/* * Helper for above. */ static byte [] SignPublicKey( PgpSecretKey secretKey, string password, PgpPublicKey keyToBeSigned, bool isCertain) { // Extracting private key, and getting ready to create a signature. PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(password.ToCharArray()); PgpSignatureGenerator sGen = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1); sGen.InitSign(isCertain ? PgpSignature.PositiveCertification : PgpSignature.CasualCertification, pgpPrivKey); // Creating a stream to wrap the results of operation. Stream os = new MemoryStream(); BcpgOutputStream bOut = new BcpgOutputStream(os); sGen.GenerateOnePassVersion(false).Encode(bOut); // Creating a generator. PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); PgpSignatureSubpacketVector packetVector = spGen.Generate(); sGen.SetHashedSubpackets(packetVector); bOut.Flush(); // Returning the signed public key. return(PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded()); }
/// <summary> /// Helper for creating a PgpSignatureGenerator from private key file and its password /// </summary> /// <param name="stream">Stream to use for signature initialization</param> /// <param name="input">Encryption task input</param> /// <returns>PgpSignatureGenerator to be used when signing a file</returns> internal static PgpSignatureGenerator InitPgpSignatureGenerator(Stream stream, PgpEncryptInput input) { HashAlgorithmTag hashAlgorithm = input.SigningSettings.SignatureHashAlgorithm.ConvertEnum <HashAlgorithmTag>(); try { PgpSecretKey secretKey = ReadSecretKey(input.SigningSettings.PrivateKeyFile); PgpPrivateKey privateKey = secretKey.ExtractPrivateKey(input.SigningSettings.PrivateKeyPassword.ToCharArray()); var pgpSignatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, hashAlgorithm); pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, privateKey); foreach (string userId in secretKey.PublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); spGen.SetSignerUserId(false, userId); pgpSignatureGenerator.SetHashedSubpackets(spGen.Generate()); // Just the first one! break; } pgpSignatureGenerator.GenerateOnePassVersion(false).Encode(stream); return(pgpSignatureGenerator); } catch (PgpException e) { throw new Exception("Private key extraction failed, password might be incorrect", e); } }
/*.......................................................................數位簽章開始*/ private static void SignFile( string fileName, //欲作簽章的檔案名稱及位置 Stream keyIn, // Private key 的 File Stream Stream outputStream, //簽章後的檔案 File Stream char[] pass, // private Key 的 password bool armor, //用途不明?? 範例預設true bool compress //用途不明?? 範例預設true ) { if (armor) { outputStream = new ArmoredOutputStream(outputStream); } PgpSecretKey pgpSec = PgpExampleUtilities.ReadSecretKey(keyIn); PgpPrivateKey pgpPrivKey = pgpSec.ExtractPrivateKey(pass); PgpSignatureGenerator sGen = new PgpSignatureGenerator(pgpSec.PublicKey.Algorithm, HashAlgorithmTag.Sha256); sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey); foreach (string userId in pgpSec.PublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); spGen.SetSignerUserId(false, userId); sGen.SetHashedSubpackets(spGen.Generate()); // Just the first one! break; } Stream cOut = outputStream; PgpCompressedDataGenerator cGen = null; if (compress) { cGen = new PgpCompressedDataGenerator(CompressionAlgorithmTag.ZLib); cOut = cGen.Open(cOut); } BcpgOutputStream bOut = new BcpgOutputStream(cOut); sGen.GenerateOnePassVersion(false).Encode(bOut); FileInfo file = new FileInfo(fileName); PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator(); Stream lOut = lGen.Open(bOut, PgpLiteralData.Binary, file); FileStream fIn = file.OpenRead(); int ch = 0; while ((ch = fIn.ReadByte()) >= 0) { lOut.WriteByte((byte)ch); sGen.Update((byte)ch); } fIn.Close(); lGen.Close(); sGen.Generate().Encode(bOut); if (cGen != null) { cGen.Close(); } if (armor) { outputStream.Close(); } }
private PgpSignatureGenerator InitSignatureGenerator(Stream compressedOut) { const bool IsCritical = false; const bool IsNested = false; PublicKeyAlgorithmTag tag = m_encryptionKeys.SecretKey.PublicKey.Algorithm; PgpSignatureGenerator pgpSignatureGenerator = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1); pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, m_encryptionKeys.PrivateKey); foreach (string userId in m_encryptionKeys.SecretKey.PublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator subPacketGenerator = new PgpSignatureSubpacketGenerator(); subPacketGenerator.SetSignerUserId(IsCritical, userId); pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate()); // Just the first one! break; } pgpSignatureGenerator.GenerateOnePassVersion(IsNested).Encode(compressedOut); return(pgpSignatureGenerator); }
private static byte[] RevokePublicKey(PgpSecretKey sKey, char[] sPass, PgpPublicKey keyToSign, bool armour) { Stream os = new MemoryStream(); if (armour) { os = new ArmoredOutputStream(os); } PgpPrivateKey privKey = sKey.ExtractPrivateKey(sPass); PgpSignatureGenerator sGen = new PgpSignatureGenerator(sKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.KeyRevocation, privKey); BcpgOutputStream bOut = new BcpgOutputStream(os); sGen.GenerateOnePassVersion(false).Encode(bOut); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); spGen.SetRevocable(false, true); DateTime baseDate = new DateTime(1970, 1, 1); TimeSpan tSpan = DateTime.UtcNow - baseDate; spGen.SetSignatureExpirationTime(false, tSpan.Seconds); PgpSignatureSubpacketVector packetVector = spGen.Generate(); sGen.SetHashedSubpackets(packetVector); bOut.Flush(); if (armour) { os.Close(); } return(PgpPublicKey.AddCertification(keyToSign, sGen.Generate()).GetEncoded()); }
