public void Generate() { // Master/Signing key var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256); // Encryption key var ecdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP256); // Generate a key ring var passPhrase = "test"; PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase); keyRingGen.AddSubKey(ecdh); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); // TODO: add check of KdfParameters DoBasicKeyRingCheck(pubRing); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed"); PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase); }
private void Generate() { SecureRandom random = SecureRandom.GetInstance("SHA1PRNG"); // // Generate a master key // IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair(); PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow); // // Generate an encryption key // keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpEnc = keyGen.GenerateKeyPair(); PgpKeyPair ecdhKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDH, kpEnc, DateTime.UtcNow); // // Generate a key ring // char[] passPhrase = "test".ToCharArray(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair, "*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random); keyRingGen.AddSubKey(ecdhKeyPair); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); // TODO: add check of KdfParameters DoBasicKeyRingCheck(pubRing); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded())) { Fail("public key ring encoding failed"); } PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded())) { Fail("secret key ring encoding failed"); } PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase); }
public static void GenerateKeyPair(string userid, string password, out PgpPublicKeyRing pkr, out PgpSecretKeyRing skr) { PgpKeyRingGenerator krgen = PGP.generateKeyRingGenerator(userid, password); // Generate public key ring, dump to file. pkr = krgen.GeneratePublicKeyRing(); // Generate private key, dump to file. skr = krgen.GenerateSecretKeyRing(); }
public static void p5_crypto_pgp_keys_create(ApplicationContext context, ActiveEventArgs e) { // Making sure we clean up after ourselves. using (new ArgsRemover(e.Args, true)) { // Retrieving identity (normally a name + email address), in addition to password. string identity = e.Args.GetExChildValue <string> ("identity", context); string password = e.Args.GetExChildValue <string> ("password", context); if (string.IsNullOrEmpty(identity) || string.IsNullOrEmpty(password)) { throw new LambdaException( "Minimum [identity] and [password] needs to be supplied to create a PGP keypair", e.Args, context); } // Retrieving other parameters to PGP keypair creation, giving them sane defaults if not supplied. DateTime expires = e.Args.GetExChildValue("expires", context, DateTime.Now.AddYears(3)); int strength = e.Args.GetExChildValue <int> ("strength", context, 4096); long publicExponent = e.Args.GetExChildValue("public-exponent", context, 65537L); int certainty = e.Args.GetExChildValue("certainty", context, 5); // Creating our key generator. PgpKeyRingGenerator generator = GetKeyRingGenerator( context, identity, password, expires, strength, publicExponent, certainty); // Generating public keyrign. PgpPublicKeyRing publicRing = generator.GeneratePublicKeyRing(); // Generating secret keyring. "Secret key" is BC's name for private key. PgpSecretKeyRing secretRing = generator.GenerateSecretKeyRing(); /* * Retrieving PGP context to let MimeKit import keys into PGP storage. * Making sure we retrieve it in "write mode". */ using (var ctx = context.RaiseEvent(".p5.crypto.pgp-keys.context.create", new Node("", true)).Get <OpenPgpContext> (context)) { // Saves public keyring. ctx.Import(publicRing); // Saves secret keyring (private key, BC uses different naming convention). ctx.Import(secretRing); } // Returning fingerprint and key-id to caller. e.Args.Add("fingerprint", Fingerprint.FingerprintString(publicRing.GetPublicKey().GetFingerprint())); e.Args.Add("key-id", ((int)publicRing.GetPublicKey().KeyId).ToString("X")); } }
public static void p5_crypto_create_pgp_keypair(ApplicationContext context, ActiveEventArgs e) { // Making sure we clean up after ourselves using (new ArgsRemover(e.Args, true)) { // Retrieving identity (normally an email address), in addition to password. string identity = e.Args.GetExChildValue <string> ("identity", context); string password = e.Args.GetExChildValue <string> ("password", context); if (string.IsNullOrEmpty(identity) || string.IsNullOrEmpty(password)) { throw new LambdaException( "Minimum [identity] and [password] needs to be supplied to create a PGP keypair", e.Args, context); } // Retrieving other parameters to PGP keypair creation. DateTime expires = e.Args.GetExChildValue("expires", context, DateTime.Now.AddYears(3)); int strength = e.Args.GetExChildValue <int> ("strength", context, 4096); long publicExponent = e.Args.GetExChildValue("public-exponent", context, 65537L); int certainty = e.Args.GetExChildValue("certainty", context, 5); // Generate public/secret