/// <summary>
/// Create a new key ring generator.
/// </summary>
/// <param name="asymmetricAlgorithm">The master key pair.</param>
/// <param name="id">User id associated with the keys in the ring.</param>
/// <param name="creationTime">The creation time for the master key pair.</param>
/// <param name="rawPassPhrase">The passPhrase to be used to protect secret keys.</param>
/// <param name="certificationLevel">The certification level for keys on this ring.</param>
/// <param name="hashedAttributes">Packets to be included in the certification hash.</param>
/// <param name="unhashedAttributes">Packets to be attached unhashed to the certification.</param>
public PgpKeyRingGenerator(
AsymmetricAlgorithm asymmetricAlgorithm,
string id,
byte[]?rawPassPhrase = null,
DateTime creationTime = default(DateTime),
PgpSignatureType certificationLevel = PgpSignatureType.DefaultCertification,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null)
{
this.masterKey = new PgpKeyPair(
asymmetricAlgorithm,
creationTime == default(DateTime) ? DateTime.UtcNow : creationTime);
this.rawPassPhrase = rawPassPhrase ?? Array.Empty <byte>();
// Certify the ID/public key
var selfCertification = PgpCertification.GenerateUserCertification(
certificationLevel,
this.masterKey.PublicKey,
this.masterKey.PrivateKey,
id,
this.masterKey.PublicKey,
hashedAttributes,
unhashedAttributes,
PgpHashAlgorithm.Sha1);
var certifiedPublicKey = PgpPublicKey.AddCertification(this.masterKey.PublicKey, id, selfCertification);
keys.Add(new PgpSecretKey(certifiedPublicKey, this.masterKey.PrivateKey, this.rawPassPhrase));
}
private bool AddCertification(PgpKey publicKey, PgpSignature signature)
{
var certification = new PgpCertification(signature, userPacket, publicKey);
switch (signature.SignatureType)
{
case PgpSignatureType.CertificationRevocation:
revocationSignatures.Add(certification);
break;
case PgpSignatureType.DefaultCertification:
case PgpSignatureType.NoCertification:
case PgpSignatureType.CasualCertification:
case PgpSignatureType.PositiveCertification:
if (signature.KeyId == publicKey.KeyId)
{
selfCertifications.Add(certification);
}
else
{
otherCertifications.Add(certification);
}
break;
case PgpSignatureType.BinaryDocument: // Seen in test data
default:
return(false);
}
return(true);
}
/// <summary>Add a revocation or some other key certification to a key.</summary>
/// <param name="key">The key the revocation is to be added to.</param>
/// <param name="certification">The key signature to be added.</param>
/// <returns>The new changed public key object.</returns>
public static TKey AddCertification <TKey>(
TKey key,
PgpCertification certification)
where TKey : PgpKey
{
Debug.Assert(certification.PublicKey.KeyId == key.KeyId);
if (key.IsMasterKey)
{
if (certification.SignatureType == PgpSignatureType.SubkeyRevocation)
{
throw new ArgumentException("signature type incorrect for master key revocation.");
}
}
else
{
if (certification.SignatureType == PgpSignatureType.KeyRevocation)
{
throw new ArgumentException("signature type incorrect for sub-key revocation.");
}
}
var returnKey = (TKey)key.CreateMutableCopy();
returnKey.keyCertifications.Add(new PgpCertification(certification.Signature, null, returnKey));
return(returnKey);
}
public static PgpUser RemoveCertification(PgpUser user, PgpKey publicKey, PgpCertification certification)
{
var newUser = new PgpUser(user, publicKey);
newUser.selfCertifications.RemoveAll(c => Equals(c.Signature, certification.Signature));
newUser.otherCertifications.RemoveAll(c => Equals(c.Signature, certification.Signature));
newUser.revocationSignatures.RemoveAll(c => Equals(c.Signature, certification.Signature));
return(newUser);
}
/// <summary>Remove a certification from the key.</summary>
/// <param name="key">The key the certifications are to be removed from.</param>
/// <param name="certification">The certfication to be removed.</param>
