/// <summary>
/// Creates a new <see cref="MultipartEncrypted"/>.
/// </summary>
/// <remarks>
/// Encrypts the entity to the specified recipients, encapsulating the result in a
/// new multipart/encrypted part.
/// </remarks>
/// <returns>A new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance containing
/// the encrypted version of the specified entity.</returns>
/// <param name="recipients">The recipients for the encrypted entity.</param>
/// <param name="entity">The entity to sign and encrypt.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentException">
/// One or more of the recipient keys cannot be used for encrypting.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// A default <see cref="OpenPgpContext"/> has not been registered.
/// </exception>
public static MultipartEncrypted Create(IEnumerable <PgpPublicKey> recipients, MimeEntity entity)
{
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = (OpenPgpContext)CryptographyContext.Create("application/pgp-encrypted")) {
return(Create(ctx, recipients, entity));
}
}
/// <summary>
/// Encrypts the specified entity.
/// </summary>
/// <remarks>
/// Encrypts the entity to the specified recipients using the default <see cref="SecureMimeContext"/>.
/// </remarks>
/// <returns>The encrypted entity.</returns>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentException">
/// Valid certificates could not be found for one or more of the <paramref name="recipients"/>.
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// A certificate could not be found for one or more of the <paramref name="recipients"/>.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime Encrypt(IEnumerable <MailboxAddress> recipients, MimeEntity entity)
{
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(Encrypt(ctx, recipients, entity));
}
}
/// <summary>
/// Encrypts the specified entity.
/// </summary>
/// <remarks>
/// Encrypts the entity to the specified recipients using the default <see cref="SecureMimeContext"/>.
/// </remarks>
/// <returns>The encrypted entity.</returns>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime Encrypt(CmsRecipientCollection recipients, MimeEntity entity)
{
if (recipients == null)
{
throw new ArgumentNullException(nameof(recipients));
}
if (entity == null)
{
throw new ArgumentNullException(nameof(entity));
}
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(Encrypt(ctx, recipients, entity));
}
}
/// <summary>
/// Cryptographically signs the specified entity.
/// </summary>
/// <remarks>
/// <para>Signs the entity using the supplied signer.</para>
/// <para>For better interoperability with other mail clients, you should use
/// <see cref="MultipartSigned.Create(SecureMimeContext, CmsSigner, MimeEntity)"/>
/// instead as the multipart/signed format is supported among a much larger
/// subset of mail client software.</para>
/// </remarks>
/// <returns>The signed entity.</returns>
/// <param name="signer">The signer.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime Sign(CmsSigner signer, MimeEntity entity)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(Sign(ctx, signer, entity));
}
}
/// <summary>
/// Cryptographically signs the specified entity.
/// </summary>
/// <remarks>
/// <para>Signs the entity using the supplied signer and digest algorithm.</para>
/// <para>For better interoperability with other mail clients, you should use
/// <see cref="MultipartSigned.Create(SecureMimeContext, CmsSigner, MimeEntity)"/>
/// instead as the multipart/signed format is supported among a much larger
/// subset of mail client software.</para>
/// </remarks>
/// <returns>The signed entity.</returns>
/// <param name="signer">The signer.</param>
/// <param name="digestAlgo">The digest algorithm to use for signing.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// A signing certificate could not be found for <paramref name="signer"/>.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime Sign(MailboxAddress signer, DigestAlgorithm digestAlgo, MimeEntity entity)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(Sign(ctx, signer, digestAlgo, entity));
}
}
static MultipartSigned Create(CryptographyContext ctx, DigestAlgorithm digestAlgo, MimeEntity entity, MimeEntity signature)
{
var micalg = ctx.GetDigestAlgorithmName(digestAlgo);
var signed = new MultipartSigned();
// set the protocol and micalg Content-Type parameters
signed.ContentType.Parameters["protocol"] = ctx.SignatureProtocol;
signed.ContentType.Parameters["micalg"] = micalg;
// add the modified/parsed entity as our first part
signed.Add(entity);
// add the detached signature as the second part
signed.Add(signature);
return(signed);
}
/// <summary>
/// Cryptographically signs and encrypts the specified entity.