keys. PgpKeyRingGenerator generator = GetKeyRingGenerator( context, e.Args, identity, password, expires, strength, publicExponent, certainty); PgpPublicKeyRing publicRing = generator.GeneratePublicKeyRing(); PgpSecretKeyRing secretRing = generator.GenerateSecretKeyRing(); // Creating GnuPG context to let MimeKit import keys into GnuPG database using (var ctx = new GnuPrivacyContext(true)) { // Saves public keyring ctx.Import(publicRing); // Saves private keyring ctx.Import(secretRing); } // In case no [seed] was given, we remove the automatically generated seed ... e.Args ["seed"].UnTie(); e.Args.Add("fingerprint", BitConverter.ToString(publicRing.GetPublicKey().GetFingerprint()).Replace("-", "")); e.Args.Add("key-id", ((int)publicRing.GetPublicKey().KeyId).ToString("X")); } }
public void Generate25519() { // Generate a master key var ecdsa = new Ed25519(); // Generate an encryption key var ecdh = new X25519(); // Generate a key ring var passPhrase = "test"; PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase); keyRingGen.AddSubKey(ecdh); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); // TODO: add check of KdfParameters DoBasicKeyRingCheck(pubRing); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed"); // Extract back the ECDH key and verify the encoded values to ensure correct endianness PgpSecretKey pgpSecretKey = secRing.GetSecretKey(pubRing.GetPublicKey().KeyId); PgpPrivateKey pgpPrivKey = pgpSecretKey.ExtractPrivateKey(passPhrase); /*if (!Arrays.AreEqual(((X25519PrivateKeyParameters)kpEnc.Private).GetEncoded(), ((X25519PrivateKeyParameters)pgpPrivKey.Key).GetEncoded())) * { * Fail("private key round trip failed"); * } * if (!Arrays.AreEqual(((X25519PublicKeyParameters)kpEnc.Public).GetEncoded(), ((X25519PublicKeyParameters)pgpSecretKey.PublicKey.GetKey()).GetEncoded())) * { * Fail("private key round trip failed"); * }*/ }
public static void ExportKeyPair( Stream secretOut, Stream publicOut, AsymmetricCipherKeyPair dsaKp, AsymmetricCipherKeyPair elgKp, string identity, char[] passPhrase, bool armor) { if (armor) { secretOut = new ArmoredOutputStream(secretOut); } PgpKeyPair dsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, dsaKp, DateTime.UtcNow); PgpKeyPair elgKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalEncrypt, elgKp, DateTime.UtcNow); // Prepare a strong Secure Random with seed SecureRandom secureRandom = PgpEncryptionUtil.GetSecureRandom(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, dsaKeyPair, identity, SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, secureRandom); keyRingGen.AddSubKey(elgKeyPair); keyRingGen.GenerateSecretKeyRing().Encode(secretOut); if (armor) { secretOut.Dispose(); publicOut = new ArmoredOutputStream(publicOut); } keyRingGen.GeneratePublicKeyRing().Encode(publicOut); if (armor) { publicOut.Dispose(); } }
private static void ExportKeyPair( Stream secretOut, Stream publicOut, IAsymmetricCipherKeyPair signingKey, IAsymmetricCipherKeyPair encryptionKey, string identity, char[] passPhrase, bool armor, ISecureRandom random) { if (armor) { secretOut = new ArmoredOutputStream(secretOut); } var masterKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdsa, signingKey, DateTime.UtcNow); var subKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdh, encryptionKey, DateTime.UtcNow); var keyRingGenerator = new PgpKeyRingGenerator( PgpSignature.PositiveCertification, masterKey, identity, SymmetricKeyAlgorithmTag.Aes256, HashAlgorithmTag.Sha256, passPhrase, true, null, null, random); keyRingGenerator.AddSubKey(subKey); keyRingGenerator.GenerateSecretKeyRing().Encode(secretOut); if (armor) { secretOut.Close(); publicOut = new ArmoredOutputStream(publicOut); } keyRingGenerator.GeneratePublicKeyRing().Encode(publicOut); { publicOut.Close(); } }
public void GenerateAndSign() { var eddsa = new Ed25519Dsa(); // generate a key ring var passPhrase = "test"; PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(eddsa, "*****@*****.**", passPhrase); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), pubRing.GetPublicKey()); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed"); // try a signature using encoded key KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), secRing.GetSecretKey()); }
public void GenerateAndSign() { var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256); // generate a key ring string passPhrase = "test"; var keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), pubRing.GetPublicKey()); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded(), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded(), "secret key ring encoding failed"); // try a signature using encoded key KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), secRing.GetSecretKey()); }
