Example #1
0
        /*
         * Helper for above.
         */
        static byte [] SignPublicKey(
            PgpSecretKey secretKey,
            string password,
            PgpPublicKey keyToBeSigned,
            bool isCertain)
        {
            // Extracting private key, and getting ready to create a signature.
            PgpPrivateKey         pgpPrivKey = secretKey.ExtractPrivateKey(password.ToCharArray());
            PgpSignatureGenerator sGen       = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);

            sGen.InitSign(isCertain ? PgpSignature.PositiveCertification : PgpSignature.CasualCertification, pgpPrivKey);

            // Creating a stream to wrap the results of operation.
            Stream           os   = new MemoryStream();
            BcpgOutputStream bOut = new BcpgOutputStream(os);

            sGen.GenerateOnePassVersion(false).Encode(bOut);

            // Creating a generator.
            PgpSignatureSubpacketGenerator spGen        = new PgpSignatureSubpacketGenerator();
            PgpSignatureSubpacketVector    packetVector = spGen.Generate();

            sGen.SetHashedSubpackets(packetVector);
            bOut.Flush();

            // Returning the signed public key.
            return(PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded());
        }
Example #2
0
        /// <summary>
        /// Helper for creating a PgpSignatureGenerator from private key file and its password
        /// </summary>
        /// <param name="stream">Stream to use for signature initialization</param>
        /// <param name="input">Encryption task input</param>
        /// <returns>PgpSignatureGenerator to be used when signing a file</returns>
        internal static PgpSignatureGenerator InitPgpSignatureGenerator(Stream stream, PgpEncryptInput input)
        {
            HashAlgorithmTag hashAlgorithm = input.SigningSettings.SignatureHashAlgorithm.ConvertEnum <HashAlgorithmTag>();

            try
            {
                PgpSecretKey  secretKey  = ReadSecretKey(input.SigningSettings.PrivateKeyFile);
                PgpPrivateKey privateKey = secretKey.ExtractPrivateKey(input.SigningSettings.PrivateKeyPassword.ToCharArray());

                var pgpSignatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, hashAlgorithm);
                pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, privateKey);

                foreach (string userId in secretKey.PublicKey.GetUserIds())
                {
                    PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
                    spGen.SetSignerUserId(false, userId);
                    pgpSignatureGenerator.SetHashedSubpackets(spGen.Generate());
                    // Just the first one!
                    break;
                }

                pgpSignatureGenerator.GenerateOnePassVersion(false).Encode(stream);
                return(pgpSignatureGenerator);
            }
            catch (PgpException e)
            {
                throw new Exception("Private key extraction failed, password might be incorrect", e);
            }
        }
Example #3
0
        /*.......................................................................數位簽章開始*/


        private static void SignFile(
            string fileName,     //欲作簽章的檔案名稱及位置
            Stream keyIn,        // Private key 的 File Stream
            Stream outputStream, //簽章後的檔案 File Stream
            char[] pass,         // private Key 的 password
            bool armor,          //用途不明?? 範例預設true
            bool compress        //用途不明?? 範例預設true
            )
        {
            if (armor)
            {
                outputStream = new ArmoredOutputStream(outputStream);
            }
            PgpSecretKey          pgpSec     = PgpExampleUtilities.ReadSecretKey(keyIn);
            PgpPrivateKey         pgpPrivKey = pgpSec.ExtractPrivateKey(pass);
            PgpSignatureGenerator sGen       = new PgpSignatureGenerator(pgpSec.PublicKey.Algorithm, HashAlgorithmTag.Sha256);

            sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);
            foreach (string userId in pgpSec.PublicKey.GetUserIds())
            {
                PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
                spGen.SetSignerUserId(false, userId);
                sGen.SetHashedSubpackets(spGen.Generate());
                // Just the first one!
                break;
            }
            Stream cOut = outputStream;
            PgpCompressedDataGenerator cGen = null;

            if (compress)
            {
                cGen = new PgpCompressedDataGenerator(CompressionAlgorithmTag.ZLib);
                cOut = cGen.Open(cOut);
            }
            BcpgOutputStream bOut = new BcpgOutputStream(cOut);

            sGen.GenerateOnePassVersion(false).Encode(bOut);
            FileInfo file = new FileInfo(fileName);
            PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
            Stream     lOut = lGen.Open(bOut, PgpLiteralData.Binary, file);
            FileStream fIn  = file.OpenRead();
            int        ch   = 0;

            while ((ch = fIn.ReadByte()) >= 0)
            {
                lOut.WriteByte((byte)ch);
                sGen.Update((byte)ch);
            }
            fIn.Close();
            lGen.Close();
            sGen.Generate().Encode(bOut);
            if (cGen != null)
            {
                cGen.Close();
            }
            if (armor)
            {
                outputStream.Close();
            }
        }
Example #4
0
        private PgpSignatureGenerator InitSignatureGenerator(Stream compressedOut)
        {
            const bool IsCritical = false;

            const bool IsNested = false;

            PublicKeyAlgorithmTag tag = m_encryptionKeys.SecretKey.PublicKey.Algorithm;

            PgpSignatureGenerator pgpSignatureGenerator =

                new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1);

            pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, m_encryptionKeys.PrivateKey);

            foreach (string userId in m_encryptionKeys.SecretKey.PublicKey.GetUserIds())
            {
                PgpSignatureSubpacketGenerator subPacketGenerator =
                    new PgpSignatureSubpacketGenerator();

                subPacketGenerator.SetSignerUserId(IsCritical, userId);

                pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate());

                // Just the first one!

                break;
            }

            pgpSignatureGenerator.GenerateOnePassVersion(IsNested).Encode(compressedOut);

            return(pgpSignatureGenerator);
        }
Example #5
0
        private static byte[] RevokePublicKey(PgpSecretKey sKey, char[] sPass, PgpPublicKey keyToSign, bool armour)
        {
            Stream os = new MemoryStream();

            if (armour)
            {
                os = new ArmoredOutputStream(os);
            }

            PgpPrivateKey         privKey = sKey.ExtractPrivateKey(sPass);
            PgpSignatureGenerator sGen    = new PgpSignatureGenerator(sKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.KeyRevocation, privKey);
            BcpgOutputStream bOut = new BcpgOutputStream(os);

            sGen.GenerateOnePassVersion(false).Encode(bOut);
            PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();

            spGen.SetRevocable(false, true);
            DateTime baseDate = new DateTime(1970, 1, 1);
            TimeSpan tSpan    = DateTime.UtcNow - baseDate;

            spGen.SetSignatureExpirationTime(false, tSpan.Seconds);
            PgpSignatureSubpacketVector packetVector = spGen.Generate();

            sGen.SetHashedSubpackets(packetVector);
            bOut.Flush();

            if (armour)
            {
                os.Close();
            }

            return(PgpPublicKey.AddCertification(keyToSign, sGen.Generate()).GetEncoded());
        }
        private static void ExportKeyPair(
            Stream secretOut,
            Stream publicOut,
            AsymmetricKeyParameter publicKey,
            AsymmetricKeyParameter privateKey,
            string identity,
            char[] passPhrase,
            bool armor)
        {
            if (armor)
            {
                secretOut = new ArmoredOutputStream(secretOut);
            }

            PgpSignatureSubpacketGenerator signHashGen = new PgpSignatureSubpacketGenerator();

            signHashGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify | PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
            signHashGen.SetPreferredSymmetricAlgorithms(false, new int[] { (int)SymmetricKeyAlgorithmTag.Aes256,
                                                                           (int)SymmetricKeyAlgorithmTag.Aes192, (int)SymmetricKeyAlgorithmTag.Aes128, (int)SymmetricKeyAlgorithmTag.Blowfish });
            signHashGen.SetPreferredHashAlgorithms(false, new int[] { (int)HashAlgorithmTag.Sha512,
                                                                      (int)HashAlgorithmTag.Sha384, (int)HashAlgorithmTag.Sha256, (int)HashAlgorithmTag.Sha224,
                                                                      (int)HashAlgorithmTag.RipeMD160, (int)HashAlgorithmTag.Tiger192 });
            signHashGen.SetPreferredCompressionAlgorithms(false, new int[] { (int)CompressionAlgorithmTag.ZLib,
                                                                             (int)CompressionAlgorithmTag.BZip2, (int)CompressionAlgorithmTag.Zip });
            signHashGen.SetTrust(false, 8, 255);

