public void Generate() { // Master/Signing key var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256); // Encryption key var ecdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP256); // Generate a key ring var passPhrase = "test"; PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase); keyRingGen.AddSubKey(ecdh); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); // TODO: add check of KdfParameters DoBasicKeyRingCheck(pubRing); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed"); PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase); }
private void Generate() { SecureRandom random = SecureRandom.GetInstance("SHA1PRNG"); // // Generate a master key // IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair(); PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow); // // Generate an encryption key // keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpEnc = keyGen.GenerateKeyPair(); PgpKeyPair ecdhKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDH, kpEnc, DateTime.UtcNow); // // Generate a key ring // char[] passPhrase = "test".ToCharArray(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair, "*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random); keyRingGen.AddSubKey(ecdhKeyPair); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); // TODO: add check of KdfParameters DoBasicKeyRingCheck(pubRing); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded())) { Fail("public key ring encoding failed"); } PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded())) { Fail("secret key ring encoding failed"); } PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase); }
public static void GenerateKeyPair(string userid, string password, out PgpPublicKeyRing pkr, out PgpSecretKeyRing skr) { PgpKeyRingGenerator krgen = PGP.generateKeyRingGenerator(userid, password); // Generate public key ring, dump to file. pkr = krgen.GeneratePublicKeyRing(); // Generate private key, dump to file. skr = krgen.GenerateSecretKeyRing(); }
public static void p5_crypto_pgp_keys_create(ApplicationContext context, ActiveEventArgs e) { // Making sure we clean up after ourselves. using (new ArgsRemover(e.Args, true)) { // Retrieving identity (normally a name + email address), in addition to password. string identity = e.Args.GetExChildValue <string> ("identity", context); string password = e.Args.GetExChildValue <string> ("password", context); if (string.IsNullOrEmpty(identity) || string.IsNullOrEmpty(password)) { throw new LambdaException( "Minimum [identity] and [password] needs to be supplied to create a PGP keypair", e.Args, context); } // Retrieving other parameters to PGP keypair creation, giving them sane defaults if not supplied. DateTime expires = e.Args.GetExChildValue("expires", context, DateTime.Now.AddYears(3)); int strength = e.Args.GetExChildValue <int> ("strength", context, 4096); long publicExponent = e.Args.GetExChildValue("public-exponent", context, 65537L); int certainty = e.Args.GetExChildValue("certainty", context, 5); // Creating our key generator. PgpKeyRingGenerator generator = GetKeyRingGenerator( context, identity, password, expires, strength, publicExponent, certainty); // Generating public keyrign. PgpPublicKeyRing publicRing = generator.GeneratePublicKeyRing(); // Generating secret keyring. "Secret key" is BC's name for private key. PgpSecretKeyRing secretRing = generator.GenerateSecretKeyRing(); /* * Retrieving PGP context to let MimeKit import keys into PGP storage. * Making sure we retrieve it in "write mode". */ using (var ctx = context.RaiseEvent(".p5.crypto.pgp-keys.context.create", new Node("", true)).Get <OpenPgpContext> (context)) { // Saves public keyring. ctx.Import(publicRing); // Saves secret keyring (private key, BC uses different naming convention). ctx.Import(secretRing); } // Returning fingerprint and key-id to caller. e.Args.Add("fingerprint", Fingerprint.FingerprintString(publicRing.GetPublicKey().GetFingerprint())); e.Args.Add("key-id", ((int)publicRing.GetPublicKey().KeyId).ToString("X")); } }
