/// <summary> /// Attempt to encrypt a message using PGP with the specified public key(s). /// </summary> /// <param name="messageStream">Stream containing the message to encrypt.</param> /// <param name="fileName">File name of for the message.</param> /// <param name="signedAndEncryptedMessageStream">Stream to write the encrypted message into.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="recipientPublicKeys">Collection of BouncyCastle public keys to be used for encryption.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the encryption completed successfully.</returns> public static bool SignAndEncrypt(Stream messageStream, string fileName, Stream signedAndEncryptedMessageStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, IEnumerable<PgpPublicKey> recipientPublicKeys, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes, bool armor = true) { // Create a signature generator. PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(senderPublicKey.Algorithm, hashAlgorithmTag); signatureGenerator.InitSign(PgpSignature.BinaryDocument, senderPrivateKey); // Add the public key user ID. foreach (string userId in senderPublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator signatureSubGenerator = new PgpSignatureSubpacketGenerator(); signatureSubGenerator.SetSignerUserId(false, userId); signatureGenerator.SetHashedSubpackets(signatureSubGenerator.Generate()); break; } // Allow any of the corresponding keys to be used for decryption. PgpEncryptedDataGenerator encryptedDataGenerator = new PgpEncryptedDataGenerator(SymmetricKeyAlgorithmTag.TripleDes, true, new SecureRandom()); foreach (PgpPublicKey publicKey in recipientPublicKeys) { encryptedDataGenerator.AddMethod(publicKey); } // Handle optional ASCII armor. if (armor) { using (Stream armoredStream = new ArmoredOutputStream(signedAndEncryptedMessageStream)) { using (Stream encryptedStream = encryptedDataGenerator.Open(armoredStream, new byte[Constants.LARGEBUFFERSIZE])) { PgpCompressedDataGenerator compressedDataGenerator = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Uncompressed); using (Stream compressedStream = compressedDataGenerator.Open(encryptedStream)) { signatureGenerator.GenerateOnePassVersion(false).Encode(compressedStream); PgpLiteralDataGenerator literalDataGenerator = new PgpLiteralDataGenerator(); using (Stream literalStream = literalDataGenerator.Open(compressedStream, PgpLiteralData.Binary, fileName, DateTime.Now, new byte[Constants.LARGEBUFFERSIZE])) { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { literalStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } } signatureGenerator.Generate().Encode(compressedStream); } } } } else { using (Stream encryptedStream = encryptedDataGenerator.Open(signedAndEncryptedMessageStream, new byte[Constants.LARGEBUFFERSIZE])) { PgpCompressedDataGenerator compressedDataGenerator = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Uncompressed); using (Stream compressedStream = compressedDataGenerator.Open(encryptedStream)) { signatureGenerator.GenerateOnePassVersion(false).Encode(compressedStream); PgpLiteralDataGenerator literalDataGenerator = new PgpLiteralDataGenerator(); using (Stream literalStream = literalDataGenerator.Open(compressedStream, PgpLiteralData.Binary, fileName, DateTime.Now, new byte[Constants.LARGEBUFFERSIZE])) { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { literalStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } } signatureGenerator.Generate().Encode(compressedStream); } } } return true; }
/// <summary> /// Return the algorithm code for the symmetric algorithm used to encrypt the data. /// </summary> public SymmetricKeyAlgorithmTag GetSymmetricAlgorithm( PgpPrivateKey privKey) { byte[] plain = fetchSymmetricKeyData(privKey); return (SymmetricKeyAlgorithmTag) plain[0]; }
/// <summary> /// Return the algorithm code for the symmetric algorithm used to encrypt the data. /// </summary> public SymmetricKeyAlgorithmTag GetSymmetricAlgorithm( PgpPrivateKey privKey) { byte[] plain = fetchSymmetricKeyData(privKey); return((SymmetricKeyAlgorithmTag)plain[0]); }
/// <summary>Create a key pair from a PgpPrivateKey and a PgpPublicKey.</summary> /// <param name="pub">The public key.</param> /// <param name="priv">The private key.</param> public PgpKeyPair( PgpPublicKey pub, PgpPrivateKey priv) { this.pub = pub; this.priv = priv; }
/// <summary> /// Return the algorithm code for the symmetric algorithm used to encrypt the data. /// </summary> public SymmetricKeyAlgorithmTag GetSymmetricAlgorithm( PgpPrivateKey privKey) { byte[] sessionData = RecoverSessionData(privKey); return((SymmetricKeyAlgorithmTag)sessionData[0]); }
/// <summary>Initialise the generator for signing.</summary> public void InitSign( int sigType, PgpPrivateKey key, SecureRandom random) { this.privKey = key; this.signatureType = sigType; try { ICipherParameters cp = key.Key; if (random != null) { cp = new ParametersWithRandom(key.Key, random); } sig.Init(true, cp); } catch (InvalidKeyException e) { throw new PgpException("invalid key.", e); } dig.Reset(); lastb = 0; }
/// <summary> /// Attempt to decrypt a PGP protected message using the matching private key. /// </summary> /// <param name="message">Byte array containing the message to decrypt.</param> /// <param name="decryptedMessageStream">Stream to write the decrypted message into.</param> /// <param name="recipientPrivateKey">The BouncyCastle private key to be used for decryption.</param> /// <remarks>The message should be passed in without ASCII Armor.</remarks> /// <returns>Whether the decryption completed successfully.</returns> public static bool Decrypt(byte[] message, Stream decryptedMessageStream, PgpPrivateKey recipientPrivateKey) { using (MemoryStream messageStream = new MemoryStream(message)) { return Decrypt(messageStream, decryptedMessageStream, recipientPrivateKey); } }
/// <summary>Create a key pair from a PgpPrivateKey and a PgpPublicKey.</summary> /// <param name="pub">The public key.</param> /// <param name="priv">The private key.</param> public PgpKeyPair( PgpPublicKey pub, PgpPrivateKey priv) { this.pub = pub; this.priv = priv; }
/// <summary> /// Return the algorithm code for the symmetric algorithm used to encrypt the data. /// </summary> public SymmetricKeyAlgorithmTag GetSymmetricAlgorithm( PgpPrivateKey privKey) { byte[] sessionData = RecoverSessionData(privKey); return (SymmetricKeyAlgorithmTag)sessionData[0]; }
/// <summary>Initialise the generator for signing.</summary> public void InitSign( int sigType, PgpPrivateKey key, SecureRandom random) { this.privKey = key; this.signatureType = sigType; try { ICipherParameters cp = key.Key; if (random != null) { cp = new ParametersWithRandom(key.Key, random); } sig.Init(true, cp); } catch (InvalidKeyException e) { throw new PgpException("invalid key.", e); } dig.Reset(); lastb = 0; }
public PgpKeyPair( PublicKeyAlgorithmTag algorithm, AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey, DateTime time) { this.pub = new PgpPublicKey(algorithm, pubKey, time); this.priv = new PgpPrivateKey(privKey, pub.KeyId); }
public PgpKeyPair( PublicKeyAlgorithmTag algorithm, IAsymmetricKeyParameter pubKey, IAsymmetricKeyParameter privKey, DateTime time) { this.pub = new PgpPublicKey(algorithm, pubKey, time); this.priv = new PgpPrivateKey(privKey, pub.KeyId); }
internal PgpSecretKey( PgpPrivateKey privKey, PgpPublicKey pubKey, SymmetricKeyAlgorithmTag encAlgorithm, char[] passPhrase, bool useSha1, SecureRandom rand) : this(privKey, pubKey, encAlgorithm, passPhrase, useSha1, rand, false) { }
