadSecretKey(keyIn);
PgpPrivateKey pgpPrivKey = pgpSec.ExtractPrivateKey(pass);
PgpSignatureGenerator sGen = new PgpSignatureGenerator(pgpSec.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);
foreach (string userId in pgpSec.PublicKey.GetUserIds())
{
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
spGen.SetSignerUserId(false, userId);
sGen.SetHashedSubpackets(spGen.Generate());
// Just the first one!
break;
}
Stream cOut = outputStream;
PgpCompressedDataGenerator cGen = null;
if (compress)
{
cGen = new PgpCompressedDataGenerator(CompressionAlgorithmTag.ZLib);
cOut = cGen.Open(cOut);
}
BcpgOutputStream bOut = new BcpgOutputStream(cOut);
sGen.GenerateOnePassVersion(false).Encode(bOut);
FileInfo file = new FileInfo(fileName);
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
Stream lOut = lGen.Open(bOut, PgpLiteralData.Binary, file);
FileStream fIn = file.OpenRead();
int ch = 0;
while ((ch = fIn.ReadByte()) >= 0)
{
lOut.WriteByte((byte)ch);
sGen.Update((byte)ch);
}
fIn.Close();
lGen.Close();
sGen.Generate().Encode(bOut);
if (cGen != null)
{
cGen.Close();
}
if (armor)
{
outputStream.Close();
}
}
private static byte[] RevokePublicKey(PgpSecretKey sKey, char[] sPass, PgpPublicKey keyToSign, bool armour)
{
Stream os = new MemoryStream();
if (armour)
{
os = new ArmoredOutputStream(os);
}
PgpPrivateKey privKey = sKey.ExtractPrivateKey(sPass);
PgpSignatureGenerator sGen = new PgpSignatureGenerator(sKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.KeyRevocation, privKey);
BcpgOutputStream bOut = new BcpgOutputStream(os);
sGen.GenerateOnePassVersion(false).Encode(bOut);
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
spGen.SetRevocable(false, true);
DateTime baseDate = new DateTime(1970, 1, 1);
TimeSpan tSpan = DateTime.UtcNow - baseDate;
spGen.SetSignatureExpirationTime(false, tSpan.Seconds);
PgpSignatureSubpacketVector packetVector = spGen.Generate();
sGen.SetHashedSubpackets(packetVector);
bOut.Flush();
if (armour)
{
os.Close();
}
return(PgpPublicKey.AddCertification(keyToSign, sGen.Generate()).GetEncoded());
}
/// <summary>
/// Attempt to sign then encrypt a message using PGP with the specified private and public keys.
/// </summary>
/// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param>
/// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param>
/// <param name="recipientPublicKeys">Collection of BouncyCastle public keys to be used for encryption.</param>
/// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param>
/// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param>
/// <returns>Whether the encryption completed successfully.</returns>
public bool PgpSignAndEncrypt(PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, IEnumerable <PgpPublicKey> recipientPublicKeys, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes)
{
// Ensure a valid encoding.
if (BodyEncoding == null)
{
BodyEncoding = Encoding.UTF8;
}
// Attempt to sign.
bool signedAndEncrypted = false;
using (MemoryStream signedAndEncryptedMessageStream = new MemoryStream())
{
// Attempt to encrypt the message.
signedAndEncrypted = Pgp.SignAndEncrypt(BodyEncoding.GetBytes(Body), "", signedAndEncryptedMessageStream, senderPublicKey, senderPrivateKey, recipientPublicKeys, hashAlgorithmTag, symmetricKeyAlgorithmTag, true);
if (signedAndEncrypted)
{
signedAndEncrypted = true;
rawBody = BodyEncoding.GetString(signedAndEncryptedMessageStream.ToArray());
}
}
return(signedAndEncrypted);
}
/// <summary>
/// Attempt to decrypt a PGP protected message using the matching private key.
/// </summary>
/// <param name="message">Byte array containing the message to decrypt.</param>
/// <param name="decryptedMessageStream">Stream to write the decrypted message into.</param>
/// <param name="recipientPrivateKey">The BouncyCastle private key to be used for decryption.</param>
/// <remarks>The message should be passed in without ASCII Armor.</remarks>
/// <returns>Whether the decryption completed successfully.</returns>
public static bool Decrypt(byte[] message, Stream decryptedMessageStream, PgpPrivateKey recipientPrivateKey)
{
using (MemoryStream messageStream = new MemoryStream(message))
{
return(Decrypt(messageStream, decryptedMessageStream, recipientPrivateKey));
}
}
/// <summary>
/// Creates a RPM Package.