private static void ExportKeyPair( Stream secretOut, Stream publicOut, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, string identity, char[] passPhrase, bool armor) { if (armor) { secretOut = new ArmoredOutputStream(secretOut); } PgpSignatureSubpacketGenerator signHashGen = new PgpSignatureSubpacketGenerator(); signHashGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify | PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage); signHashGen.SetPreferredSymmetricAlgorithms(false, new int[] { (int)SymmetricKeyAlgorithmTag.Aes256, (int)SymmetricKeyAlgorithmTag.Aes192, (int)SymmetricKeyAlgorithmTag.Aes128, (int)SymmetricKeyAlgorithmTag.Blowfish }); signHashGen.SetPreferredHashAlgorithms(false, new int[] { (int)HashAlgorithmTag.Sha512, (int)HashAlgorithmTag.Sha384, (int)HashAlgorithmTag.Sha256, (int)HashAlgorithmTag.Sha224, (int)HashAlgorithmTag.RipeMD160, (int)HashAlgorithmTag.Tiger192 }); signHashGen.SetPreferredCompressionAlgorithms(false, new int[] { (int)CompressionAlgorithmTag.ZLib, (int)CompressionAlgorithmTag.BZip2, (int)CompressionAlgorithmTag.Zip }); signHashGen.SetTrust(false, 8, 255); PgpSignatureSubpacketVector signSubpktVector = signHashGen.Generate(); PgpSecretKey secretKey = new PgpSecretKey( PgpSignature.PositiveCertification, PublicKeyAlgorithmTag.RsaGeneral, publicKey, privateKey, DateTime.UtcNow, identity, SymmetricKeyAlgorithmTag.Aes256, passPhrase, signSubpktVector, //null, null, new SecureRandom() ); secretKey.Encode(secretOut); if (armor) { secretOut.Close(); publicOut = new ArmoredOutputStream(publicOut); } PgpPublicKey key = secretKey.PublicKey; key.Encode(publicOut); if (armor) { publicOut.Close(); } }
/// <summary> /// Sign data using key /// </summary> /// <param name="data">Data to sign</param> /// <param name="key">Email address of key</param> /// <returns>Returns ascii armored signature</returns> public string Sign(byte[] data, string key, Dictionary <string, string> headers) { Context = new CryptoContext(Context); var senderKey = GetSecretKeyForSigning(key); if (senderKey == null) { throw new SecretKeyNotFoundException("Error, unable to locate signing key \"" + key + "\"."); } var compressedData = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Zip); var literalData = new PgpLiteralDataGenerator(); // Setup signature stuff // var tag = senderKey.PublicKey.Algorithm; var signatureData = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha256); signatureData.InitSign(PgpSignature.BinaryDocument, senderKey.ExtractPrivateKey(Context.Password)); foreach (string userId in senderKey.PublicKey.GetUserIds()) { var subPacketGenerator = new PgpSignatureSubpacketGenerator(); subPacketGenerator.SetSignerUserId(false, userId); signatureData.SetHashedSubpackets(subPacketGenerator.Generate()); // Just the first one! break; } // // using (var sout = new MemoryStream()) { using (var armoredOut = new ArmoredOutputStream(sout)) { foreach (var header in headers) { armoredOut.SetHeader(header.Key, header.Value); } using (var compressedOut = compressedData.Open(armoredOut)) using (var outputStream = new BcpgOutputStream(compressedOut)) { signatureData.GenerateOnePassVersion(false).Encode(outputStream); using (var literalOut = literalData.Open(outputStream, 'b', "", data.Length, DateTime.Now)) { literalOut.Write(data, 0, data.Length); signatureData.Update(data); } signatureData.Generate().Encode(outputStream); } } return(ASCIIEncoding.ASCII.GetString(sout.ToArray())); } }
private void generateTest( string message, string type) { PgpSecretKey pgpSecKey = ReadSecretKey(new MemoryStream(secretKey)); PgpPrivateKey pgpPrivKey = pgpSecKey.ExtractPrivateKey("".ToCharArray()); PgpSignatureGenerator sGen = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); sGen.InitSign(PgpSignature.CanonicalTextDocument, pgpPrivKey); IEnumerator it = pgpSecKey.PublicKey.GetUserIds().GetEnumerator(); if (it.MoveNext()) { spGen.SetSignerUserId(false, (string)it.Current); sGen.SetHashedSubpackets(spGen.Generate()); } MemoryStream bOut = new MemoryStream(); ArmoredOutputStream aOut = new ArmoredOutputStream(bOut); MemoryStream bIn = new MemoryStream(Encoding.ASCII.GetBytes(message), false); aOut.BeginClearText(HashAlgorithmTag.Sha256); // // note the last \n m_in the file is ignored // MemoryStream lineOut = new MemoryStream(); int lookAhead = ReadInputLine(lineOut, bIn); ProcessLine(aOut, sGen, lineOut.ToArray()); if (lookAhead != -1) { do { lookAhead = ReadInputLine(lineOut, lookAhead, bIn); sGen.Update((byte)'\r'); sGen.Update((byte)'\n'); ProcessLine(aOut, sGen, lineOut.ToArray()); }while (lookAhead != -1); } aOut.EndClearText(); BcpgOutputStream bcpgOut = new BcpgOutputStream(aOut); sGen.Generate().Encode(bcpgOut); aOut.Close(); byte[] bs = bOut.ToArray(); messageTest(Encoding.ASCII.GetString(bs, 0, bs.Length), type); }
private string signEnvelopeData(string msg) { Stream privateKeyStream = getPrivateKeyStream(_privateKey); MemoryStream result = new MemoryStream(); ArmoredOutputStream aOut = new ArmoredOutputStream(result); BcpgOutputStream bOut = null; char[] privateKeyPassword = _passPhrase.ToCharArray(); var utf8Encoding = new System.Text.UTF8Encoding(); try { PgpSecretKey sk = readSecretKey(privateKeyStream); PgpPrivateKey pk = sk.ExtractPrivateKey(privateKeyPassword); PgpSignatureGenerator sigGen = new PgpSignatureGenerator(sk.PublicKey.Algorithm, HashAlgorithmTag.Sha256); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); var enumerator = sk.PublicKey.GetUserIds().GetEnumerator(); if (enumerator.MoveNext()) { spGen.SetSignerUserId(false, (string)enumerator.Current); sigGen.SetHashedSubpackets(spGen.Generate()); } aOut.BeginClearText(HashAlgorithmTag.Sha256); sigGen.InitSign(PgpSignature.CanonicalTextDocument, pk); byte[] msgBytes = utf8Encoding.GetBytes(msg); sigGen.Update(msgBytes, 0, msgBytes.Length); aOut.Write(msgBytes, 0, msgBytes.Length); bOut = new BcpgOutputStream(aOut); aOut.EndClearText(); sigGen.Generate().Encode(bOut); using (BinaryReader br = new BinaryReader(result)) { br.BaseStream.Position = 0; return(utf8Encoding.GetString(br.ReadBytes((int)result.Length))); } } catch (Exception e) { Console.WriteLine("This happened: " + e.Message); throw new Exception("Signing Failed: " + e.Message); } finally { try { if (privateKeyStream != null) { privateKeyStream.Close(); } //if(bOut != null) //bOut.Close(); //aOut.Close(); result.Close(); } catch (IOException) {} } }