internal PgpSecretKey( PgpPrivateKey privKey, PgpPublicKey pubKey, SymmetricKeyAlgorithmTag encAlgorithm, char[] passPhrase, bool useSha1, SecureRandom rand) : this(privKey, pubKey, encAlgorithm, passPhrase, useSha1, rand, false) { }
private PgpPrivateKey ReadPrivateKey(string passPhrase) { Org.BouncyCastle.Bcpg.OpenPgp.PgpPrivateKey privateKey = SecretKey.ExtractPrivateKey(passPhrase.ToCharArray()); if (privateKey != null) { return(privateKey); } throw new ArgumentException("No private key found in secret key."); }
private byte[] RecoverSessionData(PgpPrivateKey privKey) { byte[][] encSessionKey = keyData.GetEncSessionKey(); if (keyData.Algorithm == PublicKeyAlgorithmTag.EC) { ECDHPublicBcpgKey eCDHPublicBcpgKey = (ECDHPublicBcpgKey)privKey.PublicKeyPacket.Key; X9ECParameters x9ECParameters = ECKeyPairGenerator.FindECCurveByOid(eCDHPublicBcpgKey.CurveOid); byte[] array = encSessionKey[0]; int num = (((array[0] & 0xFF) << 8) + (array[1] & 0xFF) + 7) / 8; byte[] array2 = new byte[num]; global::System.Array.Copy((global::System.Array)array, 2, (global::System.Array)array2, 0, num); byte[] array3 = new byte[array[num + 2]]; global::System.Array.Copy((global::System.Array)array, 2 + num + 1, (global::System.Array)array3, 0, array3.Length); ECPoint eCPoint = x9ECParameters.Curve.DecodePoint(array2); ECPrivateKeyParameters eCPrivateKeyParameters = (ECPrivateKeyParameters)privKey.Key; ECPoint s = eCPoint.Multiply(eCPrivateKeyParameters.D).Normalize(); KeyParameter parameters = new KeyParameter(Rfc6637Utilities.CreateKey(privKey.PublicKeyPacket, s)); IWrapper wrapper = PgpUtilities.CreateWrapper(eCDHPublicBcpgKey.SymmetricKeyAlgorithm); wrapper.Init(forWrapping: false, parameters); return(PgpPad.UnpadSessionData(wrapper.Unwrap(array3, 0, array3.Length))); } IBufferedCipher keyCipher = GetKeyCipher(keyData.Algorithm); try { keyCipher.Init(forEncryption: false, privKey.Key); } catch (InvalidKeyException exception) { throw new PgpException("error setting asymmetric cipher", exception); } if (keyData.Algorithm == PublicKeyAlgorithmTag.RsaEncrypt || keyData.Algorithm == PublicKeyAlgorithmTag.RsaGeneral) { byte[] array4 = encSessionKey[0]; keyCipher.ProcessBytes(array4, 2, array4.Length - 2); } else { ElGamalPrivateKeyParameters elGamalPrivateKeyParameters = (ElGamalPrivateKeyParameters)privKey.Key; int size = (elGamalPrivateKeyParameters.Parameters.P.BitLength + 7) / 8; ProcessEncodedMpi(keyCipher, size, encSessionKey[0]); ProcessEncodedMpi(keyCipher, size, encSessionKey[1]); } try { return(keyCipher.DoFinal()); } catch (global::System.Exception exception2) { throw new PgpException("exception decrypting secret key", exception2); } }
/// <summary> /// Attempt to decrypt a PGP protected message using the matching private key. /// </summary> /// <param name="messageStream">Stream containing the message to decrypt.</param> /// <param name="decryptedMessage">If successful, the decrypted message.</param> /// <param name="recipientPrivateKey">The BouncyCastle private key to be used for decryption.</param> /// <remarks>The message should be passed in without ASCII Armor.</remarks> /// <returns>Whether the decryption completed successfully.</returns> public static bool Decrypt(Stream messageStream, out byte[] decryptedMessage, PgpPrivateKey recipientPrivateKey) { using (MemoryStream decryptedMessageStream = new MemoryStream()) { bool decrypted = Decrypt(messageStream, decryptedMessageStream, recipientPrivateKey); if (decrypted) decryptedMessage = decryptedMessageStream.ToArray(); else decryptedMessage = null; return decrypted; } }
/// <summary>Initialise the generator for signing.</summary> public void InitSign( int signatureType, PgpPrivateKey key) { this.privKey = key; this.signatureType = signatureType; try { sig.Init(true, key.Key); } catch (InvalidKeyException e) { throw new PgpException("invalid key.", e); } dig.Reset(); lastb = 0; }
public void InitSign(int sigType, PgpPrivateKey key, SecureRandom random) { privKey = key; signatureType = sigType; try { ICipherParameters parameters = key.Key; if (random != null) { parameters = new ParametersWithRandom(key.Key, random); } sig.Init(forSigning: true, parameters); } catch (InvalidKeyException exception) { throw new PgpException("invalid key.", exception); } dig.Reset(); lastb = 0; }
public PgpKeyPair(PublicKeyAlgorithmTag algorithm, AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey, global::System.DateTime time) { pub = new PgpPublicKey(algorithm, pubKey, time); priv = new PgpPrivateKey(pub.KeyId, pub.PublicKeyPacket, privKey); }
////--------------------------------------------------- BUILDER ------------------------------------------------------ //private class Builder { // private static char[] EMPTY_PASSWORD = new char[0]; // private PgpPublicKey publicKeyForEncryption = null; // private PgpSecretKey secretKeyForSigning = null; // private char[] secretKeyPassword = EMPTY_PASSWORD; // public Builder setPublicKeyForEncryption(InputStream pgpPublicKeyIn) { // Validate.notNull(pgpPublicKeyIn, "If you do not want to set public key, then simply do not call this method!"); // try { // PgpPublicKey publicKey = KeyUtils.findPublicKeyForEncryption(pgpPublicKeyIn); // if (publicKey == null) { // throw new IllegalArgumentException("Cannot load public key from given input stream"); // } // this.publicKeyForEncryption = publicKey; // } catch (Exception e) { // throw new IllegalArgumentException("Cannot load public key from given input stream"); // } // return this; // } // public Builder setPublicKeyForEncryption(PgpPublicKey pgpPublicKey) { // Validate.notNull(pgpPublicKey, "If you do not want to set public key, then simply do not call this method!"); // this.publicKeyForEncryption = pgpPublicKey; // return this; // } // public Builder setSecretKeyForSigning(InputStream pgpSecretKeyIn) { // Validate.notNull(pgpSecretKeyIn, "If you do not want to set private key, then simply do not call this method!"); // try { // PgpSecretKey secretKey = KeyUtils.findSecretKeyForSigning(pgpSecretKeyIn); // if (secretKey == null) { // throw new IllegalArgumentException("Cannot load secret key from given input stream"); // } // this.secretKeyForSigning = secretKey; // } catch (Exception e) { // throw new IllegalArgumentException("Cannot load secret key from given input stream"); // } // return this; // } // public Builder setSecretKeyForSigning(PgpSecretKey pgpSecretKey) { // Validate.notNull(pgpSecretKey, "If you do not want to set private key, then simply do not call this method!"); // this.secretKeyForSigning = pgpSecretKey; // return this; // } // public Builder setSecretKeyPassword(char[] secretKeyPassword) { // if (secretKeyPassword == null) { // this.secretKeyPassword = EMPTY_PASSWORD; // } else { // this.secretKeyPassword = Arrays.copyOf(secretKeyPassword, secretKeyPassword.length); // } // return this; // } // public PgpEncryptor createPgpEncryptor() { // return new PgpEncryptor(publicKeyForEncryption, secretKeyForSigning, secretKeyPassword); // } //} //--------------------------------------------------- HELPER METHODS ----------------------------------------------- private PgpSignatureGenerator createSignatureGenerator(PgpPrivateKey pgpPrivateKey) { PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator( secretKeyForSigning.PublicKey.Algorithm, HashAlgorithmTag.Sha1); signatureGenerator.InitSign(PgpSignature.BinaryDocument, pgpPrivateKey); setSignatureSubpackets(secretKeyForSigning, signatureGenerator); return signatureGenerator; }