            PgpSignatureSubpacketVector signSubpktVector = signHashGen.Generate();


            PgpSecretKey secretKey = new PgpSecretKey(
                PgpSignature.PositiveCertification,
                PublicKeyAlgorithmTag.RsaGeneral,
                publicKey,
                privateKey,
                DateTime.UtcNow,
                identity,
                SymmetricKeyAlgorithmTag.Aes256,
                passPhrase,
                signSubpktVector, //null,
                null,
                new SecureRandom()
                );

            secretKey.Encode(secretOut);

            if (armor)
            {
                secretOut.Close();
                publicOut = new ArmoredOutputStream(publicOut);
            }

            PgpPublicKey key = secretKey.PublicKey;

            key.Encode(publicOut);

            if (armor)
            {
                publicOut.Close();
            }
        }
Example #7
0
        /// <summary>
        /// Sign data using key
        /// </summary>
        /// <param name="data">Data to sign</param>
        /// <param name="key">Email address of key</param>
        /// <returns>Returns ascii armored signature</returns>
        public string Sign(byte[] data, string key, Dictionary <string, string> headers)
        {
            Context = new CryptoContext(Context);

            var senderKey = GetSecretKeyForSigning(key);

            if (senderKey == null)
            {
                throw new SecretKeyNotFoundException("Error, unable to locate signing key \"" + key + "\".");
            }

            var compressedData = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Zip);
            var literalData    = new PgpLiteralDataGenerator();

            // Setup signature stuff //
            var tag           = senderKey.PublicKey.Algorithm;
            var signatureData = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha256);

            signatureData.InitSign(PgpSignature.BinaryDocument, senderKey.ExtractPrivateKey(Context.Password));

            foreach (string userId in senderKey.PublicKey.GetUserIds())
            {
                var subPacketGenerator = new PgpSignatureSubpacketGenerator();

                subPacketGenerator.SetSignerUserId(false, userId);
                signatureData.SetHashedSubpackets(subPacketGenerator.Generate());

                // Just the first one!
                break;
            }
            // //

            using (var sout = new MemoryStream())
            {
                using (var armoredOut = new ArmoredOutputStream(sout))
                {
                    foreach (var header in headers)
                    {
                        armoredOut.SetHeader(header.Key, header.Value);
                    }

                    using (var compressedOut = compressedData.Open(armoredOut))
                        using (var outputStream = new BcpgOutputStream(compressedOut))
                        {
                            signatureData.GenerateOnePassVersion(false).Encode(outputStream);

                            using (var literalOut = literalData.Open(outputStream, 'b', "", data.Length, DateTime.Now))
                            {
                                literalOut.Write(data, 0, data.Length);
                                signatureData.Update(data);
                            }

                            signatureData.Generate().Encode(outputStream);
                        }
                }

                return(ASCIIEncoding.ASCII.GetString(sout.ToArray()));
            }
        }
        private void generateTest(
            string message,
            string type)
        {
            PgpSecretKey                   pgpSecKey  = ReadSecretKey(new MemoryStream(secretKey));
            PgpPrivateKey                  pgpPrivKey = pgpSecKey.ExtractPrivateKey("".ToCharArray());
            PgpSignatureGenerator          sGen       = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
            PgpSignatureSubpacketGenerator spGen      = new PgpSignatureSubpacketGenerator();

            sGen.InitSign(PgpSignature.CanonicalTextDocument, pgpPrivKey);

            IEnumerator it = pgpSecKey.PublicKey.GetUserIds().GetEnumerator();

            if (it.MoveNext())
            {
                spGen.SetSignerUserId(false, (string)it.Current);
                sGen.SetHashedSubpackets(spGen.Generate());
            }

            MemoryStream        bOut = new MemoryStream();
            ArmoredOutputStream aOut = new ArmoredOutputStream(bOut);
            MemoryStream        bIn  = new MemoryStream(Encoding.ASCII.GetBytes(message), false);

            aOut.BeginClearText(HashAlgorithmTag.Sha256);

            //
            // note the last \n m_in the file is ignored
            //
            MemoryStream lineOut   = new MemoryStream();
            int          lookAhead = ReadInputLine(lineOut, bIn);

            ProcessLine(aOut, sGen, lineOut.ToArray());

            if (lookAhead != -1)
            {
                do
                {
                    lookAhead = ReadInputLine(lineOut, lookAhead, bIn);

                    sGen.Update((byte)'\r');
                    sGen.Update((byte)'\n');

                    ProcessLine(aOut, sGen, lineOut.ToArray());
                }while (lookAhead != -1);
            }

            aOut.EndClearText();

            BcpgOutputStream bcpgOut = new BcpgOutputStream(aOut);

            sGen.Generate().Encode(bcpgOut);

            aOut.Close();

            byte[] bs = bOut.ToArray();
            messageTest(Encoding.ASCII.GetString(bs, 0, bs.Length), type);
        }
Example #9
0
        private string signEnvelopeData(string msg)
        {
            Stream privateKeyStream = getPrivateKeyStream(_privateKey);

            MemoryStream        result = new MemoryStream();
            ArmoredOutputStream aOut   = new ArmoredOutputStream(result);
            BcpgOutputStream    bOut   = null;

            char[] privateKeyPassword = _passPhrase.ToCharArray();
            var    utf8Encoding       = new System.Text.UTF8Encoding();

            try
            {
                PgpSecretKey                   sk     = readSecretKey(privateKeyStream);
                PgpPrivateKey                  pk     = sk.ExtractPrivateKey(privateKeyPassword);
                PgpSignatureGenerator          sigGen = new PgpSignatureGenerator(sk.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
                PgpSignatureSubpacketGenerator spGen  = new PgpSignatureSubpacketGenerator();

                var enumerator = sk.PublicKey.GetUserIds().GetEnumerator();
                if (enumerator.MoveNext())
                {
                    spGen.SetSignerUserId(false, (string)enumerator.Current);
                    sigGen.SetHashedSubpackets(spGen.Generate());
                }

