/// <summary>
/// Encrypt the file.
/// </summary>
/// <param name="encrypted">The encrypted data stream.</param>
/// <param name="filename">The path and file name to encrypt.</param>
/// <param name="publicKey">The public key used for encryption.</param>
/// <param name="protectedKeys">Should the public and secret key data be protected.</param>
/// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param>
public void Encrypt(System.IO.Stream encrypted, string filename, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false,
Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256)
{
// Read the public key data.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey);
// If file is protected.
if (protectedKeys)
{
encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted);
}
System.IO.Stream encOutput = null;
try
{
// Create the encypted data generator.
Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator(
GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom());
encryptedDataGenerator.AddMethod(pgpPublicKey);
// The input data buffer.
Key.Bcpg.OpenPgp.PgpCompressedDataGenerator compressedData =
new Key.Bcpg.OpenPgp.PgpCompressedDataGenerator(Key.Bcpg.CompressionAlgorithmTag.Uncompressed);
// Write the encrypted data.
encOutput = encryptedDataGenerator.Open(encrypted, new byte[1 << 16]);
Key.Bcpg.OpenPgp.PgpUtilities.WriteFileToLiteralData(
compressedData.Open(encOutput),
Key.Bcpg.OpenPgp.PgpLiteralData.Binary,
new FileInfo(filename),
new byte[1 << 16]);
// Close the streams.
compressedData.Close();
encOutput.Close();
// If file is protected.
if (protectedKeys)
{
encrypted.Close();
}
}
catch (Exception)
{
throw;
}
finally
{
if (encOutput != null)
{
encOutput.Close();
}
}
}
/// <summary>
/// Encrypt the stream.
/// </summary>
/// <param name="encrypted">The encrypted data stream.</param>
/// <param name="input">The data to encrypt.</param>
/// <param name="publicKey">The public key used for encryption.</param>
/// <param name="protectedKeys">Should the public and secret key data be protected.</param>
/// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param>
public void Encrypt(System.IO.Stream encrypted, System.IO.Stream input, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false,
Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256)
{
// Read the public key data.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey);
// If file is protected.
if (protectedKeys)
{
encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted);
}
System.IO.Stream encOutput = null;
try
{
// Create the encypted data generator.
Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator(
GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom());
encryptedDataGenerator.AddMethod(pgpPublicKey);
// The input data buffer.
byte[] buffer = Compress(input, Key.Bcpg.CompressionAlgorithmTag.Uncompressed);
// Write the encrypted data.
encOutput = encryptedDataGenerator.Open(encrypted, (long)buffer.Length);
encOutput.Write(buffer, 0, buffer.Length);
encOutput.Close();
// If file is protected.
if (protectedKeys)
{
encrypted.Close();
}
}
catch (Exception)
{
throw;
}
finally
{
if (encOutput != null)
{
encOutput.Close();
}
}
}
/// <summary>
/// Generate a public secret key pair.
/// </summary>
/// <param name="publicKey">The stream where public key data is written to.</param>
/// <param name="secretKey">The stream where secret key data is written to.</param>
/// <param name="identity">The unique identity of the public secret key pair (Name (comments) <[email protected]>).</param>
/// <param name="password">The password used to protect the secret key.</param>
/// <param name="isCritical">True, if should be treated as critical, false otherwise.</param>
/// <param name="secondsKeyValid">The number of seconds the key is valid, or zero if no expiry.</param>
/// <param name="secondsSignatureValid">The number of seconds the signature is valid, or zero if no expiry.</param>
/// <param name="protectedKeys">Should the public and secret key data be protected.</param>
/// <param name="publicExponent">The public exponent (e; the public key is now represented as {e, n}).</param>
/// <param name="strength">The strength of the cipher.</param>
/// <param name="hashAlgorithm">The preferred hash algorithm to use to create the hash value.</param>
/// <param name="publicKeyAlgorithm">The public key algorithm type.</param>
/// <param name="certificateLevel">The certification level.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param>
/// <returns>The unique key id of the public secret key pair.</returns>
public long Generate(System.IO.Stream publicKey, System.IO.Stream secretKey, Openpgp.Identity identity,
string password, bool isCritical = false, long secondsKeyValid = 0, long secondsSignatureValid = 0,
bool protectedKeys = true, long publicExponent = 3, int strength = 4096, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512,
Openpgp.PublicKeyAlgorithmType publicKeyAlgorithm = Openpgp.PublicKeyAlgorithmType.RsaGeneral,
Openpgp.CertificateLevelType certificateLevel = Openpgp.CertificateLevelType.DefaultCertification,
Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256)
{
// Create the rsa key paramaters from the strength and public exponent.