/// <summary>Initialise the generator for signing.</summary> public void InitSign( int sigType, PgpPrivateKey key) { InitSign(sigType, key, null); }
/// <summary> /// Attempt to sign then encrypt a message using PGP with the specified private and public keys. /// </summary> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="recipientPublicKey">BouncyCastle public key to be used for encryption.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param> /// <returns>Whether the encryption completed successfully.</returns> public bool PgpSignAndEncrypt(PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, PgpPublicKey recipientPublicKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes) { return PgpSignAndEncrypt(senderPublicKey, senderPrivateKey, new List<PgpPublicKey>() { recipientPublicKey }, hashAlgorithmTag, symmetricKeyAlgorithmTag); }
/// <summary> /// Attempt to decrypt a PGP protected message using the matching private key. /// </summary> /// <param name="decryptedMessage">If successful, the decrypted message.</param> /// <returns>Whether the decryption completed successfully.</returns> public bool PgpDecrypt(PgpPrivateKey recipientPrivateKey, out byte[] decryptedMessage) { string encryptedBody = ""; // Process each MIME part. if (MimeParts != null) { for (int i = 0; i < MimeParts.Count; i++) { MimePart mimePart = MimeParts[i]; // Check if the MIME part is encrypted or signed using PGP. if (mimePart.Body.StartsWith("-----BEGIN PGP MESSAGE-----")) { encryptedBody = Functions.ReturnBetween(mimePart.Body, "-----BEGIN PGP MESSAGE-----\r\n", "\r\n-----END PGP MESSAGE-----"); break; } } } else { if (Body.StartsWith("-----BEGIN PGP MESSAGE-----")) encryptedBody = Functions.ReturnBetween(Body, "-----BEGIN PGP MESSAGE-----\r\n", "\r\n-----END PGP MESSAGE-----"); } // Process an encrypted body if found. if (!string.IsNullOrEmpty(encryptedBody)) { // Ignore the PGP headers. int doubleLineBreak = encryptedBody.IndexOf("\r\n\r\n"); if (doubleLineBreak > -1) encryptedBody = encryptedBody.Substring(doubleLineBreak + 4); // Attempt to decrypt the message and set the body if successful. if (Pgp.Decrypt(Encoding.UTF8.GetBytes(encryptedBody), out decryptedMessage, recipientPrivateKey)) { // Ensure a valid encoding. if (BodyEncoding == null) BodyEncoding = Encoding.UTF8; // Convert the byte array back to a string. Body = BodyEncoding.GetString(decryptedMessage); // OpaqueMail optional setting for protecting the subject. if (SubjectEncryption && Body.StartsWith("Subject: ")) { int linebreakPosition = Body.IndexOf("\r\n"); if (linebreakPosition > -1) { // Decode international strings and remove escaped linebreaks. string subjectText = Body.Substring(9, linebreakPosition - 9); Subject = Functions.DecodeMailHeader(subjectText).Replace("\r", "").Replace("\n", ""); Body = Body.Substring(linebreakPosition + 2); } } // If the body was successfully decrypted, attempt to decrypt attachments. foreach (Attachment attachment in Attachments) { // Only process attachments with names ending in ".pgp". if (attachment.Name.ToLower().EndsWith(".pgp")) { if (Pgp.Decrypt(attachment.ContentStream, out decryptedMessage, recipientPrivateKey)) { attachment.ContentStream = new MemoryStream(decryptedMessage); attachment.Name = attachment.Name.Substring(0, attachment.Name.Length - 4); } } } return true; } else return false; } else { decryptedMessage = null; return false; } }
internal PgpSecretKey( PgpPrivateKey privKey, PgpPublicKey pubKey, SymmetricKeyAlgorithmTag encAlgorithm, byte[] rawPassPhrase, bool clearPassPhrase, bool useSha1, SecureRandom rand, bool isMasterKey) { BcpgObject secKey; this.pub = pubKey; switch (pubKey.Algorithm) { case PublicKeyAlgorithmTag.RsaEncrypt: case PublicKeyAlgorithmTag.RsaSign: case PublicKeyAlgorithmTag.RsaGeneral: RsaPrivateCrtKeyParameters rsK = (RsaPrivateCrtKeyParameters) privKey.Key; secKey = new RsaSecretBcpgKey(rsK.Exponent, rsK.P, rsK.Q); break; case PublicKeyAlgorithmTag.Dsa: DsaPrivateKeyParameters dsK = (DsaPrivateKeyParameters) privKey.Key; secKey = new DsaSecretBcpgKey(dsK.X); break; case PublicKeyAlgorithmTag.ECDH: case PublicKeyAlgorithmTag.ECDsa: ECPrivateKeyParameters ecK = (ECPrivateKeyParameters)privKey.Key; secKey = new ECSecretBcpgKey(ecK.D); break; case PublicKeyAlgorithmTag.ElGamalEncrypt: case PublicKeyAlgorithmTag.ElGamalGeneral: ElGamalPrivateKeyParameters esK = (ElGamalPrivateKeyParameters) privKey.Key; secKey = new ElGamalSecretBcpgKey(esK.X); break; default: throw new PgpException("unknown key class"); } try { MemoryStream bOut = new MemoryStream(); BcpgOutputStream pOut = new BcpgOutputStream(bOut); pOut.WriteObject(secKey); byte[] keyData = bOut.ToArray(); byte[] checksumData = Checksum(useSha1, keyData, keyData.Length); keyData = Arrays.Concatenate(keyData, checksumData); if (encAlgorithm == SymmetricKeyAlgorithmTag.Null) { if (isMasterKey) { this.secret = new SecretKeyPacket(pub.publicPk, encAlgorithm, null, null, keyData); } else { this.secret = new SecretSubkeyPacket(pub.publicPk, encAlgorithm, null, null, keyData); } } else { S2k s2k; byte[] iv; byte[] encData; if (pub.Version >= 4) { encData = EncryptKeyDataV4(keyData, encAlgorithm, HashAlgorithmTag.Sha1, rawPassPhrase, clearPassPhrase, rand, out s2k, out iv); } else { encData = EncryptKeyDataV3(keyData, encAlgorithm, rawPassPhrase, clearPassPhrase, rand, out s2k, out iv); } int s2kUsage = useSha1 ? SecretKeyPacket.UsageSha1 : SecretKeyPacket.UsageChecksum; if (isMasterKey) { this.secret = new SecretKeyPacket(pub.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData); } else { this.secret = new SecretSubkeyPacket(pub.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData); } } } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("Exception encrypting key", e); } }
public Stream GetDataStream(PgpPrivateKey privKey) { //IL_012b: Unknown result type (might be due to invalid IL or missing references) //IL_015a: Unknown result type (might be due to invalid IL or missing references) byte[] array = RecoverSessionData(privKey); if (!ConfirmCheckSum(array)) { throw new PgpKeyValidationException("key checksum failed"); } SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = (SymmetricKeyAlgorithmTag)array[0]; if (symmetricKeyAlgorithmTag == SymmetricKeyAlgorithmTag.Null) { return((Stream)(object)encData.GetInputStream()); } string symmetricCipherName = PgpUtilities.GetSymmetricCipherName(symmetricKeyAlgorithmTag); string text = symmetricCipherName; IBufferedCipher cipher; try { text = ((!(encData is SymmetricEncIntegrityPacket)) ? (text + "/OpenPGPCFB/NoPadding") : (text + "/CFB/NoPadding")); cipher = CipherUtilities.GetCipher(text); } catch (PgpException ex) { throw ex; } catch (global::System.Exception exception) { throw new PgpException("exception creating cipher", exception); } try { KeyParameter parameters = ParameterUtilities.CreateKeyParameter(symmetricCipherName, array, 1, array.Length - 3); byte[] array2 = new byte[cipher.GetBlockSize()]; cipher.Init(forEncryption: false, new ParametersWithIV(parameters, array2)); encStream = (Stream)(object)BcpgInputStream.Wrap((Stream)(object)new CipherStream((Stream)(object)encData.GetInputStream(), cipher, null)); if (encData is SymmetricEncIntegrityPacket) { truncStream = new TruncatedStream(encStream); string digestName = PgpUtilities.GetDigestName(HashAlgorithmTag.Sha1); IDigest digest = DigestUtilities.GetDigest(digestName); encStream = (Stream)(object)new DigestStream((Stream)(object)truncStream, digest, null); } if (Streams.ReadFully(encStream, array2, 0, array2.Length) < array2.Length) { throw new EndOfStreamException("unexpected end of stream."); } int num = encStream.ReadByte(); int num2 = encStream.ReadByte(); if (num < 0 || num2 < 0) { throw new EndOfStreamException("unexpected end of stream."); } return(encStream); } catch (PgpException ex2) { throw ex2; } catch (global::System.Exception exception2) { throw new PgpException("Exception starting decryption", exception2); } }
