/// <summary> /// Encrypt the file. /// </summary> /// <param name="encrypted">The encrypted data stream.</param> /// <param name="filename">The path and file name to encrypt.</param> /// <param name="publicKey">The public key used for encryption.</param> /// <param name="protectedKeys">Should the public and secret key data be protected.</param> /// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param> /// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param> public void Encrypt(System.IO.Stream encrypted, string filename, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false, Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256) { // Read the public key data. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey); // If file is protected. if (protectedKeys) { encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted); } System.IO.Stream encOutput = null; try { // Create the encypted data generator. Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator( GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom()); encryptedDataGenerator.AddMethod(pgpPublicKey); // The input data buffer. Key.Bcpg.OpenPgp.PgpCompressedDataGenerator compressedData = new Key.Bcpg.OpenPgp.PgpCompressedDataGenerator(Key.Bcpg.CompressionAlgorithmTag.Uncompressed); // Write the encrypted data. encOutput = encryptedDataGenerator.Open(encrypted, new byte[1 << 16]); Key.Bcpg.OpenPgp.PgpUtilities.WriteFileToLiteralData( compressedData.Open(encOutput), Key.Bcpg.OpenPgp.PgpLiteralData.Binary, new FileInfo(filename), new byte[1 << 16]); // Close the streams. compressedData.Close(); encOutput.Close(); // If file is protected. if (protectedKeys) { encrypted.Close(); } } catch (Exception) { throw; } finally { if (encOutput != null) { encOutput.Close(); } } }
/// <summary> /// Encrypt the stream. /// </summary> /// <param name="encrypted">The encrypted data stream.</param> /// <param name="input">The data to encrypt.</param> /// <param name="publicKey">The public key used for encryption.</param> /// <param name="protectedKeys">Should the public and secret key data be protected.</param> /// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param> /// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param> public void Encrypt(System.IO.Stream encrypted, System.IO.Stream input, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false, Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256) { // Read the public key data. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey); // If file is protected. if (protectedKeys) { encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted); } System.IO.Stream encOutput = null; try { // Create the encypted data generator. Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator( GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom()); encryptedDataGenerator.AddMethod(pgpPublicKey); // The input data buffer. byte[] buffer = Compress(input, Key.Bcpg.CompressionAlgorithmTag.Uncompressed); // Write the encrypted data. encOutput = encryptedDataGenerator.Open(encrypted, (long)buffer.Length); encOutput.Write(buffer, 0, buffer.Length); encOutput.Close(); // If file is protected. if (protectedKeys) { encrypted.Close(); } } catch (Exception) { throw; } finally { if (encOutput != null) { encOutput.Close(); } } }
/// <summary> /// Generate a public secret key pair. /// </summary> /// <param name="publicKey">The stream where public key data is written to.</param> /// <param name="secretKey">The stream where secret key data is written to.</param> /// <param name="identity">The unique identity of the public secret key pair (Name (comments) <[email protected]>).</param> /// <param name="password">The password used to protect the secret key.</param> /// <param name="isCritical">True, if should be treated as critical, false otherwise.</param> /// <param name="secondsKeyValid">The number of seconds the key is valid, or zero if no expiry.</param> /// <param name="secondsSignatureValid">The number of seconds the signature is valid, or zero if no expiry.</param> /// <param name="protectedKeys">Should the public and secret key data be protected.</param> /// <param name="publicExponent">The public exponent (e; the public key is now represented as {e, n}).</param> /// <param name="strength">The strength of the cipher.</param> /// <param name="hashAlgorithm">The preferred hash algorithm to use to create the hash value.</param> /// <param name="publicKeyAlgorithm">The public key algorithm type.</param> /// <param name="certificateLevel">The certification level.