/// <summary>
/// Verify encryption parameters.
/// </summary>
/// <param name="inputFile">
/// The input file.
/// </param>
/// <param name="publicKeyFile">
/// The public key file.
/// </param>
/// <param name="privateKeyFile">
/// The private key file.
/// </param>
/// <param name="passPhrase">
/// The pass phrase.
/// </param>
/// <param name="encryptionKeys">
/// The encryption keys.
/// </param>
/// <exception cref="FileNotFoundException">
/// Thrown if any of the paths specified are invalid.
/// </exception>
/// <exception cref="ArgumentNullException">
/// Thrown if the encryption keys or passphrase are null.
/// </exception>
private static void VerifyEncryptionParameters(
string inputFile,
string publicKeyFile,
string privateKeyFile,
string passPhrase,
PgpKeyContainer encryptionKeys)
{
if (!File.Exists(inputFile))
{
throw new FileNotFoundException(string.Format("Input file [{0}] does not exist.", inputFile));
}
if (!File.Exists(publicKeyFile))
{
throw new FileNotFoundException(string.Format("Public Key file [{0}] does not exist.", publicKeyFile));
}
if (!File.Exists(privateKeyFile))
{
throw new FileNotFoundException(string.Format("Private Key file [{0}] does not exist.", privateKeyFile));
}
if (string.IsNullOrEmpty(passPhrase))
{
throw new ArgumentNullException(nameof(passPhrase));
}
if (encryptionKeys == null)
{
throw new ArgumentNullException(nameof(encryptionKeys));
}
}
/// <summary>
/// Output encrypted data stream
/// </summary>
/// <param name="inputFile">
/// The input file.
/// </param>
/// <param name="outputStream">
/// The output stream.
/// </param>
/// <param name="encryptionKeys">
/// The encryption keys.
/// </param>
/// <param name="integrityProtected">
/// Integrity protect?
/// </param>
/// <param name="symmetricKeyAlgorithm">
/// Symmetric algorithm.
/// </param>
/// <param name="compressionAlgorithm">
/// Compression algorithm.
/// </param>
private static void OutputEncrypted(
string inputFile,
Stream outputStream,
PgpKeyContainer encryptionKeys,
bool integrityProtected,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm = SymmetricKeyAlgorithmTag.Aes128,
CompressionAlgorithmTag compressionAlgorithm = CompressionAlgorithmTag.Zip)
{
using (
var encryptedOut = ChainEncryptedOut(
outputStream,
encryptionKeys,
integrityProtected,
symmetricKeyAlgorithm))
using (var compressedOut = ChainCompressedOut(encryptedOut, compressionAlgorithm))
{
var unencryptedFileInfo = new FileInfo(inputFile);
var signatureGenerator = InitSignatureGenerator(compressedOut, encryptionKeys);
using (var literalOut = ChainLiteralOut(compressedOut, unencryptedFileInfo))
using (var inputFileStream = unencryptedFileInfo.OpenRead())
{
WriteOutputAndSign(compressedOut, literalOut, inputFileStream, signatureGenerator);
}
}
}
/// <summary>
/// Chain the encrypted output.
/// </summary>
/// <param name="outputStream">
/// The output stream.
/// </param>
/// <param name="encryptionKeys">
/// The encryption keys.
/// </param>
/// <param name="integrityProtected">
/// Integrity protect?
/// </param>
/// <param name="symmetricKeyAlgorithm">
/// Symmetric algorithm.
/// </param>
/// <returns>
/// The <see cref="Stream"/>.
/// </returns>
private static Stream ChainEncryptedOut(
Stream outputStream,
PgpKeyContainer encryptionKeys,
bool integrityProtected,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm = SymmetricKeyAlgorithmTag.Aes128)
{
var encryptedDataGenerator = new PgpEncryptedDataGenerator(
symmetricKeyAlgorithm,
integrityProtected,
new SecureRandom());
encryptedDataGenerator.AddMethod(encryptionKeys.PublicKey);
return(encryptedDataGenerator.Open(outputStream, new byte[PgpCommon.BufferSize]));
}
/// <summary>
/// Encrypt and sign the file.
/// </summary>
/// <param name="inputFile">
/// Input path of the file to encrypt.
/// </param>
/// <param name="outputFile">
/// Output path of the encrypted file.
/// </param>
/// <param name="publicKeyFile">
/// Path to the public key file.
/// </param>
/// <param name="privateKeyFile">
/// Path to the secret key file containing the private key.
/// </param>
/// <param name="passPhrase">
/// The passphrase protecting the secret file.
/// </param>
/// <param name="symmetricKeyAlgorithm">
/// Symmetric encryption algorithm.
/// </param>
/// <param name="armor">
/// Should the encrypted file be written as ASCII armor?
/// </param>
/// <param name="integrityProtect">
/// Integrity protect?
/// </param>
/// <param name="compressionAlgorithm">
/// Compression algorithm to use.
/// </param>
/// <exception cref="FileNotFoundException">
/// Throws a <see cref="FileNotFoundException"/> if the input, public
/// key or secret key files do not exist.
/// </exception>
public static void EncryptAndSignFile(
string inputFile,
string outputFile,
string publicKeyFile,
string privateKeyFile,
string passPhrase,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm = SymmetricKeyAlgorithmTag.Aes256,
bool armor = true,
bool integrityProtect = true,
CompressionAlgorithmTag compressionAlgorithm = CompressionAlgorithmTag.Zip)
{
var encryptionKeys = new PgpKeyContainer(publicKeyFile, privateKeyFile, passPhrase);
VerifyEncryptionParameters(inputFile, publicKeyFile, privateKeyFile, passPhrase, encryptionKeys);
using (Stream outputStream = File.Create(outputFile))
{
if (armor)
{
using (var armoredOutputStream = new ArmoredOutputStream(outputStream))
{
OutputEncrypted(
inputFile,
armoredOutputStream,
encryptionKeys,
integrityProtect,
symmetricKeyAlgorithm,
compressionAlgorithm);
}
}
else
{
OutputEncrypted(
inputFile,
outputStream,
encryptionKeys,
integrityProtect,
symmetricKeyAlgorithm,
compressionAlgorithm);
}
}
}
/// <summary>
/// Initialise the signature generator.
/// </summary>
/// <param name="compressedOutputStream">
/// The compressed output.
/// </param>
/// <param name="encryptionKeys">
/// The PGP encryption key container.
/// </param>
/// <returns>
/// The <see cref="PgpSignatureGenerator"/>.
/// </returns>
private static PgpSignatureGenerator InitSignatureGenerator(
Stream compressedOutputStream,
PgpKeyContainer encryptionKeys)
{
const bool IsCritical = false;
const bool IsNested = false;
var tag = encryptionKeys.SecretKey.PublicKey.Algorithm;
var pgpSignatureGenerator = new PgpSignatureGenerator(tag, HashAlgorithmTag.Sha256);
pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, encryptionKeys.PrivateKey);
foreach (string userId in encryptionKeys.SecretKey.PublicKey.GetUserIds())
{
var subPacketGenerator = new PgpSignatureSubpacketGenerator();
subPacketGenerator.SetSignerUserId(IsCritical, userId);
pgpSignatureGenerator.SetHashedSubpackets(subPacketGenerator.Generate());
break;
}
pgpSignatureGenerator.GenerateOnePassVersion(IsNested).Encode(compressedOutputStream);
return(pgpSignatureGenerator);
}