/// <summary>Initialise the generator for signing.</summary> public void InitSign( int sigType, PgpPrivateKey key) { this.privKey = key; this.signatureType = sigType; try { sig.Init(true, key.Key); } catch (InvalidKeyException e) { throw new PgpException("invalid key.", e); } dig.Reset(); lastb = 0; }
private byte[] fetchSymmetricKeyData( PgpPrivateKey privKey) { IBufferedCipher c1 = GetKeyCipher(keyData.Algorithm); try { c1.Init(false, privKey.Key); } catch (InvalidKeyException e) { throw new PgpException("error setting asymmetric cipher", e); } BigInteger[] keyD = keyData.GetEncSessionKey(); if (keyData.Algorithm == PublicKeyAlgorithmTag.RsaEncrypt || keyData.Algorithm == PublicKeyAlgorithmTag.RsaGeneral) { c1.ProcessBytes(keyD[0].ToByteArrayUnsigned()); } else { ElGamalPrivateKeyParameters k = (ElGamalPrivateKeyParameters)privKey.Key; int size = (k.Parameters.P.BitLength + 7) / 8; byte[] bi = keyD[0].ToByteArray(); int diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } bi = keyD[1].ToByteArray(); diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } } byte[] plain; try { plain = c1.DoFinal(); } catch (Exception e) { throw new PgpException("exception decrypting secret key", e); } if (!ConfirmCheckSum(plain)) throw new PgpKeyValidationException("key checksum failed"); return plain; }
/// <summary>Return the decrypted data stream for the packet.</summary> public Stream GetDataStream( PgpPrivateKey privKey) { byte[] plain = fetchSymmetricKeyData(privKey); IBufferedCipher c2; string cipherName = PgpUtilities.GetSymmetricCipherName((SymmetricKeyAlgorithmTag)plain[0]); string cName = cipherName; try { if (encData is SymmetricEncIntegrityPacket) { cName += "/CFB/NoPadding"; } else { cName += "/OpenPGPCFB/NoPadding"; } c2 = CipherUtilities.GetCipher(cName); } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("exception creating cipher", e); } if (c2 == null) { return(encData.GetInputStream()); } try { KeyParameter key = ParameterUtilities.CreateKeyParameter( cipherName, plain, 1, plain.Length - 3); byte[] iv = new byte[c2.GetBlockSize()]; c2.Init(false, new ParametersWithIV(key, iv)); encStream = BcpgInputStream.Wrap(new CipherStream(encData.GetInputStream(), c2, null)); if (encData is SymmetricEncIntegrityPacket) { truncStream = new TruncatedStream(encStream); string digestName = PgpUtilities.GetDigestName(HashAlgorithmTag.Sha1); IDigest digest = DigestUtilities.GetDigest(digestName); encStream = new DigestStream(truncStream, digest, null); } if (Streams.ReadFully(encStream, iv, 0, iv.Length) < iv.Length) { throw new EndOfStreamException("unexpected end of stream."); } int v1 = encStream.ReadByte(); int v2 = encStream.ReadByte(); if (v1 < 0 || v2 < 0) { throw new EndOfStreamException("unexpected end of stream."); } // Note: the oracle attack on the "quick check" bytes is deemed // a security risk for typical public key encryption usages, // therefore we do not perform the check. // bool repeatCheckPassed = // iv[iv.Length - 2] == (byte)v1 // && iv[iv.Length - 1] == (byte)v2; // // // Note: some versions of PGP appear to produce 0 for the extra // // bytes rather than repeating the two previous bytes // bool zeroesCheckPassed = // v1 == 0 // && v2 == 0; // // if (!repeatCheckPassed && !zeroesCheckPassed) // { // throw new PgpDataValidationException("quick check failed."); // } return(encStream); } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("Exception starting decryption", e); } }
/// <summary>Return the decrypted data stream for the packet.</summary> public Stream GetDataStream( PgpPrivateKey privKey) { IBufferedCipher c1 = GetKeyCipher(keyData.Algorithm); try { c1.Init(false, privKey.Key); } catch (InvalidKeyException e) { throw new PgpException("error setting asymmetric cipher", e); } BigInteger[] keyD = keyData.GetEncSessionKey(); if (keyData.Algorithm == PublicKeyAlgorithmTag.RsaEncrypt || keyData.Algorithm == PublicKeyAlgorithmTag.RsaGeneral) { byte[] bi = keyD[0].ToByteArray(); if (bi[0] == 0) { c1.ProcessBytes(bi, 1, bi.Length - 1); } else { c1.ProcessBytes(bi, 0, bi.Length); } } else { ElGamalPrivateKeyParameters k = (ElGamalPrivateKeyParameters)privKey.Key; int size = (k.Parameters.P.BitLength + 7) / 8; byte[] bi = keyD[0].ToByteArray(); int diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } bi = keyD[1].ToByteArray(); diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } } byte[] plain; try { plain = c1.DoFinal(); } catch (Exception e) { throw new PgpException("exception decrypting secret key", e); } if (!ConfirmCheckSum(plain)) { throw new PgpKeyValidationException("key checksum failed"); } IBufferedCipher c2; string cipherName = PgpUtilities.GetSymmetricCipherName((SymmetricKeyAlgorithmTag) plain[0]); string cName = cipherName; try { if (encData is SymmetricEncIntegrityPacket) { cName += "/CFB/NoPadding"; } else { cName += "/OpenPGPCFB/NoPadding"; } c2 = CipherUtilities.GetCipher(cName); } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("exception creating cipher", e); } if (c2 == null) { return encData.GetInputStream(); } try { byte[] keyBytes = new byte[plain.Length - 3]; Array.Copy(plain, 1, keyBytes, 0, keyBytes.Length); KeyParameter key = ParameterUtilities.CreateKeyParameter( cipherName, keyBytes); byte[] iv = new byte[c2.GetBlockSize()]; c2.Init(false, new ParametersWithIV(key, iv)); encStream = BcpgInputStream.Wrap(new CipherStream(encData.GetInputStream(), c2, null)); if (encData is SymmetricEncIntegrityPacket) { truncStream = new TruncatedStream(encStream); encStream = new DigestStream(truncStream, DigestUtilities.GetDigest(PgpUtilities.GetDigestName(HashAlgorithmTag.Sha1)), null); } for (int i = 0; i != iv.Length; i++) { int ch = encStream.ReadByte(); if (ch < 0) { throw new EndOfStreamException("unexpected end of stream."); } iv[i] = (byte)ch; } int v1 = encStream.ReadByte(); int v2 = encStream.ReadByte(); if (v1 < 0 || v2 < 0) { throw new EndOfStreamException("unexpected end of stream."); } // Note: the oracle attack on the "quick check" bytes is deemed // a security risk for typical public key encryption usages, // therefore we do not perform the check. // bool repeatCheckPassed = // iv[iv.Length - 2] == (byte)v1 // && iv[iv.Length - 1] == (byte)v2; // // // Note: some versions of PGP appear to produce 0 for the extra // // bytes rather than repeating the two previous bytes // bool zeroesCheckPassed = // v1 == 0 // && v2 == 0; // // if (!repeatCheckPassed && !zeroesCheckPassed) // { // throw new PgpDataValidationException("quick check failed."); // } return encStream; } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("Exception starting decryption", e); } }