                aOut.BeginClearText(HashAlgorithmTag.Sha256);
                sigGen.InitSign(PgpSignature.CanonicalTextDocument, pk);
                byte[] msgBytes = utf8Encoding.GetBytes(msg);
                sigGen.Update(msgBytes, 0, msgBytes.Length);
                aOut.Write(msgBytes, 0, msgBytes.Length);
                bOut = new BcpgOutputStream(aOut);
                aOut.EndClearText();
                sigGen.Generate().Encode(bOut);
                using (BinaryReader br = new BinaryReader(result))
                {
                    br.BaseStream.Position = 0;
                    return(utf8Encoding.GetString(br.ReadBytes((int)result.Length)));
                }
            }
            catch (Exception e)
            { Console.WriteLine("This happened: " + e.Message);
              throw new Exception("Signing Failed: " + e.Message); }
            finally
            {
                try
                {
                    if (privateKeyStream != null)
                    {
                        privateKeyStream.Close();
                    }
                    //if(bOut != null)
                    //bOut.Close();
                    //aOut.Close();
                    result.Close();
                } catch (IOException) {}
            }
        }
        /// <summary>
        /// Create master signing key.
        /// </summary>
        /// <param name="keyRingGen">
        /// Key ring generator.
        /// </param>
        /// <param name="identity">
        /// Identity of the key.
        /// </param>
        /// <param name="password">
        /// Password to protect the secret key.
        /// </param>
        /// <param name="expires">
        /// Key expiry; null means never expires.
        /// </param>
        /// <param name="encryptKeyLength">
        /// Length of the encryption key.
        /// </param>
        /// <param name="encryptGenerator">
        /// Generator for the encryption key.
        /// </param>
        /// <param name="encryptionAlgorithm">
        /// Encryption algorithm.
        /// </param>
        /// <param name="symmetricAlgorithm">
        /// Symmetric algorithm.
        /// </param>
        /// <returns>
        /// Returns the <see cref="PgpKeyRingGenerator"/> with the keyring properties
        /// thus far.
        /// </returns>
        public static PgpKeyRingGenerator CreateEncryptionSubkey(
            PgpKeyRingGenerator keyRingGen,
            string identity,
            string password,
            DateTime?expires,
            int encryptKeyLength    = 2048,
            string encryptGenerator = "RSA",
            PublicKeyAlgorithmTag encryptionAlgorithm   = PublicKeyAlgorithmTag.RsaEncrypt,
            SymmetricKeyAlgorithmTag symmetricAlgorithm = SymmetricKeyAlgorithmTag.Aes256)
        {
            var keyringParameters = new KeyRingParameters(encryptKeyLength, encryptGenerator)
            {
                Password = password,
                Identity = identity,
                PrivateKeyEncryptionAlgorithm = symmetricAlgorithm,
                SymmetricAlgorithms           = new[]
                {
                    SymmetricKeyAlgorithmTag.Aes256,
                    SymmetricKeyAlgorithmTag.Aes192,
                    SymmetricKeyAlgorithmTag.Aes128
                },
                HashAlgorithms = new[]
                {
                    HashAlgorithmTag.Sha256,
                    HashAlgorithmTag.Sha1,
                    HashAlgorithmTag.Sha384,
                    HashAlgorithmTag.Sha512,
                    HashAlgorithmTag.Sha224,
                }
            };

            // encryption key
            var generator = GeneratorUtilities.GetKeyPairGenerator(encryptGenerator);

            generator.Init(keyringParameters.KeyParams);
            var encKeyPair = new PgpKeyPair(encryptionAlgorithm, generator.GenerateKeyPair(), DateTime.UtcNow);

            var symmetricAlgorithms = (from a in keyringParameters.SymmetricAlgorithms
                                       select(int) a).ToArray();
            var hashAlgorithms = (from a in keyringParameters.HashAlgorithms
                                  select(int) a).ToArray();

            Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X"));
            var encSubpckGen = new PgpSignatureSubpacketGenerator();

            encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
            encSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms);
            encSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms);
            if (expires != null)
            {
                encSubpckGen.SetKeyExpirationTime(false, (long)((DateTime)expires - DateTime.Now).TotalSeconds);
            }

            // add encryption subkey to keyring
            keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
            return(keyRingGen);
        }
Example #11
0
 private void setHashedSubpackets(PgpSignatureGenerator signatureGenerator) 
 {
     IEnumerator<string> it = (IEnumerator<string>)key.PublicKey.GetUserIds().GetEnumerator();
     while (it.MoveNext())
     {
         PgpSignatureSubpacketGenerator generator = new PgpSignatureSubpacketGenerator();
         generator.SetSignerUserId(false, it.Current);
         signatureGenerator.SetHashedSubpackets(generator.Generate());
     }
 }
Example #12
0
        PgpKeyRingGenerator CreateKeyRingGenerator(MailboxAddress mailbox, EncryptionAlgorithm algorithm, long expirationTime, string password, DateTime now, SecureRandom random)
        {
            var enabledEncryptionAlgorithms = EnabledEncryptionAlgorithms;
            var enabledDigestAlgorithms     = EnabledDigestAlgorithms;
            var encryptionAlgorithms        = new int[enabledEncryptionAlgorithms.Length];
            var digestAlgorithms            = new int[enabledDigestAlgorithms.Length];

            for (int i = 0; i < enabledEncryptionAlgorithms.Length; i++)
            {
                encryptionAlgorithms[i] = (int)enabledEncryptionAlgorithms[i];
            }
            for (int i = 0; i < enabledDigestAlgorithms.Length; i++)
            {
                digestAlgorithms[i] = (int)enabledDigestAlgorithms[i];
            }

            var parameters       = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x10001), random, 2048, 12);
            var signingAlgorithm = PublicKeyAlgorithmTag.RsaSign;

            var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA");

            keyPairGenerator.Init(parameters);

            var signingKeyPair = new PgpKeyPair(signingAlgorithm, keyPairGenerator.GenerateKeyPair(), now);

            var subpacketGenerator = new PgpSignatureSubpacketGenerator();

            subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
            subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms);
            subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms);

            if (expirationTime > 0)
            {
                subpacketGenerator.SetKeyExpirationTime(false, expirationTime);
                subpacketGenerator.SetSignatureExpirationTime(false, expirationTime);
            }

            subpacketGenerator.SetFeature(false, Org.BouncyCastle.Bcpg.Sig.Features.FEATURE_MODIFICATION_DETECTION);

            var keyRingGenerator = new PgpKeyRingGenerator(
                PgpSignature.PositiveCertification,
                signingKeyPair,
                mailbox.ToString(false),
                GetSymmetricKeyAlgorithm(algorithm),
                CharsetUtils.UTF8.GetBytes(password),
                true,
                subpacketGenerator.Generate(),
                null,
                random);

            // Add the (optional) encryption subkey.
            AddEncryptionKeyPair(keyRingGenerator, parameters, PublicKeyAlgorithmTag.RsaGeneral, now, expirationTime, encryptionAlgorithms, digestAlgorithms);

            return(keyRingGenerator);
        }
        /// <summary>
        /// Sign a file with PGP signature. See documentation at https://github.com/CommunityHiQ/Frends.Community.PgpSignature Returns: Object {string FilePath}
        /// </summary>
        public static PgpSignatureResult SignFile(PgpSignatureInput input)
        {
            HashAlgorithmTag digest = input.HashFunction.ConvertEnum <HashAlgorithmTag>();

            using (var privateKeyStream = File.OpenRead(input.PrivateKeyFile))
            {
                var pgpSecKey                   = PgpServices.SignatureReadSecretKey(privateKeyStream);
                var pgpPrivKey                  = pgpSecKey.ExtractPrivateKey(input.Password.ToCharArray());
                var signatureGenerator          = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, digest);
                var signatureSubpacketGenerator = new PgpSignatureSubpacketGenerator();

                signatureGenerator.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);

                var enumerator = pgpSecKey.PublicKey.GetUserIds().GetEnumerator();
                if (enumerator.MoveNext())
                {
                    signatureSubpacketGenerator.SetSignerUserId(false, (string)enumerator.Current);
                    signatureGenerator.SetHashedSubpackets(signatureSubpacketGenerator.Generate());
                }

                using (var outputStream = File.Create(input.OutputFile))
                {
                    var armoredOutputStream = new ArmoredOutputStream(outputStream);

                    var bcbgOutputStream = new BcpgOutputStream(armoredOutputStream);
                    signatureGenerator.GenerateOnePassVersion(false).Encode(bcbgOutputStream);

                    var file = new FileInfo(input.InputFile);
                    var literalDataGenerator = new PgpLiteralDataGenerator();
                    var literalDataOut       = literalDataGenerator.Open(bcbgOutputStream, PgpLiteralData.Binary, file.Name, file.Length, DateTime.Now);
                    using (var fileIn = file.OpenRead())
                    {
                        int ch;

                        while ((ch = fileIn.ReadByte()) >= 0)
                        {
                            literalDataOut.WriteByte((byte)ch);
                            signatureGenerator.Update((byte)ch);
                        }

                        fileIn.Close();
                        literalDataGenerator.Close();
                        signatureGenerator.Generate().Encode(bcbgOutputStream);
                        armoredOutputStream.Close();
                        outputStream.Close();