/// <summary> /// Create master signing key. /// </summary> /// <param name="keyRingGen"> /// Key ring generator. /// </param> /// <param name="identity"> /// Identity of the key. /// </param> /// <param name="password"> /// Password to protect the secret key. /// </param> /// <param name="expires"> /// Key expiry; null means never expires. /// </param> /// <param name="encryptKeyLength"> /// Length of the encryption key. /// </param> /// <param name="encryptGenerator"> /// Generator for the encryption key. /// </param> /// <param name="encryptionAlgorithm"> /// Encryption algorithm. /// </param> /// <param name="symmetricAlgorithm"> /// Symmetric algorithm. /// </param> /// <returns> /// Returns the <see cref="PgpKeyRingGenerator"/> with the keyring properties /// thus far. /// </returns> public static PgpKeyRingGenerator CreateEncryptionSubkey( PgpKeyRingGenerator keyRingGen, string identity, string password, DateTime?expires, int encryptKeyLength = 2048, string encryptGenerator = "RSA", PublicKeyAlgorithmTag encryptionAlgorithm = PublicKeyAlgorithmTag.RsaEncrypt, SymmetricKeyAlgorithmTag symmetricAlgorithm = SymmetricKeyAlgorithmTag.Aes256) { var keyringParameters = new KeyRingParameters(encryptKeyLength, encryptGenerator) { Password = password, Identity = identity, PrivateKeyEncryptionAlgorithm = symmetricAlgorithm, SymmetricAlgorithms = new[] { SymmetricKeyAlgorithmTag.Aes256, SymmetricKeyAlgorithmTag.Aes192, SymmetricKeyAlgorithmTag.Aes128 }, HashAlgorithms = new[] { HashAlgorithmTag.Sha256, HashAlgorithmTag.Sha1, HashAlgorithmTag.Sha384, HashAlgorithmTag.Sha512, HashAlgorithmTag.Sha224, } }; // encryption key var generator = GeneratorUtilities.GetKeyPairGenerator(encryptGenerator); generator.Init(keyringParameters.KeyParams); var encKeyPair = new PgpKeyPair(encryptionAlgorithm, generator.GenerateKeyPair(), DateTime.UtcNow); var symmetricAlgorithms = (from a in keyringParameters.SymmetricAlgorithms select(int) a).ToArray(); var hashAlgorithms = (from a in keyringParameters.HashAlgorithms select(int) a).ToArray(); Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X")); var encSubpckGen = new PgpSignatureSubpacketGenerator(); encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage); encSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms); encSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms); if (expires != null) { encSubpckGen.SetKeyExpirationTime(false, (long)((DateTime)expires - DateTime.Now).TotalSeconds); } // add encryption subkey to keyring keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null); return(keyRingGen); }
private void setHashedSubpackets(PgpSignatureGenerator signatureGenerator) { IEnumerator<string> it = (IEnumerator<string>)key.PublicKey.GetUserIds().GetEnumerator(); while (it.MoveNext()) { PgpSignatureSubpacketGenerator generator = new PgpSignatureSubpacketGenerator(); generator.SetSignerUserId(false, it.Current); signatureGenerator.SetHashedSubpackets(generator.Generate()); } }
PgpKeyRingGenerator CreateKeyRingGenerator(MailboxAddress mailbox, EncryptionAlgorithm algorithm, long expirationTime, string password, DateTime now, SecureRandom random) { var enabledEncryptionAlgorithms = EnabledEncryptionAlgorithms; var enabledDigestAlgorithms = EnabledDigestAlgorithms; var encryptionAlgorithms = new int[enabledEncryptionAlgorithms.Length]; var digestAlgorithms = new int[enabledDigestAlgorithms.Length]; for (int i = 0; i < enabledEncryptionAlgorithms.Length; i++) { encryptionAlgorithms[i] = (int)enabledEncryptionAlgorithms[i]; } for (int i = 0; i < enabledDigestAlgorithms.Length; i++) { digestAlgorithms[i] = (int)enabledDigestAlgorithms[i]; } var parameters = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x10001), random, 2048, 12); var signingAlgorithm = PublicKeyAlgorithmTag.RsaSign; var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA"); keyPairGenerator.Init(parameters); var signingKeyPair = new PgpKeyPair(signingAlgorithm, keyPairGenerator.GenerateKeyPair(), now); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify); subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms); subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms); if (expirationTime > 0) { subpacketGenerator.SetKeyExpirationTime(false, expirationTime); subpacketGenerator.SetSignatureExpirationTime(false, expirationTime); } subpacketGenerator.SetFeature(false, Org.BouncyCastle.Bcpg.Sig.Features.FEATURE_MODIFICATION_DETECTION); var keyRingGenerator = new PgpKeyRingGenerator( PgpSignature.PositiveCertification, signingKeyPair, mailbox.ToString(false), GetSymmetricKeyAlgorithm(algorithm), CharsetUtils.UTF8.GetBytes(password), true, subpacketGenerator.Generate(), null, random); // Add the (optional) encryption subkey. AddEncryptionKeyPair(keyRingGenerator, parameters, PublicKeyAlgorithmTag.RsaGeneral, now, expirationTime, encryptionAlgorithms, digestAlgorithms); return(keyRingGenerator); }
/// <summary> /// Sign a file with PGP signature. See documentation at https://github.com/CommunityHiQ/Frends.Community.PgpSignature Returns: Object {string FilePath} /// </summary> public static PgpSignatureResult SignFile(PgpSignatureInput input) { HashAlgorithmTag digest = input.HashFunction.ConvertEnum <HashAlgorithmTag>(); using (var privateKeyStream = File.OpenRead(input.PrivateKeyFile)) { var pgpSecKey = PgpServices.SignatureReadSecretKey(privateKeyStream); var pgpPrivKey = pgpSecKey.ExtractPrivateKey(input.Password.ToCharArray()); var signatureGenerator = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, digest); var signatureSubpacketGenerator = new PgpSignatureSubpacketGenerator(); signatureGenerator.InitSign(PgpSignature.BinaryDocument, pgpPrivKey); var enumerator = pgpSecKey.PublicKey.GetUserIds().GetEnumerator(); if (enumerator.MoveNext()) { signatureSubpacketGenerator.SetSignerUserId(false, (string)enumerator.Current); signatureGenerator.SetHashedSubpackets(signatureSubpacketGenerator.Generate()); } using (var outputStream = File.Create(input.OutputFile)) { var armoredOutputStream = new ArmoredOutputStream(outputStream); var bcbgOutputStream = new BcpgOutputStream(armoredOutputStream); signatureGenerator.GenerateOnePassVersion(false).Encode(bcbgOutputStream); var file = new FileInfo(input.InputFile); var literalDataGenerator = new PgpLiteralDataGenerator(); var literalDataOut = literalDataGenerator.Open(bcbgOutputStream, PgpLiteralData.Binary, file.Name, file.Length, DateTime.Now); using (var fileIn = file.OpenRead()) { int ch; while ((ch = fileIn.ReadByte()) >= 0) { literalDataOut.WriteByte((byte)ch); signatureGenerator.Update((byte)ch); } fileIn.Close(); literalDataGenerator.Close(); signatureGenerator.Generate().Encode(bcbgOutputStream); armoredOutputStream.Close(); outputStream.Close(); var ret = new PgpSignatureResult { FilePath = input.OutputFile }; return(ret); } } } }