</param> /// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param> /// <returns>The unique key id of the public secret key pair.</returns> public long Generate(System.IO.Stream publicKey, System.IO.Stream secretKey, Openpgp.Identity identity, string password, bool isCritical = false, long secondsKeyValid = 0, long secondsSignatureValid = 0, bool protectedKeys = true, long publicExponent = 3, int strength = 4096, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512, Openpgp.PublicKeyAlgorithmType publicKeyAlgorithm = Openpgp.PublicKeyAlgorithmType.RsaGeneral, Openpgp.CertificateLevelType certificateLevel = Openpgp.CertificateLevelType.DefaultCertification, Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256) { // Create the rsa key paramaters from the strength and public exponent. Key.Crypto.Generators.RsaKeyPairGenerator keyPair = new Key.Crypto.Generators.RsaKeyPairGenerator(); Key.Crypto.Parameters.RsaKeyGenerationParameters keyPairParam = new Key.Crypto.Parameters.RsaKeyGenerationParameters( Key.Math.BigInteger.ValueOf(publicExponent), new Key.Security.SecureRandom(), strength, 25); // Initialise the parameters and generate the public private key pair. keyPair.Init(keyPairParam); Key.Crypto.AsymmetricCipherKeyPair rsaKeyPair = keyPair.GenerateKeyPair(); // Seperate the keys. Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)rsaKeyPair.Public; Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)rsaKeyPair.Private; // If file is not protected. if (!protectedKeys) { secretKey = new Key.Bcpg.ArmoredOutputStream(secretKey); } // Create the signature subpackets. Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator(); signatureSubpacketGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid); signatureSubpacketGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)Openpgp.PublicSecretKey.GetHashAlgorithm(hashAlgorithm) }); signatureSubpacketGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid); // Create the signature subpackets. Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketUnHashedGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator(); signatureSubpacketUnHashedGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid); signatureSubpacketUnHashedGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)Openpgp.PublicSecretKey.GetHashAlgorithm(hashAlgorithm) }); signatureSubpacketUnHashedGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid); // Generate the packets Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector hashedPackets = signatureSubpacketGenerator.Generate(); Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector unhashedPackets = signatureSubpacketUnHashedGenerator.Generate(); // Create the secret key. Key.Bcpg.OpenPgp.PgpSecretKey pgpSecretKey = new Key.Bcpg.OpenPgp.PgpSecretKey ( GetCertificateLevelType(certificateLevel), GetPublicKeyAlgorithm(publicKeyAlgorithm), rsaPrivatePublic, rsaCrtPrivateParam, DateTime.UtcNow, identity.ToString(), Openpgp.PublicSecretKey.GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), password.ToArray(), true, hashedPackets, unhashedPackets, new Key.Security.SecureRandom(), Openpgp.PublicSecretKey.GetHashAlgorithm(hashAlgorithm) ); // Encode the secret key. pgpSecretKey.Encode(secretKey); // If file is not protected. if (!protectedKeys) { secretKey.Close(); publicKey = new Key.Bcpg.ArmoredOutputStream(publicKey); } // Get the public key from the secret key. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = pgpSecretKey.PublicKey; pgpPublicKey.Encode(publicKey); // If file is not protected. if (!protectedKeys) { publicKey.Close(); } // Return the key id. return(pgpSecretKey.KeyId); }
/// <summary> /// Generate a public secret key pair RSA crypto service provider. /// </summary> /// <param name="publicKey">The stream where public key data is written to.</param> /// <param name="secretKey">The stream where secret key data is written to.</param> /// <param name="identity">The unique identity of the public secret key pair (Name (comments) <[email protected]>).</param> /// <param name="password">The password used to protect the secret key.</param> /// <param name="keyID">The unique key id of the public secret key pair.</param> /// <param name="isCritical">True, if should be treated as critical, false otherwise.</param> /// <param name="secondsKeyValid">The number of seconds the key is valid, or zero if no expiry.</param> /// <param name="secondsSignatureValid">The number of seconds the signature is valid, or zero if no expiry.