/// </summary>
/// <param name="archiveEntries">
/// The archive entries which make up the RPM package.
/// </param>
/// <param name="payloadStream">
/// A <see cref="Stream"/> which contains the CPIO archive for the RPM package.
/// </param>
/// <param name="name">
/// The name of the package.
/// </param>
/// <param name="version">
/// The version of the software.
/// </param>
/// <param name="arch">
/// The architecture targetted by the package.
/// </param>
/// <param name="release">
/// The release version.
/// </param>
/// <param name="createUser">
/// <see langword="true"/> to create a user account; otherwise, <see langword="false"/>.
/// </param>
/// <param name="userName">
/// The name of the user account to create.
/// </param>
/// <param name="installService">
/// <see langword="true"/> to install a system service, otherwise, <see langword="false"/>.
/// </param>
/// <param name="serviceName">
/// The name of the system service to create.
/// </param>
/// <param name="prefix">
/// A prefix to use.
/// </param>
/// <param name="additionalDependencies">
/// Additional dependencies to add to the RPM package.
/// </param>
/// <param name="additionalMetadata">
/// Any additional metadata.
/// </param>
/// <param name="privateKey">
/// The private key to use when signing the package.
/// </param>
/// <param name="targetStream">
/// The <see cref="Stream"/> to which to write the package.
/// </param>
public void CreatePackage(
List <ArchiveEntry> archiveEntries,
Stream payloadStream,
string name,
string version,
string arch,
string release,
bool createUser,
string userName,
bool installService,
string serviceName,
string prefix,
IEnumerable <PackageDependency> additionalDependencies,
Action <RpmMetadata> additionalMetadata,
PgpPrivateKey privateKey,
Stream targetStream)
{
this.CreatePackage(
archiveEntries,
payloadStream,
name,
version,
arch,
release,
createUser,
userName,
installService,
serviceName,
prefix,
additionalDependencies,
additionalMetadata,
new PackageSigner(privateKey),
targetStream);
}
private void DoTestKey(BigInteger keyId, string passphrase, bool utf8)
{
PgpSecretKeyRingBundle secretKeyRing = LoadSecretKeyCollection("secring.gpg");
PgpSecretKeyRing secretKey = secretKeyRing.GetSecretKeyRing(keyId.LongValue);
Assert.NotNull(secretKey, "Could not locate secret keyring with Id=" + keyId.ToString(16));
PgpSecretKey key = secretKey.GetSecretKey();
Assert.NotNull(key, "Could not locate secret key!");
try
{
char[] pass = passphrase.ToCharArray();
PgpPrivateKey privateKey = utf8
? key.ExtractPrivateKeyUtf8(pass)
: key.ExtractPrivateKey(pass);
Assert.IsTrue(privateKey.KeyId == keyId.LongValue);
}
catch (PgpException e)
{
throw new PgpException("Password incorrect!", e);
}
// all fine!
}
public static Stream Decrypt(Stream inputStream, PgpPrivateKey privateKey)
{
using Stream decoderStream = PgpUtilities.GetDecoderStream(inputStream);
PgpObjectFactory decoderFactory = new(decoderStream);
PgpEncryptedDataList dataList = decoderFactory.NextPgpObject() as PgpEncryptedDataList ?? (PgpEncryptedDataList)decoderFactory.NextPgpObject();
PgpPublicKeyEncryptedData data = dataList.GetEncryptedDataObjects().Cast <PgpPublicKeyEncryptedData>().First();
using Stream dataStream = data.GetDataStream(privateKey);
PgpObjectFactory dataFactory = new(dataStream);
if (dataFactory.NextPgpObject() is not PgpCompressedData compressedData)
{
throw new Exception();
}
using Stream compressedStream = compressedData.GetDataStream();
PgpObjectFactory factory = new(compressedStream);
PgpLiteralData literal = factory.NextPgpObject() as PgpLiteralData ?? (PgpLiteralData)factory.NextPgpObject();
MemoryStream output = new();
using (Stream input = literal.GetInputStream())
{
Streams.PipeAll(input, output);
}
output.Seek(0L, SeekOrigin.Begin);
return(output);
}
private void doTestTextSig(
PgpHashAlgorithm hashAlgorithm,
PgpKey pubKey,
PgpPrivateKey privKey,
byte[] data,
byte[] canonicalData,
int version = 4)
{
MemoryStream bOut = new MemoryStream();
var messageGenerator = new PgpMessageGenerator(bOut);
using (var signingGenerator = messageGenerator.CreateSigned(PgpSignatureType.CanonicalTextDocument, privKey, PgpHashAlgorithm.Sha1, version))
using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Text, "_CONSOLE", DateTime.UtcNow))
{
literalStream.Write(data);
literalStream.Write(canonicalData);
}
/*if (sig.CreationTime == DateTimeOffset.FromUnixTimeSeconds(0).DateTime)
* {
* Fail("creation time not set in v4 signature");
* }*/
verifySignature(bOut.ToArray(), hashAlgorithm, pubKey, canonicalData);
}
public String DecryptKeycode(String privateKeyStr, String encryptedKeycode)
{
byte[] rawMessage = System.Text.Encoding.ASCII.GetBytes(encryptedKeycode);
Stream inputStream = new MemoryStream(rawMessage);
inputStream = PgpUtilities.GetDecoderStream(inputStream);
PgpObjectFactory pgpF = new PgpObjectFactory(inputStream);
PgpEncryptedDataList enc = null;
PgpObject o = pgpF.NextPgpObject();
//
// the first object might be a PGP marker packet.
