/// <summary>Create a key pair from a PgpPrivateKey and a PgpPublicKey.</summary>
		/// <param name="pub">The public key.</param>
		/// <param name="priv">The private key.</param>
        public PgpKeyPair(
            PgpPublicKey	pub,
            PgpPrivateKey	priv)
            this.pub = pub;
            this.priv = priv;
		internal PgpSecretKey(
			SecretKeyPacket	secret,
			PgpPublicKey	pub)
			this.secret = secret;
			this.pub = pub;
		public PgpKeyPair(
            PublicKeyAlgorithmTag	algorithm,
            AsymmetricKeyParameter	pubKey,
            AsymmetricKeyParameter	privKey,
            DateTime				time)
            this.pub = new PgpPublicKey(algorithm, pubKey, time);
			this.priv = new PgpPrivateKey(privKey, pub.KeyId);
		internal PgpSecretKey(
			PgpPrivateKey				privKey,
			PgpPublicKey				pubKey,
			SymmetricKeyAlgorithmTag	encAlgorithm,
			char[]						passPhrase,
			bool						useSha1,
			SecureRandom				rand)
			: this(privKey, pubKey, encAlgorithm, passPhrase, useSha1, rand, false)
		/// <summary>Initialise the signature object for verification.</summary>
        public void InitVerify(
            PgpPublicKey pubKey)
			lastb = 0;

				sig = SignerUtilities.GetSigner(
					PgpUtilities.GetSignatureName(sigPack.KeyAlgorithm, sigPack.HashAlgorithm));
			catch (Exception e)
				throw new PgpException("can't set up signature object.",  e);

                sig.Init(false, pubKey.GetKey());
			catch (InvalidKeyException e)
                throw new PgpException("invalid key.", e);
		/// <summary>Add a revocation or some other key certification to a key.</summary>
		/// <param name="key">The key the revocation is to be added to.</param>
		/// <param name="certification">The key signature to be added.</param>
		/// <returns>The new changed public key object.</returns>
        public static PgpPublicKey AddCertification(
            PgpPublicKey	key,
            PgpSignature	certification)
            if (key.IsMasterKey)
                if (certification.SignatureType == PgpSignature.SubkeyRevocation)
                    throw new ArgumentException("signature type incorrect for master key revocation.");
                if (certification.SignatureType == PgpSignature.KeyRevocation)
                    throw new ArgumentException("signature type incorrect for sub-key revocation.");

			PgpPublicKey returnKey = new PgpPublicKey(key);

			if (returnKey.subSigs != null)

			return returnKey;
		private static PgpPublicKey RemoveCert(
			PgpPublicKey	key,
			object			id,
			PgpSignature	certification)
			PgpPublicKey returnKey = new PgpPublicKey(key);
            bool found = false;

			for (int i = 0; i < returnKey.ids.Count; i++)
                if (id.Equals(returnKey.ids[i]))
                    IList certs = (IList) returnKey.idSigs[i];
                    found = certs.Contains(certification);

					if (found)

			return found ? returnKey : null;
		/// <summary>
		/// Returns a new key ring with the public key passed in either added or
		/// replacing an existing one.
		/// </summary>
		/// <param name="pubRing">The public key ring to be modified.</param>
		/// <param name="pubKey">The public key to be inserted.</param>
		/// <returns>A new <c>PgpPublicKeyRing</c></returns>
        public static PgpPublicKeyRing InsertPublicKey(
            PgpPublicKeyRing	pubRing,
            PgpPublicKey		pubKey)
            IList keys = Platform.CreateArrayList(pubRing.keys);
            bool found = false;
			bool masterFound = false;

			for (int i = 0; i != keys.Count; i++)
                PgpPublicKey key = (PgpPublicKey) keys[i];

				if (key.KeyId == pubKey.KeyId)
                    found = true;
                    keys[i] = pubKey;
				if (key.IsMasterKey)
					masterFound = true;

