/// <summary>
/// Search a secret key ring collection for a secret key corresponding to keyID if it exists.
/// </summary>
/// <param name="pgpSec">A secret key ring collection</param>
/// <param name="keyID">The keyID we want.</param>
/// <param name="password">The passphrase to decrypt secret key with.</param>
/// <returns>The private key.</returns>
private Key.Bcpg.OpenPgp.PgpPrivateKey FindSecretKey(Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle pgpSec, long keyID, char[] password)
{
// Get the secret key from the unique key id.
Key.Bcpg.OpenPgp.PgpSecretKey pgpSecKey = pgpSec.GetSecretKey(keyID);
// If a secret key does not exist.
if (pgpSecKey == null)
{
return(null);
}
// Extract the private key.
return(pgpSecKey.ExtractPrivateKey(password));
}
/// <summary>
/// Return a new bundle containing the contents of the passed in bundle with
/// the passed in secret key ring removed.
/// </summary>
/// <param name="bundle">The <c>PgpSecretKeyRingBundle</c> the key ring is to be removed from.</param>
/// <param name="secretKeyRing">The key ring to be removed.</param>
/// <returns>A new <c>PgpSecretKeyRingBundle</c> not containing the passed in key ring.</returns>
/// <exception cref="ArgumentException">If the keyId for the passed in key ring is not present.</exception>
public static PgpSecretKeyRingBundle RemoveSecretKeyRing(
PgpSecretKeyRingBundle bundle,
PgpSecretKeyRing secretKeyRing)
{
long key = secretKeyRing.GetPublicKey().KeyId;
if (!bundle.secretRings.Contains(key))
{
throw new ArgumentException("Collection does not contain a key with a keyId for the passed in ring.");
}
IDictionary newSecretRings = Platform.CreateHashtable(bundle.secretRings);
IList newOrder = Platform.CreateArrayList(bundle.order);
newSecretRings.Remove(key);
newOrder.Remove(key);
return(new PgpSecretKeyRingBundle(newSecretRings, newOrder));
}
/// <summary>
/// Public and secret key provider.
/// </summary>
/// <param name="publicKey">The public key data.</param>
/// <param name="secretKey">The secret key data.</param>
/// <param name="keyID">The unique key id of the public secret key pair.</param>
/// <param name="password">The password used to protect the secret key.</param>
/// <returns>The RSA cryto service provider.</returns>
public RSACryptoServiceProvider PublicKeySecretKey(System.IO.Stream publicKey, System.IO.Stream secretKey, long keyID, string password = null)
{
// Read the public key data.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey);
// Find the secret key
Key.Bcpg.OpenPgp.PgpPrivateKey privateKey = null;
Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle secretKeyRingBundle =
new Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle(Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(secretKey));
// Find the private key (secret key).
privateKey = FindSecretKey(secretKeyRingBundle, keyID, password.ToArray());
// Assign the rsa parameters.
RSAParameters rsaPrivateParam = new RSAParameters();
Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)pgpPublicKey.GetKey();
Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)privateKey.Key;
// Assign the rsa parameters.
rsaPrivateParam.D = rsaCrtPrivateParam.Exponent.ToByteArrayUnsigned();
rsaPrivateParam.DP = rsaCrtPrivateParam.DP.ToByteArrayUnsigned();
rsaPrivateParam.DQ = rsaCrtPrivateParam.DQ.ToByteArrayUnsigned();
rsaPrivateParam.InverseQ = rsaCrtPrivateParam.QInv.ToByteArrayUnsigned();
rsaPrivateParam.P = rsaCrtPrivateParam.P.ToByteArrayUnsigned();
rsaPrivateParam.Q = rsaCrtPrivateParam.Q.ToByteArrayUnsigned();
rsaPrivateParam.Modulus = rsaPrivatePublic.Modulus.ToByteArrayUnsigned();
rsaPrivateParam.Exponent = rsaPrivatePublic.Exponent.ToByteArrayUnsigned();
// Create the encyption provider.
RSACryptoServiceProvider rsaEncryptProvider = new RSACryptoServiceProvider();
rsaEncryptProvider.ImportParameters(rsaPrivateParam);
// Return the rsa provider.
return(rsaEncryptProvider);
}
/// <summary>
/// Decrypt the stream.