/// </summary>
/// <remarks>
/// Cryptographically signs entity using the supplied signer and the default <see cref="SecureMimeContext"/>
/// and then encrypts the result to the specified recipients.
/// </remarks>
/// <returns>The signed and encrypted entity.</returns>
/// <param name="signer">The signer.</param>
/// <param name="digestAlgo">The digest algorithm to use for signing.</param>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// <para>A signing certificate could not be found for <paramref name="signer"/>.</para>
/// <para>-or-</para>
/// <para>A certificate could not be found for one or more of the <paramref name="recipients"/>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime SignAndEncrypt(MailboxAddress signer, DigestAlgorithm digestAlgo, IEnumerable <MailboxAddress> recipients, MimeEntity entity)
{
if (signer == null)
{
throw new ArgumentNullException(nameof(signer));
}
if (recipients == null)
{
throw new ArgumentNullException(nameof(recipients));
}
if (entity == null)
{
throw new ArgumentNullException(nameof(entity));
}
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime"))
return(SignAndEncrypt(ctx, signer, digestAlgo, recipients, entity));
}
/// <summary>
/// Cryptographically signs and encrypts the specified entity.
/// </summary>
/// <remarks>
/// Cryptographically signs entity using the supplied signer and then
/// encrypts the result to the specified recipients.
/// </remarks>
/// <returns>The signed and encrypted entity.</returns>
/// <param name="signer">The signer.</param>
/// <param name="recipients">The recipients.</param>
/// <param name="entity">The entity.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static ApplicationPkcs7Mime SignAndEncrypt(CmsSigner signer, CmsRecipientCollection recipients, MimeEntity entity)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(SignAndEncrypt(ctx, signer, recipients, entity));
}
}
/// <summary>
/// Creates a new <see cref="MultipartEncrypted"/>.
/// </summary>
/// <remarks>
/// Signs the entity using the supplied signer and digest algorithm and then encrypts to
/// the specified recipients, encapsulating the result in a new multipart/encrypted part.
/// </remarks>
/// <returns>A new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance containing
/// the signed and encrypted version of the specified entity.</returns>
/// <param name="signer">The signer to use to sign the entity.</param>
/// <param name="digestAlgo">The digest algorithm to use for signing.</param>
/// <param name="cipherAlgo">The encryption algorithm.</param>
/// <param name="recipients">The recipients for the encrypted entity.</param>
/// <param name="entity">The entity to sign and encrypt.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentException">
/// <para><paramref name="signer"/> cannot be used for signing.</para>
/// <para>-or-</para>
/// <para>One or more of the recipient keys cannot be used for encrypting.</para>
/// <para>-or-</para>
/// <para>No recipients were specified.</para>
/// </exception>
/// <exception cref="System.ArgumentOutOfRangeException">
/// The <paramref name="digestAlgo"/> was out of range.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// <para>A default <see cref="OpenPgpContext"/> has not been registered.</para>
/// <para>-or-</para>
/// <para>The <paramref name="digestAlgo"/> is not supported.</para>
/// <para>-or-</para>
/// <para>The <paramref name="cipherAlgo"/> is not supported.</para>
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The user chose to cancel the password prompt.
/// </exception>
/// <exception cref="System.UnauthorizedAccessException">
/// 3 bad attempts were made to unlock the secret key.
/// </exception>
public static MultipartEncrypted Create(PgpSecretKey signer, DigestAlgorithm digestAlgo, EncryptionAlgorithm cipherAlgo, IEnumerable <PgpPublicKey> recipients, MimeEntity entity)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = (OpenPgpContext)CryptographyContext.Create("application/pgp-encrypted")) {
return(Create(ctx, signer, digestAlgo, cipherAlgo, recipients, entity));
}
}
/// <summary>
/// Creates a new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance with the entity as the content.