			if (!found)
				if (pubKey.IsMasterKey)
					if (masterFound)
						throw new ArgumentException("cannot add a master key to a ring that already has one");

					keys.Insert(0, pubKey);

			return new PgpPublicKeyRing(keys);
		private byte[] GetEncodedPublicKey(
			PgpPublicKey pubKey) 
				return pubKey.publicPk.GetEncodedContents();
			catch (IOException e)
				throw new PgpException("exception preparing key.", e);
		/// <summary>
		/// Verify the signature as certifying the passed in public key as associated
		/// with the passed in user attributes.
		/// </summary>
		/// <param name="userAttributes">User attributes the key was stored under.</param>
		/// <param name="key">The key to be verified.</param>
		/// <returns>True, if the signature matches, false otherwise.</returns>
		public bool VerifyCertification(
			PgpUserAttributeSubpacketVector	userAttributes,
			PgpPublicKey					key)

			// hash in the userAttributes
				MemoryStream bOut = new MemoryStream();
				foreach (UserAttributeSubpacket packet in userAttributes.ToSubpacketArray())
				UpdateWithIdData(0xd1, bOut.ToArray());
			catch (IOException e)
				throw new PgpException("cannot encode subpacket array", e);


			return sig.VerifySignature(this.GetSignature());
		/// <summary>Copy constructor.</summary>
		/// <param name="pubKey">The public key to copy.</param>
        internal PgpPublicKey(
            PgpPublicKey pubKey)
            this.publicPk = pubKey.publicPk;

			this.keySigs = Platform.CreateArrayList(pubKey.keySigs);
            this.ids = Platform.CreateArrayList(pubKey.ids);
            this.idTrusts = Platform.CreateArrayList(pubKey.idTrusts);
            this.idSigs = Platform.CreateArrayList(pubKey.idSigs.Count);
            for (int i = 0; i != pubKey.idSigs.Count; i++)

			if (pubKey.subSigs != null)
                this.subSigs = Platform.CreateArrayList(pubKey.subSigs.Count);
                for (int i = 0; i != pubKey.subSigs.Count; i++)

			this.fingerprint = pubKey.fingerprint;
            this.keyId = pubKey.keyId;
            this.keyStrength = pubKey.keyStrength;
		public void InitVerify(
            PgpPublicKey pubKey)
			lastb = 0;
            if (sig == null)
                sig.Init(false, pubKey.GetKey());
            catch (InvalidKeyException e)
                throw new PgpException("invalid key.", e);
		internal PgpPublicKey(
            PgpPublicKey	key,
            TrustPacket		trust,
            IList           subSigs)
            this.publicPk = key.publicPk;
            this.trustPk = trust;
            this.subSigs = subSigs;

			this.fingerprint = key.fingerprint;
            this.keyId = key.keyId;
            this.keyStrength = key.keyStrength;
		/// <summary>Verify a key certification, such as revocation, for the passed in key.</summary>
		/// <param name="pubKey">The key we are checking.</param>
		/// <returns>True, if the certification is valid, false otherwise.</returns>
        public bool VerifyCertification(
            PgpPublicKey pubKey)
            if (SignatureType != KeyRevocation
                && SignatureType != SubkeyRevocation)
                throw new InvalidOperationException("signature is not a key signature");



			return sig.VerifySignature(GetSignature());
		/// <summary>Verify a certification for the passed in key against the passed in master key.</summary>
		/// <param name="masterKey">The key we are verifying against.</param>
		/// <param name="pubKey">The key we are verifying.</param>
		/// <returns>True, if the certification is valid, false otherwise.</returns>
        public bool VerifyCertification(
            PgpPublicKey	masterKey,
            PgpPublicKey	pubKey)


			return sig.VerifySignature(GetSignature());
		/// <summary>
		/// Verify the signature as certifying the passed in public key as associated
		/// with the passed in ID.
		/// </summary>
		/// <param name="id">ID the key was stored under.</param>
		/// <param name="key">The key to be verified.</param>
		/// <returns>True, if the signature matches, false otherwise.</returns>
        public bool VerifyCertification(
            string			id,
            PgpPublicKey	key)