public static void p5_crypto_create_pgp_keypair(ApplicationContext context, ActiveEventArgs e) { // Making sure we clean up after ourselves using (new ArgsRemover(e.Args, true)) { // Retrieving identity (normally an email address), in addition to password. string identity = e.Args.GetExChildValue <string> ("identity", context); string password = e.Args.GetExChildValue <string> ("password", context); if (string.IsNullOrEmpty(identity) || string.IsNullOrEmpty(password)) { throw new LambdaException( "Minimum [identity] and [password] needs to be supplied to create a PGP keypair", e.Args, context); } // Retrieving other parameters to PGP keypair creation. DateTime expires = e.Args.GetExChildValue("expires", context, DateTime.Now.AddYears(3)); int strength = e.Args.GetExChildValue <int> ("strength", context, 4096); long publicExponent = e.Args.GetExChildValue("public-exponent", context, 65537L); int certainty = e.Args.GetExChildValue("certainty", context, 5); // Generate public/secret keys. PgpKeyRingGenerator generator = GetKeyRingGenerator( context, e.Args, identity, password, expires, strength, publicExponent, certainty); PgpPublicKeyRing publicRing = generator.GeneratePublicKeyRing(); PgpSecretKeyRing secretRing = generator.GenerateSecretKeyRing(); // Creating GnuPG context to let MimeKit import keys into GnuPG database using (var ctx = new GnuPrivacyContext(true)) { // Saves public keyring ctx.Import(publicRing); // Saves private keyring ctx.Import(secretRing); } // In case no [seed] was given, we remove the automatically generated seed ... e.Args ["seed"].UnTie(); e.Args.Add("fingerprint", BitConverter.ToString(publicRing.GetPublicKey().GetFingerprint()).Replace("-", "")); e.Args.Add("key-id", ((int)publicRing.GetPublicKey().KeyId).ToString("X")); } }
public void Generate25519() { // Generate a master key var ecdsa = new Ed25519(); // Generate an encryption key var ecdh = new X25519(); // Generate a key ring var passPhrase = "test"; PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase); keyRingGen.AddSubKey(ecdh); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); // TODO: add check of KdfParameters DoBasicKeyRingCheck(pubRing); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed"); // Extract back the ECDH key and verify the encoded values to ensure correct endianness PgpSecretKey pgpSecretKey = secRing.GetSecretKey(pubRing.GetPublicKey().KeyId); PgpPrivateKey pgpPrivKey = pgpSecretKey.ExtractPrivateKey(passPhrase); /*if (!Arrays.AreEqual(((X25519PrivateKeyParameters)kpEnc.Private).GetEncoded(), ((X25519PrivateKeyParameters)pgpPrivKey.Key).GetEncoded())) * { * Fail("private key round trip failed"); * } * if (!Arrays.AreEqual(((X25519PublicKeyParameters)kpEnc.Public).GetEncoded(), ((X25519PublicKeyParameters)pgpSecretKey.PublicKey.GetKey()).GetEncoded())) * { * Fail("private key round trip failed"); * }*/ }
public static void ExportKeyPair( Stream secretOut, Stream publicOut, AsymmetricCipherKeyPair dsaKp, AsymmetricCipherKeyPair elgKp, string identity, char[] passPhrase, bool armor) { if (armor) { secretOut = new ArmoredOutputStream(secretOut); } PgpKeyPair dsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, dsaKp, DateTime.UtcNow); PgpKeyPair elgKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalEncrypt, elgKp, DateTime.UtcNow); // Prepare a strong Secure Random with seed SecureRandom secureRandom = PgpEncryptionUtil.GetSecureRandom(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, dsaKeyPair, identity, SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, secureRandom); keyRingGen.AddSubKey(elgKeyPair); keyRingGen.GenerateSecretKeyRing().Encode(secretOut); if (armor) { secretOut.Dispose(); publicOut = new ArmoredOutputStream(publicOut); } keyRingGen.GeneratePublicKeyRing().Encode(publicOut); if (armor) { publicOut.Dispose(); } }
public void GenerateAndSign() { var eddsa = new Ed25519Dsa(); // generate a key ring var passPhrase = "test"; PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(eddsa, "*****@*****.**", passPhrase); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), pubRing.GetPublicKey()); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed"); // try a signature using encoded key KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), secRing.GetSecretKey()); }