//
if (o is PgpEncryptedDataList)
{
enc = (PgpEncryptedDataList)o;
}
else
{
enc = (PgpEncryptedDataList)pgpF.NextPgpObject();
}
byte[] decodedPrivateKey = System.Text.Encoding.ASCII.GetBytes(privateKeyStr);
PgpPrivateKey key = null;
Stream decodedStream = PgpUtilities.GetDecoderStream(new MemoryStream(decodedPrivateKey));
PgpSecretKeyRingBundle privRings = new PgpSecretKeyRingBundle(decodedStream);
PgpPublicKeyEncryptedData dataObject = null;
foreach (PgpPublicKeyEncryptedData encryptedData in enc.GetEncryptedDataObjects())
{
key = FindKeyById(privRings, encryptedData.KeyId);
dataObject = encryptedData;
}
if (key == null)
{
throw new SendSafely.Exceptions.InvalidKeyException("Can't find encryption key in key ring.");
}
Stream dataStream = dataObject.GetDataStream(key);
PgpObjectFactory pgpFact = new PgpObjectFactory(dataStream);
PgpLiteralData ld = (PgpLiteralData)pgpFact.NextPgpObject();
Stream unc = ld.GetInputStream();
String keycode;
using (StreamReader reader = new StreamReader(unc, Encoding.UTF8))
{
keycode = reader.ReadToEnd();
}
return(keycode);
}
private void MixedTest(
PgpPrivateKey pgpPrivKey,
PgpKey pgpPubKey)
{
byte[] text = Encoding.ASCII.GetBytes("hello world!\n");
MemoryStream bcOut = new MemoryStream();
var messageGenerator = new PgpMessageGenerator(bcOut);
using (var encryptedGenerator = messageGenerator.CreateEncrypted(PgpSymmetricKeyAlgorithm.Aes128, withIntegrityPacket: true))
{
encryptedGenerator.AddMethod(pgpPubKey);
encryptedGenerator.AddMethod("password", PgpHashAlgorithm.Sha1);
using (var literalStream = encryptedGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", DateTime.UtcNow))
{
literalStream.Write(text);
}
}
byte[] encData = bcOut.ToArray();
// Asymmetric
var encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(encData);
var literalMessage = (PgpLiteralMessage)encryptedMessage.DecryptMessage(pgpPrivKey);
CheckLiteralData(literalMessage, text);
// PBE
encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(encData);
literalMessage = (PgpLiteralMessage)encryptedMessage.DecryptMessage("password");
CheckLiteralData(literalMessage, text);
}
private void PerformTestSig(
PgpHashAlgorithm hashAlgorithm,
PgpKey pubKey,
PgpPrivateKey privKey)
{
const string data = "hello world!";
byte[] dataBytes = Encoding.ASCII.GetBytes(data);
DateTime testDateTime = new DateTime(1973, 7, 27);
MemoryStream bOut = new MemoryStream();
var messageGenerator = new PgpMessageGenerator(bOut);
using (var compressedGenerator = messageGenerator.CreateCompressed(PgpCompressionAlgorithm.Zip))
using (var signingGenerator = compressedGenerator.CreateSigned(PgpSignatureType.BinaryDocument, privKey, hashAlgorithm))
using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDateTime))
{
literalStream.Write(dataBytes);
}
// Verify generated signature
bOut.Position = 0;
var compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(bOut);
var signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage();
var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage();
Assert.AreEqual(testDateTime, literalMessage.ModificationTime);
literalMessage.GetStream().CopyTo(Stream.Null);
Assert.IsTrue(signedMessage.Verify(pubKey));
}
private static PgpObjectFactory getClearDataStream(PgpPrivateKey privateKey, PgpPublicKeyEncryptedData publicKeyED)
{
Stream clearStream = publicKeyED.GetDataStream(privateKey);
PgpObjectFactory clearFactory = new PgpObjectFactory(clearStream);
return(clearFactory);
}
public void Generate()
{
// Master/Signing key
var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
// Encryption key
var ecdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP256);
// Generate a key ring
var passPhrase = "test";
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase);
keyRingGen.AddSubKey(ecdh);
PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing();
// TODO: add check of KdfParameters
DoBasicKeyRingCheck(pubRing);
PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing();
PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded());
Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed");
PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded());
Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed");
PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase);
}
/*
* Helper for above.
