/// <summary> /// Search a secret key ring collection for a secret key corresponding to keyID if it exists. /// </summary> /// <param name="pgpSec">A secret key ring collection</param> /// <param name="keyID">The keyID we want.</param> /// <param name="password">The passphrase to decrypt secret key with.</param> /// <returns>The private key.</returns> private Key.Bcpg.OpenPgp.PgpPrivateKey FindSecretKey(Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle pgpSec, long keyID, char[] password) { // Get the secret key from the unique key id. Key.Bcpg.OpenPgp.PgpSecretKey pgpSecKey = pgpSec.GetSecretKey(keyID); // If a secret key does not exist. if (pgpSecKey == null) { return(null); } // Extract the private key. return(pgpSecKey.ExtractPrivateKey(password)); }
/// <summary> /// Return a new bundle containing the contents of the passed in bundle with /// the passed in secret key ring removed. /// </summary> /// <param name="bundle">The <c>PgpSecretKeyRingBundle</c> the key ring is to be removed from.</param> /// <param name="secretKeyRing">The key ring to be removed.</param> /// <returns>A new <c>PgpSecretKeyRingBundle</c> not containing the passed in key ring.</returns> /// <exception cref="ArgumentException">If the keyId for the passed in key ring is not present.</exception> public static PgpSecretKeyRingBundle RemoveSecretKeyRing( PgpSecretKeyRingBundle bundle, PgpSecretKeyRing secretKeyRing) { long key = secretKeyRing.GetPublicKey().KeyId; if (!bundle.secretRings.Contains(key)) { throw new ArgumentException("Collection does not contain a key with a keyId for the passed in ring."); } IDictionary newSecretRings = Platform.CreateHashtable(bundle.secretRings); IList newOrder = Platform.CreateArrayList(bundle.order); newSecretRings.Remove(key); newOrder.Remove(key); return(new PgpSecretKeyRingBundle(newSecretRings, newOrder)); }
/// <summary> /// Public and secret key provider. /// </summary> /// <param name="publicKey">The public key data.</param> /// <param name="secretKey">The secret key data.</param> /// <param name="keyID">The unique key id of the public secret key pair.</param> /// <param name="password">The password used to protect the secret key.</param> /// <returns>The RSA cryto service provider.</returns> public RSACryptoServiceProvider PublicKeySecretKey(System.IO.Stream publicKey, System.IO.Stream secretKey, long keyID, string password = null) { // Read the public key data. Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey); // Find the secret key Key.Bcpg.OpenPgp.PgpPrivateKey privateKey = null; Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle secretKeyRingBundle = new Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle(Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(secretKey)); // Find the private key (secret key). privateKey = FindSecretKey(secretKeyRingBundle, keyID, password.ToArray()); // Assign the rsa parameters. RSAParameters rsaPrivateParam = new RSAParameters(); Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)pgpPublicKey.GetKey(); Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)privateKey.Key; // Assign the rsa parameters. rsaPrivateParam.D = rsaCrtPrivateParam.Exponent.ToByteArrayUnsigned(); rsaPrivateParam.DP = rsaCrtPrivateParam.DP.ToByteArrayUnsigned(); rsaPrivateParam.DQ = rsaCrtPrivateParam.DQ.ToByteArrayUnsigned(); rsaPrivateParam.InverseQ = rsaCrtPrivateParam.QInv.ToByteArrayUnsigned(); rsaPrivateParam.P = rsaCrtPrivateParam.P.ToByteArrayUnsigned(); rsaPrivateParam.Q = rsaCrtPrivateParam.Q.ToByteArrayUnsigned(); rsaPrivateParam.Modulus = rsaPrivatePublic.Modulus.ToByteArrayUnsigned(); rsaPrivateParam.Exponent = rsaPrivatePublic.Exponent.ToByteArrayUnsigned(); // Create the encyption provider. RSACryptoServiceProvider rsaEncryptProvider = new RSACryptoServiceProvider(); rsaEncryptProvider.ImportParameters(rsaPrivateParam); // Return the rsa provider. return(rsaEncryptProvider); }