private byte[] fetchSymmetricKeyData( PgpPrivateKey privKey) { IBufferedCipher c1 = GetKeyCipher(keyData.Algorithm); try { c1.Init(false, privKey.Key); } catch (InvalidKeyException e) { throw new PgpException("error setting asymmetric cipher", e); } BigInteger[] keyD = keyData.GetEncSessionKey(); if (keyData.Algorithm == PublicKeyAlgorithmTag.RsaEncrypt || keyData.Algorithm == PublicKeyAlgorithmTag.RsaGeneral) { c1.ProcessBytes(keyD[0].ToByteArrayUnsigned()); } else { ElGamalPrivateKeyParameters k = (ElGamalPrivateKeyParameters)privKey.Key; int size = (k.Parameters.P.BitLength + 7) / 8; byte[] bi = keyD[0].ToByteArray(); int diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } bi = keyD[1].ToByteArray(); diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } } byte[] plain; try { plain = c1.DoFinal(); } catch (Exception e) { throw new PgpException("exception decrypting secret key", e); } if (!ConfirmCheckSum(plain)) { throw new PgpKeyValidationException("key checksum failed"); } return(plain); }
private static PgpObjectFactory getClearDataStream(PgpPrivateKey privateKey, PgpPublicKeyEncryptedData publicKeyED) { Stream clearStream = publicKeyED.GetDataStream(privateKey); PgpObjectFactory clearFactory = new PgpObjectFactory(clearStream); return clearFactory; }
/// <summary>Return the decrypted data stream for the packet.</summary> public Stream GetDataStream( PgpPrivateKey privKey) { byte[] plain = fetchSymmetricKeyData(privKey); IBufferedCipher c2; string cipherName = PgpUtilities.GetSymmetricCipherName((SymmetricKeyAlgorithmTag) plain[0]); string cName = cipherName; try { if (encData is SymmetricEncIntegrityPacket) { cName += "/CFB/NoPadding"; } else { cName += "/OpenPGPCFB/NoPadding"; } c2 = CipherUtilities.GetCipher(cName); } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("exception creating cipher", e); } if (c2 == null) return encData.GetInputStream(); try { KeyParameter key = ParameterUtilities.CreateKeyParameter( cipherName, plain, 1, plain.Length - 3); byte[] iv = new byte[c2.GetBlockSize()]; c2.Init(false, new ParametersWithIV(key, iv)); encStream = BcpgInputStream.Wrap(new CipherStream(encData.GetInputStream(), c2, null)); if (encData is SymmetricEncIntegrityPacket) { truncStream = new TruncatedStream(encStream); string digestName = PgpUtilities.GetDigestName(HashAlgorithmTag.Sha1); IDigest digest = DigestUtilities.GetDigest(digestName); encStream = new DigestStream(truncStream, digest, null); } if (Streams.ReadFully(encStream, iv, 0, iv.Length) < iv.Length) throw new EndOfStreamException("unexpected end of stream."); int v1 = encStream.ReadByte(); int v2 = encStream.ReadByte(); if (v1 < 0 || v2 < 0) throw new EndOfStreamException("unexpected end of stream."); // Note: the oracle attack on the "quick check" bytes is deemed // a security risk for typical public key encryption usages, // therefore we do not perform the check. // bool repeatCheckPassed = // iv[iv.Length - 2] == (byte)v1 // && iv[iv.Length - 1] == (byte)v2; // // // Note: some versions of PGP appear to produce 0 for the extra // // bytes rather than repeating the two previous bytes // bool zeroesCheckPassed = // v1 == 0 // && v2 == 0; // // if (!repeatCheckPassed && !zeroesCheckPassed) // { // throw new PgpDataValidationException("quick check failed."); // } return encStream; } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("Exception starting decryption", e); } }
internal PgpSecretKey( PgpPrivateKey privKey, PgpPublicKey pubKey, SymmetricKeyAlgorithmTag encAlgorithm, char[] passPhrase, bool useSha1, ISecureRandom rand, bool isMasterKey) { BcpgObject secKey; _pub = pubKey; switch (pubKey.Algorithm) { case PublicKeyAlgorithmTag.RsaEncrypt: case PublicKeyAlgorithmTag.RsaSign: case PublicKeyAlgorithmTag.RsaGeneral: var rsK = (RsaPrivateCrtKeyParameters)privKey.Key; secKey = new RsaSecretBcpgKey(rsK.Exponent, rsK.P, rsK.Q); break; case PublicKeyAlgorithmTag.Dsa: var dsK = (DsaPrivateKeyParameters)privKey.Key; secKey = new DsaSecretBcpgKey(dsK.X); break; case PublicKeyAlgorithmTag.ElGamalEncrypt: case PublicKeyAlgorithmTag.ElGamalGeneral: var esK = (ElGamalPrivateKeyParameters)privKey.Key; secKey = new ElGamalSecretBcpgKey(esK.X); break; case PublicKeyAlgorithmTag.Ecdh: case PublicKeyAlgorithmTag.Ecdsa: var ecK = (ECPrivateKeyParameters)privKey.Key; secKey = new ECSecretBcpgKey(ecK.D); break; default: throw new PgpException("unknown key class"); } try { using (var bOut = new MemoryStream()) { using (var pOut = new BcpgOutputStream(bOut)) { pOut.WriteObject(secKey); var keyData = bOut.ToArray(); var checksumBytes = Checksum(useSha1, keyData, keyData.Length); pOut.Write(checksumBytes); var bOutData = bOut.ToArray(); if (encAlgorithm == SymmetricKeyAlgorithmTag.Null) { this._secret = isMasterKey ? new SecretKeyPacket(_pub.PublicKeyPacket, encAlgorithm, null, null, bOutData) : new SecretSubkeyPacket(_pub.PublicKeyPacket, encAlgorithm, null, null, bOutData); } else { S2k s2K; byte[] iv; var encData = EncryptKeyData(bOutData, encAlgorithm, passPhrase, rand, out s2K, out iv); var s2KUsage = useSha1 ? SecretKeyPacket.UsageSha1 : SecretKeyPacket.UsageChecksum; this._secret = isMasterKey ? new SecretKeyPacket(_pub.PublicKeyPacket, encAlgorithm, s2KUsage, s2K, iv, encData) : new SecretSubkeyPacket(_pub.PublicKeyPacket, encAlgorithm, s2KUsage, s2K, iv, encData); } } } } catch (PgpException) { throw; } catch (Exception e) { throw new PgpException("Exception encrypting key", e); } }
/// <summary> /// Attempt to decrypt a PGP protected message using the matching private key. /// </summary> /// <param name="messageStream">Stream containing the message to decrypt.</param> /// <param name="decryptedMessageStream">Stream to write the decrypted message into.</param> /// <param name="recipientPrivateKey">The BouncyCastle private key to be used for decryption.</param> /// <remarks>The message should be passed in without ASCII Armor.</remarks> /// <returns>Whether the decryption completed successfully.</returns> public static bool Decrypt(Stream messageStream, Stream decryptedMessageStream, PgpPrivateKey recipientPrivateKey) { // Decode from Base-64. using (Stream decoderStream = PgpUtilities.GetDecoderStream(messageStream)) { // Extract the encrypted data list. PgpObjectFactory pgpObjectFactory = new PgpObjectFactory(decoderStream); PgpObject pgpObject = pgpObjectFactory.NextPgpObject(); while (!(pgpObject is PgpEncryptedDataList)) { pgpObject = pgpObjectFactory.NextPgpObject(); if (pgpObject == null) return false; } PgpEncryptedDataList pgpEncryptedDataList = pgpObject as PgpEncryptedDataList; // Attempt to extract the encrypted data stream. Stream decryptedStream = null; foreach (PgpPublicKeyEncryptedData pgpEncryptedData in pgpEncryptedDataList.GetEncryptedDataObjects().Cast<PgpPublicKeyEncryptedData>()){ if (pgpEncryptedData.KeyId == recipientPrivateKey.KeyId) decryptedStream = pgpEncryptedData.GetDataStream(recipientPrivateKey); } // If we're unable to decrypt any of the streams, fail. if (decryptedStream == null) return false; PgpObjectFactory clearPgpObjectFactory = new PgpObjectFactory(decryptedStream); PgpObject message = clearPgpObjectFactory.NextPgpObject(); // Deal with compression. if (message is PgpCompressedData) { PgpCompressedData compressedMessage = (PgpCompressedData)message; using (Stream compressedDataStream = compressedMessage.GetDataStream()) { PgpObjectFactory compressedPgpObjectFactory = new PgpObjectFactory(compressedDataStream); pgpObject = compressedPgpObjectFactory.NextPgpObject(); while (!(pgpObject is PgpLiteralData)) { pgpObject = compressedPgpObjectFactory.NextPgpObject(); if (pgpObject == null) return false; } } } else if (message is PgpLiteralData) { pgpObject = message; } else { // If not compressed and the following object isn't literal data, fail. decryptedStream.Dispose(); return false; } // If a literal data stream was found, extract the decrypted message. PgpLiteralData literalData = pgpObject as PgpLiteralData; if (literalData != null) { using (Stream literalDataStream = literalData.GetDataStream()) { literalDataStream.CopyTo(decryptedMessageStream); } decryptedStream.Dispose(); return true; } } return false; }