*/
static byte [] SignPublicKey(
PgpSecretKey secretKey,
string password,
PgpPublicKey keyToBeSigned,
bool isCertain)
{
// Extracting private key, and getting ready to create a signature.
PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(password.ToCharArray());
PgpSignatureGenerator sGen = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
sGen.InitSign(isCertain ? PgpSignature.PositiveCertification : PgpSignature.CasualCertification, pgpPrivKey);
// Creating a stream to wrap the results of operation.
Stream os = new MemoryStream();
BcpgOutputStream bOut = new BcpgOutputStream(os);
sGen.GenerateOnePassVersion(false).Encode(bOut);
// Creating a generator.
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
PgpSignatureSubpacketVector packetVector = spGen.Generate();
sGen.SetHashedSubpackets(packetVector);
bOut.Flush();
// Returning the signed public key.
return(PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded());
}
public void decrypt(Stream input, string outputpath)
{
input = PgpUtilities.GetDecoderStream(input);
try
{
PgpObjectFactory pgpObjF = new PgpObjectFactory(input);
PgpEncryptedDataList enc;
PgpObject obj = pgpObjF.NextPgpObject();
if (obj is PgpEncryptedDataList)
{
enc = (PgpEncryptedDataList)obj;
}
else
{
enc = (PgpEncryptedDataList)pgpObjF.NextPgpObject();
}
PgpPrivateKey privKey = pgpKeys.PrivateKey;
PgpPublicKeyEncryptedData pbe = null;
foreach (PgpPublicKeyEncryptedData pked in enc.GetEncryptedDataObjects())
{
if (privKey != null)
{
pbe = pked;
break;
}
}
Stream clear = pbe.GetDataStream(privKey);
PgpObjectFactory plainFact = new PgpObjectFactory(clear);
PgpObject message = plainFact.NextPgpObject();
if (message is PgpCompressedData)
{
PgpCompressedData cData = (PgpCompressedData)message;
Stream compDataIn = cData.GetDataStream();
PgpObjectFactory o = new PgpObjectFactory(compDataIn);
message = o.NextPgpObject();
if (message is PgpOnePassSignatureList)
{
message = o.NextPgpObject();
PgpLiteralData Ld = null;
Ld = (PgpLiteralData)message;
Stream output = File.Create(outputpath + "\\" + Ld.FileName);
Stream unc = Ld.GetInputStream();
Streams.PipeAll(unc, output);
}
else
{
PgpLiteralData Ld = null;
Ld = (PgpLiteralData)message;
Stream output = File.Create(outputpath + "\\" + Ld.FileName);
Stream unc = Ld.GetInputStream();
Streams.PipeAll(unc, output);
}
}
}
catch (Exception e)
{
throw new Exception(e.Message);
}
}
private PgpSignatureGenerator signatureGenerator(string keyPassPhrase)
{
PgpSignatureGenerator generator = new PgpSignatureGenerator(key.PublicKey.Algorithm, Org.BouncyCastle.Bcpg.HashAlgorithmTag.Sha512);
PgpPrivateKey privateKey = extractPGPPrivateKey(keyPassPhrase.ToCharArray());
init(generator, PgpPrivateKey);
return generator;
}
private string signEnvelopeData(string msg)
{
Stream privateKeyStream = getPrivateKeyStream(_privateKey);
MemoryStream result = new MemoryStream();
ArmoredOutputStream aOut = new ArmoredOutputStream(result);
BcpgOutputStream bOut = null;
char[] privateKeyPassword = _passPhrase.ToCharArray();
var utf8Encoding = new System.Text.UTF8Encoding();
try
{
PgpSecretKey sk = readSecretKey(privateKeyStream);
PgpPrivateKey pk = sk.ExtractPrivateKey(privateKeyPassword);
PgpSignatureGenerator sigGen = new PgpSignatureGenerator(sk.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
var enumerator = sk.PublicKey.GetUserIds().GetEnumerator();
if (enumerator.MoveNext())
{
spGen.SetSignerUserId(false, (string)enumerator.Current);
sigGen.SetHashedSubpackets(spGen.Generate());
}