/// </summary>
/// <returns>A new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance containing
/// the signed and encrypted version of the specified entity.</returns>
/// <param name="signer">The signer to use to sign the entity.</param>
/// <param name="digestAlgo">The digest algorithm to use for signing.</param>
/// <param name="recipients">The recipients for the encrypted entity.</param>
/// <param name="entity">The entity to sign and encrypt.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.NotSupportedException">
/// A default <see cref="OpenPgpContext"/> has not been registered.
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The user chose to cancel the password prompt.
/// </exception>
/// <exception cref="System.UnauthorizedAccessException">
/// 3 bad attempts were made to unlock the secret key.
/// </exception>
public static MultipartEncrypted Create(MailboxAddress signer, DigestAlgorithm digestAlgo, IEnumerable <MailboxAddress> recipients, MimeEntity entity)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = CryptographyContext.Create("application/pgp-encrypted")) {
using (var memory = new MemoryStream()) {
var options = FormatOptions.Default.Clone();
options.NewLineFormat = NewLineFormat.Dos;
PrepareEntityForEncrypting(entity);
entity.WriteTo(options, memory);
memory.Position = 0;
var encrypted = new MultipartEncrypted();
encrypted.ContentType.Parameters["protocol"] = ctx.EncryptionProtocol;
// add the protocol version part
encrypted.Add(new ApplicationPgpEncrypted());
// add the encrypted entity as the second part
encrypted.Add(ctx.SignAndEncrypt(signer, digestAlgo, recipients, memory));
return(encrypted);
}
}
}
/// <summary>
/// Creates a new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance with the entity as the content.
/// </summary>
/// <returns>A new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance containing
/// the encrypted version of the specified entity.</returns>
/// <param name="recipients">The recipients for the encrypted entity.</param>
/// <param name="entity">The entity to sign and encrypt.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="recipients"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.NotSupportedException">
/// A default <see cref="OpenPgpContext"/> has not been registered.
/// </exception>
public static MultipartEncrypted Create(IEnumerable <MailboxAddress> recipients, MimeEntity entity)
{
if (recipients == null)
{
throw new ArgumentNullException("recipients");
}
if (entity == null)
{
throw new ArgumentNullException("entity");
}
using (var ctx = CryptographyContext.Create("application/pgp-encrypted")) {
using (var memory = new MemoryStream()) {
using (var filtered = new FilteredStream(memory)) {
filtered.Add(new Unix2DosFilter());
PrepareEntityForEncrypting(entity);
entity.WriteTo(filtered);
filtered.Flush();
}
memory.Position = 0;
var encrypted = new MultipartEncrypted();
encrypted.ContentType.Parameters["protocol"] = ctx.EncryptionProtocol;
// add the protocol version part
encrypted.Add(new ApplicationPgpEncrypted());
// add the encrypted entity as the second part
encrypted.Add(ctx.Encrypt(recipients, memory));
return(encrypted);
}
}
}
/// <summary>
/// Encrypt the message to the sender and all of the recipients
/// using the specified cryptography context.
/// </summary>
/// <remarks>
/// If either of the Resent-Sender or Resent-From headers are set, then the message
/// will be encrypted to all of the addresses specified in the Resent headers
/// (Resent-Sender, Resent-From, Resent-To, Resent-Cc, and Resent-Bcc),
/// otherwise the message will be encrypted to all of the addresses specified in
/// the standard address headers (Sender, From, To, Cc, and Bcc).
/// </remarks>
/// <param name="ctx">The cryptography context.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="ctx"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.ArgumentException">
/// An unknown type of cryptography context was used.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// <para>The <see cref="Body"/> has not been set.</para>
/// <para>-or-</para>
/// <para>No recipients have been specified.</para>
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// A certificate could not be found for one or more of the recipients.