Key.Crypto.Generators.RsaKeyPairGenerator keyPair = new Key.Crypto.Generators.RsaKeyPairGenerator();
Key.Crypto.Parameters.RsaKeyGenerationParameters keyPairParam =
new Key.Crypto.Parameters.RsaKeyGenerationParameters(
Key.Math.BigInteger.ValueOf(publicExponent), new Key.Security.SecureRandom(), strength, 25);
// Initialise the parameters and generate the public private key pair.
keyPair.Init(keyPairParam);
Key.Crypto.AsymmetricCipherKeyPair rsaKeyPair = keyPair.GenerateKeyPair();
// Seperate the keys.
Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)rsaKeyPair.Public;
Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)rsaKeyPair.Private;
// If file is not protected.
if (!protectedKeys)
{
secretKey = new Key.Bcpg.ArmoredOutputStream(secretKey);
}
// Create the signature subpackets.
Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator();
signatureSubpacketGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid);
signatureSubpacketGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)Openpgp.PublicSecretKey.GetHashAlgorithm(hashAlgorithm) });
signatureSubpacketGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid);
// Create the signature subpackets.
Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketUnHashedGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator();
signatureSubpacketUnHashedGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid);
signatureSubpacketUnHashedGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)Openpgp.PublicSecretKey.GetHashAlgorithm(hashAlgorithm) });
signatureSubpacketUnHashedGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid);
// Generate the packets
Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector hashedPackets = signatureSubpacketGenerator.Generate();
Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector unhashedPackets = signatureSubpacketUnHashedGenerator.Generate();
// Create the secret key.
Key.Bcpg.OpenPgp.PgpSecretKey pgpSecretKey = new Key.Bcpg.OpenPgp.PgpSecretKey
(
GetCertificateLevelType(certificateLevel),
GetPublicKeyAlgorithm(publicKeyAlgorithm),
rsaPrivatePublic,
rsaCrtPrivateParam,
DateTime.UtcNow,
identity.ToString(),
Openpgp.PublicSecretKey.GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm),
password.ToArray(),
true,
hashedPackets,
unhashedPackets,
new Key.Security.SecureRandom(),
Openpgp.PublicSecretKey.GetHashAlgorithm(hashAlgorithm)
);
// Encode the secret key.
pgpSecretKey.Encode(secretKey);
// If file is not protected.
if (!protectedKeys)
{
secretKey.Close();
publicKey = new Key.Bcpg.ArmoredOutputStream(publicKey);
}
// Get the public key from the secret key.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = pgpSecretKey.PublicKey;
pgpPublicKey.Encode(publicKey);
// If file is not protected.
if (!protectedKeys)
{
publicKey.Close();
}
// Return the key id.
return(pgpSecretKey.KeyId);
}
/// <summary>
/// Generate a public secret key pair RSA crypto service provider.
/// </summary>
/// <param name="publicKey">The stream where public key data is written to.</param>
/// <param name="secretKey">The stream where secret key data is written to.</param>
/// <param name="identity">The unique identity of the public secret key pair (Name (comments) <[email protected]>).</param>
/// <param name="password">The password used to protect the secret key.</param>
/// <param name="keyID">The unique key id of the public secret key pair.</param>
/// <param name="isCritical">True, if should be treated as critical, false otherwise.</param>
/// <param name="secondsKeyValid">The number of seconds the key is valid, or zero if no expiry.</param>
/// <param name="secondsSignatureValid">The number of seconds the signature is valid, or zero if no expiry.</param>
/// <param name="protectedKeys">Should the public and secret key data be protected.</param>
/// <param name="publicExponent">The public exponent (e; the public key is now represented as {e, n}).</param>
/// <param name="strength">The strength of the cipher.</param>
/// <param name="hashAlgorithm">The preferred hash algorithm to use to create the hash value.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param>
/// <returns>The RSA cryto service provider.</returns>
public RSACryptoServiceProvider Generate(System.IO.Stream publicKey, System.IO.Stream secretKey, string identity, string password,
out long keyID, bool isCritical = false, long secondsKeyValid = 0, long secondsSignatureValid = 0,
bool protectedKeys = true, long publicExponent = 3, int strength = 4096,
Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512,
Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256)
{
// Create the rsa key paramaters from the strength and public exponent.
