private static byte[] RevokePublicKey(PgpSecretKey sKey, char[] sPass, PgpPublicKey keyToSign, bool armour)
{
Stream os = new MemoryStream();
if (armour)
{
os = new ArmoredOutputStream(os);
}
PgpPrivateKey privKey = sKey.ExtractPrivateKey(sPass);
PgpSignatureGenerator sGen = new PgpSignatureGenerator(sKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.KeyRevocation, privKey);
BcpgOutputStream bOut = new BcpgOutputStream(os);
sGen.GenerateOnePassVersion(false).Encode(bOut);
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
spGen.SetRevocable(false, true);
DateTime baseDate = new DateTime(1970, 1, 1);
TimeSpan tSpan = DateTime.UtcNow - baseDate;
spGen.SetSignatureExpirationTime(false, tSpan.Seconds);
PgpSignatureSubpacketVector packetVector = spGen.Generate();
sGen.SetHashedSubpackets(packetVector);
bOut.Flush();
if (armour)
{
os.Close();
}
return(PgpPublicKey.AddCertification(keyToSign, sGen.Generate()).GetEncoded());
}
/*
* Helper for above.
*/
static byte [] SignPublicKey(
PgpSecretKey secretKey,
string password,
PgpPublicKey keyToBeSigned,
bool isCertain)
{
// Extracting private key, and getting ready to create a signature.
PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(password.ToCharArray());
PgpSignatureGenerator sGen = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
sGen.InitSign(isCertain ? PgpSignature.PositiveCertification : PgpSignature.CasualCertification, pgpPrivKey);
// Creating a stream to wrap the results of operation.
Stream os = new MemoryStream();
BcpgOutputStream bOut = new BcpgOutputStream(os);
sGen.GenerateOnePassVersion(false).Encode(bOut);
// Creating a generator.
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
PgpSignatureSubpacketVector packetVector = spGen.Generate();
sGen.SetHashedSubpackets(packetVector);
bOut.Flush();
// Returning the signed public key.
return(PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded());
}
private static void ExportKeyPair(
Stream secretOut,
Stream publicOut,
AsymmetricKeyParameter publicKey,
AsymmetricKeyParameter privateKey,
string identity,
char[] passPhrase,
bool armor)
{
if (armor)
{
secretOut = new ArmoredOutputStream(secretOut);
}
PgpSignatureSubpacketGenerator signHashGen = new PgpSignatureSubpacketGenerator();
signHashGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify | PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
signHashGen.SetPreferredSymmetricAlgorithms(false, new int[] { (int)SymmetricKeyAlgorithmTag.Aes256,
(int)SymmetricKeyAlgorithmTag.Aes192, (int)SymmetricKeyAlgorithmTag.Aes128, (int)SymmetricKeyAlgorithmTag.Blowfish });
signHashGen.SetPreferredHashAlgorithms(false, new int[] { (int)HashAlgorithmTag.Sha512,
(int)HashAlgorithmTag.Sha384, (int)HashAlgorithmTag.Sha256, (int)HashAlgorithmTag.Sha224,
(int)HashAlgorithmTag.RipeMD160, (int)HashAlgorithmTag.Tiger192 });
signHashGen.SetPreferredCompressionAlgorithms(false, new int[] { (int)CompressionAlgorithmTag.ZLib,
(int)CompressionAlgorithmTag.BZip2, (int)CompressionAlgorithmTag.Zip });
signHashGen.SetTrust(false, 8, 255);
PgpSignatureSubpacketVector signSubpktVector = signHashGen.Generate();
PgpSecretKey secretKey = new PgpSecretKey(
PgpSignature.PositiveCertification,
PublicKeyAlgorithmTag.RsaGeneral,
publicKey,
privateKey,
DateTime.UtcNow,
identity,
SymmetricKeyAlgorithmTag.Aes256,
passPhrase,
signSubpktVector, //null,
null,
new SecureRandom()
);
secretKey.Encode(secretOut);
if (armor)
{
secretOut.Close();
publicOut = new ArmoredOutputStream(publicOut);
}
PgpPublicKey key = secretKey.PublicKey;
key.Encode(publicOut);
if (armor)
{
publicOut.Close();
}
}
public PgpKeyRingGenerator(int certificationLevel, PgpKeyPair masterKey, string id, SymmetricKeyAlgorithmTag encAlgorithm, byte[] rawPassPhrase, bool useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