            // hash in the id
			UpdateWithIdData(0xb4, Strings.ToByteArray(id));


			return sig.VerifySignature(GetSignature());
		/// <summary>Remove a certification from the key.</summary>
		/// <param name="key">The key the certifications are to be removed from.</param>
		/// <param name="certification">The certfication to be removed.</param>
		/// <returns>The modified key, null if the certification was not found.</returns>
		public static PgpPublicKey RemoveCertification(
			PgpPublicKey	key,
			PgpSignature	certification)
			PgpPublicKey returnKey = new PgpPublicKey(key);
			IList sigs = returnKey.subSigs != null
				?	returnKey.subSigs
				:	returnKey.keySigs;

//			bool found = sigs.Remove(certification);
			int pos = sigs.IndexOf(certification);
			bool found = pos >= 0;

			if (found)
				foreach (String id in key.GetUserIds())
					foreach (object sig in key.GetSignaturesForId(id))
						// TODO Is this the right type of equality test?
						if (certification == sig)
							found = true;
							returnKey = PgpPublicKey.RemoveCertification(returnKey, id, certification);

				if (!found)
					foreach (PgpUserAttributeSubpacketVector id in key.GetUserAttributes())
						foreach (object sig in key.GetSignaturesForUserAttribute(id))
							// TODO Is this the right type of equality test?
							if (certification == sig)
								found = true;
								returnKey = PgpPublicKey.RemoveCertification(returnKey, id, certification);

			return returnKey;
		/// <summary>Add a public key encrypted session key to the encrypted object.</summary>
        public void AddMethod(
            PgpPublicKey key)
			if (!key.IsEncryptionKey)
                throw new ArgumentException("passed in key not an encryption key!");

			methods.Add(new PubMethod(key));
		/// <summary>Return the public key ring that corresponds to the secret key ring.</summary>
        public PgpPublicKeyRing GeneratePublicKeyRing()
            IList pubKeys = Platform.CreateArrayList();

            IEnumerator enumerator = keys.GetEnumerator();

			PgpSecretKey pgpSecretKey = (PgpSecretKey) enumerator.Current;

			while (enumerator.MoveNext())
                pgpSecretKey = (PgpSecretKey) enumerator.Current;

				PgpPublicKey k = new PgpPublicKey(pgpSecretKey.PublicKey);
				k.publicPk = new PublicSubkeyPacket(
					k.Algorithm, k.CreationTime, k.publicPk.Key);


			return new PgpPublicKeyRing(pubKeys);
		/// <summary>Generate a certification for the passed in userAttributes.</summary>
		/// <param name="userAttributes">The ID we are certifying against the public key.</param>
		/// <param name="pubKey">The key we are certifying against the ID.</param>
		/// <returns>The certification.</returns>
		public PgpSignature GenerateCertification(
			PgpUserAttributeSubpacketVector	userAttributes,
			PgpPublicKey					pubKey)

			// hash in the attributes
				MemoryStream bOut = new MemoryStream();
				foreach (UserAttributeSubpacket packet in userAttributes.ToSubpacketArray())
				UpdateWithIdData(0xd1, bOut.ToArray());
			catch (IOException e)
				throw new PgpException("cannot encode subpacket array", e);

			return this.Generate();
		private static PgpPublicKey AddCert(
			PgpPublicKey	key,
			object			id,
			PgpSignature	certification)
			PgpPublicKey returnKey = new PgpPublicKey(key);
			IList sigList = null;

			for (int i = 0; i != returnKey.ids.Count; i++)
				if (id.Equals(returnKey.ids[i]))
					sigList = (IList) returnKey.idSigs[i];