public void InsertMasterTest() { SecureRandom random = new SecureRandom(); char[] passPhrase = "hello".ToCharArray(); IAsymmetricCipherKeyPairGenerator rsaKpg = GeneratorUtilities.GetKeyPairGenerator("RSA"); rsaKpg.Init(new KeyGenerationParameters(random, 512)); // // this is quicker because we are using pregenerated parameters. // AsymmetricCipherKeyPair rsaKp = rsaKpg.GenerateKeyPair(); PgpKeyPair rsaKeyPair1 = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, rsaKp, DateTime.UtcNow); rsaKp = rsaKpg.GenerateKeyPair(); PgpKeyPair rsaKeyPair2 = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, rsaKp, DateTime.UtcNow); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, rsaKeyPair1, "test", SymmetricKeyAlgorithmTag.Aes256, passPhrase, null, null, random); PgpSecretKeyRing secRing1 = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRing1 = keyRingGen.GeneratePublicKeyRing(); keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, rsaKeyPair2, "test", SymmetricKeyAlgorithmTag.Aes256, passPhrase, null, null, random); PgpSecretKeyRing secRing2 = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRing2 = keyRingGen.GeneratePublicKeyRing(); try { PgpPublicKeyRing.InsertPublicKey(pubRing1, pubRing2.GetPublicKey()); Fail("adding second master key (public) should throw an ArgumentException"); } catch (ArgumentException e) { if (!e.Message.Equals("cannot add a master key to a ring that already has one")) { Fail("wrong message in public test"); } } try { PgpSecretKeyRing.InsertSecretKey(secRing1, secRing2.GetSecretKey()); Fail("adding second master key (secret) should throw an ArgumentException"); } catch (ArgumentException e) { if (!e.Message.Equals("cannot add a master key to a ring that already has one")) { Fail("wrong message in secret test"); } } }
public void GenerateTest() { char[] passPhrase = "hello".ToCharArray(); DsaParametersGenerator pGen = new DsaParametersGenerator(); pGen.Init(512, 80, new SecureRandom()); DsaParameters dsaParams = pGen.GenerateParameters(); DsaKeyGenerationParameters dsaKgp = new DsaKeyGenerationParameters(new SecureRandom(), dsaParams); IAsymmetricCipherKeyPairGenerator dsaKpg = GeneratorUtilities.GetKeyPairGenerator("DSA"); dsaKpg.Init(dsaKgp); // // this takes a while as the key generator has to Generate some DSA parameters // before it Generates the key. // AsymmetricCipherKeyPair dsaKp = dsaKpg.GenerateKeyPair(); IAsymmetricCipherKeyPairGenerator elgKpg = GeneratorUtilities.GetKeyPairGenerator("ELGAMAL"); BigInteger g = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16); BigInteger p = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16); ElGamalParameters elParams = new ElGamalParameters(p, g); ElGamalKeyGenerationParameters elKgp = new ElGamalKeyGenerationParameters(new SecureRandom(), elParams); elgKpg.Init(elKgp); // // this is quicker because we are using preGenerated parameters. // AsymmetricCipherKeyPair elgKp = elgKpg.GenerateKeyPair(); PgpKeyPair dsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, dsaKp, DateTime.UtcNow); PgpKeyPair elgKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalEncrypt, elgKp, DateTime.UtcNow); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, dsaKeyPair, "test", SymmetricKeyAlgorithmTag.Aes256, passPhrase, null, null, new SecureRandom()); keyRingGen.AddSubKey(elgKeyPair); PgpSecretKeyRing keyRing = keyRingGen.GenerateSecretKeyRing(); keyRing.GetSecretKey().ExtractPrivateKey(passPhrase); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpPublicKey vKey = null; PgpPublicKey sKey = null; foreach (PgpPublicKey pk in pubRing.GetPublicKeys()) { if (pk.IsMasterKey) { vKey = pk; } else { sKey = pk; } } foreach (PgpSignature sig in sKey.GetSignatures()) { if (sig.KeyId == vKey.KeyId && sig.SignatureType == PgpSignature.SubkeyBinding) { sig.InitVerify(vKey); if (!sig.VerifyCertification(vKey, sKey)) { Fail("failed to verify sub-key signature."); } } } }
private void GenerateAndSign() { SecureRandom random = SecureRandom.GetInstance("SHA1PRNG"); IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair(); PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow); byte[] msg = Encoding.ASCII.GetBytes("hello world!"); // // try a signature // PgpSignatureGenerator signGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.ECDsa, HashAlgorithmTag.Sha256); signGen.InitSign(PgpSignature.BinaryDocument, ecdsaKeyPair.PrivateKey); signGen.Update(msg); PgpSignature sig = signGen.Generate(); sig.InitVerify(ecdsaKeyPair.PublicKey); sig.Update(msg); if (!sig.Verify()) { Fail("signature failed to verify!"); } // // generate a key ring // char[] passPhrase = "test".ToCharArray(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair, "*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded())) { Fail("public key ring encoding failed"); } PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded())) { Fail("secret key ring encoding failed"); } // // try a signature using encoded key // signGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.ECDsa, HashAlgorithmTag.Sha256); signGen.InitSign(PgpSignature.BinaryDocument, secRing.GetSecretKey().ExtractPrivateKey(passPhrase)); signGen.Update(msg); sig = signGen.Generate(); sig.InitVerify(secRing.GetSecretKey().PublicKey); sig.Update(msg); if (!sig.Verify()) { Fail("re-encoded signature failed to verify!"); } }