public void GenerateAndSign() { var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256); // generate a key ring string passPhrase = "test"; var keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), pubRing.GetPublicKey()); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); Assert.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded(), "public key ring encoding failed"); PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); Assert.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded(), "secret key ring encoding failed"); // try a signature using encoded key KeyTestHelper.SignAndVerifyTestMessage(secRing.GetSecretKey().ExtractPrivateKey(passPhrase), secRing.GetSecretKey()); }
private static void ExportKeyPair( Stream secretOut, Stream publicOut, IAsymmetricCipherKeyPair signingKey, IAsymmetricCipherKeyPair encryptionKey, string identity, char[] passPhrase, bool armor, ISecureRandom random) { if (armor) { secretOut = new ArmoredOutputStream(secretOut); } var masterKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdsa, signingKey, DateTime.UtcNow); var subKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdh, encryptionKey, DateTime.UtcNow); var keyRingGenerator = new PgpKeyRingGenerator( PgpSignature.PositiveCertification, masterKey, identity, SymmetricKeyAlgorithmTag.Aes256, HashAlgorithmTag.Sha256, passPhrase, true, null, null, random); keyRingGenerator.AddSubKey(subKey); keyRingGenerator.GenerateSecretKeyRing().Encode(secretOut); if (armor) { secretOut.Close(); publicOut = new ArmoredOutputStream(publicOut); } keyRingGenerator.GeneratePublicKeyRing().Encode(publicOut); { publicOut.Close(); } }
public void InsertMasterTest() { SecureRandom random = new SecureRandom(); char[] passPhrase = "hello".ToCharArray(); IAsymmetricCipherKeyPairGenerator rsaKpg = GeneratorUtilities.GetKeyPairGenerator("RSA"); rsaKpg.Init(new KeyGenerationParameters(random, 512)); // // this is quicker because we are using pregenerated parameters. // AsymmetricCipherKeyPair rsaKp = rsaKpg.GenerateKeyPair(); PgpKeyPair rsaKeyPair1 = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, rsaKp, DateTime.UtcNow); rsaKp = rsaKpg.GenerateKeyPair(); PgpKeyPair rsaKeyPair2 = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, rsaKp, DateTime.UtcNow); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, rsaKeyPair1, "test", SymmetricKeyAlgorithmTag.Aes256, passPhrase, null, null, random); PgpSecretKeyRing secRing1 = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRing1 = keyRingGen.GeneratePublicKeyRing(); keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, rsaKeyPair2, "test", SymmetricKeyAlgorithmTag.Aes256, passPhrase, null, null, random); PgpSecretKeyRing secRing2 = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRing2 = keyRingGen.GeneratePublicKeyRing(); try { PgpPublicKeyRing.InsertPublicKey(pubRing1, pubRing2.GetPublicKey()); Fail("adding second master key (public) should throw an ArgumentException"); } catch (ArgumentException e) { if (!e.Message.Equals("cannot add a master key to a ring that already has one")) { Fail("wrong message in public test"); } } try { PgpSecretKeyRing.InsertSecretKey(secRing1, secRing2.GetSecretKey()); Fail("adding second master key (secret) should throw an ArgumentException"); } catch (ArgumentException e) { if (!e.Message.Equals("cannot add a master key to a ring that already has one")) { Fail("wrong message in secret test"); } } }
public void GenerateTest() { char[] passPhrase = "hello".ToCharArray(); DsaParametersGenerator pGen = new DsaParametersGenerator(); pGen.Init(512, 80, new SecureRandom()); DsaParameters dsaParams = pGen.GenerateParameters(); DsaKeyGenerationParameters dsaKgp = new DsaKeyGenerationParameters(new SecureRandom(), dsaParams); IAsymmetricCipherKeyPairGenerator dsaKpg = GeneratorUtilities.GetKeyPairGenerator("DSA"); dsaKpg.Init(dsaKgp); // // this takes a while as the key generator has to Generate some DSA parameters // before it Generates the key. // AsymmetricCipherKeyPair dsaKp = dsaKpg.GenerateKeyPair(); IAsymmetricCipherKeyPairGenerator elgKpg = GeneratorUtilities.GetKeyPairGenerator("ELGAMAL"); BigInteger g = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16); BigInteger p = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16); ElGamalParameters elParams = new ElGamalParameters(p, g); ElGamalKeyGenerationParameters elKgp = new ElGamalKeyGenerationParameters(new SecureRandom(), elParams); elgKpg.Init(elKgp); // // this is quicker because we are using preGenerated parameters. // AsymmetricCipherKeyPair elgKp = elgKpg.GenerateKeyPair(); PgpKeyPair dsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, dsaKp, DateTime.UtcNow); PgpKeyPair elgKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalEncrypt, elgKp, DateTime.UtcNow); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, dsaKeyPair, "test", SymmetricKeyAlgorithmTag.Aes256, passPhrase, null, null, new SecureRandom()); keyRingGen.AddSubKey(elgKeyPair); PgpSecretKeyRing keyRing = keyRingGen.GenerateSecretKeyRing(); keyRing.GetSecretKey().ExtractPrivateKey(passPhrase); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpPublicKey vKey = null; PgpPublicKey sKey = null; foreach (PgpPublicKey pk in pubRing.GetPublicKeys()) { if (pk.IsMasterKey) { vKey = pk; } else { sKey = pk; } } foreach (PgpSignature sig in sKey.GetSignatures()) { if (sig.KeyId == vKey.KeyId && sig.SignatureType == PgpSignature.SubkeyBinding) { sig.InitVerify(vKey); if (!sig.VerifyCertification(vKey, sKey)) { Fail("failed to verify sub-key signature."); } } } }
private void GenerateAndSign() { SecureRandom random = SecureRandom.GetInstance("SHA1PRNG"); IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair(); PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow); byte[] msg = Encoding.ASCII.GetBytes("hello world!"); // // try a signature // PgpSignatureGenerator signGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.ECDsa, HashAlgorithmTag.Sha256); signGen.InitSign(PgpSignature.BinaryDocument, ecdsaKeyPair.PrivateKey); signGen.Update(msg); PgpSignature sig = signGen.Generate(); sig.InitVerify(ecdsaKeyPair.PublicKey); sig.Update(msg); if (!sig.Verify()) { Fail("signature failed to verify!"); } // // generate a key ring // char[] passPhrase = "test".ToCharArray(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair, "*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded())) { Fail("public key ring encoding failed"); } PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded())) { Fail("secret key ring encoding failed"); } // // try a signature using encoded key // signGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.ECDsa, HashAlgorithmTag.Sha256); signGen.InitSign(PgpSignature.BinaryDocument, secRing.GetSecretKey().ExtractPrivateKey(passPhrase)); signGen.Update(msg); sig = signGen.Generate(); sig.InitVerify(secRing.GetSecretKey().PublicKey); sig.Update(msg); if (!sig.Verify()) { Fail("re-encoded signature failed to verify!"); } }
private void Generate() { SecureRandom random = SecureRandom.GetInstance("SHA1PRNG"); // // Generate a master key // IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair(); PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow); // // Generate an encryption key // keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpEnc = keyGen.GenerateKeyPair(); PgpKeyPair ecdhKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDH, kpEnc, DateTime.UtcNow); // // Generate a key ring // char[] passPhrase = "test".ToCharArray(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair, "*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random); keyRingGen.AddSubKey(ecdhKeyPair); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); // TODO: add check of KdfParameters DoBasicKeyRingCheck(pubRing); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded())) { Fail("public key ring encoding failed"); } PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded())) { Fail("secret key ring encoding failed"); } PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase); }