			if (sigList != null)
				sigList = Platform.CreateArrayList();

			return returnKey;
			internal PubMethod(
                PgpPublicKey pubKey)
                this.pubKey = pubKey;
		/// <summary>Generate a certification for the passed in ID and key.</summary>
		/// <param name="id">The ID we are certifying against the public key.</param>
		/// <param name="pubKey">The key we are certifying against the ID.</param>
		/// <returns>The certification.</returns>
        public PgpSignature GenerateCertification(
            string			id,
            PgpPublicKey	pubKey)

            // hash in the id
			UpdateWithIdData(0xb4, Strings.ToByteArray(id));

			return Generate();
		/// <summary>Remove any certifications associated with a given ID on a key.</summary>
		/// <param name="key">The key the certifications are to be removed from.</param>
		/// <param name="id">The ID that is to be removed.</param>
		/// <returns>The re-certified key, or null if the ID was not found on the key.</returns>
        public static PgpPublicKey RemoveCertification(
            PgpPublicKey	key,
            string			id)
			return RemoveCert(key, id);
		/// <summary>Generate a certification, such as a revocation, for the passed in key.</summary>
		/// <param name="pubKey">The key we are certifying.</param>
		/// <returns>The certification.</returns>
        public PgpSignature GenerateCertification(
            PgpPublicKey pubKey)

			return Generate();
		private static PgpPublicKey RemoveCert(
			PgpPublicKey	key,
			object			id)
			PgpPublicKey returnKey = new PgpPublicKey(key);
            bool found = false;

			for (int i = 0; i < returnKey.ids.Count; i++)
                if (id.Equals(returnKey.ids[i]))
                    found = true;

			return found ? returnKey : null;
		private void UpdateWithPublicKey(
			PgpPublicKey key)
			byte[] keyBytes = GetEncodedPublicKey(key);

				(byte) 0x99,
				(byte)(keyBytes.Length >> 8),
		/// <summary>Remove a certification associated with a given ID on a key.</summary>
		/// <param name="key">The key the certifications are to be removed from.</param>
		/// <param name="id">The ID that the certfication is to be removed from.</param>
		/// <param name="certification">The certfication to be removed.</param>
		/// <returns>The re-certified key, or null if the certification was not found.</returns>
        public static PgpPublicKey RemoveCertification(
            PgpPublicKey	key,
            string			id,
            PgpSignature	certification)
			return RemoveCert(key, id, certification);
		/// <summary>Returns a new key ring with the public key passed in removed from the key ring.</summary>
		/// <param name="pubRing">The public key ring to be modified.</param>
		/// <param name="pubKey">The public key to be removed.</param>
		/// <returns>A new <c>PgpPublicKeyRing</c>, or null if pubKey is not found.</returns>
        public static PgpPublicKeyRing RemovePublicKey(
            PgpPublicKeyRing	pubRing,
            PgpPublicKey		pubKey)
            IList keys = Platform.CreateArrayList(pubRing.keys);
            bool found = false;

			for (int i = 0; i < keys.Count; i++)
                PgpPublicKey key = (PgpPublicKey) keys[i];

				if (key.KeyId == pubKey.KeyId)
                    found = true;

			return found ? new PgpPublicKeyRing(keys) : null;
		/// <summary>Remove a certification associated with a given user attributes on a key.</summary>
		/// <param name="key">The key the certifications are to be removed from.</param>
		/// <param name="userAttributes">The user attributes that the certfication is to be removed from.</param>
		/// <param name="certification">The certification to be removed.</param>
		/// <returns>The re-certified key, or null if the certification was not found.</returns>
		public static PgpPublicKey RemoveCertification(
			PgpPublicKey					key,
			PgpUserAttributeSubpacketVector	userAttributes,
			PgpSignature					certification)
			return RemoveCert(key, userAttributes, certification);