aOut.BeginClearText(HashAlgorithmTag.Sha256);
sigGen.InitSign(PgpSignature.CanonicalTextDocument, pk);
byte[] msgBytes = utf8Encoding.GetBytes(msg);
sigGen.Update(msgBytes, 0, msgBytes.Length);
aOut.Write(msgBytes, 0, msgBytes.Length);
bOut = new BcpgOutputStream(aOut);
aOut.EndClearText();
sigGen.Generate().Encode(bOut);
using (BinaryReader br = new BinaryReader(result))
{
br.BaseStream.Position = 0;
return(utf8Encoding.GetString(br.ReadBytes((int)result.Length)));
}
}
catch (Exception e)
{ Console.WriteLine("This happened: " + e.Message);
throw new Exception("Signing Failed: " + e.Message); }
finally
{
try
{
if (privateKeyStream != null)
{
privateKeyStream.Close();
}
//if(bOut != null)
//bOut.Close();
//aOut.Close();
result.Close();
} catch (IOException) {}
}
}
private void generateTest(
string message,
string type)
{
PgpSecretKey pgpSecKey = ReadSecretKey(new MemoryStream(secretKey));
PgpPrivateKey pgpPrivKey = pgpSecKey.ExtractPrivateKey("".ToCharArray());
PgpSignatureGenerator sGen = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
sGen.InitSign(PgpSignature.CanonicalTextDocument, pgpPrivKey);
IEnumerator it = pgpSecKey.PublicKey.GetUserIds().GetEnumerator();
if (it.MoveNext())
{
spGen.SetSignerUserId(false, (string)it.Current);
sGen.SetHashedSubpackets(spGen.Generate());
}
MemoryStream bOut = new MemoryStream();
ArmoredOutputStream aOut = new ArmoredOutputStream(bOut);
MemoryStream bIn = new MemoryStream(Encoding.ASCII.GetBytes(message), false);
aOut.BeginClearText(HashAlgorithmTag.Sha256);
//
// note the last \n m_in the file is ignored
//
MemoryStream lineOut = new MemoryStream();
int lookAhead = ReadInputLine(lineOut, bIn);
ProcessLine(aOut, sGen, lineOut.ToArray());
if (lookAhead != -1)
{
do
{
lookAhead = ReadInputLine(lineOut, lookAhead, bIn);
sGen.Update((byte)'\r');
sGen.Update((byte)'\n');
ProcessLine(aOut, sGen, lineOut.ToArray());
}while (lookAhead != -1);
}
aOut.EndClearText();
BcpgOutputStream bcpgOut = new BcpgOutputStream(aOut);
sGen.Generate().Encode(bcpgOut);
aOut.Close();
byte[] bs = bOut.ToArray();
messageTest(Encoding.ASCII.GetString(bs, 0, bs.Length), type);
}
public bool Unlock(string password)
{
try {
key = secret.ExtractPrivateKey(password.ToCharArray());
return(true);
} catch (Exception) {
return(false);
}
}
public PackageSigner(PgpPrivateKey privateKey)
{
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
this.privateKey = privateKey;
}
public static PgpKeyPair Convert(PublicKeyAlgorithmTag algorithmTag, AsymmetricKeyPair <AsymmetricRsaPublicKey, AsymmetricRsaPrivateKey> kp, DateTime date)
{
PublicKeyPacket pubPacket = new PublicKeyPacket(algorithmTag, date, new RsaPublicBcpgKey(kp.PublicKey.Modulus, kp.PublicKey.PublicExponent));
PgpPublicKey pubKey = new PgpPublicKey(pubPacket, new PgpKeyFingerprintCalculator());
PgpPrivateKey privKey = new PgpPrivateKey(pubKey.KeyId, pubPacket, new RsaSecretBcpgKey(kp.PrivateKey.PrivateExponent, kp.PrivateKey.P, kp.PrivateKey.Q));
return(new PgpKeyPair(pubKey, privKey));
}
private void Generate()
{
SecureRandom random = SecureRandom.GetInstance("SHA1PRNG");
//
// Generate a master key
//
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random));
AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair();
PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow);
//
// Generate an encryption key
//
keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH");
keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random));
AsymmetricCipherKeyPair kpEnc = keyGen.GenerateKeyPair();