public void GenerateEccKeyTest() { const string identity = "GenerateEccKeyTest Identity"; var secureRandom = new SecureRandom(); var keyParamSet = SecObjectIdentifiers.SecP256r1; var ecParams = new ECKeyGenerationParameters(keyParamSet, secureRandom); var now = DateTime.UtcNow; var masterKey = GenerateKeyPair(PublicKeyAlgorithmTag.Ecdsa, ecParams, now); var subKey = GenerateKeyPair(PublicKeyAlgorithmTag.Ecdh, ecParams, now); var keyRingGenerator = new PgpKeyRingGenerator( PgpSignature.PositiveCertification, masterKey, identity, SymmetricKeyAlgorithmTag.Aes256, HashAlgorithmTag.Sha256, "".ToCharArray(), true, GenerateSignatureSubpackets(identity), null, secureRandom); keyRingGenerator.AddSubKey(subKey); var secretKeyRing = keyRingGenerator.GenerateSecretKeyRing(); CheckEccKey(secretKeyRing); }
private void GenerateAndSign() { SecureRandom random = SecureRandom.GetInstance("SHA1PRNG"); IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random)); AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair(); PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow); byte[] msg = Encoding.ASCII.GetBytes("hello world!"); // // try a signature // PgpSignatureGenerator signGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.ECDsa, HashAlgorithmTag.Sha256); signGen.InitSign(PgpSignature.BinaryDocument, ecdsaKeyPair.PrivateKey); signGen.Update(msg); PgpSignature sig = signGen.Generate(); sig.InitVerify(ecdsaKeyPair.PublicKey); sig.Update(msg); if (!sig.Verify()) { Fail("signature failed to verify!"); } // // generate a key ring // char[] passPhrase = "test".ToCharArray(); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair, "*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random); PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing(); PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing(); PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded()); if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded())) { Fail("public key ring encoding failed"); } PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded()); if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded())) { Fail("secret key ring encoding failed"); } // // try a signature using encoded key // signGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.ECDsa, HashAlgorithmTag.Sha256); signGen.InitSign(PgpSignature.BinaryDocument, secRing.GetSecretKey().ExtractPrivateKey(passPhrase)); signGen.Update(msg); sig = signGen.Generate(); sig.InitVerify(secRing.GetSecretKey().PublicKey); sig.Update(msg); if (!sig.Verify()) { Fail("re-encoded signature failed to verify!"); } }
public void PerformTest() { // // Read the public key // PgpPublicKeyRing pgpPub = new PgpPublicKeyRing(testPubKey); var firstUserId = pgpPub.GetPublicKey().GetUserIds().FirstOrDefault(); Assert.NotNull(firstUserId); Assert.AreEqual(1, firstUserId.SelfCertifications.Count); Assert.IsTrue(firstUserId.SelfCertifications[0].Verify()); // // write a public key // MemoryStream bOut = new MemoryStream(); pgpPub.Encode(bOut); Assert.AreEqual(testPubKey, bOut.ToArray()); // // Read the public key // PgpPublicKeyRing pgpPubV3 = new PgpPublicKeyRing(testPubKeyV3); // // write a V3 public key // bOut = new MemoryStream(); pgpPubV3.Encode(bOut); // // Read a v3 private key // var passP = "FIXCITY_QA"; { PgpSecretKeyRing pgpPriv2 = new PgpSecretKeyRing(testPrivKeyV3); PgpSecretKey pgpPrivSecretKey = pgpPriv2.GetSecretKey(); PgpPrivateKey pgpPrivKey2 = pgpPrivSecretKey.ExtractPrivateKey(passP); // // write a v3 private key // bOut = new MemoryStream(); pgpPriv2.Encode(bOut); byte[] result = bOut.ToArray(); Assert.AreEqual(testPrivKeyV3, result); } // // Read the private key // PgpSecretKeyRing pgpPriv = new PgpSecretKeyRing(testPrivKey); PgpPrivateKey pgpPrivKey = pgpPriv.GetSecretKey().ExtractPrivateKey(pass); // // write a private key // bOut = new MemoryStream(); pgpPriv.Encode(bOut); Assert.AreEqual(testPrivKey, bOut.ToArray()); // // test encryption // /*var c = pubKey; * * // c.Init(Cipher.ENCRYPT_MODE, pubKey); * * byte[] inBytes = Encoding.ASCII.GetBytes("hello world"); * byte[] outBytes = c.DoFinal(inBytes); * * // c.Init(Cipher.DECRYPT_MODE, pgpPrivKey.GetKey()); * c.Init(false, pgpPrivKey.Key); * * outBytes = c.DoFinal(outBytes); * * if (!Arrays.AreEqual(inBytes, outBytes)) * { * Fail("decryption failed."); * }*/ // // test signature message // var compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(sig1); var signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage(); var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); literalMessage.GetStream().CopyTo(Stream.Null); Assert.True(signedMessage.Verify(pgpPub.GetPublicKey(signedMessage.KeyId))); // // encrypted message - read subkey // pgpPriv = new PgpSecretKeyRing(subKey); // // encrypted message // byte[] text = Encoding.ASCII.GetBytes("hello world!