private static PgpKeyRingGenerator GeneratePgpRingKeys(string identity, string password) { var keyRingParams = new KeyRingParams { Password = password, Identity = identity, PrivateKeyEncryptionAlgorithm = SymmetricKeyAlgorithmTag.Aes128, SymmetricAlgorithms = new SymmetricKeyAlgorithmTag[] { SymmetricKeyAlgorithmTag.Aes256, SymmetricKeyAlgorithmTag.Aes192, SymmetricKeyAlgorithmTag.Aes128 }, HashAlgorithms = new HashAlgorithmTag[] { HashAlgorithmTag.Sha256, HashAlgorithmTag.Sha1, HashAlgorithmTag.Sha384, HashAlgorithmTag.Sha512, HashAlgorithmTag.Sha224, } }; var generator = GeneratorUtilities.GetKeyPairGenerator("RSA"); generator.Init(keyRingParams.RsaParams); var masterKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, generator.GenerateKeyPair(), DateTime.UtcNow); Debug.WriteLine("Generated master key with Id {0}", masterKeyPair.KeyId.ToString("x")); var masterSubpckGen = new PgpSignatureSubpacketGenerator(); masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify); masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (from a in keyRingParams.SymmetricAlgorithms select(int) a).ToArray()); masterSubpckGen.SetPreferredHashAlgorithms(false, (from a in keyRingParams.HashAlgorithms select(int) a).ToArray()); var encKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow); Debug.WriteLine("Generated encryption key with Id {0}", encKeyPair.KeyId.ToString("x")); var encSubpckGen = new PgpSignatureSubpacketGenerator(); encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage); masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (from a in keyRingParams.SymmetricAlgorithms select(int) a).ToArray()); masterSubpckGen.SetPreferredHashAlgorithms(false, (from a in keyRingParams.HashAlgorithms select(int) a).ToArray()); var keyRingGen = new PgpKeyRingGenerator(PgpSignature.DefaultCertification, masterKeyPair, keyRingParams.Identity, keyRingParams.PrivateKeyEncryptionAlgorithm.Value, keyRingParams.GetPassword(), true, masterSubpckGen.Generate(), null, new SecureRandom()); keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null); return(keyRingGen); }
/// <summary> /// Attempt to sign a PGP message using the specific private key. /// </summary> /// <param name="messageStream">Stream containing the message to sign.</param> /// <param name="signatureStream">Stream to write the signature into.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the signature completed successfully.</returns> public static bool Sign(Stream messageStream, Stream signatureStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, bool armor = true) { // Create a signature generator. PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(senderPublicKey.Algorithm, hashAlgorithmTag); signatureGenerator.InitSign(PgpSignature.BinaryDocument, senderPrivateKey); // Add the public key user ID. foreach (string userId in senderPublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator signatureSubGenerator = new PgpSignatureSubpacketGenerator(); signatureSubGenerator.SetSignerUserId(false, userId); signatureGenerator.SetHashedSubpackets(signatureSubGenerator.Generate()); break; } // Handle ASCII armor. if (armor) { using (ArmoredOutputStream armoredStream = new ArmoredOutputStream(signatureStream)) { armoredStream.BeginClearText(hashAlgorithmTag); // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { armoredStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } armoredStream.EndClearText(); using (BcpgOutputStream bcpgStream = new BcpgOutputStream(armoredStream)) { signatureGenerator.Generate().Encode(bcpgStream); } } } else { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { signatureGenerator.Update((byte)messageChar); } signatureGenerator.Generate().Encode(signatureStream); } return(true); }
private static string DoSigning(string input, Stream keyIn, Stream outputStream, char[] pass) { var digest = HashAlgorithmTag.Sha256; var pgpSecretKey = ReadSigningSecretKey(keyIn); var pgpPrivateKey = pgpSecretKey.ExtractPrivateKey(pass); var signatureGenerator = new PgpSignatureGenerator(pgpSecretKey.PublicKey.Algorithm, digest); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); signatureGenerator.InitSign(PgpSignature.StandAlone, pgpPrivateKey); foreach (var userId in pgpSecretKey.PublicKey.GetUserIds()) { subpacketGenerator.SetSignerUserId(false, userId.ToString()); signatureGenerator.SetHashedSubpackets(subpacketGenerator.Generate()); } Stream inputStream = new MemoryStream(Encoding.ASCII.GetBytes(input)); var armoredOut = new ArmoredOutputStream(outputStream); armoredOut.BeginClearText(digest); // note the last \n/\r/\r\n in the file is ignored var lineOut = new MemoryStream(); int lookAhead = ReadInputLine(lineOut, inputStream); ProcessLine(armoredOut, signatureGenerator, lineOut.ToArray()); if (lookAhead != -1) { do { lookAhead = ReadInputLine(lineOut, lookAhead, inputStream); signatureGenerator.Update((byte)'\n'); ProcessLine(armoredOut, signatureGenerator, lineOut.ToArray()); }while (lookAhead != -1); } inputStream.Close(); armoredOut.EndClearText(); var bcpgOutput = new BcpgOutputStream(armoredOut); signatureGenerator.Generate().Encode(bcpgOutput); armoredOut.Close(); outputStream.Seek(0, 0); return(new StreamReader(outputStream).ReadToEnd()); }
public static PgpKeyRingGenerator GenerateKeyRing(String id, byte[] pass, RSAKeySize keysize) { RsaKeyPairGenerator kpg = new RsaKeyPairGenerator(); kpg.Init(new KeyGenerationParameters(new SecureRandom(), 4096)); AsymmetricCipherKeyPair rsakeys = kpg.GenerateKeyPair(); PgpKeyPair rsakp_sign = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, rsakeys, DateTime.UtcNow); PgpKeyPair rsakp_enc = new PgpKeyPair(PublicKeyAlgorithmTag.RsaEncrypt, rsakeys, DateTime.UtcNow); PgpSignatureSubpacketGenerator signhashgen = new PgpSignatureSubpacketGenerator(); signhashgen.SetKeyFlags(false, KeyFlags.SignData | KeyFlags.CertifyOther); signhashgen.SetPreferredSymmetricAlgorithms (false, new int[] { (int)SymmetricKeyAlgorithmTag.Aes256, (int)SymmetricKeyAlgorithmTag.Camellia256 }); signhashgen.SetPreferredHashAlgorithms (false, new int[] { (int)HashAlgorithmTag.Sha256, (int)HashAlgorithmTag.Sha384, (int)HashAlgorithmTag.Sha512 }); signhashgen.SetFeature(false, Features.FEATURE_MODIFICATION_DETECTION); // Create a signature on the encryption subkey. PgpSignatureSubpacketGenerator enchashgen = new PgpSignatureSubpacketGenerator(); enchashgen.SetKeyFlags(false, KeyFlags.EncryptComms | KeyFlags.EncryptStorage | KeyFlags.Authentication); PgpKeyRingGenerator pgpKeyRing = new PgpKeyRingGenerator( PgpSignature.DefaultCertification, rsakp_sign, id, SymmetricKeyAlgorithmTag.Aes256, pass, false, signhashgen.Generate(), null, new SecureRandom() ); pgpKeyRing.AddSubKey(rsakp_enc, enchashgen.Generate(), null, HashAlgorithmTag.Sha512); return(pgpKeyRing); }