                        var ret = new PgpSignatureResult
                        {
                            FilePath = input.OutputFile
                        };
                        return(ret);
                    }
                }
            }
        }
Example #14
0
        private static PgpKeyRingGenerator GeneratePgpRingKeys(string identity, string password)
        {
            var keyRingParams = new KeyRingParams
            {
                Password = password,
                Identity = identity,
                PrivateKeyEncryptionAlgorithm = SymmetricKeyAlgorithmTag.Aes128,
                SymmetricAlgorithms           = new SymmetricKeyAlgorithmTag[]
                {
                    SymmetricKeyAlgorithmTag.Aes256,
                    SymmetricKeyAlgorithmTag.Aes192,
                    SymmetricKeyAlgorithmTag.Aes128
                },
                HashAlgorithms = new HashAlgorithmTag[]
                {
                    HashAlgorithmTag.Sha256,
                    HashAlgorithmTag.Sha1,
                    HashAlgorithmTag.Sha384,
                    HashAlgorithmTag.Sha512,
                    HashAlgorithmTag.Sha224,
                }
            };

            var generator = GeneratorUtilities.GetKeyPairGenerator("RSA");

            generator.Init(keyRingParams.RsaParams);

            var masterKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, generator.GenerateKeyPair(), DateTime.UtcNow);

            Debug.WriteLine("Generated master key with Id {0}", masterKeyPair.KeyId.ToString("x"));

            var masterSubpckGen = new PgpSignatureSubpacketGenerator();

            masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
            masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (from a in keyRingParams.SymmetricAlgorithms select(int) a).ToArray());
            masterSubpckGen.SetPreferredHashAlgorithms(false, (from a in keyRingParams.HashAlgorithms select(int) a).ToArray());

            var encKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow);

            Debug.WriteLine("Generated encryption key with Id {0}", encKeyPair.KeyId.ToString("x"));

            var encSubpckGen = new PgpSignatureSubpacketGenerator();

            encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);

            masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (from a in keyRingParams.SymmetricAlgorithms select(int) a).ToArray());
            masterSubpckGen.SetPreferredHashAlgorithms(false, (from a in keyRingParams.HashAlgorithms select(int) a).ToArray());
            var keyRingGen = new PgpKeyRingGenerator(PgpSignature.DefaultCertification, masterKeyPair, keyRingParams.Identity, keyRingParams.PrivateKeyEncryptionAlgorithm.Value, keyRingParams.GetPassword(), true, masterSubpckGen.Generate(), null, new SecureRandom());

            keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);

            return(keyRingGen);
        }
Example #15
0
        /// <summary>
        /// Attempt to sign a PGP message using the specific private key.
        /// </summary>
        /// <param name="messageStream">Stream containing the message to sign.</param>
        /// <param name="signatureStream">Stream to write the signature into.</param>
        /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param>
        /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param>
        /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param>
        /// <param name="armor">Whether to wrap the message with ASCII armor.</param>
        /// <returns>Whether the signature completed successfully.</returns>
        public static bool Sign(Stream messageStream, Stream signatureStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, bool armor = true)
        {
            // Create a signature generator.
            PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(senderPublicKey.Algorithm, hashAlgorithmTag);

            signatureGenerator.InitSign(PgpSignature.BinaryDocument, senderPrivateKey);

            // Add the public key user ID.
            foreach (string userId in senderPublicKey.GetUserIds())
            {
                PgpSignatureSubpacketGenerator signatureSubGenerator = new PgpSignatureSubpacketGenerator();
                signatureSubGenerator.SetSignerUserId(false, userId);
                signatureGenerator.SetHashedSubpackets(signatureSubGenerator.Generate());
                break;
            }

            // Handle ASCII armor.
            if (armor)
            {
                using (ArmoredOutputStream armoredStream = new ArmoredOutputStream(signatureStream))
                {
                    armoredStream.BeginClearText(hashAlgorithmTag);

                    // Process each character in the message.
                    int messageChar;
                    while ((messageChar = messageStream.ReadByte()) >= 0)
                    {
                        armoredStream.WriteByte((byte)messageChar);
                        signatureGenerator.Update((byte)messageChar);
                    }

                    armoredStream.EndClearText();

                    using (BcpgOutputStream bcpgStream = new BcpgOutputStream(armoredStream))
                    {
                        signatureGenerator.Generate().Encode(bcpgStream);
                    }
                }
            }
            else
            {
                // Process each character in the message.
                int messageChar;
                while ((messageChar = messageStream.ReadByte()) >= 0)
                {
                    signatureGenerator.Update((byte)messageChar);
                }

                signatureGenerator.Generate().Encode(signatureStream);
            }

            return(true);
        }
Example #16
0
        private static string DoSigning(string input, Stream keyIn, Stream outputStream, char[] pass)
        {
            var digest             = HashAlgorithmTag.Sha256;
            var pgpSecretKey       = ReadSigningSecretKey(keyIn);
            var pgpPrivateKey      = pgpSecretKey.ExtractPrivateKey(pass);
            var signatureGenerator = new PgpSignatureGenerator(pgpSecretKey.PublicKey.Algorithm, digest);
            var subpacketGenerator = new PgpSignatureSubpacketGenerator();

            signatureGenerator.InitSign(PgpSignature.StandAlone, pgpPrivateKey);

            foreach (var userId in pgpSecretKey.PublicKey.GetUserIds())
            {
                subpacketGenerator.SetSignerUserId(false, userId.ToString());
                signatureGenerator.SetHashedSubpackets(subpacketGenerator.Generate());
            }

            Stream inputStream = new MemoryStream(Encoding.ASCII.GetBytes(input));
            var    armoredOut  = new ArmoredOutputStream(outputStream);

            armoredOut.BeginClearText(digest);

            // note the last \n/\r/\r\n in the file is ignored
            var lineOut   = new MemoryStream();
            int lookAhead = ReadInputLine(lineOut, inputStream);

            ProcessLine(armoredOut, signatureGenerator, lineOut.ToArray());

            if (lookAhead != -1)
            {
                do
                {
                    lookAhead = ReadInputLine(lineOut, lookAhead, inputStream);

                    signatureGenerator.Update((byte)'\n');

                    ProcessLine(armoredOut, signatureGenerator, lineOut.ToArray());
                }while (lookAhead != -1);
            }

            inputStream.Close();

            armoredOut.EndClearText();

            var bcpgOutput = new BcpgOutputStream(armoredOut);

            signatureGenerator.Generate().Encode(bcpgOutput);

            armoredOut.Close();

            outputStream.Seek(0, 0);
            return(new StreamReader(outputStream).ReadToEnd());
        }
Example #17
0
        public static PgpKeyRingGenerator GenerateKeyRing(String id, byte[] pass, RSAKeySize keysize)
        {
            RsaKeyPairGenerator kpg = new RsaKeyPairGenerator();

            kpg.Init(new KeyGenerationParameters(new SecureRandom(), 4096));

            AsymmetricCipherKeyPair rsakeys = kpg.GenerateKeyPair();

            PgpKeyPair rsakp_sign = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, rsakeys, DateTime.UtcNow);
            PgpKeyPair rsakp_enc  = new PgpKeyPair(PublicKeyAlgorithmTag.RsaEncrypt, rsakeys, DateTime.UtcNow);

            PgpSignatureSubpacketGenerator signhashgen = new PgpSignatureSubpacketGenerator();

            signhashgen.SetKeyFlags(false, KeyFlags.SignData | KeyFlags.CertifyOther);
            signhashgen.SetPreferredSymmetricAlgorithms
                (false, new int[] {
                (int)SymmetricKeyAlgorithmTag.Aes256,
                (int)SymmetricKeyAlgorithmTag.Camellia256
            });

            signhashgen.SetPreferredHashAlgorithms
                (false, new int[] {
                (int)HashAlgorithmTag.Sha256,
                (int)HashAlgorithmTag.Sha384,
                (int)HashAlgorithmTag.Sha512
            });

            signhashgen.SetFeature(false, Features.FEATURE_MODIFICATION_DETECTION);