\n"); var encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(enc1); var encKeyId = encryptedMessage.KeyIds.First(); pgpPrivKey = pgpPriv.GetSecretKey(encKeyId).ExtractPrivateKey(pass); compressedMessage = (PgpCompressedMessage)encryptedMessage.DecryptMessage(pgpPrivKey); literalMessage = (PgpLiteralMessage)compressedMessage.ReadMessage(); Assert.AreEqual("test.txt", literalMessage.FileName); byte[] bytes = Streams.ReadAll(literalMessage.GetStream()); Assert.AreEqual(text, bytes); // // encrypt - short message // byte[] shortText = { (byte)'h', (byte)'e', (byte)'l', (byte)'l', (byte)'o' }; MemoryStream cbOut = new MemoryStream(); var messageGenerator = new PgpMessageGenerator(cbOut); using (var encryptedGenerator = messageGenerator.CreateEncrypted(PgpSymmetricKeyAlgorithm.Cast5)) { encryptedGenerator.AddMethod(pgpPriv.GetSecretKey(encKeyId)); using (var literalStream = encryptedGenerator.CreateLiteral(PgpDataFormat.Binary, "", DateTime.UtcNow)) { literalStream.Write(shortText); } } cbOut.Position = 0; encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(cbOut); pgpPrivKey = pgpPriv.GetSecretKey(encryptedMessage.KeyIds.First()).ExtractPrivateKey(pass); //Assert.AreEqual(SymmetricKeyAlgorithmTag.Cast5, ((PgpPublicKeyEncryptedData)encryptedMessage.Methods[0]).GetSymmetricAlgorithm(pgpPrivKey)); literalMessage = (PgpLiteralMessage)encryptedMessage.DecryptMessage(pgpPrivKey); Assert.AreEqual("", literalMessage.FileName); bytes = Streams.ReadAll(literalMessage.GetStream()); Assert.AreEqual(shortText, bytes); // // encrypt // cbOut = new MemoryStream(); messageGenerator = new PgpMessageGenerator(cbOut); using (var encryptedGenerator = messageGenerator.CreateEncrypted(PgpSymmetricKeyAlgorithm.Cast5)) { encryptedGenerator.AddMethod(pgpPriv.GetSecretKey(encKeyId)); using (var literalStream = encryptedGenerator.CreateLiteral(PgpDataFormat.Binary, "", DateTime.UtcNow)) { literalStream.Write(text); } } cbOut.Position = 0; encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(cbOut); pgpPrivKey = pgpPriv.GetSecretKey(encryptedMessage.KeyIds.First()).ExtractPrivateKey(pass); literalMessage = (PgpLiteralMessage)encryptedMessage.DecryptMessage(pgpPrivKey); bytes = Streams.ReadAll(literalMessage.GetStream()); Assert.AreEqual(text, bytes); // // read public key with sub key. // /*pgpF = new PgpObjectFactory(subPubKey); * object o; * while ((o = pgpFact.NextPgpObject()) != null) * { * // TODO Should something be tested here? * // Console.WriteLine(o); * }*/ // // key pair generation - CAST5 encryption // var passPhrase = "hello"; var rsa = RSA.Create(1024); var keyRingGenerator = new PgpKeyRingGenerator(rsa, "fred", passPhrase); var secretKey = keyRingGenerator.GenerateSecretKeyRing().GetSecretKey(); PgpPublicKey key = new PgpPublicKey(secretKey); firstUserId = key.GetUserIds().FirstOrDefault(); Assert.NotNull(firstUserId); Assert.AreEqual(1, firstUserId.SelfCertifications.Count); Assert.IsTrue(firstUserId.SelfCertifications[0].Verify()); pgpPrivKey = secretKey.ExtractPrivateKey(passPhrase); key = PgpPublicKey.RemoveCertification(key, firstUserId, firstUserId.SelfCertifications[0]); Assert.NotNull(key); byte[] keyEnc = key.GetEncoded(); key = PgpPublicKey.AddCertification(key, firstUserId.UserId, firstUserId.SelfCertifications[0]); keyEnc = key.GetEncoded(); var revocation = PgpCertification.GenerateKeyRevocation( secretKey, secretKey.ExtractPrivateKey(passPhrase), key); key = PgpPublicKey.AddCertification(key, revocation); keyEnc = key.GetEncoded(); PgpPublicKeyRing tmpRing = new PgpPublicKeyRing(keyEnc); key = tmpRing.GetPublicKey(); revocation = key.KeyCertifications.Where(c => c.SignatureType == PgpSignatureType.KeyRevocation).FirstOrDefault(); Assert.NotNull(revocation); Assert.IsTrue(revocation.Verify(key)); // // use of PgpKeyPair // PgpKeyPair pgpKp = new PgpKeyPair(rsa, DateTime.UtcNow); PgpPublicKey