// http://stackoverflow.com/questions/20572737/sign-and-verify-xml-file-in-c-sharp public void SignFile(string hashAlgorithm, string fileName, System.IO.Stream privateKeyStream , string privateKeyPassword, System.IO.Stream outStream) { PgpSecretKey pgpSec = ReadSigningSecretKey(privateKeyStream); PgpPrivateKey pgpPrivKey = null; pgpPrivKey = pgpSec.ExtractPrivateKey(privateKeyPassword.ToCharArray()); PgpSignatureGenerator sGen = new PgpSignatureGenerator(pgpSec.PublicKey.Algorithm, ParseHashAlgorithm(hashAlgorithm)); sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey); foreach (string userId in pgpSec.PublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); spGen.SetSignerUserId(false, userId); sGen.SetHashedSubpackets(spGen.Generate()); } CompressionAlgorithmTag compression = PreferredCompression(pgpSec.PublicKey); PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator(compression); BcpgOutputStream bOut = new BcpgOutputStream(cGen.Open(outStream)); sGen.GenerateOnePassVersion(false).Encode(bOut); System.IO.FileInfo file = new System.IO.FileInfo(fileName); System.IO.FileStream fIn = new System.IO.FileStream(fileName, System.IO.FileMode.Open, System.IO.FileAccess.Read, System.IO.FileShare.Read); PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator(); System.IO.Stream lOut = lGen.Open(bOut, PgpLiteralData.Binary, file); int ch = 0; while ((ch = fIn.ReadByte()) >= 0) { lOut.WriteByte((byte)ch); sGen.Update((byte)ch); } fIn.Close(); sGen.Generate().Encode(bOut); lGen.Close(); cGen.Close(); outStream.Close(); }
public static PgpKeyRingGenerator GenerateKeyRingGenerator(KeyRingParams keyRingParams) { var generator = GeneratorUtilities.GetKeyPairGenerator("RSA"); generator.Init(keyRingParams.RsaParams()); /* Create the master (signing-only) key. */ var masterKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, generator.GenerateKeyPair(), DateTime.UtcNow); Debug.WriteLine("Generated master key with ID " + masterKeyPair.KeyId.ToString("X")); var masterSubpckGen = new PgpSignatureSubpacketGenerator(); masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify); masterSubpckGen.SetPreferredSymmetricAlgorithms(false, keyRingParams.SymmetricAlgorithms.Select(a => (int)a).ToArray()); masterSubpckGen.SetPreferredHashAlgorithms(false, keyRingParams.HashAlgorithms.Select(a => (int)a).ToArray()); /* Create a signing and encryption key for daily use. */ var encKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow); Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X")); var encSubpckGen = new PgpSignatureSubpacketGenerator(); encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage); masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (keyRingParams.SymmetricAlgorithms.Select(a => (int)a)).ToArray()); masterSubpckGen.SetPreferredHashAlgorithms(false, (keyRingParams.HashAlgorithms.Select(a => (int)a)).ToArray()); /* Create the key ring. */ var keyRingGen = new PgpKeyRingGenerator( PgpSignature.DefaultCertification, masterKeyPair, keyRingParams.Identity, keyRingParams.PrivateKeyEncryptionAlgorithm.Value, keyRingParams.GetPassword(), true, masterSubpckGen.Generate(), null, new SecureRandom()); /* Add encryption subkey. */ keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null); return(keyRingGen); }
/// <summary> /// Sign a public key. /// </summary> /// <remarks> /// <para>Signs a public key using the specified secret key.</para> /// <para>Most OpenPGP implementations use <see cref="OpenPgpKeyCertification.GenericCertification"/> /// to make their "key signatures". Some implementations are known to use the other /// certification types, but few differentiate between them.</para> /// </remarks> /// <param name="secretKey">The secret key to use for signing.</param> /// <param name="publicKey">The public key to sign.</param> /// <param name="digestAlgo">The digest algorithm.</param> /// <param name="certification">The certification to give the signed key.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="secretKey"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="publicKey"/> is <c>null</c>.</para> /// </exception> public void SignKey(PgpSecretKey secretKey, PgpPublicKey publicKey, DigestAlgorithm digestAlgo = DigestAlgorithm.Sha1, OpenPgpKeyCertification certification = OpenPgpKeyCertification.GenericCertification) { if (secretKey == null) { throw new ArgumentNullException(nameof(secretKey)); } if (publicKey == null) { throw new ArgumentNullException(nameof(publicKey)); } var privateKey = GetPrivateKey(secretKey); var signatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, GetHashAlgorithm(digestAlgo)); signatureGenerator.InitSign((int)certification, privateKey); signatureGenerator.GenerateOnePassVersion(false); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); var subpacketVector = subpacketGenerator.Generate(); signatureGenerator.SetHashedSubpackets(subpacketVector); var signedKey = PgpPublicKey.AddCertification(publicKey, signatureGenerator.Generate()); PgpPublicKeyRing keyring = null; foreach (var ring in EnumeratePublicKeyRings()) { foreach (PgpPublicKey key in ring.GetPublicKeys()) { if (key.KeyId == publicKey.KeyId) { PublicKeyRingBundle = PgpPublicKeyRingBundle.RemovePublicKeyRing(PublicKeyRingBundle, ring); keyring = PgpPublicKeyRing.InsertPublicKey(ring, signedKey); break; } } } if (keyring == null) { keyring = new PgpPublicKeyRing(signedKey.GetEncoded()); } Import(keyring); }
private static byte[] SignPublicKey( PgpSecretKey secretKey, string secretKeyPass, PgpPublicKey keyToBeSigned, string notationName, string notationValue, bool armor) { Stream os = new MemoryStream(); if (armor) { os = new ArmoredOutputStream(os); } PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey( secretKeyPass.ToCharArray()); PgpSignatureGenerator sGen = new PgpSignatureGenerator( secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.DirectKey, pgpPrivKey); BcpgOutputStream bOut = new BcpgOutputStream(os); sGen.GenerateOnePassVersion(false).Encode(bOut); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); bool isHumanReadable = true; spGen.SetNotationData(true, isHumanReadable, notationName, notationValue); PgpSignatureSubpacketVector packetVector = spGen.Generate(); sGen.SetHashedSubpackets(packetVector); bOut.Flush(); if (armor) { os.Close(); } return(PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded()); }