/// </summary>
/// <param name="decrypted">The stream containing the decrypted data.</param>
/// <param name="input">The data to decrypt.</param>
/// <param name="secretKey">The secret key used for decryption.</param>
/// <param name="password">The password used to protect the secret key.</param>
/// <returns>Returns null if no integrity packet exists; false if message failed integrity check; true if message integrity check passed.</returns>
public bool?Decrypt(System.IO.Stream decrypted, System.IO.Stream input, System.IO.Stream secretKey, string password)
{
// Get decorder stream.
input = Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(input);
System.IO.Stream clear = null;
System.IO.Stream unc = null;
try
{
// Load the encrypted input stream.
Key.Bcpg.OpenPgp.PgpEncryptedDataList encryptedDataList = null;
Key.Bcpg.OpenPgp.PgpObjectFactory objectFactory = new Key.Bcpg.OpenPgp.PgpObjectFactory(input);
Key.Bcpg.OpenPgp.PgpObject o = objectFactory.NextPgpObject();
// The first object might be a PGP marker packet.
if (o is Key.Bcpg.OpenPgp.PgpEncryptedDataList)
{
// Get the data list.
encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)o;
}
else
{
// Get the next object.
encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)objectFactory.NextPgpObject();
}
// Find the secret key
Key.Bcpg.OpenPgp.PgpPrivateKey privateKey = null;
Key.Bcpg.OpenPgp.PgpPublicKeyEncryptedData publicKeyEncryptedData = null;
Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle secretKeyRingBundle = new Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle(Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(secretKey));
// For each object find the secret key.
foreach (Key.Bcpg.OpenPgp.PgpPublicKeyEncryptedData pked in encryptedDataList.GetEncryptedDataObjects())
{
// Find the private key (secret key).
privateKey = FindSecretKey(secretKeyRingBundle, pked.KeyId, password.ToArray());
// If the private key exists.
if (privateKey != null)
{
// This is the private key.
publicKeyEncryptedData = pked;
break;
}
}
// If a private key was not found.
if (privateKey == null)
{
throw new ArgumentException("secret key for message not found.");
}
// Get the data stream.
clear = publicKeyEncryptedData.GetDataStream(privateKey);
// Get the key message.
Key.Bcpg.OpenPgp.PgpObjectFactory plainFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(clear);
Key.Bcpg.OpenPgp.PgpObject message = plainFact.NextPgpObject();
// If message is compressed.
if (message is Key.Bcpg.OpenPgp.PgpCompressedData)
{
// Decompress the message.
Key.Bcpg.OpenPgp.PgpCompressedData cData = (Key.Bcpg.OpenPgp.PgpCompressedData)message;
Key.Bcpg.OpenPgp.PgpObjectFactory pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(cData.GetDataStream());
message = pgpFact.NextPgpObject();
}
// If the message is literal data.
if (message is Key.Bcpg.OpenPgp.PgpLiteralData)
{
Key.Bcpg.OpenPgp.PgpLiteralData ld = (Key.Bcpg.OpenPgp.PgpLiteralData)message;
// Get the file name of the embedded encrypted file.
string outFileName = ld.FileName;
// Write the ecrypted data file to the decrypted stream.
unc = ld.GetInputStream();
Key.Utilities.IO.Streams.PipeAll(unc, decrypted);
}
else if (message is Key.Bcpg.OpenPgp.PgpOnePassSignatureList)
{
throw new Exception("encrypted message contains a signed message - not literal data.");
}
else
{
throw new Exception("message is not a simple encrypted file - type unknown.");
}
// If the ecrypted file contains an integrity packet associated with it.
if (publicKeyEncryptedData.IsIntegrityProtected())
{
// If it has been verified.
if (!publicKeyEncryptedData.Verify())
{
// Message failed integrity check.
return(false);
}
else
{
// Message integrity check passed.
return(true);
}
}
// No integrity packet exists.
return(null);
}
catch (Exception)
{
throw;
}
finally
{
if (clear != null)
{
clear.Close();
}
if (unc != null)
{
unc.Close();
}
}
}