            // Create a signature on the encryption subkey.
            PgpSignatureSubpacketGenerator enchashgen = new PgpSignatureSubpacketGenerator();

            enchashgen.SetKeyFlags(false, KeyFlags.EncryptComms | KeyFlags.EncryptStorage | KeyFlags.Authentication);

            PgpKeyRingGenerator pgpKeyRing = new PgpKeyRingGenerator(
                PgpSignature.DefaultCertification,
                rsakp_sign,
                id,
                SymmetricKeyAlgorithmTag.Aes256,
                pass,
                false,
                signhashgen.Generate(),
                null,
                new SecureRandom()
                );

            pgpKeyRing.AddSubKey(rsakp_enc, enchashgen.Generate(), null, HashAlgorithmTag.Sha512);

            return(pgpKeyRing);
        }
Example #18
0
        // http://stackoverflow.com/questions/20572737/sign-and-verify-xml-file-in-c-sharp



        public void SignFile(string hashAlgorithm, string fileName, System.IO.Stream privateKeyStream
                             , string privateKeyPassword, System.IO.Stream outStream)
        {
            PgpSecretKey  pgpSec     = ReadSigningSecretKey(privateKeyStream);
            PgpPrivateKey pgpPrivKey = null;

            pgpPrivKey = pgpSec.ExtractPrivateKey(privateKeyPassword.ToCharArray());



            PgpSignatureGenerator sGen = new PgpSignatureGenerator(pgpSec.PublicKey.Algorithm, ParseHashAlgorithm(hashAlgorithm));

            sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);

            foreach (string userId in pgpSec.PublicKey.GetUserIds())
            {
                PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();

                spGen.SetSignerUserId(false, userId);
                sGen.SetHashedSubpackets(spGen.Generate());
            }

            CompressionAlgorithmTag    compression = PreferredCompression(pgpSec.PublicKey);
            PgpCompressedDataGenerator cGen        = new PgpCompressedDataGenerator(compression);

            BcpgOutputStream bOut = new BcpgOutputStream(cGen.Open(outStream));

            sGen.GenerateOnePassVersion(false).Encode(bOut);

            System.IO.FileInfo      file = new System.IO.FileInfo(fileName);
            System.IO.FileStream    fIn  = new System.IO.FileStream(fileName, System.IO.FileMode.Open, System.IO.FileAccess.Read, System.IO.FileShare.Read);
            PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();

            System.IO.Stream lOut = lGen.Open(bOut, PgpLiteralData.Binary, file);

            int ch = 0;

            while ((ch = fIn.ReadByte()) >= 0)
            {
                lOut.WriteByte((byte)ch);
                sGen.Update((byte)ch);
            }

            fIn.Close();
            sGen.Generate().Encode(bOut);
            lGen.Close();
            cGen.Close();
            outStream.Close();
        }
Example #19
0
        public static PgpKeyRingGenerator GenerateKeyRingGenerator(KeyRingParams keyRingParams)
        {
            var generator = GeneratorUtilities.GetKeyPairGenerator("RSA");

            generator.Init(keyRingParams.RsaParams());

            /* Create the master (signing-only) key. */
            var masterKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, generator.GenerateKeyPair(), DateTime.UtcNow);

            Debug.WriteLine("Generated master key with ID " + masterKeyPair.KeyId.ToString("X"));

            var masterSubpckGen = new PgpSignatureSubpacketGenerator();

            masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
            masterSubpckGen.SetPreferredSymmetricAlgorithms(false, keyRingParams.SymmetricAlgorithms.Select(a => (int)a).ToArray());
            masterSubpckGen.SetPreferredHashAlgorithms(false, keyRingParams.HashAlgorithms.Select(a => (int)a).ToArray());

            /* Create a signing and encryption key for daily use. */
            var encKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow);

            Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X"));

            var encSubpckGen = new PgpSignatureSubpacketGenerator();

            encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);

            masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (keyRingParams.SymmetricAlgorithms.Select(a => (int)a)).ToArray());
            masterSubpckGen.SetPreferredHashAlgorithms(false, (keyRingParams.HashAlgorithms.Select(a => (int)a)).ToArray());

            /* Create the key ring. */

            var keyRingGen = new PgpKeyRingGenerator(
                PgpSignature.DefaultCertification,
                masterKeyPair,
                keyRingParams.Identity,
                keyRingParams.PrivateKeyEncryptionAlgorithm.Value,
                keyRingParams.GetPassword(),
                true,
                masterSubpckGen.Generate(),
                null,
                new SecureRandom());

            /* Add encryption subkey. */
            keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);

            return(keyRingGen);
        }
Example #20
0
        /// <summary>
        /// Sign a public key.
        /// </summary>
        /// <remarks>
        /// <para>Signs a public key using the specified secret key.</para>
        /// <para>Most OpenPGP implementations use <see cref="OpenPgpKeyCertification.GenericCertification"/>
        /// to make their "key signatures". Some implementations are known to use the other
        /// certification types, but few differentiate between them.</para>
        /// </remarks>
        /// <param name="secretKey">The secret key to use for signing.</param>
        /// <param name="publicKey">The public key to sign.</param>
        /// <param name="digestAlgo">The digest algorithm.</param>
        /// <param name="certification">The certification to give the signed key.</param>
        /// <exception cref="System.ArgumentNullException">
        /// <para><paramref name="secretKey"/> is <c>null</c>.</para>
        /// <para>-or-</para>
        /// <para><paramref name="publicKey"/> is <c>null</c>.</para>
        /// </exception>
        public void SignKey(PgpSecretKey secretKey, PgpPublicKey publicKey, DigestAlgorithm digestAlgo = DigestAlgorithm.Sha1, OpenPgpKeyCertification certification = OpenPgpKeyCertification.GenericCertification)
        {
            if (secretKey == null)
            {
                throw new ArgumentNullException(nameof(secretKey));
            }

            if (publicKey == null)
            {
                throw new ArgumentNullException(nameof(publicKey));
            }

            var privateKey         = GetPrivateKey(secretKey);
            var signatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, GetHashAlgorithm(digestAlgo));

            signatureGenerator.InitSign((int)certification, privateKey);
            signatureGenerator.GenerateOnePassVersion(false);

            var subpacketGenerator = new PgpSignatureSubpacketGenerator();
            var subpacketVector    = subpacketGenerator.Generate();

            signatureGenerator.SetHashedSubpackets(subpacketVector);

            var signedKey            = PgpPublicKey.AddCertification(publicKey, signatureGenerator.Generate());
            PgpPublicKeyRing keyring = null;

            foreach (var ring in EnumeratePublicKeyRings())
            {
                foreach (PgpPublicKey key in ring.GetPublicKeys())
                {
                    if (key.KeyId == publicKey.KeyId)
                    {
                        PublicKeyRingBundle = PgpPublicKeyRingBundle.RemovePublicKeyRing(PublicKeyRingBundle, ring);
                        keyring             = PgpPublicKeyRing.InsertPublicKey(ring, signedKey);
                        break;
                    }
                }
            }

            if (keyring == null)
            {
                keyring = new PgpPublicKeyRing(signedKey.GetEncoded());
            }

            Import(keyring);
        }
Example #21
0
        private static byte[] SignPublicKey(
            PgpSecretKey secretKey,
            string secretKeyPass,
            PgpPublicKey keyToBeSigned,
            string notationName,
            string notationValue,
            bool armor)
        {
            Stream os = new MemoryStream();

            if (armor)
            {
                os = new ArmoredOutputStream(os);
            }

            PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(
                secretKeyPass.ToCharArray());

            PgpSignatureGenerator sGen = new PgpSignatureGenerator(
                secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.DirectKey, pgpPrivKey);