private PgpSignatureGenerator InitSignatureGenerator(Stream compressedOut, ChoPGPEncryptionKeys encryptionKeys) { PublicKeyAlgorithmTag tag = encryptionKeys.SecretKey.PublicKey.Algorithm; PgpSignatureGenerator pgpSignatureGenerator = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1); pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, encryptionKeys.PrivateKey); foreach (string userId in encryptionKeys.SecretKey.PublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator subPacketGenerator = new PgpSignatureSubpacketGenerator(); subPacketGenerator.SetSignerUserId(false, userId); pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate()); // Just the first one! break; } pgpSignatureGenerator.GenerateOnePassVersion(false).Encode(compressedOut); return(pgpSignatureGenerator); }
private PgpSignatureGenerator InitSigGen(Stream compressedO) { const bool Crit = false; const bool Nestd = false; PublicKeyAlgorithmTag tag = mPgpKeys.SecretKey.PublicKey.Algorithm; PgpSignatureGenerator pgpSigGen = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1); pgpSigGen.InitSign(PgpSignature.BinaryDocument, mPgpKeys.PrivateKey); foreach (string userId in mPgpKeys.SecretKey.PublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator subpktGen = new PgpSignatureSubpacketGenerator(); subpktGen.SetSignerUserId(Crit, userId); pgpSigGen.SetHashedSubpackets(subpktGen.Generate()); break; } pgpSigGen.GenerateOnePassVersion(Nestd).Encode(compressedO); return(pgpSigGen); }
private PgpSignatureGenerator createSignatureGenerator() { PgpPrivateKey privateKey = secretKey.ExtractPrivateKey(password); PgpPublicKey internalPublicKey = secretKey.PublicKey; PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(internalPublicKey.Algorithm, HashAlgorithmTag.Sha1); signatureGenerator.InitSign(PgpSignature.BinaryDocument, privateKey); var userIds = internalPublicKey.GetUserIds(); foreach (var userId in userIds) { PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); spGen.SetSignerUserId(false, (String)userId); signatureGenerator.SetHashedSubpackets(spGen.Generate()); break; } return(signatureGenerator); }
private PgpSignatureGenerator sigGen(Stream compressedOut) { const bool Iscritical = false; const bool IsNested = false; PublicKeyAlgorithmTag tag = _pgpKeys.PGPSecretKey.PublicKey.Algorithm; PgpSignatureGenerator pgpSigGen = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1); pgpSigGen.InitSign(PgpSignature.BinaryDocument, _pgpKeys.PGPPrivateKey); foreach (string userID in _pgpKeys.PGPSecretKey.PublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator subPackGen = new PgpSignatureSubpacketGenerator(); subPackGen.SetSignerUserId(Iscritical, userID); pgpSigGen.SetHashedSubpackets(subPackGen.Generate()); break; } pgpSigGen.GenerateOnePassVersion(IsNested).Encode(compressedOut); return(pgpSigGen); }
private PgpSignatureGenerator InitSignature(Stream outputStream) { if (PrivateKey == null) { return(null); } var signatureGenerator = new PgpSignatureGenerator(PrivateKey.GetPublicKey().Algorithm, HashAlgorithm); signatureGenerator.InitSign(PgpSignature.BinaryDocument, PrivateKey.GetSecretKey().ExtractPrivateKey(_password.ToCharArray())); var userId = PrivateKey.GetPublicKey().GetUserIds().OfType <string>().FirstOrDefault(); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); subpacketGenerator.SetSignerUserId(false, userId); signatureGenerator.SetHashedSubpackets(subpacketGenerator.Generate()); signatureGenerator.GenerateOnePassVersion(false).Encode(outputStream); return(signatureGenerator); }
public static string Sign(string hash, string keyFile, string keyPass) { var outStream = new MemoryStream(); var armoredStream = new ArmoredOutputStream(outStream); var secretKey = ReadSigningKey(keyFile); var privateKey = secretKey.ExtractPrivateKey(keyPass.ToCharArray()); var sigGen = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha384); sigGen.InitSign(PgpSignature.BinaryDocument, privateKey); foreach (string userId in secretKey.PublicKey.GetUserIds()) { var subpacketGenerator = new PgpSignatureSubpacketGenerator(); subpacketGenerator.SetSignerUserId(false, userId); sigGen.SetHashedSubpackets(subpacketGenerator.Generate()); break; } var signedStream = new BcpgOutputStream(armoredStream); sigGen.GenerateOnePassVersion(false).Encode(signedStream); var inStream = new MemoryStream(Encoding.ASCII.GetBytes(hash)); var literalGenerator = new PgpLiteralDataGenerator(); var literalOut = literalGenerator.Open(signedStream, PgpLiteralData.Binary, "hash", hash.Length, DateTime.Now); int ch; while ((ch = inStream.ReadByte()) >= 0) { literalOut.WriteByte((byte)ch); sigGen.Update((byte)ch); } inStream.Dispose(); literalGenerator.Close(); sigGen.Generate().Encode(signedStream); armoredStream.Dispose(); return(Encoding.ASCII.GetString(outStream.ToArray())); }
private static PgpSignatureGenerator InitSignatureGenerator(Stream compressedOut, PgpEncryptionKeys encryptionKeys) { const bool isCritical = false; const bool isNested = false; PublicKeyAlgorithmTag tag = encryptionKeys.SecretKey.PublicKey.Algorithm; var pgpSignatureGenerator = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1); pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, encryptionKeys.PrivateKey); string firstUserId = encryptionKeys.SecretKey.PublicKey.GetUserIds().Cast <string>().First(); PgpSignatureSubpacketGenerator subPacketGenerator = new PgpSignatureSubpacketGenerator(); subPacketGenerator.SetSignerUserId(isCritical, firstUserId); pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate()); pgpSignatureGenerator.GenerateOnePassVersion(isNested).Encode(compressedOut); return(pgpSignatureGenerator); }
public static void SignFile(Stream input, Stream outputStream, Stream keyIn, char[] pass) { var hashAlgorithm = HashAlgorithmTag.Sha512; var secretKey = ReadSecretKey(keyIn); var privateKey = secretKey.ExtractPrivateKey(pass); var signatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, hashAlgorithm); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); signatureGenerator.InitSign(PgpSignature.CanonicalTextDocument, privateKey); foreach (string userId in secretKey.PublicKey.GetUserIds()) { var signatureSubpacketGenerator = new PgpSignatureSubpacketGenerator(); signatureSubpacketGenerator.SetSignerUserId(isCritical: false, userId: userId); signatureGenerator.SetHashedSubpackets(signatureSubpacketGenerator.Generate()); // Just the first one! break; } // Closing armouredOutputStream does not close the underlying stream var armouredOutputStream = new ArmoredOutputStream(outputStream); using (var bcpgOutputStream = new BcpgOutputStream(armouredOutputStream)) { armouredOutputStream.BeginClearText(hashAlgorithm); int chr; while ((chr = input.ReadByte()) > 0) { signatureGenerator.Update((byte)chr); bcpgOutputStream.Write((byte)chr); } // For some reason we need to add a trailing newline bcpgOutputStream.Write((byte)'\n'); armouredOutputStream.EndClearText(); signatureGenerator.Generate().Encode(bcpgOutputStream); } }