/// </exception>
/// <exception cref="PublicKeyNotFoundException">
/// The public key could not be found for one or more of the recipients.
/// </exception>
public void Encrypt (CryptographyContext ctx)
{
if (ctx == null)
throw new ArgumentNullException ("ctx");
if (Body == null)
throw new InvalidOperationException ("No message body has been set.");
var recipients = GetMessageRecipients (true);
if (recipients.Count == 0)
throw new InvalidOperationException ("No recipients have been set.");
if (ctx is SecureMimeContext) {
Body = ApplicationPkcs7Mime.Encrypt ((SecureMimeContext) ctx, recipients, Body);
} else if (ctx is OpenPgpContext) {
Body = MultipartEncrypted.Encrypt ((OpenPgpContext) ctx, recipients, Body);
} else {
throw new ArgumentException ("Unknown type of cryptography context.", "ctx");
}
}
/// <summary>
/// Sign the message using the specified cryptography context and digest algorithm.
/// </summary>
/// <remarks>
/// If either of the Resent-Sender or Resent-From headers are set, then the message
/// will be signed using the Resent-Sender (or first mailbox in the Resent-From)
/// address as the signer address, otherwise the Sender or From address will be
/// used instead.
/// </remarks>
/// <param name="ctx">The cryptography context.</param>
/// <param name="digestAlgo">The digest algorithm.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="ctx"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// <para>The <see cref="Body"/> has not been set.</para>
/// <para>-or-</para>
/// <para>A sender has not been specified.</para>
/// </exception>
/// <exception cref="System.ArgumentOutOfRangeException">
/// The <paramref name="digestAlgo"/> was out of range.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// The <paramref name="digestAlgo"/> is not supported.
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// A signing certificate could not be found for the sender.
/// </exception>
/// <exception cref="PrivateKeyNotFoundException">
/// The private key could not be found for the sender.
/// </exception>
public void Sign (CryptographyContext ctx, DigestAlgorithm digestAlgo)
{
if (ctx == null)
throw new ArgumentNullException ("ctx");
if (Body == null)
throw new InvalidOperationException ("No message body has been set.");
var signer = GetMessageSigner ();
if (signer == null)
throw new InvalidOperationException ("The sender has not been set.");
Body = MultipartSigned.Create (ctx, signer, digestAlgo, Body);
}
/// <summary>
/// Creates a new <see cref="MultipartSigned"/>.
/// </summary>
/// <remarks>
/// Cryptographically signs the entity using the supplied signer in order
/// to generate a detached signature and then adds the entity along with
/// the detached signature data to a new multipart/signed part.
/// </remarks>
/// <returns>A new <see cref="MultipartSigned"/> instance.</returns>
/// <param name="signer">The signer.</param>
/// <param name="entity">The entity to sign.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.NotSupportedException">
/// A cryptography context suitable for signing could not be found.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static MultipartSigned Create(CmsSigner signer, MimeEntity entity)
{
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-signature"))
return(Create(ctx, signer, entity));
}
/// <summary>
/// Creates a new <see cref="MultipartSigned"/>.
/// </summary>
/// <remarks>
/// Cryptographically signs the entity using the supplied signer and digest algorithm in
/// order to generate a detached signature and then adds the entity along with the
/// detached signature data to a new multipart/signed part.
/// </remarks>
/// <returns>A new <see cref="MultipartSigned"/> instance.</returns>
/// <param name="signer">The signer.</param>
/// <param name="digestAlgo">The digest algorithm to use for signing.</param>
/// <param name="entity">The entity to sign.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentException">
/// <paramref name="signer"/> cannot be used for signing.