{
this.certificationLevel = certificationLevel;
this.masterKey = masterKey;
this.id = id;
this.encAlgorithm = encAlgorithm;
this.rawPassPhrase = rawPassPhrase;
this.useSha1 = useSha1;
hashedPacketVector = hashedPackets;
unhashedPacketVector = unhashedPackets;
this.rand = rand;
keys.Add(new PgpSecretKey(certificationLevel, masterKey, id, encAlgorithm, rawPassPhrase, clearPassPhrase: false, useSha1, hashedPackets, unhashedPackets, rand));
}
private void doTestMissingSubpackets(byte[] signature)
{
PgpObjectFactory f = new PgpObjectFactory(signature);
object obj = f.NextPgpObject();
while (!(obj is PgpSignatureList))
{
obj = f.NextPgpObject();
if (obj is PgpLiteralData)
{
Stream input = ((PgpLiteralData)obj).GetDataStream();
Streams.Drain(input);
}
}
PgpSignature sig = ((PgpSignatureList)obj)[0];
if (sig.Version > 3)
{
PgpSignatureSubpacketVector v = sig.GetHashedSubPackets();
if (v.GetKeyExpirationTime() != 0)
{
Fail("key expiration time not zero for missing subpackets");
}
if (!sig.HasSubpackets)
{
Fail("HasSubpackets property was false with packets");
}
}
else
{
if (sig.GetHashedSubPackets() != null)
{
Fail("hashed sub packets found when none expected");
}
if (sig.GetUnhashedSubPackets() != null)
{
Fail("unhashed sub packets found when none expected");
}
if (sig.HasSubpackets)
{
Fail("HasSubpackets property was true with no packets");
}
}
}
private static byte[] SignPublicKey(
PgpSecretKey secretKey,
string secretKeyPass,
PgpPublicKey keyToBeSigned,
string notationName,
string notationValue,
bool armor)
{
Stream os = new MemoryStream();
if (armor)
{
os = new ArmoredOutputStream(os);
}
PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(
secretKeyPass.ToCharArray());
PgpSignatureGenerator sGen = new PgpSignatureGenerator(
secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.DirectKey, pgpPrivKey);
BcpgOutputStream bOut = new BcpgOutputStream(os);
sGen.GenerateOnePassVersion(false).Encode(bOut);
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
bool isHumanReadable = true;
spGen.SetNotationData(true, isHumanReadable, notationName, notationValue);
PgpSignatureSubpacketVector packetVector = spGen.Generate();
sGen.SetHashedSubpackets(packetVector);
bOut.Flush();
if (armor)
{
os.Close();
}
return(PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded());
}
public void AddSubKey(PgpKeyPair keyPair, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets)
{
try
{
PgpSignatureGenerator pgpSignatureGenerator = new PgpSignatureGenerator(masterKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
pgpSignatureGenerator.InitSign(24, masterKey.PrivateKey);
pgpSignatureGenerator.SetHashedSubpackets(hashedPackets);
pgpSignatureGenerator.SetUnhashedSubpackets(unhashedPackets);
IList list = Platform.CreateArrayList();
list.Add(pgpSignatureGenerator.GenerateCertification(masterKey.PublicKey, keyPair.PublicKey));
keys.Add(new PgpSecretKey(keyPair.PrivateKey, new PgpPublicKey(keyPair.PublicKey, null, list), encAlgorithm, rawPassPhrase, clearPassPhrase: false, useSha1, rand, isMasterKey: false));
}
catch (PgpException ex)
{
throw ex;
}
catch (Exception exception)
{
throw new PgpException("exception adding subkey: ", exception);
}
}
public override void PerformTest()
{
//
// RSA tests
//
PgpSecretKeyRing pgpPriv = new PgpSecretKeyRing(rsaKeyRing);
PgpSecretKey secretKey = pgpPriv.GetSecretKey();
PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(rsaPass);
try
{
doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("RSA wrong key test failed.");
}
catch (PgpException)
{
// expected
}
try
{
doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("RSA V3 wrong key test failed.");
}
catch (PgpException)
{
// expected
}
//
// certifications
//
PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.KeyRevocation, pgpPrivKey);
