/// <summary>
        /// Create master signing key.
        /// </summary>
        /// <param name="keyRingGen">
        /// Key ring generator.
        /// </param>
        /// <param name="identity">
        /// Identity of the key.
        /// </param>
        /// <param name="password">
        /// Password to protect the secret key.
        /// </param>
        /// <param name="expires">
        /// Key expiry; null means never expires.
        /// </param>
        /// <param name="encryptKeyLength">
        /// Length of the encryption key.
        /// </param>
        /// <param name="encryptGenerator">
        /// Generator for the encryption key.
        /// </param>
        /// <param name="encryptionAlgorithm">
        /// Encryption algorithm.
        /// </param>
        /// <param name="symmetricAlgorithm">
        /// Symmetric algorithm.
        /// </param>
        /// <returns>
        /// Returns the <see cref="PgpKeyRingGenerator"/> with the keyring properties
        /// thus far.
        /// </returns>
        public static PgpKeyRingGenerator CreateEncryptionSubkey(
            PgpKeyRingGenerator keyRingGen,
            string identity,
            string password,
            DateTime?expires,
            int encryptKeyLength    = 2048,
            string encryptGenerator = "RSA",
            PublicKeyAlgorithmTag encryptionAlgorithm   = PublicKeyAlgorithmTag.RsaEncrypt,
            SymmetricKeyAlgorithmTag symmetricAlgorithm = SymmetricKeyAlgorithmTag.Aes256)
        {
            var keyringParameters = new KeyRingParameters(encryptKeyLength, encryptGenerator)
            {
                Password = password,
                Identity = identity,
                PrivateKeyEncryptionAlgorithm = symmetricAlgorithm,
                SymmetricAlgorithms           = new[]
                {
                    SymmetricKeyAlgorithmTag.Aes256,
                    SymmetricKeyAlgorithmTag.Aes192,
                    SymmetricKeyAlgorithmTag.Aes128
                },
                HashAlgorithms = new[]
                {
                    HashAlgorithmTag.Sha256,
                    HashAlgorithmTag.Sha1,
                    HashAlgorithmTag.Sha384,
                    HashAlgorithmTag.Sha512,
                    HashAlgorithmTag.Sha224,
                }
            };

            // encryption key
            var generator = GeneratorUtilities.GetKeyPairGenerator(encryptGenerator);

            generator.Init(keyringParameters.KeyParams);
            var encKeyPair = new PgpKeyPair(encryptionAlgorithm, generator.GenerateKeyPair(), DateTime.UtcNow);

            var symmetricAlgorithms = (from a in keyringParameters.SymmetricAlgorithms
                                       select(int) a).ToArray();
            var hashAlgorithms = (from a in keyringParameters.HashAlgorithms
                                  select(int) a).ToArray();

            Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X"));
            var encSubpckGen = new PgpSignatureSubpacketGenerator();

            encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
            encSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms);
            encSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms);
            if (expires != null)
            {
                encSubpckGen.SetKeyExpirationTime(false, (long)((DateTime)expires - DateTime.Now).TotalSeconds);
            }

            // add encryption subkey to keyring
            keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
            return(keyRingGen);
        }
Example #2
0
        PgpKeyRingGenerator CreateKeyRingGenerator(MailboxAddress mailbox, EncryptionAlgorithm algorithm, long expirationTime, string password, DateTime now, SecureRandom random)
        {
            var enabledEncryptionAlgorithms = EnabledEncryptionAlgorithms;
            var enabledDigestAlgorithms     = EnabledDigestAlgorithms;
            var encryptionAlgorithms        = new int[enabledEncryptionAlgorithms.Length];
            var digestAlgorithms            = new int[enabledDigestAlgorithms.Length];

            for (int i = 0; i < enabledEncryptionAlgorithms.Length; i++)
            {
                encryptionAlgorithms[i] = (int)enabledEncryptionAlgorithms[i];
            }
            for (int i = 0; i < enabledDigestAlgorithms.Length; i++)
            {
                digestAlgorithms[i] = (int)enabledDigestAlgorithms[i];
            }

            var parameters       = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x10001), random, 2048, 12);
            var signingAlgorithm = PublicKeyAlgorithmTag.RsaSign;

            var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA");

            keyPairGenerator.Init(parameters);

            var signingKeyPair = new PgpKeyPair(signingAlgorithm, keyPairGenerator.GenerateKeyPair(), now);

            var subpacketGenerator = new PgpSignatureSubpacketGenerator();

            subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
            subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms);
            subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms);

            if (expirationTime > 0)
            {
                subpacketGenerator.SetKeyExpirationTime(false, expirationTime);
                subpacketGenerator.SetSignatureExpirationTime(false, expirationTime);
            }

            subpacketGenerator.SetFeature(false, Org.BouncyCastle.Bcpg.Sig.Features.FEATURE_MODIFICATION_DETECTION);

            var keyRingGenerator = new PgpKeyRingGenerator(
                PgpSignature.PositiveCertification,
                signingKeyPair,
                mailbox.ToString(false),
                GetSymmetricKeyAlgorithm(algorithm),
                CharsetUtils.UTF8.GetBytes(password),
                true,
                subpacketGenerator.Generate(),
                null,
                random);

            // Add the (optional) encryption subkey.
            AddEncryptionKeyPair(keyRingGenerator, parameters, PublicKeyAlgorithmTag.RsaGeneral, now, expirationTime, encryptionAlgorithms, digestAlgorithms);

            return(keyRingGenerator);
        }
Example #3
0
        void AddEncryptionKeyPair(PgpKeyRingGenerator keyRingGenerator, KeyGenerationParameters parameters, PublicKeyAlgorithmTag algorithm, DateTime now, long expirationTime, int[] encryptionAlgorithms, int[] digestAlgorithms)
        {
            var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA");

            keyPairGenerator.Init(parameters);

            var keyPair            = new PgpKeyPair(algorithm, keyPairGenerator.GenerateKeyPair(), now);
            var subpacketGenerator = new PgpSignatureSubpacketGenerator();

            subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
            subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms);
            subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms);

            if (expirationTime > 0)
            {
                subpacketGenerator.SetKeyExpirationTime(false, expirationTime);
                subpacketGenerator.SetSignatureExpirationTime(false, expirationTime);
            }

            keyRingGenerator.AddSubKey(keyPair, subpacketGenerator.Generate(), null);
        }
Example #4
0
        /*
         * Creates a key ring generator and returns to caller
         */
        public static PgpKeyRingGenerator GetKeyRingGenerator(
            ApplicationContext context,
            Node args,
            string identity,
            string password,
            DateTime expires,
            int strength,
            long publicExponent,
            int certainty)
        {
            // Creating a secure random generator to use when creating keypairs, seeding with all sorts of different unique values
            var sr = CreateNewSecureRandom(context, args);

            // Creating our generator
            IAsymmetricCipherKeyPairGenerator generator = GeneratorUtilities.GetKeyPairGenerator("RSA");

            generator.Init(
                new RsaKeyGenerationParameters(
                    BigInteger.ValueOf(publicExponent),
                    sr,
                    strength,
                    certainty));

            // Creates the master key (signing-only key)
            PgpKeyPair masterKeyPair = new PgpKeyPair(
                PublicKeyAlgorithmTag.RsaGeneral,
                generator.GenerateKeyPair(),
                DateTime.UtcNow);

            PgpSignatureSubpacketGenerator masterSubPacketGenerator = new PgpSignatureSubpacketGenerator();

            masterSubPacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
            masterSubPacketGenerator.SetPreferredSymmetricAlgorithms(false,
                                                                     new SymmetricKeyAlgorithmTag [] {
                SymmetricKeyAlgorithmTag.Aes256,
                SymmetricKeyAlgorithmTag.Aes192,
                SymmetricKeyAlgorithmTag.Aes128
            }.Select(ix => (int)ix).ToArray());
            masterSubPacketGenerator.SetPreferredHashAlgorithms(false,
                                                                new HashAlgorithmTag [] {
                HashAlgorithmTag.Sha256,
                HashAlgorithmTag.Sha1,
                HashAlgorithmTag.Sha384,
                HashAlgorithmTag.Sha512,
                HashAlgorithmTag.Sha224
            }.Select(ix => (int)ix).ToArray());
            masterSubPacketGenerator.SetKeyExpirationTime(false, (long)(expires - DateTime.Now).TotalSeconds);

            // Creating a new secure random generator to use when creating keypairs, seeding with all sorts of different unique values
            sr = CreateNewSecureRandom(context, args);

            // Create signing and encryption key, for daily use
            PgpKeyPair encryptionKeyPair = new PgpKeyPair(
                PublicKeyAlgorithmTag.RsaGeneral,
                generator.GenerateKeyPair(),
                DateTime.UtcNow);

