/// <summary>
///
/// </summary>
/// <param name="SecretKey"></param>
/// <param name="Passhrase"></param>
/// <param name="Reason"></param>
/// <param name="RevokeDescription"></param>
/// <returns></returns>
public static PgpSignature GenerateSignature(PgpSecretKey SecretKey, char[] Passhrase, string Reason, string RevokeDescription)
{
RevocationReasonTag RevokeReason;
if (string.Equals(Reason, "Compromised", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeyCompromised;
}
else if (string.Equals(Reason, "Retired", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeyRetired;
}
else if (string.Equals(Reason, "Superseded", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeySuperseded;
}
else if (string.Equals(Reason, "NoReason", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.NoReason;
}
else if (string.Equals(Reason, "Invalid", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.UserNoLongerValid;
}
else
{
RevokeReason = RevocationReasonTag.NoReason;
}
// Create the subpacket generators for the hashed and unhashed packets.
var subHashGenerator = new PgpSignatureSubpacketGenerator();
var subUnHashGenerator = new PgpSignatureSubpacketGenerator();
// Extract the private key from the secret key.
PgpPrivateKey privKey;
try
{
privKey = SecretKey.ExtractPrivateKey(Passhrase);
}
catch
{
throw new PgpException("Wrong Passphrase, could not extract private key.");
}
// Create a signature generator and initialize it for key revocation.
var generator = new PgpSignatureGenerator(SecretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
generator.InitSign(PgpSignature.KeyRevocation, privKey, new SecureRandom());
// Create the hashed and unhashed subpackets and add them to the signature generator.
subHashGenerator.SetSignatureCreationTime(false, DateTime.UtcNow);
subHashGenerator.SetRevocationReason(false, RevokeReason, RevokeDescription);
subUnHashGenerator.SetRevocationKey(false, SecretKey.PublicKey.Algorithm, SecretKey.PublicKey.GetFingerprint());
generator.SetHashedSubpackets(subHashGenerator.Generate());
generator.SetUnhashedSubpackets(subUnHashGenerator.Generate());
// Generate the certification
var signature = generator.GenerateCertification(SecretKey.PublicKey);
return(signature);
}
/// <summary>
///
/// </summary>
/// <param name="SecretKey"></param>
/// <param name="Passhrase"></param>
/// <param name="Reason"></param>
/// <param name="RevokeDescription"></param>
/// <param name="OutFile"></param>
public static void GenerateCertificate(PgpSecretKey SecretKey, char[] Passhrase, string Reason, string RevokeDescription, string OutFile)
{
RevocationReasonTag RevokeReason;
if (string.Equals(Reason, "Compromised", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeyCompromised;
}
else if (string.Equals(Reason, "Retired", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeyRetired;
}
else if (string.Equals(Reason, "Superseded", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeySuperseded;
}
else if (string.Equals(Reason, "NoReason", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.NoReason;
}
else if (string.Equals(Reason, "Invalid", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.UserNoLongerValid;
}
else
{
RevokeReason = RevocationReasonTag.NoReason;
}
// Create the subpacket generators for the hashed and unhashed packets.
var subHashGenerator = new PgpSignatureSubpacketGenerator();
var subUnHashGenerator = new PgpSignatureSubpacketGenerator();
// Extract the private key from the secret key.
PgpPrivateKey privKey;
try
{
privKey = SecretKey.ExtractPrivateKey(Passhrase);
}
catch
{
throw new PgpException("Wrong Passphrase, could not extract private key.");
}
// Create a signature generator and initialize it for key revocation.
var generator = new PgpSignatureGenerator(SecretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256);
generator.InitSign(PgpSignature.KeyRevocation, privKey, new SecureRandom());
// Create the hashed and unhashed subpackets and add them to the signature generator.
subHashGenerator.SetSignatureCreationTime(false, DateTime.UtcNow);
subHashGenerator.SetRevocationReason(false, RevokeReason, RevokeDescription);
subUnHashGenerator.SetRevocationKey(false, SecretKey.PublicKey.Algorithm, SecretKey.PublicKey.GetFingerprint());
generator.SetHashedSubpackets(subHashGenerator.Generate());
generator.SetUnhashedSubpackets(subUnHashGenerator.Generate());
// Generate the certification
var signature = generator.GenerateCertification(SecretKey.PublicKey);
// Create the armour output stream and set the headers
var mStream = new MemoryStream();
using (var outAStream = new ArmoredOutputStream(mStream))
{
outAStream.SetHeader("Version", "Posh-OpenPGP");
outAStream.SetHeader("Comment", "A revocation certificate should follow");
signature.Encode(outAStream);
outAStream.Close();
}
// Turn the stream in to armour text and make sure we replace the propper headers
mStream.Position = 0;
var sr = new StreamReader(mStream);
var armour = sr.ReadToEnd();
var outstr = armour.Replace("BEGIN PGP SIGNATURE", "BEGIN PGP PUBLIC KEY BLOCK").Replace("END PGP SIGNATURE", "END PGP PUBLIC KEY BLOCK");
// Save the string to the specified file.
System.IO.File.WriteAllText(OutFile, outstr);
}