PgpSignature sig = sGen.GenerateCertification(secretKey.PublicKey);
sig.InitVerify(secretKey.PublicKey);
if (!sig.VerifyCertification(secretKey.PublicKey))
{
Fail("revocation verification failed.");
}
PgpSecretKeyRing pgpDSAPriv = new PgpSecretKeyRing(dsaKeyRing);
PgpSecretKey secretDSAKey = pgpDSAPriv.GetSecretKey();
PgpPrivateKey pgpPrivDSAKey = secretDSAKey.ExtractPrivateKey(dsaPass);
sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);
PgpSignatureSubpacketGenerator unhashedGen = new PgpSignatureSubpacketGenerator();
PgpSignatureSubpacketGenerator hashedGen = new PgpSignatureSubpacketGenerator();
hashedGen.SetSignatureExpirationTime(false, TEST_EXPIRATION_TIME);
hashedGen.SetSignerUserId(true, TEST_USER_ID);
hashedGen.SetPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS);
hashedGen.SetPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS);
hashedGen.SetPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS);
sGen.SetHashedSubpackets(hashedGen.Generate());
sGen.SetUnhashedSubpackets(unhashedGen.Generate());
sig = sGen.GenerateCertification(secretDSAKey.PublicKey, secretKey.PublicKey);
byte[] sigBytes = sig.GetEncoded();
PgpObjectFactory f = new PgpObjectFactory(sigBytes);
sig = ((PgpSignatureList)f.NextPgpObject())[0];
sig.InitVerify(secretDSAKey.PublicKey);
if (!sig.VerifyCertification(secretDSAKey.PublicKey, secretKey.PublicKey))
{
Fail("subkey binding verification failed.");
}
PgpSignatureSubpacketVector hashedPcks = sig.GetHashedSubPackets();
PgpSignatureSubpacketVector unhashedPcks = sig.GetUnhashedSubPackets();
if (hashedPcks.Count != 6)
{
Fail("wrong number of hashed packets found.");
}
if (unhashedPcks.Count != 1)
{
Fail("wrong number of unhashed packets found.");
}
if (!hashedPcks.GetSignerUserId().Equals(TEST_USER_ID))
{
Fail("test userid not matching");
}
if (hashedPcks.GetSignatureExpirationTime() != TEST_EXPIRATION_TIME)
{
Fail("test signature expiration time not matching");
}
if (unhashedPcks.GetIssuerKeyId() != secretDSAKey.KeyId)
{
Fail("wrong issuer key ID found in certification");
}
int[] prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms();
preferredAlgorithmCheck("compression", PREFERRED_COMPRESSION_ALGORITHMS, prefAlgs);
prefAlgs = hashedPcks.GetPreferredHashAlgorithms();
preferredAlgorithmCheck("hash", PREFERRED_HASH_ALGORITHMS, prefAlgs);
prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms();
preferredAlgorithmCheck("symmetric", PREFERRED_SYMMETRIC_ALGORITHMS, prefAlgs);
SignatureSubpacketTag[] criticalHashed = hashedPcks.GetCriticalTags();
if (criticalHashed.Length != 1)
{
Fail("wrong number of critical packets found.");
}
if (criticalHashed[0] != SignatureSubpacketTag.SignerUserId)
{
Fail("wrong critical packet found in tag list.");
}
//
// no packets passed
//
sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);
sGen.SetHashedSubpackets(null);
sGen.SetUnhashedSubpackets(null);
sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey);
sig.InitVerify(secretDSAKey.PublicKey);
if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey))
{
Fail("subkey binding verification failed.");
}
hashedPcks = sig.GetHashedSubPackets();
if (hashedPcks.Count != 1)
{
Fail("found wrong number of hashed packets");
}
unhashedPcks = sig.GetUnhashedSubPackets();
if (unhashedPcks.Count != 1)
{
Fail("found wrong number of unhashed packets");
}
try
{
sig.VerifyCertification(secretKey.PublicKey);
Fail("failed to detect non-key signature.");
}
catch (InvalidOperationException)
{
// expected
}
//
// override hash packets
//
sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);
hashedGen = new PgpSignatureSubpacketGenerator();
DateTime creationTime = new DateTime(1973, 7, 27);
hashedGen.SetSignatureCreationTime(false, creationTime);
sGen.SetHashedSubpackets(hashedGen.Generate());
sGen.SetUnhashedSubpackets(null);
sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey);
sig.InitVerify(secretDSAKey.PublicKey);
if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey))
{
Fail("subkey binding verification failed.");
}
hashedPcks = sig.GetHashedSubPackets();
if (hashedPcks.Count != 1)
{
Fail("found wrong number of hashed packets in override test");
}
if (!hashedPcks.HasSubpacket(SignatureSubpacketTag.CreationTime))
{
Fail("hasSubpacket test for creation time failed");
}
DateTime sigCreationTime = hashedPcks.GetSignatureCreationTime();
if (!sigCreationTime.Equals(creationTime))
{
Fail("creation of overridden date failed.");
}
prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms();
preferredAlgorithmCheck("compression", NO_PREFERENCES, prefAlgs);
prefAlgs = hashedPcks.GetPreferredHashAlgorithms();
preferredAlgorithmCheck("hash", NO_PREFERENCES, prefAlgs);
prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms();
preferredAlgorithmCheck("symmetric", NO_PREFERENCES, prefAlgs);
if (hashedPcks.GetKeyExpirationTime() != 0)
{
Fail("unexpected key expiration time found");
}
if (hashedPcks.GetSignatureExpirationTime() != 0)
{
Fail("unexpected signature expiration time found");
}
if (hashedPcks.GetSignerUserId() != null)
{
Fail("unexpected signer user ID found");
}
criticalHashed = hashedPcks.GetCriticalTags();
if (criticalHashed.Length != 0)
{
Fail("critical packets found when none expected");
}
unhashedPcks = sig.GetUnhashedSubPackets();
if (unhashedPcks.Count != 1)
{
Fail("found wrong number of unhashed packets in override test");
}
//
// general signatures
//
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha256, secretKey.PublicKey, pgpPrivKey);
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha384, secretKey.PublicKey, pgpPrivKey);
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha512, secretKey.PublicKey, pgpPrivKey);
doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
//
// DSA Tests
//
pgpPriv = new PgpSecretKeyRing(dsaKeyRing);
secretKey = pgpPriv.GetSecretKey();
pgpPrivKey = secretKey.ExtractPrivateKey(dsaPass);
try
{
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("DSA wrong key test failed.");
}
catch (PgpException)
{
// expected
}
try
{
doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("DSA V3 wrong key test failed.");
}
catch (PgpException)
{
// expected
}
doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
// special cases
//
doTestMissingSubpackets(nullPacketsSubKeyBinding);
doTestMissingSubpackets(generateV3BinarySig(pgpPrivKey, PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1));
// keyflags
doTestKeyFlagsValues();
}
public PgpKeyRingGenerator(int certificationLevel, PgpKeyPair masterKey, string id, SymmetricKeyAlgorithmTag encAlgorithm, HashAlgorithmTag hashAlgorithm, bool utf8PassPhrase, char[] passPhrase, bool useSha1, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
: this(certificationLevel, masterKey, id, encAlgorithm, hashAlgorithm, PgpUtilities.EncodePassPhrase(passPhrase, utf8PassPhrase), useSha1, hashedPackets, unhashedPackets, rand)
{
}
public PgpKeyRingGenerator(int certificationLevel, PgpKeyPair masterKey, string id, SymmetricKeyAlgorithmTag encAlgorithm, char[] passPhrase, PgpSignatureSubpacketVector hashedPackets, PgpSignatureSubpacketVector unhashedPackets, SecureRandom rand)
: this(certificationLevel, masterKey, id, encAlgorithm, passPhrase, useSha1 : false, hashedPackets, unhashedPackets, rand)
{
}
public void SetUnhashedSubpackets(PgpSignatureSubpacketVector unhashedPackets)
{
unhashed = ((unhashedPackets == null) ? EmptySignatureSubpackets : unhashedPackets.ToSubpacketArray());
}
public void SetHashedSubpackets(PgpSignatureSubpacketVector hashedPackets)
{
hashed = ((hashedPackets == null) ? EmptySignatureSubpackets : hashedPackets.ToSubpacketArray());
}