k1 = pgpKp.PublicKey; PgpPrivateKey k2 = pgpKp.PrivateKey; k1.GetEncoded(); MixedTest(k2, k1); // // key pair generation - AES_256 encryption. -- XXX // //kp = kpg.GenerateKeyPair(); rsa = RSA.Create(1024); keyRingGenerator = new PgpKeyRingGenerator(rsa, "fred", passPhrase /*, encAlgorithm: PgpSymmetricKeyAlgorithm.Aes256*/); secretKey = keyRingGenerator.GenerateSecretKeyRing().GetSecretKey(); secretKey.ExtractPrivateKey(passPhrase); secretKey.Encode(new MemoryStream()); // // secret key password changing. // const string newPass = "******"; secretKey = PgpSecretKey.CopyWithNewPassword(secretKey, passPhrase, newPass); secretKey.ExtractPrivateKey(newPass); secretKey.Encode(new MemoryStream()); key = new PgpPublicKey(secretKey); key.Encode(new MemoryStream()); firstUserId = key.GetUserIds().FirstOrDefault(); Assert.NotNull(firstUserId); Assert.AreEqual(1, firstUserId.SelfCertifications.Count); Assert.IsTrue(firstUserId.SelfCertifications[0].Verify()); pgpPrivKey = secretKey.ExtractPrivateKey(newPass); // // signature generation // const string data = "hello world!"; byte[] dataBytes = Encoding.ASCII.GetBytes(data); DateTime testDateTime = new DateTime(1973, 7, 27); bOut = new MemoryStream(); messageGenerator = new PgpMessageGenerator(bOut); using (var compressedGenerator = messageGenerator.CreateCompressed(PgpCompressionAlgorithm.Zip)) using (var signingGenerator = compressedGenerator.CreateSigned(PgpSignatureType.BinaryDocument, pgpPrivKey, PgpHashAlgorithm.Sha1)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDateTime)) { literalStream.Write(dataBytes); } // // verify generated signature // bOut.Position = 0; compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(bOut); signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage(); literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); Assert.AreEqual(testDateTime, literalMessage.ModificationTime); literalMessage.GetStream().CopyTo(Stream.Null); Assert.IsTrue(signedMessage.Verify(secretKey)); // // signature generation - version 3 // bOut = new MemoryStream(); messageGenerator = new PgpMessageGenerator(bOut); using (var compressedGenerator = messageGenerator.CreateCompressed(PgpCompressionAlgorithm.Zip)) using (var signingGenerator = compressedGenerator.CreateSigned(PgpSignatureType.BinaryDocument, pgpPrivKey, PgpHashAlgorithm.Sha1, version: 3)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDateTime)) { literalStream.Write(dataBytes); } // // verify generated signature // bOut.Position = 0; compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(bOut); signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage(); literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); Assert.AreEqual(testDateTime, literalMessage.ModificationTime); literalMessage.GetStream().CopyTo(Stream.Null); Assert.IsTrue(signedMessage.Verify(secretKey)); // // extract PGP 8 private key // pgpPriv = new PgpSecretKeyRing(pgp8Key); secretKey = pgpPriv.GetSecretKey(); pgpPrivKey = secretKey.ExtractPrivateKey(pgp8Pass); // // other sig tests // PerformTestSig(PgpHashAlgorithm.Sha256, secretKey, pgpPrivKey); PerformTestSig(PgpHashAlgorithm.Sha384, secretKey, pgpPrivKey); PerformTestSig(PgpHashAlgorithm.Sha512, secretKey, pgpPrivKey); }
private static void ExportKeyPair( Stream secretOut, Stream publicOut, IAsymmetricCipherKeyPair signingKey, IAsymmetricCipherKeyPair encryptionKey, string identity, char[] passPhrase, bool armor, ISecureRandom random) { if (armor) { secretOut = new ArmoredOutputStream(secretOut); } var masterKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdsa, signingKey, DateTime.UtcNow); var subKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdh, encryptionKey, DateTime.UtcNow); var keyRingGenerator = new PgpKeyRingGenerator( PgpSignature.PositiveCertification, masterKey, identity, SymmetricKeyAlgorithmTag.Aes256, HashAlgorithmTag.Sha256, passPhrase, true, null, null, random); keyRingGenerator.AddSubKey(subKey); keyRingGenerator.GenerateSecretKeyRing().Encode(secretOut); if (armor) { secretOut.Close(); publicOut = new ArmoredOutputStream(publicOut); } keyRingGenerator.GeneratePublicKeyRing().Encode(publicOut); { publicOut.Close(); } }