/// <summary>
/// Encrypt and sign the stream pointed to by unencryptedFileInfo and
/// </summary>
/// <param name="inputStream"></param>
/// <param name="outputStream"></param>
/// <param name="publicKeyStream"></param>
/// <param name="privateKeyStream"></param>
/// <param name="passPhrase"></param>
/// <param name="armor"></param>
public void EncryptStreamAndSign(Stream inputStream, Stream outputStream, IEnumerable <Stream> publicKeyStreams,
Stream privateKeyStream, string passPhrase, bool armor = true, bool withIntegrityCheck = true)
{
if (inputStream == null)
{
throw new ArgumentException("InputStream");
}
if (outputStream == null)
{
throw new ArgumentException("OutputStream");
}
if (privateKeyStream == null)
{
throw new ArgumentException("PrivateKeyStream");
}
if (passPhrase == null)
{
passPhrase = String.Empty;
}
foreach (Stream publicKey in publicKeyStreams)
{
if (publicKey == null)
{
throw new ArgumentException("PublicKeyStream");
}
}
EncryptionKeys encryptionKeys = new EncryptionKeys(publicKeyStreams, privateKeyStream, passPhrase);
if (encryptionKeys == null)
{
throw new ArgumentNullException("Encryption Key not found.");
}
if (armor)
{
using (ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(outputStream))
{
OutputEncrypted(inputStream, armoredOutputStream, encryptionKeys, withIntegrityCheck, "name");
}
}
else
{
OutputEncrypted(inputStream, outputStream, encryptionKeys, withIntegrityCheck, "name");
}
}
private PgpSignatureGenerator InitSignatureGenerator(Stream compressedOut, EncryptionKeys encryptionKeys)
{
PublicKeyAlgorithmTag tag = encryptionKeys.SecretKey.PublicKey.Algorithm;
PgpSignatureGenerator pgpSignatureGenerator = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha1);
pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, encryptionKeys.PrivateKey);
foreach (string userId in encryptionKeys.SecretKey.PublicKey.GetUserIds())
{
PgpSignatureSubpacketGenerator subPacketGenerator = new PgpSignatureSubpacketGenerator();
subPacketGenerator.SetSignerUserId(false, userId);
pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate());
// Just the first one!
break;
}
pgpSignatureGenerator.GenerateOnePassVersion(false).Encode(compressedOut);
return(pgpSignatureGenerator);
}
private void OutputEncrypted(string inputFilePath, Stream outputStream, EncryptionKeys encryptionKeys, bool withIntegrityCheck)
{
using (Stream encryptedOut = ChainEncryptedOut(outputStream, encryptionKeys, withIntegrityCheck))
{
FileInfo unencryptedFileInfo = new FileInfo(inputFilePath);
using (Stream compressedOut = ChainCompressedOut(encryptedOut))
{
PgpSignatureGenerator signatureGenerator = InitSignatureGenerator(compressedOut, encryptionKeys);
using (Stream literalOut = ChainLiteralOut(compressedOut, unencryptedFileInfo))
{
using (FileStream inputFileStream = unencryptedFileInfo.OpenRead())
{
WriteOutputAndSign(compressedOut, literalOut, inputFileStream, signatureGenerator);
inputFileStream.Dispose();
}
}
}
}
}
private Stream ChainEncryptedOut(Stream outputStream, EncryptionKeys encryptionKeys, bool withIntegrityCheck)
{
PgpEncryptedDataGenerator encryptedDataGenerator;
encryptedDataGenerator = new PgpEncryptedDataGenerator(SymmetricKeyAlgorithm, withIntegrityCheck, new SecureRandom());
if (encryptionKeys.PublicKey != null)
{
encryptedDataGenerator.AddMethod(encryptionKeys.PublicKey);
}
else if (encryptionKeys.PublicKeys != null)
{
foreach (PgpPublicKey publicKey in encryptionKeys.PublicKeys)
{
encryptedDataGenerator.AddMethod(publicKey);
}
}
return(encryptedDataGenerator.Open(outputStream, new byte[BufferSize]));
}
internal static PgpObject GetClearCompressedMessage(PgpPublicKeyEncryptedData publicKeyED, EncryptionKeys encryptionKeys)
{
PgpObjectFactory clearFactory = GetClearDataStream(encryptionKeys.PrivateKey, publicKeyED);
PgpObject message = clearFactory.NextPgpObject();
if (message is PgpOnePassSignatureList)
{
message = clearFactory.NextPgpObject();
}
return(message);
}
/// <summary>
/// Encrypt and sign the file pointed to by unencryptedFileInfo and
/// </summary>
/// <param name="inputFilePath"></param>
/// <param name="outputFilePath"></param>
/// <param name="publicKeyFilePath"></param>
/// <param name="privateKeyFilePath"></param>
/// <param name="passPhrase"></param>
/// <param name="armor"></param>
