/// <summary>
/// Verifies that a digital signature is valid by determining the hash value
/// in the signature using the provided public key and comparing it to the hash
/// value of the provided data.
/// </summary>
/// <param name="inputStream">The data that was signed.</param>
/// <param name="signature">The signature data to be verified.</param>
/// <param name="rsaProvider">The RSA crypto service provider.</param>
/// <param name="hashAlgorithm">The hash algorithm to use to create the hash value.</param>
/// <returns>True if the signature is valid; otherwise, false.</returns>
public bool VerifyData(Stream inputStream, byte[] signature, RSACryptoServiceProvider rsaProvider, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512)
{
Stream signatureInput = null;
try
{
// Export the signer public key parameters.
RSAParameters rsaPublicKeySignerParam = rsaProvider.ExportParameters(false);
Key.Crypto.Parameters.RsaKeyParameters rsaPublicKeySigner =
new Key.Crypto.Parameters.RsaKeyParameters(
false,
new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Modulus),
new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Exponent)
);
signatureInput = new MemoryStream(signature);
signatureInput = Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(signatureInput);
// Get the public key.
Key.Bcpg.OpenPgp.PgpPublicKey publicKey = new Key.Bcpg.OpenPgp.PgpPublicKey(Key.Bcpg.PublicKeyAlgorithmTag.RsaGeneral, rsaPublicKeySigner, DateTime.UtcNow);
Key.Bcpg.OpenPgp.PgpObjectFactory pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(signatureInput);
Key.Bcpg.OpenPgp.PgpSignatureList signatureList = null;
Key.Bcpg.OpenPgp.PgpObject pgpObject = pgpFact.NextPgpObject();
// If the message is compressed.
if (pgpObject is Key.Bcpg.OpenPgp.PgpCompressedData)
{
// Get the compression object.
Key.Bcpg.OpenPgp.PgpCompressedData compressedData = (Key.Bcpg.OpenPgp.PgpCompressedData)pgpObject;
pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(compressedData.GetDataStream());
signatureList = (Key.Bcpg.OpenPgp.PgpSignatureList)pgpFact.NextPgpObject();
}
else
{
// Get the message list.
signatureList = (Key.Bcpg.OpenPgp.PgpSignatureList)pgpObject;
}
// Load the public key into the pgp signer.
Key.Bcpg.OpenPgp.PgpSignature pgpSignature = signatureList[0];
pgpSignature.InitVerify(publicKey);
int ch;
while ((ch = inputStream.ReadByte()) >= 0)
{
// Update the generator.
pgpSignature.Update((byte)ch);
}
// Verify the signature.
if (pgpSignature.Verify())
{
// signature verified.
return(true);
}
else
{
// signature verification failed.
return(false);
}
}
catch (Exception)
{
throw;
}
finally
{
if (signatureInput != null)
{
signatureInput.Close();
}
}
}
/// <summary>
/// Decrypt the stream.
/// </summary>
/// <param name="decrypted">The stream containing the decrypted data.</param>
/// <param name="input">The data to decrypt.</param>
/// <param name="secretKey">The secret key used for decryption.</param>
/// <param name="password">The password used to protect the secret key.</param>
/// <returns>Returns null if no integrity packet exists; false if message failed integrity check; true if message integrity check passed.</returns>
public bool?Decrypt(System.IO.Stream decrypted, System.IO.Stream input, System.IO.Stream secretKey, string password)
{
// Get decorder stream.
input = Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(input);
System.IO.Stream clear = null;
System.IO.Stream unc = null;
try
{
// Load the encrypted input stream.
Key.Bcpg.OpenPgp.PgpEncryptedDataList encryptedDataList = null;
Key.Bcpg.OpenPgp.PgpObjectFactory objectFactory = new Key.Bcpg.OpenPgp.PgpObjectFactory(input);
Key.Bcpg.OpenPgp.PgpObject o = objectFactory.NextPgpObject();
// The first object might be a PGP marker packet.
if (o is Key.Bcpg.OpenPgp.PgpEncryptedDataList)
{
// Get the data list.
encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)o;
}
else
{
// Get the next object.
encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)objectFactory.NextPgpObject();
}
// Find the secret key
Key.Bcpg.OpenPgp.PgpPrivateKey privateKey = null;
Key.Bcpg.OpenPgp.PgpPublicKeyEncryptedData publicKeyEncryptedData = null;
Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle secretKeyRingBundle = new Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle(Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(secretKey));
// For each object find the secret key.
foreach (Key.Bcpg.OpenPgp.PgpPublicKeyEncryptedData pked in encryptedDataList.GetEncryptedDataObjects())
{
// Find the private key (secret key).
privateKey = FindSecretKey(secretKeyRingBundle, pked.KeyId, password.ToArray());
// If the private key exists.
if (privateKey != null)
{
// This is the private key.
publicKeyEncryptedData = pked;
break;
}
}
// If a private key was not found.
if (privateKey == null)
{
throw new ArgumentException("secret key for message not found.");
}
// Get the data stream.
clear = publicKeyEncryptedData.GetDataStream(privateKey);
// Get the key message.