            BcpgOutputStream bOut = new BcpgOutputStream(os);

            sGen.GenerateOnePassVersion(false).Encode(bOut);

            PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();

            bool isHumanReadable = true;

            spGen.SetNotationData(true, isHumanReadable, notationName, notationValue);

            PgpSignatureSubpacketVector packetVector = spGen.Generate();

            sGen.SetHashedSubpackets(packetVector);

            bOut.Flush();

            if (armor)
            {
                os.Close();
            }

            return(PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded());
        }
Example #22
0
        private PgpSignatureGenerator InitSignatureGenerator(Stream compressedOut, ChoPGPEncryptionKeys encryptionKeys)
        {
            PublicKeyAlgorithmTag tag = encryptionKeys.SecretKey.PublicKey.Algorithm;
            PgpSignatureGenerator pgpSignatureGenerator = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1);

            pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, encryptionKeys.PrivateKey);
            foreach (string userId in encryptionKeys.SecretKey.PublicKey.GetUserIds())
            {
                PgpSignatureSubpacketGenerator subPacketGenerator = new PgpSignatureSubpacketGenerator();
                subPacketGenerator.SetSignerUserId(false, userId);
                pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate());
                // Just the first one!
                break;
            }
            pgpSignatureGenerator.GenerateOnePassVersion(false).Encode(compressedOut);
            return(pgpSignatureGenerator);
        }
Example #23
0
        private PgpSignatureGenerator InitSigGen(Stream compressedO)
        {
            const bool            Crit      = false;
            const bool            Nestd     = false;
            PublicKeyAlgorithmTag tag       = mPgpKeys.SecretKey.PublicKey.Algorithm;
            PgpSignatureGenerator pgpSigGen = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1);

            pgpSigGen.InitSign(PgpSignature.BinaryDocument, mPgpKeys.PrivateKey);
            foreach (string userId in mPgpKeys.SecretKey.PublicKey.GetUserIds())
            {
                PgpSignatureSubpacketGenerator subpktGen = new PgpSignatureSubpacketGenerator();
                subpktGen.SetSignerUserId(Crit, userId);
                pgpSigGen.SetHashedSubpackets(subpktGen.Generate());
                break;
            }
            pgpSigGen.GenerateOnePassVersion(Nestd).Encode(compressedO);
            return(pgpSigGen);
        }
        private PgpSignatureGenerator createSignatureGenerator()
        {
            PgpPrivateKey         privateKey         = secretKey.ExtractPrivateKey(password);
            PgpPublicKey          internalPublicKey  = secretKey.PublicKey;
            PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(internalPublicKey.Algorithm, HashAlgorithmTag.Sha1);

            signatureGenerator.InitSign(PgpSignature.BinaryDocument, privateKey);
            var userIds = internalPublicKey.GetUserIds();

            foreach (var userId in userIds)
            {
                PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
                spGen.SetSignerUserId(false, (String)userId);
                signatureGenerator.SetHashedSubpackets(spGen.Generate());
                break;
            }
            return(signatureGenerator);
        }
        private PgpSignatureGenerator sigGen(Stream compressedOut)
        {
            const bool            Iscritical = false;
            const bool            IsNested   = false;
            PublicKeyAlgorithmTag tag        = _pgpKeys.PGPSecretKey.PublicKey.Algorithm;
            PgpSignatureGenerator pgpSigGen  = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1);

            pgpSigGen.InitSign(PgpSignature.BinaryDocument, _pgpKeys.PGPPrivateKey);
            foreach (string userID in _pgpKeys.PGPSecretKey.PublicKey.GetUserIds())
            {
                PgpSignatureSubpacketGenerator subPackGen = new PgpSignatureSubpacketGenerator();
                subPackGen.SetSignerUserId(Iscritical, userID);
                pgpSigGen.SetHashedSubpackets(subPackGen.Generate());
                break;
            }
            pgpSigGen.GenerateOnePassVersion(IsNested).Encode(compressedOut);
            return(pgpSigGen);
        }
Example #26
0
        private PgpSignatureGenerator InitSignature(Stream outputStream)
        {
            if (PrivateKey == null)
            {
                return(null);
            }

            var signatureGenerator = new PgpSignatureGenerator(PrivateKey.GetPublicKey().Algorithm, HashAlgorithm);

            signatureGenerator.InitSign(PgpSignature.BinaryDocument, PrivateKey.GetSecretKey().ExtractPrivateKey(_password.ToCharArray()));

            var userId             = PrivateKey.GetPublicKey().GetUserIds().OfType <string>().FirstOrDefault();
            var subpacketGenerator = new PgpSignatureSubpacketGenerator();

            subpacketGenerator.SetSignerUserId(false, userId);
            signatureGenerator.SetHashedSubpackets(subpacketGenerator.Generate());
            signatureGenerator.GenerateOnePassVersion(false).Encode(outputStream);
            return(signatureGenerator);
        }
Example #27
0
        public static string Sign(string hash, string keyFile, string keyPass)
        {
            var outStream     = new MemoryStream();
            var armoredStream = new ArmoredOutputStream(outStream);

            var secretKey  = ReadSigningKey(keyFile);
            var privateKey = secretKey.ExtractPrivateKey(keyPass.ToCharArray());
            var sigGen     = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha384);

            sigGen.InitSign(PgpSignature.BinaryDocument, privateKey);
            foreach (string userId in secretKey.PublicKey.GetUserIds())
            {
                var subpacketGenerator = new PgpSignatureSubpacketGenerator();
                subpacketGenerator.SetSignerUserId(false, userId);
                sigGen.SetHashedSubpackets(subpacketGenerator.Generate());
                break;
            }
            var signedStream = new BcpgOutputStream(armoredStream);

            sigGen.GenerateOnePassVersion(false).Encode(signedStream);

            var inStream = new MemoryStream(Encoding.ASCII.GetBytes(hash));

            var literalGenerator = new PgpLiteralDataGenerator();
            var literalOut       = literalGenerator.Open(signedStream, PgpLiteralData.Binary, "hash", hash.Length, DateTime.Now);

            int ch;

            while ((ch = inStream.ReadByte()) >= 0)
            {
                literalOut.WriteByte((byte)ch);
                sigGen.Update((byte)ch);
            }

            inStream.Dispose();
            literalGenerator.Close();

            sigGen.Generate().Encode(signedStream);

            armoredStream.Dispose();

            return(Encoding.ASCII.GetString(outStream.ToArray()));
        }
Example #28
0
        private static PgpSignatureGenerator InitSignatureGenerator(Stream compressedOut, PgpEncryptionKeys encryptionKeys)
        {
            const bool isCritical = false;
            const bool isNested   = false;

            PublicKeyAlgorithmTag tag = encryptionKeys.SecretKey.PublicKey.Algorithm;
            var pgpSignatureGenerator = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1);

            pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, encryptionKeys.PrivateKey);

            string firstUserId = encryptionKeys.SecretKey.PublicKey.GetUserIds().Cast <string>().First();
            PgpSignatureSubpacketGenerator subPacketGenerator = new PgpSignatureSubpacketGenerator();

            subPacketGenerator.SetSignerUserId(isCritical, firstUserId);
            pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate());

            pgpSignatureGenerator.GenerateOnePassVersion(isNested).Encode(compressedOut);
            return(pgpSignatureGenerator);
        }
        public static void SignFile(Stream input, Stream outputStream, Stream keyIn, char[] pass)
        {
            var hashAlgorithm = HashAlgorithmTag.Sha512;

            var secretKey  = ReadSecretKey(keyIn);
            var privateKey = secretKey.ExtractPrivateKey(pass);

            var signatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, hashAlgorithm);
            var subpacketGenerator = new PgpSignatureSubpacketGenerator();

            signatureGenerator.InitSign(PgpSignature.CanonicalTextDocument, privateKey);
            foreach (string userId in secretKey.PublicKey.GetUserIds())
            {
                var signatureSubpacketGenerator = new PgpSignatureSubpacketGenerator();
                signatureSubpacketGenerator.SetSignerUserId(isCritical: false, userId: userId);
                signatureGenerator.SetHashedSubpackets(signatureSubpacketGenerator.Generate());
                // Just the first one!
                break;
            }