PgpKeyPair ecdhKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDH, kpEnc, DateTime.UtcNow);
//
// Generate a key ring
//
char[] passPhrase = "test".ToCharArray();
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair,
"*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random);
keyRingGen.AddSubKey(ecdhKeyPair);
PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing();
// TODO: add check of KdfParameters
DoBasicKeyRingCheck(pubRing);
PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing();
PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded());
if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded()))
{
Fail("public key ring encoding failed");
}
PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded());
if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded()))
{
Fail("secret key ring encoding failed");
}
PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase);
}
public string DecryptKeycode(string privateKeyStr, string encryptedKeycode)
{
var rawMessage = Encoding.ASCII.GetBytes(encryptedKeycode);
Stream inputStream = new MemoryStream(rawMessage);
inputStream = PgpUtilities.GetDecoderStream(inputStream);
var pgpF = new PgpObjectFactory(inputStream);
PgpEncryptedDataList enc;
var o = pgpF.NextPgpObject();
//
// the first object might be a PGP marker packet.
//
if (o is PgpEncryptedDataList list)
{
enc = list;
}
else
{
enc = (PgpEncryptedDataList)pgpF.NextPgpObject();
}
var decodedPrivateKey = Encoding.ASCII.GetBytes(privateKeyStr);
PgpPrivateKey key = null;
var decodedStream = PgpUtilities.GetDecoderStream(new MemoryStream(decodedPrivateKey));
var privRings = new PgpSecretKeyRingBundle(decodedStream);
PgpPublicKeyEncryptedData dataObject = null;
foreach (PgpPublicKeyEncryptedData encryptedData in enc.GetEncryptedDataObjects())
{
key = FindKeyById(privRings, encryptedData.KeyId);
dataObject = encryptedData;
}
if (key == null)
{
throw new InvalidKeyException("Can't find encryption key in key ring.");
}
var dataStream = dataObject.GetDataStream(key);
var pgpFact = new PgpObjectFactory(dataStream);
var ld = (PgpLiteralData)pgpFact.NextPgpObject();
var unc = ld.GetInputStream();
using var reader = new StreamReader(unc, Encoding.UTF8);
var keycode = reader.ReadToEnd();
return(keycode);
}
private PgpPrivateKey ReadPrivateKey(string password)
{
PgpPrivateKey privateKey = SecretKey.ExtractPrivateKey(password.ToCharArray());
if (privateKey != null)
{
return(privateKey);
}
throw new ArgumentException("No PGP Key Found");
}
private PgpPrivateKey ReadPrivateKey(string passPhrase)
{
PgpPrivateKey privateKey = SecretKey.ExtractPrivateKey(passPhrase.ToCharArray());
if (privateKey != null)
{
return(privateKey);
}
throw new ArgumentException("No private key found in secret key.");
}
public string Decrypt(string inputData)
{
PgpPrivateKey privateKey = this.privateKey;
var pgpData = System.Text.Encoding.ASCII.GetBytes(inputData);
byte[] decryptedData = Decrypt(pgpData, privateKey);
return(System.Text.Encoding.ASCII.GetString(decryptedData));
}
private void doTestSigV3(
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
PgpPublicKey pubKey,
PgpPrivateKey privKey)
{
byte[] bytes = generateV3BinarySig(privKey, encAlgorithm, hashAlgorithm);
verifySignature(bytes, hashAlgorithm, pubKey, TEST_DATA);
}
/**
* Generated signature test
*
* @param sKey
* @param pgpPrivKey
* @return test result
*/
public void GenerateTest(
PgpSecretKeyRing sKey,
PgpPublicKey pgpPubKey,
PgpPrivateKey pgpPrivKey)
{