/// <summary> /// Decrypt the stream. /// </summary> /// <param name="decrypted">The stream containing the decrypted data.</param> /// <param name="input">The data to decrypt.</param> /// <param name="secretKey">The secret key used for decryption.</param> /// <param name="password">The password used to protect the secret key.</param> /// <returns>Returns null if no integrity packet exists; false if message failed integrity check; true if message integrity check passed.</returns> public bool?Decrypt(System.IO.Stream decrypted, System.IO.Stream input, System.IO.Stream secretKey, string password) { // Get decorder stream. input = Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(input); System.IO.Stream clear = null; System.IO.Stream unc = null; try { // Load the encrypted input stream. Key.Bcpg.OpenPgp.PgpEncryptedDataList encryptedDataList = null; Key.Bcpg.OpenPgp.PgpObjectFactory objectFactory = new Key.Bcpg.OpenPgp.PgpObjectFactory(input); Key.Bcpg.OpenPgp.PgpObject o = objectFactory.NextPgpObject(); // The first object might be a PGP marker packet. if (o is Key.Bcpg.OpenPgp.PgpEncryptedDataList) { // Get the data list. encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)o; } else { // Get the next object. encryptedDataList = (Key.Bcpg.OpenPgp.PgpEncryptedDataList)objectFactory.NextPgpObject(); } // Find the secret key Key.Bcpg.OpenPgp.PgpPrivateKey privateKey = null; Key.Bcpg.OpenPgp.PgpPublicKeyEncryptedData publicKeyEncryptedData = null; Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle secretKeyRingBundle = new Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle(Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(secretKey)); // For each object find the secret key. foreach (Key.Bcpg.OpenPgp.PgpPublicKeyEncryptedData pked in encryptedDataList.GetEncryptedDataObjects()) { // Find the private key (secret key). privateKey = FindSecretKey(secretKeyRingBundle, pked.KeyId, password.ToArray()); // If the private key exists. if (privateKey != null) { // This is the private key. publicKeyEncryptedData = pked; break; } } // If a private key was not found. if (privateKey == null) { throw new ArgumentException("secret key for message not found."); } // Get the data stream. clear = publicKeyEncryptedData.GetDataStream(privateKey); // Get the key message. Key.Bcpg.OpenPgp.PgpObjectFactory plainFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(clear); Key.Bcpg.OpenPgp.PgpObject message = plainFact.NextPgpObject(); // If message is compressed. if (message is Key.Bcpg.OpenPgp.PgpCompressedData) { // Decompress the message. Key.Bcpg.OpenPgp.PgpCompressedData cData = (Key.Bcpg.OpenPgp.PgpCompressedData)message; Key.Bcpg.OpenPgp.PgpObjectFactory pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(cData.GetDataStream()); message = pgpFact.NextPgpObject(); } // If the message is literal data. if (message is Key.Bcpg.OpenPgp.PgpLiteralData) { Key.Bcpg.OpenPgp.PgpLiteralData ld = (Key.Bcpg.OpenPgp.PgpLiteralData)message; // Get the file name of the embedded encrypted file. string outFileName = ld.FileName; // Write the ecrypted data file to the decrypted stream. unc = ld.GetInputStream(); Key.Utilities.IO.Streams.PipeAll(unc, decrypted); } else if (message is Key.Bcpg.OpenPgp.PgpOnePassSignatureList) { throw new Exception("encrypted message contains a signed message - not literal data."); } else { throw new Exception("message is not a simple encrypted file - type unknown."); } // If the ecrypted file contains an integrity packet associated with it. if (publicKeyEncryptedData.IsIntegrityProtected()) { // If it has been verified. if (!publicKeyEncryptedData.Verify()) { // Message failed integrity check. return(false); } else { // Message integrity check passed. return(true); } } // No integrity packet exists. return(null); } catch (Exception) { throw; } finally { if (clear != null) { clear.Close(); } if (unc != null) { unc.Close(); } } }