/// </exception>
/// <exception cref="System.ArgumentOutOfRangeException">
/// The <paramref name="digestAlgo"/> was out of range.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// <para>A cryptography context suitable for signing could not be found.</para>
/// <para>-or-</para>
/// <para>The <paramref name="digestAlgo"/> is not supported.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Bcpg.OpenPgp.PgpException">
/// An error occurred in the OpenPGP subsystem.
/// </exception>
public static MultipartSigned Create(PgpSecretKey signer, DigestAlgorithm digestAlgo, MimeEntity entity)
{
using (var ctx = (OpenPgpContext)CryptographyContext.Create("application/pgp-signature"))
return(Create(ctx, signer, digestAlgo, entity));
}
/// <summary>
/// Decrypts the <see cref="MultipartEncrypted"/> part.
/// </summary>
/// <remarks>
/// Decrypts the <see cref="MultipartEncrypted"/> and extracts any digital signatures in cases
/// where the content was also signed.
/// </remarks>
/// <returns>The decrypted entity.</returns>
/// <param name="signatures">A list of digital signatures if the data was both signed and encrypted.</param>
/// <exception cref="System.FormatException">
/// <para>The <c>protocol</c> parameter was not specified.</para>
/// <para>-or-</para>
/// <para>The multipart is malformed in some way.</para>
/// </exception>
/// <exception cref="System.NotSupportedException">
/// A suitable <see cref="MimeKit.Cryptography.CryptographyContext"/> for
/// decrypting could not be found.
/// </exception>
/// <exception cref="PrivateKeyNotFoundException">
/// The private key could not be found to decrypt the encrypted data.
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The user chose to cancel the password prompt.
/// </exception>
/// <exception cref="System.UnauthorizedAccessException">
/// 3 bad attempts were made to unlock the secret key.
/// </exception>
public MimeEntity Decrypt(out DigitalSignatureCollection signatures)
{
var protocol = ContentType.Parameters["protocol"];
if (string.IsNullOrEmpty(protocol))
{
throw new FormatException();
}
protocol = protocol.Trim().ToLowerInvariant();
if (Count < 2)
{
throw new FormatException();
}
var version = this[0] as MimePart;
if (version == null)
{
throw new FormatException();
}
var ctype = version.ContentType;
var value = string.Format("{0}/{1}", ctype.MediaType, ctype.MediaSubtype);
if (value.ToLowerInvariant() != protocol)
{
throw new FormatException();
}
var encrypted = this[1] as MimePart;
if (encrypted == null || encrypted.ContentObject == null)
{
throw new FormatException();
}
if (!encrypted.ContentType.Matches("application", "octet-stream"))
{
throw new FormatException();
}
using (var ctx = CryptographyContext.Create(protocol)) {
using (var memory = new MemoryBlockStream()) {
var pgp = ctx as OpenPgpContext;
encrypted.ContentObject.DecodeTo(memory);
memory.Position = 0;
if (pgp != null)
{
return(pgp.Decrypt(memory, out signatures));
}
signatures = null;
return(ctx.Decrypt(memory));
}
}
}
/// <summary>
/// Verifies the multipart/signed part.
/// </summary>
/// <remarks>
/// Verifies the multipart/signed part using the supplied cryptography context.