string data = "hello world!";
MemoryStream bOut = new MemoryStream();
byte[] dataBytes = Encoding.ASCII.GetBytes(data);
MemoryStream testIn = new MemoryStream(dataBytes, false);
PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
IEnumerator enumerator = sKey.GetSecretKey().PublicKey.GetUserIds().GetEnumerator();
enumerator.MoveNext();
string primaryUserId = (string) enumerator.Current;
spGen.SetSignerUserId(true, primaryUserId);
sGen.SetHashedSubpackets(spGen.Generate());
PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator(
CompressionAlgorithmTag.Zip);
BcpgOutputStream bcOut = new BcpgOutputStream(cGen.Open(new UncloseableStream(bOut)));
sGen.GenerateOnePassVersion(false).Encode(bcOut);
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
DateTime testDateTime = new DateTime(1973, 7, 27);
Stream lOut = lGen.Open(
new UncloseableStream(bcOut),
PgpLiteralData.Binary,
"_CONSOLE",
dataBytes.Length,
testDateTime);
int ch;
while ((ch = testIn.ReadByte()) >= 0)
{
lOut.WriteByte((byte) ch);
sGen.Update((byte)ch);
}
lGen.Close();
sGen.Generate().Encode(bcOut);
cGen.Close();
PgpObjectFactory pgpFact = new PgpObjectFactory(bOut.ToArray());
PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject();
pgpFact = new PgpObjectFactory(c1.GetDataStream());
PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject();
PgpOnePassSignature ops = p1[0];
PgpLiteralData p2 = (PgpLiteralData) pgpFact.NextPgpObject();
if (!p2.ModificationTime.Equals(testDateTime))
{
Fail("Modification time not preserved");
}
Stream dIn = p2.GetInputStream();
ops.InitVerify(pgpPubKey);
while ((ch = dIn.ReadByte()) >= 0)
{
ops.Update((byte) ch);
}
PgpSignatureList p3 = (PgpSignatureList) pgpFact.NextPgpObject();
if (!ops.Verify(p3[0]))
{
Fail("Failed generated signature check");
}
}
private void PerformTestSig(
HashAlgorithmTag hashAlgorithm,
PgpPublicKey pubKey,
PgpPrivateKey privKey)
{
const string data = "hello world!";
byte[] dataBytes = Encoding.ASCII.GetBytes(data);
MemoryStream bOut = new UncloseableMemoryStream();
MemoryStream testIn = new MemoryStream(dataBytes, false);
PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.RsaGeneral, hashAlgorithm);
sGen.InitSign(PgpSignature.BinaryDocument, privKey);
PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Zip);
BcpgOutputStream bcOut = new BcpgOutputStream(cGen.Open(new UncloseableStream(bOut)));
sGen.GenerateOnePassVersion(false).Encode(bcOut);
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
DateTime testDateTime = new DateTime(1973, 7, 27);
Stream lOut = lGen.Open(
new UncloseableStream(bcOut),
PgpLiteralData.Binary,
"_CONSOLE",
dataBytes.Length,
testDateTime);
// TODO Need a stream object to automatically call Update?
// (via ISigner implementation of PgpSignatureGenerator)
int ch;
while ((ch = testIn.ReadByte()) >= 0)
{
lOut.WriteByte((byte)ch);
sGen.Update((byte)ch);
}
lOut.Close();
sGen.Generate().Encode(bcOut);
bcOut.Close();
//
// verify generated signature
//
PgpObjectFactory pgpFact = new PgpObjectFactory(bOut.ToArray());
PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject();
pgpFact = new PgpObjectFactory(c1.GetDataStream());
PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject();
PgpOnePassSignature ops = p1[0];
PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject();
if (!p2.ModificationTime.Equals(testDateTime))
{
Fail("Modification time not preserved");
}
Stream dIn = p2.GetInputStream();
ops.InitVerify(pubKey);
// TODO Need a stream object to automatically call Update?