            // Closing armouredOutputStream does not close the underlying stream
            var armouredOutputStream = new ArmoredOutputStream(outputStream);

            using (var bcpgOutputStream = new BcpgOutputStream(armouredOutputStream))
            {
                armouredOutputStream.BeginClearText(hashAlgorithm);

                int chr;
                while ((chr = input.ReadByte()) > 0)
                {
                    signatureGenerator.Update((byte)chr);
                    bcpgOutputStream.Write((byte)chr);
                }

                // For some reason we need to add a trailing newline
                bcpgOutputStream.Write((byte)'\n');

                armouredOutputStream.EndClearText();

                signatureGenerator.Generate().Encode(bcpgOutputStream);
            }
        }
Example #30
0
        void AddEncryptionKeyPair(PgpKeyRingGenerator keyRingGenerator, KeyGenerationParameters parameters, PublicKeyAlgorithmTag algorithm, DateTime now, long expirationTime, int[] encryptionAlgorithms, int[] digestAlgorithms)
        {
            var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA");

            keyPairGenerator.Init(parameters);

            var keyPair            = new PgpKeyPair(algorithm, keyPairGenerator.GenerateKeyPair(), now);
            var subpacketGenerator = new PgpSignatureSubpacketGenerator();

            subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
            subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms);
            subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms);

            if (expirationTime > 0)
            {
                subpacketGenerator.SetKeyExpirationTime(false, expirationTime);
                subpacketGenerator.SetSignatureExpirationTime(false, expirationTime);
            }

            keyRingGenerator.AddSubKey(keyPair, subpacketGenerator.Generate(), null);
        }
        public override void PerformTest()
        {
            //
            // RSA tests
            //
            PgpSecretKeyRing pgpPriv = new PgpSecretKeyRing(rsaKeyRing);
            IPgpSecretKey secretKey = pgpPriv.GetSecretKey();
            IPgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(rsaPass);

            try
            {
                doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);

                Fail("RSA wrong key test failed.");
            }
            catch (PgpException)
            {
                // expected
            }

            try
            {
                doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);

                Fail("RSA V3 wrong key test failed.");
            }
            catch (PgpException)
            {
                // expected
            }

            //
            // certifications
            //
            PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.KeyRevocation, pgpPrivKey);

            PgpSignature sig = sGen.GenerateCertification(secretKey.PublicKey);

            sig.InitVerify(secretKey.PublicKey);

            if (!sig.VerifyCertification(secretKey.PublicKey))
            {
                Fail("revocation verification failed.");
            }

            PgpSecretKeyRing pgpDSAPriv = new PgpSecretKeyRing(dsaKeyRing);
            IPgpSecretKey secretDSAKey = pgpDSAPriv.GetSecretKey();
            IPgpPrivateKey pgpPrivDSAKey = secretDSAKey.ExtractPrivateKey(dsaPass);

            sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);

            PgpSignatureSubpacketGenerator    unhashedGen = new PgpSignatureSubpacketGenerator();
            PgpSignatureSubpacketGenerator    hashedGen = new PgpSignatureSubpacketGenerator();

            hashedGen.SetSignatureExpirationTime(false, TEST_EXPIRATION_TIME);
            hashedGen.SetSignerUserId(true, TEST_USER_ID);
            hashedGen.SetPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS);
            hashedGen.SetPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS);
            hashedGen.SetPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS);

            sGen.SetHashedSubpackets(hashedGen.Generate());
            sGen.SetUnhashedSubpackets(unhashedGen.Generate());

            sig = sGen.GenerateCertification(secretDSAKey.PublicKey, secretKey.PublicKey);

            byte[] sigBytes = sig.GetEncoded();

            PgpObjectFactory f = new PgpObjectFactory(sigBytes);

            sig = ((PgpSignatureList) f.NextPgpObject())[0];

            sig.InitVerify(secretDSAKey.PublicKey);

            if (!sig.VerifyCertification(secretDSAKey.PublicKey, secretKey.PublicKey))
            {
                Fail("subkey binding verification failed.");
            }

            var hashedPcks = sig.GetHashedSubPackets();
            var unhashedPcks = sig.GetUnhashedSubPackets();

            if (hashedPcks.Count != 6)
            {
                Fail("wrong number of hashed packets found.");
            }

            if (unhashedPcks.Count != 1)
            {
                Fail("wrong number of unhashed packets found.");
            }

            if (!hashedPcks.GetSignerUserId().Equals(TEST_USER_ID))
            {
                Fail("test userid not matching");
            }

            if (hashedPcks.GetSignatureExpirationTime() != TEST_EXPIRATION_TIME)
            {
                Fail("test signature expiration time not matching");
            }

            if (unhashedPcks.GetIssuerKeyId() != secretDSAKey.KeyId)
            {
                Fail("wrong issuer key ID found in certification");
            }

            int[] prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms();
            preferredAlgorithmCheck("compression", PREFERRED_COMPRESSION_ALGORITHMS, prefAlgs);

            prefAlgs = hashedPcks.GetPreferredHashAlgorithms();
            preferredAlgorithmCheck("hash", PREFERRED_HASH_ALGORITHMS, prefAlgs);

            prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms();
            preferredAlgorithmCheck("symmetric", PREFERRED_SYMMETRIC_ALGORITHMS, prefAlgs);

            SignatureSubpacketTag[] criticalHashed = hashedPcks.GetCriticalTags();

            if (criticalHashed.Length != 1)
            {
                Fail("wrong number of critical packets found.");
            }

            if (criticalHashed[0] != SignatureSubpacketTag.SignerUserId)
            {
                Fail("wrong critical packet found in tag list.");
            }

            //
            // no packets passed
            //
            sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);

            sGen.SetHashedSubpackets(null);
            sGen.SetUnhashedSubpackets(null);

            sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey);

            sig.InitVerify(secretDSAKey.PublicKey);

            if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey))
            {
                Fail("subkey binding verification failed.");
            }

            hashedPcks = sig.GetHashedSubPackets();

            if (hashedPcks.Count != 1)
            {
                Fail("found wrong number of hashed packets");
            }

            unhashedPcks = sig.GetUnhashedSubPackets();

            if (unhashedPcks.Count != 1)
            {
                Fail("found wrong number of unhashed packets");
            }

            try
            {
                sig.VerifyCertification(secretKey.PublicKey);

                Fail("failed to detect non-key signature.");
            }
            catch (InvalidOperationException)
            {
                // expected
            }

            //
            // override hash packets
            //
            sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);

            hashedGen = new PgpSignatureSubpacketGenerator();

            DateTime creationTime = new DateTime(1973, 7, 27);
            hashedGen.SetSignatureCreationTime(false, creationTime);

            sGen.SetHashedSubpackets(hashedGen.Generate());

            sGen.SetUnhashedSubpackets(null);

            sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey);

            sig.InitVerify(secretDSAKey.PublicKey);

            if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey))
            {
                Fail("subkey binding verification failed.");
            }

            hashedPcks = sig.GetHashedSubPackets();

            if (hashedPcks.Count != 1)
            {
                Fail("found wrong number of hashed packets in override test");
            }

            if (!hashedPcks.HasSubpacket(SignatureSubpacketTag.CreationTime))
            {
                Fail("hasSubpacket test for creation time failed");
            }