/// </remarks>
/// <returns>A signer info collection.</returns>
/// <param name="ctx">The cryptography context to use for verifying the signature.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="ctx"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.FormatException">
/// The multipart is malformed in some way.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// <paramref name="ctx"/> does not support verifying the signature part.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public DigitalSignatureCollection Verify (CryptographyContext ctx)
{
if (ctx == null)
throw new ArgumentNullException ("ctx");
var protocol = ContentType.Parameters["protocol"];
if (string.IsNullOrEmpty (protocol))
throw new FormatException ("The multipart/signed part did not specify a protocol.");
if (!ctx.Supports (protocol.Trim ()))
throw new NotSupportedException ("The specified cryptography context does not support the signature protocol.");
if (Count < 2)
throw new FormatException ("The multipart/signed part did not contain the expected children.");
var signature = this[1] as MimePart;
if (signature == null || signature.ContentObject == null)
throw new FormatException ("The signature part could not be found.");
var ctype = signature.ContentType;
var value = string.Format ("{0}/{1}", ctype.MediaType, ctype.MediaSubtype);
if (!ctx.Supports (value))
throw new NotSupportedException (string.Format ("The specified cryptography context does not support '{0}'.", value));
using (var signatureData = new MemoryBlockStream ()) {
signature.ContentObject.DecodeTo (signatureData);
signatureData.Position = 0;
using (var cleartext = new MemoryBlockStream ()) {
// Note: see rfc2015 or rfc3156, section 5.1
var options = FormatOptions.Default.Clone ();
options.NewLineFormat = NewLineFormat.Dos;
this[0].WriteTo (options, cleartext);
cleartext.Position = 0;
return ctx.Verify (cleartext, signatureData);
}
}
}
/// <summary>
/// Creates a new <see cref="MultipartSigned"/>.
/// </summary>
/// <remarks>
/// Cryptographically signs the entity using the supplied signer and digest algorithm in
/// order to generate a detached signature and then adds the entity along with the
/// detached signature data to a new multipart/signed part.
/// </remarks>
/// <returns>A new <see cref="MultipartSigned"/> instance.</returns>
/// <param name="ctx">The cryptography context to use for signing.</param>
/// <param name="signer">The signer.</param>
/// <param name="digestAlgo">The digest algorithm to use for signing.</param>
/// <param name="entity">The entity to sign.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="ctx"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="signer"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="entity"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentOutOfRangeException">
/// The <paramref name="digestAlgo"/> was out of range.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// The <paramref name="digestAlgo"/> is not supported.
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// A signing certificate could not be found for <paramref name="signer"/>.
/// </exception>
/// <exception cref="PrivateKeyNotFoundException">
/// The private key could not be found for <paramref name="signer"/>.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public static MultipartSigned Create (CryptographyContext ctx, MailboxAddress signer, DigestAlgorithm digestAlgo, MimeEntity entity)
{
if (signer == null)
throw new ArgumentNullException ("signer");
if (entity == null)
throw new ArgumentNullException ("entity");
PrepareEntityForSigning (entity);
using (var memory = new MemoryBlockStream ()) {
using (var filtered = new FilteredStream (memory)) {
// Note: see rfc3156, section 3 - second note
filtered.Add (new ArmoredFromFilter ());
// Note: see rfc3156, section 5.4 (this is the main difference between rfc2015 and rfc3156)
filtered.Add (new TrailingWhitespaceFilter ());
// Note: see rfc2015 or rfc3156, section 5.1
filtered.Add (new Unix2DosFilter ());
entity.WriteTo (filtered);
filtered.Flush ();
}
memory.Position = 0;
// Note: we need to parse the modified entity structure to preserve any modifications
var parser = new MimeParser (memory, MimeFormat.Entity);
var parsed = parser.ParseEntity ();
memory.Position = 0;
// sign the cleartext content
var signature = ctx.Sign (signer, digestAlgo, memory);
var micalg = ctx.GetDigestAlgorithmName (digestAlgo);
var signed = new MultipartSigned ();
// set the protocol and micalg Content-Type parameters
signed.ContentType.Parameters["protocol"] = ctx.SignatureProtocol;
signed.ContentType.Parameters["micalg"] = micalg;
// add the modified/parsed entity as our first part
signed.Add (parsed);
// add the detached signature as the second part
signed.Add (signature);
return signed;
}
}
/// <summary>
/// Verifies the multipart/signed part.
/// </summary>
/// <remarks>
/// Verifies the multipart/signed part using the supplied cryptography context.
/// </remarks>
/// <returns>A signer info collection.</returns>
/// <param name="ctx">The cryptography context to use for verifying the signature.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="ctx"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.FormatException">
/// The multipart is malformed in some way.
