private void output_keys(RopBind rop) { int alt = rop.tagging(); try { // initialize RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); RopInput keyfile = null; try { // load keyrings keyfile = rop.create_input("pubring.pgp"); // actually, we may exclude the public to not check key types ses.load_keys_public(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine("Failed to read pubring"); throw ex; } finally { rop.drop(keyfile); } keyfile = null; try { keyfile = rop.create_input("secring.pgp"); ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine("Failed to read secring"); throw ex; } finally { rop.drop(keyfile); } try { // print armored keys to the stdout print_key(rop, ses, "rsa@key", false); print_key(rop, ses, "rsa@key", true); print_key(rop, ses, "25519@key", false); print_key(rop, ses, "25519@key", true); } catch (Exception ex) { Console.WriteLine("Failed to print armored key(s)"); throw ex; } try { // write armored keys to the files, named key-<keyid>-pub.asc/named key-<keyid>-sec.asc export_key(rop, ses, "rsa@key", false); export_key(rop, ses, "rsa@key", true); export_key(rop, ses, "25519@key", false); export_key(rop, ses, "25519@key", true); } catch (Exception ex) { Console.WriteLine("Failed to write armored key(s) to file"); throw ex; } } finally { rop.drop_from(alt); } }
private void decrypt(RopBind rop, bool usekeys) { int alt = rop.tagging(); try { // initialize FFI object RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); // check whether we want to use key or password for decryption if (usekeys) { RopInput keyfile = null; try { // load secret keyring, as it is required for public-key decryption. However, you may // need to load public keyring as well to validate key's signatures. keyfile = rop.create_input("secring.pgp"); // we may use secret=True and public=True as well ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine("Failed to read secring"); throw ex; } finally { rop.drop(keyfile); } } // set the password provider ses.set_pass_provider(this, null); String buf = null; try { // create file input and memory output objects for the encrypted message and decrypted // message RopInput input = rop.create_input("encrypted.asc"); RopOutput output = rop.create_output(0); ses.decrypt(input, output); // get the decrypted message from the output structure buf = output.memory_get_buf(false).getString(); } catch (RopError ex) { Console.WriteLine("Public-key decryption failed"); throw ex; } Console.WriteLine(String.Format("Decrypted message ({0}):\n{1}\n", usekeys? "with key" : "with password", buf)); Decrypt.message = buf; } finally { rop.drop_from(alt); } }
private void sign(RopBind rop) { string message = "ROP signing sample message"; int alt = rop.tagging(); try { // initialize RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); RopInput keyfile = null; string err_desc = null; try { // load secret keyring, as it is required for signing. However, you may need // to load public keyring as well to validate key's signatures. err_desc = "Failed to open secring.pgp. Did you run Generate.java sample?"; keyfile = rop.create_input("secring.pgp"); // we may use public=True and secret=True as well err_desc = "Failed to read secring.pgp"; ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine(err_desc); throw ex; } finally { rop.drop(keyfile); } // set the password provider - we'll need password to unlock secret keys ses.set_pass_provider(this, null); // create file input and memory output objects for the encrypted message // and decrypted message RopOpSign sign = null; try { err_desc = "Failed to create input object"; RopInput input = rop.create_input(new RopData(message), false); err_desc = "Failed to create output object"; RopOutput output = rop.create_output("signed.asc"); // initialize and configure sign operation, use op_sign_create(cleartext/detached) // for cleartext or detached signature err_desc = "Failed to create sign operation"; sign = ses.op_sign_create(input, output); } catch (RopError ex) { Console.WriteLine(err_desc); throw ex; } // armor, file name, compression sign.set_armor(true); sign.set_file_name("message.txt"); sign.set_file_mtime(DateTime.Now); sign.set_compression("ZIP", 6); // signatures creation time - by default will be set to the current time as well sign.set_creation_time(DateTime.Now); // signatures expiration time - by default will be 0, i.e. never expire sign.set_expiration(TimeSpan.FromDays(365)); // set hash algorithm - should be compatible for all signatures sign.set_hash(RopBind.ALG_HASH_SHA256); try { // now add signatures. First locate the signing key, then add and setup signature // RSA signature err_desc = "Failed to locate signing key rsa@key."; RopKey key = ses.locate_key("userid", "rsa@key"); Sign.key_ids[0] = key.keyid(); Sign.key_fprints[0] = key.fprint(); err_desc = "Failed to add signature for key rsa@key."; sign.add_signature(key); // EdDSA signature err_desc = "Failed to locate signing key 25519@key."; key = ses.locate_key("userid", "25519@key"); Sign.key_ids[1] = key.keyid(); Sign.key_fprints[1] = key.fprint(); err_desc = "Failed to add signature for key 25519@key."; sign.add_signature(key); // finally do signing err_desc = "Failed to add signature for key 25519@key."; sign.execute(); Console.WriteLine("Signing succeeded. See file signed.asc."); } catch (RopError ex) { Console.WriteLine(err_desc); throw ex; } } finally { rop.drop_from(alt); } }