</param> /// <param name="protectedKeys">Should the public and secret key data be protected.</param> /// <param name="publicExponent">The public exponent (e; the public key is now represented as {e, n}).</param> /// <param name="strength">The strength of the cipher.</param> /// <param name="hashAlgorithm">The preferred hash algorithm to use to create the hash value.</param> /// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param> /// <returns>The RSA cryto service provider.</returns> public RSACryptoServiceProvider Generate(System.IO.Stream publicKey, System.IO.Stream secretKey, string identity, string password, out long keyID, bool isCritical = false, long secondsKeyValid = 0, long secondsSignatureValid = 0, bool protectedKeys = true, long publicExponent = 3, int strength = 4096, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512, Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256) { // Create the rsa key paramaters from the strength and public exponent. Key.Crypto.Generators.RsaKeyPairGenerator keyPair = new Key.Crypto.Generators.RsaKeyPairGenerator(); Key.Crypto.Parameters.RsaKeyGenerationParameters keyPairParam = new Key.Crypto.Parameters.RsaKeyGenerationParameters( Key.Math.BigInteger.ValueOf(publicExponent), new Key.Security.SecureRandom(), strength, 25); // Initialise the parameters and generate the public private key pair. keyPair.Init(keyPairParam); Key.Crypto.AsymmetricCipherKeyPair rsaKeyPair = keyPair.GenerateKeyPair(); // Seperate the keys. Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)rsaKeyPair.Public; Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)rsaKeyPair.Private; // If file is not protected. if (!protectedKeys) { secretKey = new Key.Bcpg.ArmoredOutputStream(secretKey); } // Create the signature subpackets. Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator(); signatureSubpacketGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid); signatureSubpacketGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)GetHashAlgorithm(hashAlgorithm) }); signatureSubpacketGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid); // Create the signature subpackets. Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator signatureSubpacketUnHashedGenerator = new Key.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator(); signatureSubpacketUnHashedGenerator.SetKeyExpirationTime(isCritical, secondsKeyValid); signatureSubpacketUnHashedGenerator.SetPreferredHashAlgorithms(isCritical, new int[] { (int)GetHashAlgorithm(hashAlgorithm) }); signatureSubpacketUnHashedGenerator.SetSignatureExpirationTime(isCritical, secondsSignatureValid); // Generate the packets Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector hashedPackets = signatureSubpacketGenerator.Generate(); Key.Bcpg.OpenPgp.PgpSignatureSubpacketVector unhashedPackets = signatureSubpacketUnHashedGenerator.Generate(); // Create the secret key. Key.Bcpg.OpenPgp.PgpSecretKey pgpSecretKey = new Key.Bcpg.OpenPgp.PgpSecretKey ( Key.Bcpg.OpenPgp.PgpSignature.DefaultCertification, Key.Bcpg.PublicKeyAlgorithmTag.RsaGeneral, rsaPrivatePublic, rsaCrtPrivateParam, DateTime.UtcNow, identity, GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), password.ToArray(), true, hashedPackets, unhashedPackets, new Key.Security.SecureRandom(), GetHashAlgorithm(hashAlgorithm) ); // Encode the secret key. pgpSecretKey.Encode(secretKey); // If file is not protected. if (!protectedKeys) { secretKey.Close(); publicKey = new Key.Bcpg.ArmoredOutputStream(publicKey); } // Get the public key from the secret key. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = pgpSecretKey.PublicKey; pgpPublicKey.Encode(publicKey); // If file is not protected. if (!protectedKeys) { publicKey.Close(); } // Assign the rsa parameters. RSAParameters rsaParam = new RSAParameters(); rsaParam.D = rsaCrtPrivateParam.Exponent.ToByteArrayUnsigned(); rsaParam.DP = rsaCrtPrivateParam.DP.ToByteArrayUnsigned(); rsaParam.DQ = rsaCrtPrivateParam.DQ.ToByteArrayUnsigned(); rsaParam.InverseQ = rsaCrtPrivateParam.QInv.ToByteArrayUnsigned(); rsaParam.P = rsaCrtPrivateParam.P.ToByteArrayUnsigned(); rsaParam.Q = rsaCrtPrivateParam.Q.ToByteArrayUnsigned(); rsaParam.Modulus = rsaCrtPrivateParam.Modulus.ToByteArrayUnsigned(); rsaParam.Exponent = rsaCrtPrivateParam.PublicExponent.ToByteArrayUnsigned(); // Create the encyption provider. RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(); rsaProvider.ImportParameters(rsaParam); // Return the rsa provider. keyID = pgpSecretKey.KeyId; return(rsaProvider); }