            DateTime sigCreationTime = hashedPcks.GetSignatureCreationTime();
            if (!sigCreationTime.Equals(creationTime))
            {
                Fail("creation of overridden date failed.");
            }

            prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms();
            preferredAlgorithmCheck("compression", NO_PREFERENCES, prefAlgs);

            prefAlgs = hashedPcks.GetPreferredHashAlgorithms();
            preferredAlgorithmCheck("hash", NO_PREFERENCES, prefAlgs);

            prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms();
            preferredAlgorithmCheck("symmetric", NO_PREFERENCES, prefAlgs);

            if (hashedPcks.GetKeyExpirationTime() != 0)
            {
                Fail("unexpected key expiration time found");
            }

            if (hashedPcks.GetSignatureExpirationTime() != 0)
            {
                Fail("unexpected signature expiration time found");
            }

            if (hashedPcks.GetSignerUserId() != null)
            {
                Fail("unexpected signer user ID found");
            }

            criticalHashed = hashedPcks.GetCriticalTags();

            if (criticalHashed.Length != 0)
            {
                Fail("critical packets found when none expected");
            }

            unhashedPcks = sig.GetUnhashedSubPackets();

            if (unhashedPcks.Count != 1)
            {
                Fail("found wrong number of unhashed packets in override test");
            }

            //
            // general signatures
            //
            doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha256, secretKey.PublicKey, pgpPrivKey);
            doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha384, secretKey.PublicKey, pgpPrivKey);
            doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha512, secretKey.PublicKey, pgpPrivKey);
            doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
            doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
            doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
            doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
            doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);

            //
            // DSA Tests
            //
            pgpPriv = new PgpSecretKeyRing(dsaKeyRing);
            secretKey = pgpPriv.GetSecretKey();
            pgpPrivKey = secretKey.ExtractPrivateKey(dsaPass);

            try
            {
                doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);

                Fail("DSA wrong key test failed.");
            }
            catch (PgpException)
            {
                // expected
            }

            try
            {
                doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);

                Fail("DSA V3 wrong key test failed.");
            }
            catch (PgpException)
            {
                // expected
            }

            doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
            doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
            doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
            doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
            doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
            doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);

            // special cases
            //
            doTestMissingSubpackets(nullPacketsSubKeyBinding);

            doTestMissingSubpackets(generateV3BinarySig(pgpPrivKey, PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1));

            // keyflags
            doTestKeyFlagsValues();
        }
        private static PgpSignatureSubpacketVector GenerateSignatureSubpackets(string identity)
        {
            var hashedSubkeysGenerator = new PgpSignatureSubpacketGenerator();

            hashedSubkeysGenerator.SetSignerUserId(false, identity);

            return hashedSubkeysGenerator.Generate();
        }
        private static byte[] SignPublicKey(
			IPgpSecretKey	secretKey,
			string			secretKeyPass,
			IPgpPublicKey	keyToBeSigned,
			string			notationName,
			string			notationValue,
			bool			armor)
        {
            Stream os = new MemoryStream();
            if (armor)
            {
                os = new ArmoredOutputStream(os);
            }

            IPgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(
                secretKeyPass.ToCharArray());

            PgpSignatureGenerator sGen = new PgpSignatureGenerator(
                secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.DirectKey, pgpPrivKey);

            BcpgOutputStream bOut = new BcpgOutputStream(os);

            sGen.GenerateOnePassVersion(false).Encode(bOut);

            PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();

            bool isHumanReadable = true;

            spGen.SetNotationData(true, isHumanReadable, notationName, notationValue);

            PgpSignatureSubpacketVector packetVector = spGen.Generate();
            sGen.SetHashedSubpackets(packetVector);

            bOut.Flush();

            if (armor)
            {
                os.Close();
            }

            return PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded();
        }
        /**
        * Generated signature test
        *
        * @param sKey
        * @param pgpPrivKey
        * @return test result
        */
        public void GenerateTest(
            PgpSecretKeyRing sKey,
            IPgpPublicKey     pgpPubKey,
            IPgpPrivateKey    pgpPrivKey)
        {
            string data = "hello world!";
            MemoryStream bOut = new MemoryStream();

            byte[] dataBytes = Encoding.ASCII.GetBytes(data);
            MemoryStream testIn = new MemoryStream(dataBytes, false);

            PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);

            sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);

            PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();

            IEnumerator enumerator = sKey.GetSecretKey().PublicKey.GetUserIds().GetEnumerator();
            enumerator.MoveNext();
            string primaryUserId = (string) enumerator.Current;

            spGen.SetSignerUserId(true, primaryUserId);

            sGen.SetHashedSubpackets(spGen.Generate());

            PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator(
                CompressionAlgorithmTag.Zip);

            BcpgOutputStream bcOut = new BcpgOutputStream(cGen.Open(new UncloseableStream(bOut)));

            sGen.GenerateOnePassVersion(false).Encode(bcOut);

            PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();

            DateTime testDateTime = new DateTime(1973, 7, 27);
            Stream lOut = lGen.Open(
                new UncloseableStream(bcOut),
                PgpLiteralData.Binary,
                "_CONSOLE",
                dataBytes.Length,
                testDateTime);

            int ch;
            while ((ch = testIn.ReadByte()) >= 0)
            {
                lOut.WriteByte((byte) ch);
                sGen.Update((byte)ch);
            }

            lGen.Close();

            sGen.Generate().Encode(bcOut);

            cGen.Close();

            PgpObjectFactory pgpFact = new PgpObjectFactory(bOut.ToArray());
            PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject();

            pgpFact = new PgpObjectFactory(c1.GetDataStream());

            PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject();
            PgpOnePassSignature ops = p1[0];

            PgpLiteralData p2 = (PgpLiteralData) pgpFact.NextPgpObject();
            if (!p2.ModificationTime.Equals(testDateTime))
            {
                Fail("Modification time not preserved");
            }

            Stream dIn = p2.GetInputStream();

            ops.InitVerify(pgpPubKey);

            while ((ch = dIn.ReadByte()) >= 0)
            {
                ops.Update((byte) ch);
            }

            PgpSignatureList p3 = (PgpSignatureList) pgpFact.NextPgpObject();

            if (!ops.Verify(p3[0]))
            {
                Fail("Failed generated signature check");
            }
        }
		private void generateTest(
			string message,
			string type)
		{
			PgpSecretKey                    pgpSecKey = ReadSecretKey(new MemoryStream(secretKey));
			PgpPrivateKey                   pgpPrivKey = pgpSecKey.ExtractPrivateKey("".ToCharArray());
			PgpSignatureGenerator           sGen = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
			PgpSignatureSubpacketGenerator  spGen = new PgpSignatureSubpacketGenerator();

			sGen.InitSign(PgpSignature.CanonicalTextDocument, pgpPrivKey);

			IEnumerator    it = pgpSecKey.PublicKey.GetUserIds().GetEnumerator();
			if (it.MoveNext())
			{
				spGen.SetSignerUserId(false, (string)it.Current);
				sGen.SetHashedSubpackets(spGen.Generate());
			}

			MemoryStream bOut = new MemoryStream();
			ArmoredOutputStream aOut = new ArmoredOutputStream(bOut);
			MemoryStream bIn = new MemoryStream(Encoding.ASCII.GetBytes(message), false);

			aOut.BeginClearText(HashAlgorithmTag.Sha256);

			//
			// note the last \n m_in the file is ignored
			//
			MemoryStream lineOut = new MemoryStream();
			int lookAhead = ReadInputLine(lineOut, bIn);

			ProcessLine(aOut, sGen, lineOut.ToArray());

			if (lookAhead != -1)
			{
				do
				{
					lookAhead = ReadInputLine(lineOut, lookAhead, bIn);

					sGen.Update((byte) '\r');
					sGen.Update((byte) '\n');

					ProcessLine(aOut, sGen, lineOut.ToArray());
				}
				while (lookAhead != -1);
			}

			aOut.EndClearText();

			BcpgOutputStream bcpgOut = new BcpgOutputStream(aOut);

			sGen.Generate().Encode(bcpgOut);

			aOut.Close();

			byte[] bs = bOut.ToArray();
			messageTest(Encoding.ASCII.GetString(bs, 0, bs.Length), type);
		}