/// </exception>
/// <exception cref="System.NotSupportedException">
/// <paramref name="ctx"/> does not support verifying the signature part.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public DigitalSignatureCollection Verify(CryptographyContext ctx)
{
using (var cleartext = new MemoryBlockStream()) {
return(Verify(ctx, cleartext));
}
}
/// <summary>
/// Decrypt the enveloped-data.
/// </summary>
/// <remarks>
/// Decrypts the enveloped-data using the default <see cref="SecureMimeContext"/>.
/// </remarks>
/// <returns>The decrypted <see cref="MimeKit.MimeEntity"/>.</returns>
/// <param name="cancellationToken">The cancellation token.</param>
/// <exception cref="System.InvalidOperationException">
/// The "smime-type" parameter on the Content-Type header is not "certs-only".
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The operation was cancelled via the cancellation token.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public MimeEntity Decrypt(CancellationToken cancellationToken = default(CancellationToken))
{
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime"))
return(Decrypt(ctx, cancellationToken));
}
/// <summary>
/// Verifies the signed-data and returns the unencapsulated <see cref="MimeKit.MimeEntity"/>.
/// </summary>
/// <remarks>
/// Verifies the signed-data and returns the unencapsulated <see cref="MimeKit.MimeEntity"/>.
/// </remarks>
/// <returns>The list of digital signatures.</returns>
/// <param name="entity">The unencapsulated entity.</param>
/// <exception cref="System.InvalidOperationException">
/// The "smime-type" parameter on the Content-Type header is not "signed-data".
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public DigitalSignatureCollection Verify(out MimeEntity entity)
{
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(Verify(ctx, out entity));
}
}
/// <summary>
/// Sign and encrypt the message to the sender and all of the recipients using
/// the specified cryptography context and the specified digest algorithm.
/// </summary>
/// <remarks>
/// <para>If either of the Resent-Sender or Resent-From headers are set, then the message
/// will be signed using the Resent-Sender (or first mailbox in the Resent-From)
/// address as the signer address, otherwise the Sender or From address will be
/// used instead.</para>
/// <para>Likewise, if either of the Resent-Sender or Resent-From headers are set, then the
/// message will be encrypted to all of the addresses specified in the Resent headers
/// (Resent-Sender, Resent-From, Resent-To, Resent-Cc, and Resent-Bcc),
/// otherwise the message will be encrypted to all of the addresses specified in
/// the standard address headers (Sender, From, To, Cc, and Bcc).</para>
/// </remarks>
/// <param name="ctx">The cryptography context.</param>
/// <param name="digestAlgo">The digest algorithm.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="ctx"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.ArgumentException">
/// An unknown type of cryptography context was used.
/// </exception>
/// <exception cref="System.ArgumentOutOfRangeException">
/// The <paramref name="digestAlgo"/> was out of range.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// <para>The <see cref="Body"/> has not been set.</para>
/// <para>-or-</para>
/// <para>The sender has been specified.</para>
/// <para>-or-</para>
/// <para>No recipients have been specified.</para>
/// </exception>
/// <exception cref="System.NotSupportedException">
/// The <paramref name="digestAlgo"/> is not supported.
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// A certificate could not be found for the signer or one or more of the recipients.
/// </exception>
/// <exception cref="PrivateKeyNotFoundException">
/// The private key could not be found for the sender.
/// </exception>
/// <exception cref="PublicKeyNotFoundException">
/// The public key could not be found for one or more of the recipients.