internal PgpSecretKey( PgpPrivateKey privKey, PgpPublicKey pubKey, SymmetricKeyAlgorithmTag encAlgorithm, char[] passPhrase, bool useSha1, SecureRandom rand, bool isMasterKey) { BcpgObject secKey; this.pub = pubKey; switch (pubKey.Algorithm) { case PublicKeyAlgorithmTag.RsaEncrypt: case PublicKeyAlgorithmTag.RsaSign: case PublicKeyAlgorithmTag.RsaGeneral: RsaPrivateCrtKeyParameters rsK = (RsaPrivateCrtKeyParameters)privKey.Key; secKey = new RsaSecretBcpgKey(rsK.Exponent, rsK.P, rsK.Q); break; case PublicKeyAlgorithmTag.Dsa: DsaPrivateKeyParameters dsK = (DsaPrivateKeyParameters)privKey.Key; secKey = new DsaSecretBcpgKey(dsK.X); break; case PublicKeyAlgorithmTag.ElGamalEncrypt: case PublicKeyAlgorithmTag.ElGamalGeneral: ElGamalPrivateKeyParameters esK = (ElGamalPrivateKeyParameters)privKey.Key; secKey = new ElGamalSecretBcpgKey(esK.X); break; default: throw new PgpException("unknown key class"); } try { MemoryStream bOut = new MemoryStream(); BcpgOutputStream pOut = new BcpgOutputStream(bOut); pOut.WriteObject(secKey); byte[] keyData = bOut.ToArray(); byte[] checksumData = Checksum(useSha1, keyData, keyData.Length); keyData = Arrays.Concatenate(keyData, checksumData); if (encAlgorithm == SymmetricKeyAlgorithmTag.Null) { if (isMasterKey) { this.secret = new SecretKeyPacket(pub.publicPk, encAlgorithm, null, null, keyData); } else { this.secret = new SecretSubkeyPacket(pub.publicPk, encAlgorithm, null, null, keyData); } } else { S2k s2k; byte[] iv; byte[] encData; if (pub.Version >= 4) { encData = EncryptKeyData(keyData, encAlgorithm, passPhrase, rand, out s2k, out iv); } else { // TODO v3 RSA key encryption throw Platform.CreateNotImplementedException("v3 RSA"); } int s2kUsage = useSha1 ? SecretKeyPacket.UsageSha1 : SecretKeyPacket.UsageChecksum; if (isMasterKey) { this.secret = new SecretKeyPacket(pub.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData); } else { this.secret = new SecretSubkeyPacket(pub.publicPk, encAlgorithm, s2kUsage, s2k, iv, encData); } } } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("Exception encrypting key", e); } }
/// <summary> /// Attempt to sign a PGP message using the specific private key. /// </summary> /// <param name="message">Byte array containing the message to sign.</param> /// <param name="signatureStream">Stream to write the signature into.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the signature completed successfully.</returns> public static bool Sign(byte[] message, Stream signatureStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, bool armor = true) { using (MemoryStream messageStream = new MemoryStream(message)) { return Sign(messageStream, signatureStream, senderPublicKey, senderPrivateKey, hashAlgorithmTag, armor); } }
/// <summary>Initialise the generator for signing.</summary> public void InitSign( int sigType, PgpPrivateKey key) { InitSign(sigType, key, null); }
/// <summary> /// Attempt to sign a PGP message using the specific private key. /// </summary> /// <param name="messageStream">Stream containing the message to sign.</param> /// <param name="signature">If successful, the signature.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the signature completed successfully.</returns> public static bool Sign(Stream messageStream, out byte[] signature, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, bool armor = true) { using (MemoryStream signatureStream = new MemoryStream()) { bool signed = Sign(messageStream, signatureStream, senderPublicKey, senderPrivateKey, hashAlgorithmTag, armor); if (signed) signature = signatureStream.ToArray(); else signature = null; return signed; } }
/// <summary> /// Attempt to sign a PGP message using the specific private key. /// </summary> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="recipientPublicKeys">Collection of BouncyCastle public keys to be used for encryption.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <returns>Whether the signature completed successfully.</returns> public bool PgpSign(PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256) { // Ensure a valid encoding. if (BodyEncoding == null) BodyEncoding = Encoding.UTF8; byte[] signatureBytes; if (Pgp.Sign(BodyEncoding.GetBytes(Body), out signatureBytes, senderPublicKey, senderPrivateKey, hashAlgorithmTag)) { // Fix up a formatting bug in BouncyCastle. RawBody = Encoding.UTF8.GetString(signatureBytes).Replace("-----BEGIN PGP SIGNATURE-----", "\r\n-----BEGIN PGP SIGNATURE-----"); return true; } return false; }
/// <summary> /// Attempt to sign a PGP message using the specific private key. /// </summary> /// <param name="messageStream">Stream containing the message to sign.</param> /// <param name="signatureStream">Stream to write the signature into.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the signature completed successfully.</returns> public static bool Sign(Stream messageStream, Stream signatureStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, bool armor = true) { // Create a signature generator. PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(senderPublicKey.Algorithm, hashAlgorithmTag); signatureGenerator.InitSign(PgpSignature.BinaryDocument, senderPrivateKey); // Add the public key user ID. foreach (string userId in senderPublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator signatureSubGenerator = new PgpSignatureSubpacketGenerator(); signatureSubGenerator.SetSignerUserId(false, userId); signatureGenerator.SetHashedSubpackets(signatureSubGenerator.Generate()); break; } // Handle ASCII armor. if (armor) { using (ArmoredOutputStream armoredStream = new ArmoredOutputStream(signatureStream)) { armoredStream.BeginClearText(hashAlgorithmTag); // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { armoredStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } armoredStream.EndClearText(); using (BcpgOutputStream bcpgStream = new BcpgOutputStream(armoredStream)) { signatureGenerator.Generate().Encode(bcpgStream); } } } else { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { signatureGenerator.Update((byte)messageChar); } signatureGenerator.Generate().Encode(signatureStream); } return true; }