            PgpSignatureSubpacketGenerator encryptionSubPacketGenerator = new PgpSignatureSubpacketGenerator();

            encryptionSubPacketGenerator.SetKeyFlags(false,
                                                     PgpKeyFlags.CanEncryptCommunications |
                                                     PgpKeyFlags.CanEncryptStorage |
                                                     PgpKeyFlags.CanSign);
            encryptionSubPacketGenerator.SetKeyExpirationTime(false, (long)(expires - DateTime.Now).TotalSeconds);

            // Creating keyring
            PgpKeyRingGenerator keyRingGenerator = new PgpKeyRingGenerator(
                PgpSignature.DefaultCertification,
                masterKeyPair,
                identity,
                SymmetricKeyAlgorithmTag.Aes256,
                password.ToCharArray(),
                true,
                masterSubPacketGenerator.Generate(),
                null,
                sr);

            // Add encryption subkey
            keyRingGenerator.AddSubKey(encryptionKeyPair, encryptionSubPacketGenerator.Generate(), null);

            // Returning keyring to caller
            return(keyRingGenerator);
        }
        /// <summary>
        /// Create master signing key.
        /// </summary>
        /// <param name="identity">
        /// Identity of the key.
        /// </param>
        /// <param name="password">
        /// Password to protect the secret key.
        /// </param>
        /// <param name="expires">
        /// Key expiry; null means never expires.
        /// </param>
        /// <param name="signKeyLength">
        /// Length of the signing key.
        /// </param>
        /// <param name="signGenerator">
        /// Generator for the signing key.
        /// </param>
        /// <param name="signingAlgorithm">
        /// Signing algorithm.
        /// </param>
        /// <param name="symmetricAlgorithm">
        /// Symmetric algorithm.
        /// </param>
        /// <returns>
        /// Returns the <see cref="PgpKeyRingGenerator"/> with the keyring properties
        /// thus far.
        /// </returns>
        public static PgpKeyRingGenerator CreateMasterSigningKey(
            string identity,
            string password,
            DateTime?expires,
            int signKeyLength    = 2048,
            string signGenerator = "RSA",
            PublicKeyAlgorithmTag signingAlgorithm      = PublicKeyAlgorithmTag.RsaSign,
            SymmetricKeyAlgorithmTag symmetricAlgorithm = SymmetricKeyAlgorithmTag.Aes256)
        {
            var keyringParameters = new KeyRingParameters(signKeyLength, signGenerator)
            {
                Password = password,
                Identity = identity,
                PrivateKeyEncryptionAlgorithm = symmetricAlgorithm,
                SymmetricAlgorithms           = new[]
                {
                    SymmetricKeyAlgorithmTag.Aes256,
                    SymmetricKeyAlgorithmTag.Aes192,
                    SymmetricKeyAlgorithmTag.Aes128
                },
                HashAlgorithms = new[]
                {
                    HashAlgorithmTag.Sha256,
                    HashAlgorithmTag.Sha1,
                    HashAlgorithmTag.Sha384,
                    HashAlgorithmTag.Sha512,
                    HashAlgorithmTag.Sha224,
                }
            };

            // master signing key
            var generator = GeneratorUtilities.GetKeyPairGenerator(signGenerator);

            generator.Init(keyringParameters.KeyParams);
            var masterKeyPair = new PgpKeyPair(signingAlgorithm, generator.GenerateKeyPair(), DateTime.UtcNow);

            Debug.WriteLine("Generated master key with ID " + masterKeyPair.KeyId.ToString("X"));

            var symmetricAlgorithms = (from a in keyringParameters.SymmetricAlgorithms
                                       select(int) a).ToArray();
            var hashAlgorithms = (from a in keyringParameters.HashAlgorithms
                                  select(int) a).ToArray();

            var masterSubpckGen = new PgpSignatureSubpacketGenerator();

            masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
            masterSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms);
            masterSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms);
            if (expires != null)
            {
                masterSubpckGen.SetKeyExpirationTime(false, (long)((DateTime)expires - DateTime.Now).TotalSeconds);
            }

            // keyring -- adding master key
            return(new PgpKeyRingGenerator(
                       PgpSignature.DefaultCertification,
                       masterKeyPair,
                       keyringParameters.Identity,
                       keyringParameters.PrivateKeyEncryptionAlgorithm,
                       keyringParameters.GetPassword(),
                       true,
                       masterSubpckGen.Generate(),
                       null,
                       new SecureRandom()));
        }