Key.Crypto.Generators.RsaKeyPairGenerator keyPair = new Key.Crypto.Generators.RsaKeyPairGenerator();
Key.Crypto.Parameters.RsaKeyGenerationParameters keyPairParam =
new Key.Crypto.Parameters.RsaKeyGenerationParameters(
Key.Math.BigInteger.ValueOf(publicExponent), new Key.Security.SecureRandom(), strength, 25);
// Initialise the parameters and generate the public private key pair.
keyPair.Init(keyPairParam);
Key.Crypto.AsymmetricCipherKeyPair rsaKeyPair = keyPair.GenerateKeyPair();
// Seperate the keys.
Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)rsaKeyPair.Public;
Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)rsaKeyPair.Private;
// If file is not protected.
if (!protectedKeys)
{
secretKey = new Key.Bcpg.ArmoredOutputStream(secretKey);
}
// Create the signature subpackets.
Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator();
signatureSubpacketGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid);
signatureSubpacketGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)GetHashAlgorithm(hashAlgorithm) });
signatureSubpacketGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid);
// Create the signature subpackets.
Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketUnHashedGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator();
signatureSubpacketUnHashedGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid);
signatureSubpacketUnHashedGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)GetHashAlgorithm(hashAlgorithm) });
signatureSubpacketUnHashedGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid);
// Generate the packets
Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector hashedPackets = signatureSubpacketGenerator.Generate();
Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector unhashedPackets = signatureSubpacketUnHashedGenerator.Generate();
// Create the secret key.
Key.Bcpg.OpenPgp.PgpSecretKey pgpSecretKey = new Key.Bcpg.OpenPgp.PgpSecretKey
(
Key.Bcpg.OpenPgp.PgpSignature.DefaultCertification,
Key.Bcpg.PublicKeyAlgorithmTag.RsaGeneral,
rsaPrivatePublic,
rsaCrtPrivateParam,
DateTime.UtcNow,
identity,
GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm),
password.ToArray(),
true,
hashedPackets,
unhashedPackets,
new Key.Security.SecureRandom(),
GetHashAlgorithm(hashAlgorithm)
);
// Encode the secret key.
pgpSecretKey.Encode(secretKey);
// If file is not protected.
if (!protectedKeys)
{
secretKey.Close();
publicKey = new Key.Bcpg.ArmoredOutputStream(publicKey);
}
// Get the public key from the secret key.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = pgpSecretKey.PublicKey;
pgpPublicKey.Encode(publicKey);
// If file is not protected.
if (!protectedKeys)
{
publicKey.Close();
}
// Assign the rsa parameters.
RSAParameters rsaParam = new RSAParameters();
rsaParam.D = rsaCrtPrivateParam.Exponent.ToByteArrayUnsigned();
rsaParam.DP = rsaCrtPrivateParam.DP.ToByteArrayUnsigned();
rsaParam.DQ = rsaCrtPrivateParam.DQ.ToByteArrayUnsigned();
rsaParam.InverseQ = rsaCrtPrivateParam.QInv.ToByteArrayUnsigned();
rsaParam.P = rsaCrtPrivateParam.P.ToByteArrayUnsigned();
rsaParam.Q = rsaCrtPrivateParam.Q.ToByteArrayUnsigned();
rsaParam.Modulus = rsaCrtPrivateParam.Modulus.ToByteArrayUnsigned();
rsaParam.Exponent = rsaCrtPrivateParam.PublicExponent.ToByteArrayUnsigned();
// Create the encyption provider.
RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider();
rsaProvider.ImportParameters(rsaParam);
// Return the rsa provider.
keyID = pgpSecretKey.KeyId;
return(rsaProvider);
}