public void EncryptFileAndSign(string inputFilePath, string outputFilePath, IEnumerable <string> publicKeyFilePaths,
string privateKeyFilePath, string passPhrase, bool armor = true, bool withIntegrityCheck = true)
{
//Avoid multiple enumerations of 'publicKeyFilePaths'
string[] publicKeys = publicKeyFilePaths.ToArray();
if (String.IsNullOrEmpty(inputFilePath))
{
throw new ArgumentException("InputFilePath");
}
if (String.IsNullOrEmpty(outputFilePath))
{
throw new ArgumentException("OutputFilePath");
}
if (String.IsNullOrEmpty(privateKeyFilePath))
{
throw new ArgumentException("PrivateKeyFilePath");
}
if (passPhrase == null)
{
passPhrase = String.Empty;
}
if (!File.Exists(inputFilePath))
{
throw new FileNotFoundException(String.Format("Input file [{0}] does not exist.", inputFilePath));
}
if (!File.Exists(privateKeyFilePath))
{
throw new FileNotFoundException(String.Format("Private Key file [{0}] does not exist.", privateKeyFilePath));
}
foreach (string publicKeyFilePath in publicKeys)
{
if (String.IsNullOrEmpty(publicKeyFilePath))
{
throw new ArgumentException(nameof(publicKeyFilePath));
}
if (!File.Exists(publicKeyFilePath))
{
throw new FileNotFoundException(String.Format("Input file [{0}] does not exist.", publicKeyFilePath));
}
}
EncryptionKeys encryptionKeys = new EncryptionKeys(publicKeyFilePaths, privateKeyFilePath, passPhrase);
if (encryptionKeys == null)
{
throw new ArgumentNullException("Encryption Key not found.");
}
using (Stream outputStream = File.Create(outputFilePath))
{
if (armor)
{
using (ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(outputStream))
{
OutputEncrypted(inputFilePath, armoredOutputStream, encryptionKeys, withIntegrityCheck);
}
}
else
{
OutputEncrypted(inputFilePath, outputStream, encryptionKeys, withIntegrityCheck);
}
}
}
/*
* PGP decrypt and verify a given stream.
*/
private void DecryptAndVerify(Stream inputStream, Stream outputStream, Stream publicKeyStream, Stream privateKeyStream, string passPhrase)
{
EncryptionKeys encryptionKeys = new EncryptionKeys(publicKeyStream, privateKeyStream, passPhrase);
PgpPublicKeyEncryptedData publicKeyED = Utilities.ExtractPublicKeyEncryptedData(inputStream);
if (publicKeyED.KeyId != encryptionKeys.PublicKey.KeyId)
{
throw new PgpException(String.Format("Failed to verify file."));
}
PgpObject message = Utilities.GetClearCompressedMessage(publicKeyED, encryptionKeys);
PgpObjectFactory objFactory = new PgpObjectFactory(PgpUtilities.GetDecoderStream(inputStream));
// find secret key
PgpSecretKeyRingBundle pgpSec = new PgpSecretKeyRingBundle(PgpUtilities.GetDecoderStream(privateKeyStream));
PgpObject obj = null;
if (objFactory != null)
{
obj = objFactory.NextPgpObject();
}
// the first object might be a PGP marker packet.
PgpEncryptedDataList enc = null;
if (obj is PgpEncryptedDataList)
{
enc = (PgpEncryptedDataList)obj;
}
else
{
enc = (PgpEncryptedDataList)objFactory.NextPgpObject();
}
// decrypt
PgpPrivateKey privateKey = null;
PgpPublicKeyEncryptedData pbe = null;
foreach (PgpPublicKeyEncryptedData pked in enc.GetEncryptedDataObjects())
{
privateKey = FindSecretKey(pgpSec, pked.KeyId, passPhrase.ToCharArray());
if (privateKey != null)
{
pbe = pked;
break;
}
}
if (privateKey == null)
{
throw new ArgumentException("Secret key for message not found.");
}
PgpObjectFactory plainFact = null;
using (Stream clear = pbe.GetDataStream(privateKey))
{
plainFact = new PgpObjectFactory(clear);
}
if (message is PgpCompressedData)
{
PgpCompressedData cData = (PgpCompressedData)message;
PgpObjectFactory of = null;
using (Stream compDataIn = cData.GetDataStream())
{
of = new PgpObjectFactory(compDataIn);
}
message = of.NextPgpObject();
if (message is PgpOnePassSignatureList)
{
message = of.NextPgpObject();
PgpLiteralData Ld = null;
Ld = (PgpLiteralData)message;
Stream unc = Ld.GetInputStream();
Streams.PipeAll(unc, outputStream);
}
else
{
PgpLiteralData Ld = null;
Ld = (PgpLiteralData)message;
Stream unc = Ld.GetInputStream();
Streams.PipeAll(unc, outputStream);
}
}
else if (message is PgpLiteralData)
{
PgpLiteralData ld = (PgpLiteralData)message;
string outFileName = ld.FileName;
Stream unc = ld.GetInputStream();
Streams.PipeAll(unc, outputStream);
if (pbe.IsIntegrityProtected())
{
if (!pbe.Verify())
{
throw new PgpException("Message failed integrity check.");
}
}
}
else
{
throw new PgpException("Message is not a simple encrypted file.");
}
}