// (via ISigner implementation of PgpSignatureGenerator)
while ((ch = dIn.ReadByte()) >= 0)
{
ops.Update((byte)ch);
}
PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject();
if (!ops.Verify(p3[0]))
{
Fail("Failed generated signature check - " + hashAlgorithm);
}
}
private void MixedTest(
PgpPrivateKey pgpPrivKey,
PgpPublicKey pgpPubKey)
{
byte[] text = Encoding.ASCII.GetBytes("hello world!\n");
//
// literal data
//
MemoryStream bOut = new MemoryStream();
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
Stream lOut = lGen.Open(
bOut,
PgpLiteralData.Binary,
PgpLiteralData.Console,
text.Length,
DateTime.UtcNow);
lOut.Write(text, 0, text.Length);
lGen.Close();
byte[] bytes = bOut.ToArray();
PgpObjectFactory f = new PgpObjectFactory(bytes);
CheckLiteralData((PgpLiteralData)f.NextPgpObject(), text);
MemoryStream bcOut = new MemoryStream();
PgpEncryptedDataGenerator encGen = new PgpEncryptedDataGenerator(
SymmetricKeyAlgorithmTag.Aes128,
true,
new SecureRandom());
encGen.AddMethod(pgpPubKey);
encGen.AddMethod("password".ToCharArray(), HashAlgorithmTag.Sha1);
Stream cOut = encGen.Open(bcOut, bytes.Length);
cOut.Write(bytes, 0, bytes.Length);
cOut.Close();
byte[] encData = bcOut.ToArray();
//
// asymmetric
//
PgpObjectFactory pgpF = new PgpObjectFactory(encData);
PgpEncryptedDataList encList = (PgpEncryptedDataList) pgpF.NextPgpObject();
PgpPublicKeyEncryptedData encP = (PgpPublicKeyEncryptedData)encList[0];
Stream clear = encP.GetDataStream(pgpPrivKey);
PgpObjectFactory pgpFact = new PgpObjectFactory(clear);
CheckLiteralData((PgpLiteralData)pgpFact.NextPgpObject(), text);
//
// PBE
//
pgpF = new PgpObjectFactory(encData);
encList = (PgpEncryptedDataList)pgpF.NextPgpObject();
PgpPbeEncryptedData encPbe = (PgpPbeEncryptedData) encList[1];
clear = encPbe.GetDataStream("password".ToCharArray());
pgpF = new PgpObjectFactory(clear);
CheckLiteralData((PgpLiteralData) pgpF.NextPgpObject(), text);
}
private void doTestSigV3(
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
PgpPublicKey pubKey,
PgpPrivateKey privKey)
{
byte[] bytes = generateV3BinarySig(privKey, encAlgorithm, hashAlgorithm);
verifySignature(bytes, hashAlgorithm, pubKey, TEST_DATA);
}
private byte[] generateV3BinarySig(
PgpPrivateKey privKey,
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm)
{
MemoryStream bOut = new MemoryStream();
MemoryStream testIn = new MemoryStream(TEST_DATA, false);
PgpV3SignatureGenerator sGen = new PgpV3SignatureGenerator(encAlgorithm, hashAlgorithm);
sGen.InitSign(PgpSignature.BinaryDocument, privKey);
sGen.GenerateOnePassVersion(false).Encode(bOut);
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
Stream lOut = lGen.Open(
new UncloseableStream(bOut),
PgpLiteralData.Binary,
"_CONSOLE",
TEST_DATA.Length * 2,
DateTime.UtcNow);
int ch;
while ((ch = testIn.ReadByte()) >= 0)
{
lOut.WriteByte((byte)ch);
sGen.Update((byte)ch);
}
lOut.Write(TEST_DATA, 0, TEST_DATA.Length);
sGen.Update(TEST_DATA);
lGen.Close();
sGen.Generate().Encode(bOut);
return bOut.ToArray();
}
private void doTestTextSigV3(
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
PgpPublicKey pubKey,
PgpPrivateKey privKey,
byte[] data,
byte[] canonicalData)
{
PgpV3SignatureGenerator sGen = new PgpV3SignatureGenerator(encAlgorithm, HashAlgorithmTag.Sha1);
MemoryStream bOut = new MemoryStream();
MemoryStream testIn = new MemoryStream(data, false);
sGen.InitSign(PgpSignature.CanonicalTextDocument, privKey);
sGen.GenerateOnePassVersion(false).Encode(bOut);
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
Stream lOut = lGen.Open(
new UncloseableStream(bOut),
PgpLiteralData.Text,
"_CONSOLE",
data.Length * 2,
DateTime.UtcNow);
int ch;
while ((ch = testIn.ReadByte()) >= 0)
{
lOut.WriteByte((byte)ch);
sGen.Update((byte)ch);
}
lOut.Write(data, 0, data.Length);
sGen.Update(data);
lGen.Close();
PgpSignature sig = sGen.Generate();
if (sig.CreationTime == DateTimeUtilities.UnixMsToDateTime(0))
{
Fail("creation time not set in v3 signature");
}
sig.Encode(bOut);
verifySignature(bOut.ToArray(), hashAlgorithm, pubKey, canonicalData);
}