/// <summary> /// Attempt to sign then encrypt a message using PGP with the specified private and public keys. /// </summary> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="recipientPublicKeys">Collection of BouncyCastle public keys to be used for encryption.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param> /// <returns>Whether the encryption completed successfully.</returns> public bool PgpSignAndEncrypt(PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, IEnumerable<PgpPublicKey> recipientPublicKeys, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes) { // Ensure a valid encoding. if (BodyEncoding == null) BodyEncoding = Encoding.UTF8; // Attempt to sign. bool signedAndEncrypted = false; using (MemoryStream signedAndEncryptedMessageStream = new MemoryStream()) { // Attempt to encrypt the message. // OpaqueMail optional setting for protecting the subject. if (SubjectEncryption && !Body.StartsWith("Subject: ")) signedAndEncrypted = Pgp.SignAndEncrypt(BodyEncoding.GetBytes("Subject: " + Subject + "\r\n" + Body), "", signedAndEncryptedMessageStream, senderPublicKey, senderPrivateKey, recipientPublicKeys, hashAlgorithmTag, symmetricKeyAlgorithmTag, true); else signedAndEncrypted = Pgp.SignAndEncrypt(BodyEncoding.GetBytes(Body), "", signedAndEncryptedMessageStream, senderPublicKey, senderPrivateKey, recipientPublicKeys, hashAlgorithmTag, symmetricKeyAlgorithmTag, true); if (signedAndEncrypted) { // OpaqueMail optional setting for protecting the subject. if (SubjectEncryption) Subject = "PGP Encrypted Message"; signedAndEncrypted = true; RawBody = BodyEncoding.GetString(signedAndEncryptedMessageStream.ToArray()); } } return signedAndEncrypted; }
/// <summary> /// Attempt to encrypt a message using PGP with the specified public key(s). /// </summary> /// <param name="message">Byte array containing the message to encrypt.</param> /// <param name="fileName">File name of for the message.</param> /// <param name="signedAndEncryptedMessageStream">Stream to write the signed and encrypted message into.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="recipientPublicKeys">Collection of BouncyCastle public keys to be used for encryption.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the encryption completed successfully.</returns> public static bool SignAndEncrypt(byte[] message, string fileName, Stream signedAndEncryptedMessageStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, IEnumerable<PgpPublicKey> recipientPublicKeys, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes, bool armor = true) { using (MemoryStream messageStream = new MemoryStream(message)) { return SignAndEncrypt(messageStream, fileName, signedAndEncryptedMessageStream, senderPublicKey, senderPrivateKey, recipientPublicKeys, hashAlgorithmTag, symmetricKeyAlgorithmTag, armor); } }
/// <summary> /// Attempt to encrypt a message using PGP with the specified public key(s). /// </summary> /// <param name="messageStream">Stream containing the message to encrypt.</param> /// <param name="fileName">File name of for the message.</param> /// <param name="signedAndEncryptedMessage">If successful, the encrypted message.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="recipientPublicKeys">Collection of BouncyCastle public keys to be used for encryption.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the encryption completed successfully.</returns> public static bool SignAndEncrypt(Stream messageStream, string fileName, out byte[] signedAndEncryptedMessage, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, IEnumerable<PgpPublicKey> recipientPublicKeys, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes, bool armor = true) { using (MemoryStream signedAndEncryptedMessageStream = new MemoryStream()) { if (SignAndEncrypt(messageStream, fileName, signedAndEncryptedMessageStream, senderPublicKey, senderPrivateKey, recipientPublicKeys, hashAlgorithmTag, symmetricKeyAlgorithmTag, armor)) { signedAndEncryptedMessage = signedAndEncryptedMessageStream.ToArray(); return true; } else { signedAndEncryptedMessage = null; return false; } } }
private byte[] RecoverSessionData(PgpPrivateKey privKey) { byte[][] secKeyData = keyData.GetEncSessionKey(); if (keyData.Algorithm == PublicKeyAlgorithmTag.ECDH) { ECDHPublicBcpgKey ecKey = (ECDHPublicBcpgKey)privKey.PublicKeyPacket.Key; X9ECParameters x9Params = ECKeyPairGenerator.FindECCurveByOid(ecKey.CurveOid); byte[] enc = secKeyData[0]; int pLen = ((((enc[0] & 0xff) << 8) + (enc[1] & 0xff)) + 7) / 8; byte[] pEnc = new byte[pLen]; Array.Copy(enc, 2, pEnc, 0, pLen); byte[] keyEnc = new byte[enc[pLen + 2]]; Array.Copy(enc, 2 + pLen + 1, keyEnc, 0, keyEnc.Length); ECPoint publicPoint = x9Params.Curve.DecodePoint(pEnc); ECPrivateKeyParameters privKeyParams = (ECPrivateKeyParameters)privKey.Key; ECPoint S = publicPoint.Multiply(privKeyParams.D).Normalize(); KeyParameter key = new KeyParameter(Rfc6637Utilities.CreateKey(privKey.PublicKeyPacket, S)); IWrapper w = PgpUtilities.CreateWrapper(ecKey.SymmetricKeyAlgorithm); w.Init(false, key); return(PgpPad.UnpadSessionData(w.Unwrap(keyEnc, 0, keyEnc.Length))); } IBufferedCipher cipher = GetKeyCipher(keyData.Algorithm); try { cipher.Init(false, privKey.Key); } catch (InvalidKeyException e) { throw new PgpException("error setting asymmetric cipher", e); } if (keyData.Algorithm == PublicKeyAlgorithmTag.RsaEncrypt || keyData.Algorithm == PublicKeyAlgorithmTag.RsaGeneral) { byte[] bi = secKeyData[0]; cipher.ProcessBytes(bi, 2, bi.Length - 2); } else { ElGamalPrivateKeyParameters k = (ElGamalPrivateKeyParameters)privKey.Key; int size = (k.Parameters.P.BitLength + 7) / 8; ProcessEncodedMpi(cipher, size, secKeyData[0]); ProcessEncodedMpi(cipher, size, secKeyData[1]); } try { return(cipher.DoFinal()); } catch (Exception e) { throw new PgpException("exception decrypting secret key", e); } }
internal PgpSecretKey( PgpPrivateKey privKey, PgpPublicKey pubKey, SymmetricKeyAlgorithmTag encAlgorithm, char[] passPhrase, bool useSha1, ISecureRandom rand, bool isMasterKey) { BcpgObject secKey; _pub = pubKey; switch (pubKey.Algorithm) { case PublicKeyAlgorithmTag.RsaEncrypt: case PublicKeyAlgorithmTag.RsaSign: case PublicKeyAlgorithmTag.RsaGeneral: var rsK = (RsaPrivateCrtKeyParameters)privKey.Key; secKey = new RsaSecretBcpgKey(rsK.Exponent, rsK.P, rsK.Q); break; case PublicKeyAlgorithmTag.Dsa: var dsK = (DsaPrivateKeyParameters)privKey.Key; secKey = new DsaSecretBcpgKey(dsK.X); break; case PublicKeyAlgorithmTag.ElGamalEncrypt: case PublicKeyAlgorithmTag.ElGamalGeneral: var esK = (ElGamalPrivateKeyParameters)privKey.Key; secKey = new ElGamalSecretBcpgKey(esK.X); break; case PublicKeyAlgorithmTag.Ecdh: case PublicKeyAlgorithmTag.Ecdsa: var ecK = (ECPrivateKeyParameters)privKey.Key; secKey = new ECSecretBcpgKey(ecK.D); break; default: throw new PgpException("unknown key class"); } try { using (var bOut = new MemoryStream()) { using (var pOut = new BcpgOutputStream(bOut)) { pOut.WriteObject(secKey); var keyData = bOut.ToArray(); var checksumBytes = Checksum(useSha1, keyData, keyData.Length); pOut.Write(checksumBytes); var bOutData = bOut.ToArray(); if (encAlgorithm == SymmetricKeyAlgorithmTag.Null) { this._secret = isMasterKey ? new SecretKeyPacket(_pub.PublicKeyPacket, encAlgorithm, null, null, bOutData) : new SecretSubkeyPacket(_pub.PublicKeyPacket, encAlgorithm, null, null, bOutData); } else { S2k s2K; byte[] iv; var encData = EncryptKeyData(bOutData, encAlgorithm, passPhrase, rand, out s2K, out iv); var s2KUsage = useSha1 ? SecretKeyPacket.UsageSha1 : SecretKeyPacket.UsageChecksum; this._secret = isMasterKey ? new SecretKeyPacket(_pub.PublicKeyPacket, encAlgorithm, s2KUsage, s2K, iv, encData) : new SecretSubkeyPacket(_pub.PublicKeyPacket, encAlgorithm, s2KUsage, s2K, iv, encData); } } } } catch (PgpException) { throw; } catch (Exception e) { throw new PgpException("Exception encrypting key", e); } }