void AddEncryptionKeyPair(PgpKeyRingGenerator keyRingGenerator, KeyGenerationParameters parameters, PublicKeyAlgorithmTag algorithm, DateTime now, long expirationTime, int[] encryptionAlgorithms, int[] digestAlgorithms) { var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA"); keyPairGenerator.Init(parameters); var keyPair = new PgpKeyPair(algorithm, keyPairGenerator.GenerateKeyPair(), now); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage); subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms); subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms); if (expirationTime > 0) { subpacketGenerator.SetKeyExpirationTime(false, expirationTime); subpacketGenerator.SetSignatureExpirationTime(false, expirationTime); } keyRingGenerator.AddSubKey(keyPair, subpacketGenerator.Generate(), null); }
public override void PerformTest() { // // RSA tests // PgpSecretKeyRing pgpPriv = new PgpSecretKeyRing(rsaKeyRing); IPgpSecretKey secretKey = pgpPriv.GetSecretKey(); IPgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(rsaPass); try { doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey); Fail("RSA wrong key test failed."); } catch (PgpException) { // expected } try { doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey); Fail("RSA V3 wrong key test failed."); } catch (PgpException) { // expected } // // certifications // PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.KeyRevocation, pgpPrivKey); PgpSignature sig = sGen.GenerateCertification(secretKey.PublicKey); sig.InitVerify(secretKey.PublicKey); if (!sig.VerifyCertification(secretKey.PublicKey)) { Fail("revocation verification failed."); } PgpSecretKeyRing pgpDSAPriv = new PgpSecretKeyRing(dsaKeyRing); IPgpSecretKey secretDSAKey = pgpDSAPriv.GetSecretKey(); IPgpPrivateKey pgpPrivDSAKey = secretDSAKey.ExtractPrivateKey(dsaPass); sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey); PgpSignatureSubpacketGenerator unhashedGen = new PgpSignatureSubpacketGenerator(); PgpSignatureSubpacketGenerator hashedGen = new PgpSignatureSubpacketGenerator(); hashedGen.SetSignatureExpirationTime(false, TEST_EXPIRATION_TIME); hashedGen.SetSignerUserId(true, TEST_USER_ID); hashedGen.SetPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS); hashedGen.SetPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS); hashedGen.SetPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS); sGen.SetHashedSubpackets(hashedGen.Generate()); sGen.SetUnhashedSubpackets(unhashedGen.Generate()); sig = sGen.GenerateCertification(secretDSAKey.PublicKey, secretKey.PublicKey); byte[] sigBytes = sig.GetEncoded(); PgpObjectFactory f = new PgpObjectFactory(sigBytes); sig = ((PgpSignatureList) f.NextPgpObject())[0]; sig.InitVerify(secretDSAKey.PublicKey); if (!sig.VerifyCertification(secretDSAKey.PublicKey, secretKey.PublicKey)) { Fail("subkey binding verification failed."); } var hashedPcks = sig.GetHashedSubPackets(); var unhashedPcks = sig.GetUnhashedSubPackets(); if (hashedPcks.Count != 6) { Fail("wrong number of hashed packets found."); } if (unhashedPcks.Count != 1) { Fail("wrong number of unhashed packets found."); } if (!hashedPcks.GetSignerUserId().Equals(TEST_USER_ID)) { Fail("test userid not matching"); } if (hashedPcks.GetSignatureExpirationTime() != TEST_EXPIRATION_TIME) { Fail("test signature expiration time not matching"); } if (unhashedPcks.GetIssuerKeyId() != secretDSAKey.KeyId) { Fail("wrong issuer key ID found in certification"); } int[] prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms(); preferredAlgorithmCheck("compression", PREFERRED_COMPRESSION_ALGORITHMS, prefAlgs); prefAlgs = hashedPcks.GetPreferredHashAlgorithms(); preferredAlgorithmCheck("hash", PREFERRED_HASH_ALGORITHMS, prefAlgs); prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms(); preferredAlgorithmCheck("symmetric", PREFERRED_SYMMETRIC_ALGORITHMS, prefAlgs); SignatureSubpacketTag[] criticalHashed = hashedPcks.GetCriticalTags(); if (criticalHashed.Length != 1) { Fail("wrong number of critical packets found."); } if (criticalHashed[0] != SignatureSubpacketTag.SignerUserId) { Fail("wrong critical packet found in tag list."); } // // no packets passed // sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey); sGen.SetHashedSubpackets(null); sGen.SetUnhashedSubpackets(null); sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey); sig.InitVerify(secretDSAKey.PublicKey); if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey)) { Fail("subkey binding verification failed."); } hashedPcks = sig.GetHashedSubPackets(); if (hashedPcks.Count != 1) { Fail("found wrong number of hashed packets"); } unhashedPcks = sig.GetUnhashedSubPackets(); if (unhashedPcks.Count != 1) { Fail("found wrong number of unhashed packets"); } try { sig.VerifyCertification(secretKey.PublicKey); Fail("failed to detect non-key signature."); } catch (InvalidOperationException) { // expected } // // override hash packets // sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey); hashedGen = new PgpSignatureSubpacketGenerator(); DateTime creationTime = new DateTime(1973, 7, 27); hashedGen.SetSignatureCreationTime(false, creationTime); sGen.SetHashedSubpackets(hashedGen.Generate()); sGen.SetUnhashedSubpackets(null); sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey); sig.InitVerify(secretDSAKey.PublicKey); if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey)) { Fail("subkey binding verification failed."); } hashedPcks = sig.GetHashedSubPackets(); if (hashedPcks.Count != 1) { Fail("found wrong number of hashed packets in override test"); } if (!hashedPcks.HasSubpacket(SignatureSubpacketTag.CreationTime)) { Fail("hasSubpacket test for creation time failed"); } DateTime sigCreationTime = hashedPcks.GetSignatureCreationTime(); if (!sigCreationTime.Equals(creationTime)) { Fail("creation of overridden date failed."); } prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms(); preferredAlgorithmCheck("compression", NO_PREFERENCES, prefAlgs); prefAlgs = hashedPcks.GetPreferredHashAlgorithms(); preferredAlgorithmCheck("hash", NO_PREFERENCES, prefAlgs); prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms(); preferredAlgorithmCheck("symmetric", NO_PREFERENCES, prefAlgs); if (hashedPcks.GetKeyExpirationTime() != 0) { Fail("unexpected key expiration time found"); } if (hashedPcks.GetSignatureExpirationTime() != 0) { Fail("unexpected signature expiration time found"); } if (hashedPcks.GetSignerUserId() != null) { Fail("unexpected signer user ID found"); } criticalHashed = hashedPcks.GetCriticalTags(); if (criticalHashed.Length != 0) { Fail("critical packets found when none expected"); } unhashedPcks = sig.GetUnhashedSubPackets(); if (unhashedPcks.Count != 1) { Fail("found wrong number of unhashed packets in override test"); } // // general signatures // doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha256, secretKey.PublicKey, pgpPrivKey); doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha384, secretKey.PublicKey, pgpPrivKey); doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha512, secretKey.PublicKey, pgpPrivKey); doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey); doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF); doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF); doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF); doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF); // // DSA Tests // pgpPriv = new PgpSecretKeyRing(dsaKeyRing); secretKey = pgpPriv.GetSecretKey(); pgpPrivKey = secretKey.ExtractPrivateKey(dsaPass); try { doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey); Fail("DSA wrong key test failed."); } catch (PgpException) { // expected } try { doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey); Fail("DSA V3 wrong key test failed."); } catch (PgpException) { // expected } doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey); doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey); doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF); doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF); doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF); doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF); // special cases // doTestMissingSubpackets(nullPacketsSubKeyBinding); doTestMissingSubpackets(generateV3BinarySig(pgpPrivKey, PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1)); // keyflags doTestKeyFlagsValues(); }
private static PgpSignatureSubpacketVector GenerateSignatureSubpackets(string identity) { var hashedSubkeysGenerator = new PgpSignatureSubpacketGenerator(); hashedSubkeysGenerator.SetSignerUserId(false, identity); return hashedSubkeysGenerator.Generate(); }
private static byte[] SignPublicKey( IPgpSecretKey secretKey, string secretKeyPass, IPgpPublicKey keyToBeSigned, string notationName, string notationValue, bool armor) { Stream os = new MemoryStream(); if (armor) { os = new ArmoredOutputStream(os); } IPgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey( secretKeyPass.ToCharArray()); PgpSignatureGenerator sGen = new PgpSignatureGenerator( secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.DirectKey, pgpPrivKey); BcpgOutputStream bOut = new BcpgOutputStream(os); sGen.GenerateOnePassVersion(false).Encode(bOut); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); bool isHumanReadable = true; spGen.SetNotationData(true, isHumanReadable, notationName, notationValue); PgpSignatureSubpacketVector packetVector = spGen.Generate(); sGen.SetHashedSubpackets(packetVector); bOut.Flush(); if (armor) { os.Close(); } return PgpPublicKey.AddCertification(keyToBeSigned, sGen.Generate()).GetEncoded(); }
/** * Generated signature test * * @param sKey * @param pgpPrivKey * @return test result */ public void GenerateTest( PgpSecretKeyRing sKey, IPgpPublicKey pgpPubKey, IPgpPrivateKey pgpPrivKey) { string data = "hello world!"; MemoryStream bOut = new MemoryStream(); byte[] dataBytes = Encoding.ASCII.GetBytes(data); MemoryStream testIn = new MemoryStream(dataBytes, false); PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); IEnumerator enumerator = sKey.GetSecretKey().PublicKey.GetUserIds().GetEnumerator(); enumerator.MoveNext(); string primaryUserId = (string) enumerator.Current; spGen.SetSignerUserId(true, primaryUserId); sGen.SetHashedSubpackets(spGen.Generate()); PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator( CompressionAlgorithmTag.Zip); BcpgOutputStream bcOut = new BcpgOutputStream(cGen.Open(new UncloseableStream(bOut))); sGen.GenerateOnePassVersion(false).Encode(bcOut); PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator(); DateTime testDateTime = new DateTime(1973, 7, 27); Stream lOut = lGen.Open( new UncloseableStream(bcOut), PgpLiteralData.Binary, "_CONSOLE", dataBytes.Length, testDateTime); int ch; while ((ch = testIn.ReadByte()) >= 0) { lOut.WriteByte((byte) ch); sGen.Update((byte)ch); } lGen.Close(); sGen.Generate().Encode(bcOut); cGen.Close(); PgpObjectFactory pgpFact = new PgpObjectFactory(bOut.ToArray()); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData) pgpFact.NextPgpObject(); if (!p2.ModificationTime.Equals(testDateTime)) { Fail("Modification time not preserved"); } Stream dIn = p2.GetInputStream(); ops.InitVerify(pgpPubKey); while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte) ch); } PgpSignatureList p3 = (PgpSignatureList) pgpFact.NextPgpObject(); if (!ops.Verify(p3[0])) { Fail("Failed generated signature check"); } }
private void generateTest( string message, string type) { PgpSecretKey pgpSecKey = ReadSecretKey(new MemoryStream(secretKey)); PgpPrivateKey pgpPrivKey = pgpSecKey.ExtractPrivateKey("".ToCharArray()); PgpSignatureGenerator sGen = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); sGen.InitSign(PgpSignature.CanonicalTextDocument, pgpPrivKey); IEnumerator it = pgpSecKey.PublicKey.GetUserIds().GetEnumerator(); if (it.MoveNext()) { spGen.SetSignerUserId(false, (string)it.Current); sGen.SetHashedSubpackets(spGen.Generate()); } MemoryStream bOut = new MemoryStream(); ArmoredOutputStream aOut = new ArmoredOutputStream(bOut); MemoryStream bIn = new MemoryStream(Encoding.ASCII.GetBytes(message), false); aOut.BeginClearText(HashAlgorithmTag.Sha256); // // note the last \n m_in the file is ignored // MemoryStream lineOut = new MemoryStream(); int lookAhead = ReadInputLine(lineOut, bIn); ProcessLine(aOut, sGen, lineOut.ToArray()); if (lookAhead != -1) { do { lookAhead = ReadInputLine(lineOut, lookAhead, bIn); sGen.Update((byte) '\r'); sGen.Update((byte) '\n'); ProcessLine(aOut, sGen, lineOut.ToArray()); } while (lookAhead != -1); } aOut.EndClearText(); BcpgOutputStream bcpgOut = new BcpgOutputStream(aOut); sGen.Generate().Encode(bcpgOut); aOut.Close(); byte[] bs = bOut.ToArray(); messageTest(Encoding.ASCII.GetString(bs, 0, bs.Length), type); }