Key.Bcpg.OpenPgp.PgpObjectFactory plainFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(clear);
Key.Bcpg.OpenPgp.PgpObject message = plainFact.NextPgpObject();
// If message is compressed.
if (message is Key.Bcpg.OpenPgp.PgpCompressedData)
{
// Decompress the message.
Key.Bcpg.OpenPgp.PgpCompressedData cData = (Key.Bcpg.OpenPgp.PgpCompressedData)message;
Key.Bcpg.OpenPgp.PgpObjectFactory pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(cData.GetDataStream());
message = pgpFact.NextPgpObject();
}
// If the message is literal data.
if (message is Key.Bcpg.OpenPgp.PgpLiteralData)
{
Key.Bcpg.OpenPgp.PgpLiteralData ld = (Key.Bcpg.OpenPgp.PgpLiteralData)message;
// Get the file name of the embedded encrypted file.
string outFileName = ld.FileName;
// Write the ecrypted data file to the decrypted stream.
unc = ld.GetInputStream();
Key.Utilities.IO.Streams.PipeAll(unc, decrypted);
}
else if (message is Key.Bcpg.OpenPgp.PgpOnePassSignatureList)
{
throw new Exception("encrypted message contains a signed message - not literal data.");
}
else
{
throw new Exception("message is not a simple encrypted file - type unknown.");
}
// If the ecrypted file contains an integrity packet associated with it.
if (publicKeyEncryptedData.IsIntegrityProtected())
{
// If it has been verified.
if (!publicKeyEncryptedData.Verify())
{
// Message failed integrity check.
return(false);
}
else
{
// Message integrity check passed.
return(true);
}
}
// No integrity packet exists.
return(null);
}
catch (Exception)
{
throw;
}
finally
{
if (clear != null)
{
clear.Close();
}
if (unc != null)
{
unc.Close();
}
}
}
/// <summary>
/// Decrypt the stream.
/// </summary>
/// <param name="decrypted">The stream containing the decrypted data.</param>
/// <param name="input">The data to decrypt.</param>
/// <param name="password">The password used for decryption.</param>
/// <returns>Returns null if no integrity packet exists; false if message failed integrity check; true if message integrity check passed.</returns>
public bool?Decrypt(System.IO.Stream decrypted, System.IO.Stream input, string password)
{
// Get decorder stream.
input = Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(input);
System.IO.Stream clear = null;
System.IO.Stream unc = null;
try
{
// Load the encrypted input stream.
Key.Bcpg.OpenPgp.PgpEncryptedDataList encryptedDataList = null;
Key.Bcpg.OpenPgp.PgpObjectFactory objectFactory = new Key.Bcpg.OpenPgp.PgpObjectFactory(input);
Key.Bcpg.OpenPgp.PgpObject o = objectFactory.NextPgpObject();
// The first object might be a PGP marker packet.
if (o is Key.Bcpg.OpenPgp.PgpEncryptedDataList)
{
// Get the data list.
encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)o;
}
else
{
// Get the next object.
encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)objectFactory.NextPgpObject();
}
// Load the password.
Key.Bcpg.OpenPgp.PgpPbeEncryptedData pbe = (Key.Bcpg.OpenPgp.PgpPbeEncryptedData)encryptedDataList[0];
clear = pbe.GetDataStream(password.ToArray());
Key.Bcpg.OpenPgp.PgpObjectFactory plainFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(clear);
Key.Bcpg.OpenPgp.PgpObject message = plainFact.NextPgpObject();
// If message is compressed.
if (message is Key.Bcpg.OpenPgp.PgpCompressedData)
{
// Decompress the message.
Key.Bcpg.OpenPgp.PgpCompressedData cData = (Key.Bcpg.OpenPgp.PgpCompressedData)message;
Key.Bcpg.OpenPgp.PgpObjectFactory pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(cData.GetDataStream());
message = pgpFact.NextPgpObject();
}
// If the message is literal data.
if (message is Key.Bcpg.OpenPgp.PgpLiteralData)
{
Key.Bcpg.OpenPgp.PgpLiteralData ld = (Key.Bcpg.OpenPgp.PgpLiteralData)message;
// Get the file name of the embedded encrypted file.
string outFileName = ld.FileName;
// Write the ecrypted data file to the decrypted stream.
unc = ld.GetInputStream();
Key.Utilities.IO.Streams.PipeAll(unc, decrypted);
}
else if (message is Key.Bcpg.OpenPgp.PgpOnePassSignatureList)
{
throw new Exception("encrypted message contains a signed message - not literal data.");
}
else
{
throw new Exception("message is not a simple encrypted file - type unknown.");
}
// If the ecrypted file contains an integrity packet associated with it.
if (pbe.IsIntegrityProtected())
{
// If it has been verified.
if (!pbe.Verify())
{
// Message failed integrity check.
return(false);
}
else
{
// Message integrity check passed.
return(true);
}
}
// No integrity packet exists.
return(null);
}
catch (Exception)
{
throw;
}
finally
{
if (clear != null)
{
clear.Close();
}
if (unc != null)
{
unc.Close();
}
}
}