/// </exception>
public void SignAndEncrypt (CryptographyContext ctx, DigestAlgorithm digestAlgo)
{
if (ctx == null)
throw new ArgumentNullException ("ctx");
if (Body == null)
throw new InvalidOperationException ("No message body has been set.");
var signer = GetMessageSigner ();
if (signer == null)
throw new InvalidOperationException ("The sender has not been set.");
var recipients = GetMessageRecipients (true);
if (recipients.Count == 0)
throw new InvalidOperationException ("No recipients have been set.");
if (ctx is SecureMimeContext) {
Body = ApplicationPkcs7Mime.SignAndEncrypt ((SecureMimeContext) ctx, signer, digestAlgo, recipients, Body);
} else if (ctx is OpenPgpContext) {
Body = MultipartEncrypted.SignAndEncrypt ((OpenPgpContext) ctx, signer, digestAlgo, recipients, Body);
} else {
throw new ArgumentException ("Unknown type of cryptography context.", "ctx");
}
}
/// <summary>
/// Verifies the signed-data and returns the unencapsulated <see cref="MimeKit.MimeEntity"/>.
/// </summary>
/// <remarks>
/// Verifies the signed-data using the default <see cref="SecureMimeContext"/> and returns the
/// unencapsulated <see cref="MimeKit.MimeEntity"/>.
/// </remarks>
/// <returns>The list of digital signatures.</returns>
/// <param name="entity">The unencapsulated entity.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <exception cref="System.InvalidOperationException">
/// The "smime-type" parameter on the Content-Type header is not "signed-data".
/// </exception>
/// <exception cref="System.OperationCanceledException">
/// The operation was cancelled via the cancellation token.
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public DigitalSignatureCollection Verify(out MimeEntity entity, CancellationToken cancellationToken = default(CancellationToken))
{
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime"))
return(Verify(ctx, out entity, cancellationToken));
}
/// <summary>
/// Sign and encrypt the message to the sender and all of the recipients using
/// the specified cryptography context and the SHA-1 digest algorithm.
/// </summary>
/// <remarks>
/// <para>If either of the Resent-Sender or Resent-From headers are set, then the message
/// will be signed using the Resent-Sender (or first mailbox in the Resent-From)
/// address as the signer address, otherwise the Sender or From address will be
/// used instead.</para>
/// <para>Likewise, if either of the Resent-Sender or Resent-From headers are set, then the
/// message will be encrypted to all of the addresses specified in the Resent headers
/// (Resent-Sender, Resent-From, Resent-To, Resent-Cc, and Resent-Bcc),
/// otherwise the message will be encrypted to all of the addresses specified in
/// the standard address headers (Sender, From, To, Cc, and Bcc).</para>
/// </remarks>
/// <param name="ctx">The cryptography context.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="ctx"/> is <c>null</c>.
/// </exception>
/// <exception cref="System.ArgumentException">
/// An unknown type of cryptography context was used.
/// </exception>
/// <exception cref="System.InvalidOperationException">
/// <para>The <see cref="Body"/> has not been set.</para>
/// <para>-or-</para>
/// <para>The sender has been specified.</para>
/// <para>-or-</para>
/// <para>No recipients have been specified.</para>
/// </exception>
/// <exception cref="CertificateNotFoundException">
/// A certificate could not be found for the signer or one or more of the recipients.
/// </exception>
/// <exception cref="PrivateKeyNotFoundException">
/// The private key could not be found for the sender.
/// </exception>
/// <exception cref="PublicKeyNotFoundException">
/// The public key could not be found for one or more of the recipients.
/// </exception>
public void SignAndEncrypt (CryptographyContext ctx)
{
SignAndEncrypt (ctx, DigestAlgorithm.Sha1);
}
/// <summary>
/// Decrypts the content.
/// </summary>
/// <remarks>
/// Decrypts the content using the default <see cref="SecureMimeContext"/>.
/// </remarks>
/// <returns>The decrypted <see cref="MimeKit.MimeEntity"/>.</returns>
/// <exception cref="System.InvalidOperationException">
/// The "smime-type" parameter on the Content-Type header is not "certs-only".
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public MimeEntity Decrypt()
{
using (var ctx = (SecureMimeContext)CryptographyContext.Create("application/pkcs7-mime")) {
return(Decrypt(ctx));
}
}