/// <summary>Return the decrypted data stream for the packet.</summary> public Stream GetDataStream( PgpPrivateKey privKey) { IBufferedCipher c1 = GetKeyCipher(keyData.Algorithm); try { c1.Init(false, privKey.Key); } catch (InvalidKeyException e) { throw new PgpException("error setting asymmetric cipher", e); } BigInteger[] keyD = keyData.GetEncSessionKey(); if (keyData.Algorithm == PublicKeyAlgorithmTag.RsaEncrypt || keyData.Algorithm == PublicKeyAlgorithmTag.RsaGeneral) { byte[] bi = keyD[0].ToByteArray(); if (bi[0] == 0) { c1.ProcessBytes(bi, 1, bi.Length - 1); } else { c1.ProcessBytes(bi, 0, bi.Length); } } else { ElGamalPrivateKeyParameters k = (ElGamalPrivateKeyParameters)privKey.Key; int size = (k.Parameters.P.BitLength + 7) / 8; byte[] bi = keyD[0].ToByteArray(); int diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } bi = keyD[1].ToByteArray(); diff = bi.Length - size; if (diff >= 0) { c1.ProcessBytes(bi, diff, size); } else { byte[] zeros = new byte[-diff]; c1.ProcessBytes(zeros); c1.ProcessBytes(bi); } } byte[] plain; try { plain = c1.DoFinal(); } catch (Exception e) { throw new PgpException("exception decrypting secret key", e); } if (!ConfirmCheckSum(plain)) { throw new PgpKeyValidationException("key checksum failed"); } IBufferedCipher c2; string cipherName = PgpUtilities.GetSymmetricCipherName((SymmetricKeyAlgorithmTag)plain[0]); string cName = cipherName; try { if (encData is SymmetricEncIntegrityPacket) { cName += "/CFB/NoPadding"; } else { cName += "/OpenPGPCFB/NoPadding"; } c2 = CipherUtilities.GetCipher(cName); } // catch (NoSuchProviderException e) catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("exception creating cipher", e); } if (c2 == null) { return(encData.GetInputStream()); } try { byte[] keyBytes = new byte[plain.Length - 3]; Array.Copy(plain, 1, keyBytes, 0, keyBytes.Length); KeyParameter key = ParameterUtilities.CreateKeyParameter( cipherName, keyBytes); byte[] iv = new byte[c2.GetBlockSize()]; c2.Init(false, new ParametersWithIV(key, iv)); encStream = BcpgInputStream.Wrap(new CipherStream(encData.GetInputStream(), c2, null)); if (encData is SymmetricEncIntegrityPacket) { truncStream = new TruncatedStream(encStream); encStream = new DigestStream(truncStream, DigestUtilities.GetDigest(PgpUtilities.GetDigestName(HashAlgorithmTag.Sha1)), null); } for (int i = 0; i != iv.Length; i++) { int ch = encStream.ReadByte(); if (ch < 0) { throw new EndOfStreamException("unexpected end of stream."); } iv[i] = (byte)ch; } int v1 = encStream.ReadByte(); int v2 = encStream.ReadByte(); if (v1 < 0 || v2 < 0) { throw new EndOfStreamException("unexpected end of stream."); } // Note: the oracle attack on the "quick check" bytes is deemed // a security risk for typical public key encryption usages, // therefore we do not perform the check. // bool repeatCheckPassed = // iv[iv.Length - 2] == (byte)v1 // && iv[iv.Length - 1] == (byte)v2; // // // Note: some versions of PGP appear to produce 0 for the extra // // bytes rather than repeating the two previous bytes // bool zeroesCheckPassed = // v1 == 0 // && v2 == 0; // // if (!repeatCheckPassed && !zeroesCheckPassed) // { // throw new PgpDataValidationException("quick check failed."); // } return(encStream); } catch (PgpException e) { throw e; } catch (Exception e) { throw new PgpException("Exception starting decryption", e); } }
internal PgpSecretKey(PgpPrivateKey privKey, PgpPublicKey pubKey, SymmetricKeyAlgorithmTag encAlgorithm, byte[] rawPassPhrase, bool clearPassPhrase, bool useSha1, SecureRandom rand, bool isMasterKey) { //IL_00cb: Unknown result type (might be due to invalid IL or missing references) //IL_00d2: Expected O, but got Unknown pub = pubKey; BcpgObject bcpgObject; switch (pubKey.Algorithm) { case PublicKeyAlgorithmTag.RsaGeneral: case PublicKeyAlgorithmTag.RsaEncrypt: case PublicKeyAlgorithmTag.RsaSign: { RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters = (RsaPrivateCrtKeyParameters)privKey.Key; bcpgObject = new RsaSecretBcpgKey(rsaPrivateCrtKeyParameters.Exponent, rsaPrivateCrtKeyParameters.P, rsaPrivateCrtKeyParameters.Q); break; } case PublicKeyAlgorithmTag.Dsa: { DsaPrivateKeyParameters dsaPrivateKeyParameters = (DsaPrivateKeyParameters)privKey.Key; bcpgObject = new DsaSecretBcpgKey(dsaPrivateKeyParameters.X); break; } case PublicKeyAlgorithmTag.EC: case PublicKeyAlgorithmTag.ECDsa: { ECPrivateKeyParameters eCPrivateKeyParameters = (ECPrivateKeyParameters)privKey.Key; bcpgObject = new ECSecretBcpgKey(eCPrivateKeyParameters.D); break; } case PublicKeyAlgorithmTag.ElGamalEncrypt: case PublicKeyAlgorithmTag.ElGamalGeneral: { ElGamalPrivateKeyParameters elGamalPrivateKeyParameters = (ElGamalPrivateKeyParameters)privKey.Key; bcpgObject = new ElGamalSecretBcpgKey(elGamalPrivateKeyParameters.X); break; } default: throw new PgpException("unknown key class"); } try { MemoryStream val = new MemoryStream(); BcpgOutputStream bcpgOutputStream = new BcpgOutputStream((Stream)(object)val); bcpgOutputStream.WriteObject(bcpgObject); byte[] array = val.ToArray(); byte[] b = Checksum(useSha1, array, array.Length); array = Arrays.Concatenate(array, b); if (encAlgorithm == SymmetricKeyAlgorithmTag.Null) { if (isMasterKey) { secret = new SecretKeyPacket(pub.publicPk, encAlgorithm, null, null, array); } else { secret = new SecretSubkeyPacket(pub.publicPk, encAlgorithm, null, null, array); } return; } S2k s2k; byte[] iv; byte[] secKeyData = ((pub.Version < 4) ? EncryptKeyDataV3(array, encAlgorithm, rawPassPhrase, clearPassPhrase, rand, out s2k, out iv) : EncryptKeyDataV4(array, encAlgorithm, HashAlgorithmTag.Sha1, rawPassPhrase, clearPassPhrase, rand, out s2k, out iv)); int s2kUsage = (useSha1 ? 254 : 255); if (isMasterKey) { secret = new SecretKeyPacket(pub.publicPk, encAlgorithm, s2kUsage, s2k, iv, secKeyData); } else { secret = new SecretSubkeyPacket(pub.publicPk, encAlgorithm, s2kUsage, s2k, iv, secKeyData); } } catch (PgpException ex) { throw ex; } catch (global::System.Exception exception) { throw new PgpException("Exception encrypting key", exception); } }
private byte[] RecoverSessionData(PgpPrivateKey privKey) { byte[][] secKeyData = keyData.GetEncSessionKey(); if (keyData.Algorithm == PublicKeyAlgorithmTag.ECDH) { ECDHPublicBcpgKey ecKey = (ECDHPublicBcpgKey)privKey.PublicKeyPacket.Key; X9ECParameters x9Params = ECKeyPairGenerator.FindECCurveByOid(ecKey.CurveOid); byte[] enc = secKeyData[0]; int pLen = ((((enc[0] & 0xff) << 8) + (enc[1] & 0xff)) + 7) / 8; byte[] pEnc = new byte[pLen]; Array.Copy(enc, 2, pEnc, 0, pLen); byte[] keyEnc = new byte[enc[pLen + 2]]; Array.Copy(enc, 2 + pLen + 1, keyEnc, 0, keyEnc.Length); ECPoint publicPoint = x9Params.Curve.DecodePoint(pEnc); ECPrivateKeyParameters privKeyParams = (ECPrivateKeyParameters)privKey.Key; ECPoint S = publicPoint.Multiply(privKeyParams.D).Normalize(); KeyParameter key = new KeyParameter(Rfc6637Utilities.CreateKey(privKey.PublicKeyPacket, S)); IWrapper w = PgpUtilities.CreateWrapper(ecKey.SymmetricKeyAlgorithm); w.Init(false, key); return PgpPad.UnpadSessionData(w.Unwrap(keyEnc, 0, keyEnc.Length)); } IBufferedCipher cipher = GetKeyCipher(keyData.Algorithm); try { cipher.Init(false, privKey.Key); } catch (InvalidKeyException e) { throw new PgpException("error setting asymmetric cipher", e); } if (keyData.Algorithm == PublicKeyAlgorithmTag.RsaEncrypt || keyData.Algorithm == PublicKeyAlgorithmTag.RsaGeneral) { byte[] bi = secKeyData[0]; cipher.ProcessBytes(bi, 2, bi.Length - 2); } else { ElGamalPrivateKeyParameters k = (ElGamalPrivateKeyParameters)privKey.Key; int size = (k.Parameters.P.BitLength + 7) / 8; ProcessEncodedMpi(cipher, size, secKeyData[0]); ProcessEncodedMpi(cipher, size, secKeyData[1]); } try { return cipher.DoFinal(); } catch (Exception e) { throw new PgpException("exception decrypting secret key", e); } }