/// <returns>The modified key, null if the certification was not found.</returns>
public static TKey?RemoveCertification <TKey>(
TKey key,
PgpCertification certification)
where TKey : PgpKey
{
int index = key.keyCertifications.IndexOf(certification);
if (index >= 0)
{
var returnKey = (TKey)key.CreateMutableCopy();
returnKey.keyCertifications.RemoveAt(index);
return(returnKey);
}
return(null);
}
/// <summary>Remove a certification associated with a given user attributes on a key.</summary>
/// <param name="key">The key the certifications are to be removed from.</param>
/// <param name="userAttributes">The user attributes that the certfication is to be removed from.</param>
/// <param name="certification">The certification to be removed.</param>
/// <returns>The re-certified key, or null if the certification was not found.</returns>
public static TKey?RemoveCertification <TKey>(
TKey key,
PgpUserAttributes userAttributes,
PgpCertification certification)
where TKey : PgpKey
{
Debug.Assert(certification.PublicKey.KeyId == key.KeyId);
for (int i = 0; i < key.ids.Count; i++)
{
if (key.ids[i].UserAttributes?.Equals(userAttributes) == true)
{
var returnKey = (TKey)key.CreateMutableCopy();
returnKey.ids[i] = PgpUser.RemoveCertification(returnKey.ids[i], returnKey, certification);
return(returnKey);
}
}
return(null);
}
/// <summary>Add a certification for the given UserAttributeSubpackets to the given public key.</summary>
/// <param name="key">The key the certification is to be added to.</param>
/// <param name="userAttributes">The attributes the certification is associated with.</param>
/// <param name="certification">The new certification.</param>
/// <returns>The re-certified key.</returns>
public static TKey AddCertification <TKey>(
TKey key,
PgpUserAttributes userAttributes,
PgpCertification certification)
where TKey : PgpKey
{
var returnKey = (TKey)key.CreateMutableCopy();
Debug.Assert(certification.PublicKey.KeyId == key.KeyId);
for (int i = 0; i < returnKey.ids.Count; i++)
{
if (returnKey.ids[i].UserAttributes?.Equals(userAttributes) == true)
{
returnKey.ids[i] = PgpUser.AddCertification(returnKey.ids[i], returnKey, certification.Signature);
return(returnKey);
}
}
returnKey.ids.Add(new PgpUser(new UserAttributePacket(userAttributes.ToSubpacketArray()), returnKey, certification.Signature));
return(returnKey);
}
/// <summary>Add a certification for an id to the given public key.</summary>
/// <param name="key">The key the certification is to be added to.</param>
/// <param name="id">The ID the certification is associated with.</param>
/// <param name="certification">The new certification.</param>
/// <returns>The re-certified key.</returns>
public static TKey AddCertification <TKey>(
TKey key,
string id,
PgpCertification certification)
where TKey : PgpKey
{
var returnKey = (TKey)key.CreateMutableCopy();
Debug.Assert(certification.PublicKey.KeyId == key.KeyId);
for (int i = 0; i < returnKey.ids.Count; i++)
{
if (returnKey.ids[i].UserId?.Equals(id) == true)
{
returnKey.ids[i] = PgpUser.AddCertification(returnKey.ids[i], returnKey, certification.Signature);
return(returnKey);
}
}
returnKey.ids.Add(new PgpUser(new UserIdPacket(id), returnKey, certification.Signature));
return(returnKey);
}
/// <summary>
/// Add a subkey with specific hashed and unhashed packets associated with it and
/// default certification.
/// </summary>
/// <param name="hashedAttributes">Hashed packet values to be included in certification.</param>
/// <param name="unhashedAttributes">Unhashed packets values to be included in certification.</param>
public void AddSubKey(
AsymmetricAlgorithm asymmetricAlgorithm,
DateTime creationTime = default(DateTime),
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null)
{
var subKey = new PgpKeyPair(
asymmetricAlgorithm,
creationTime == default(DateTime) ? DateTime.UtcNow : creationTime,
isMasterKey: false);
var subkeyBinding = PgpCertification.GenerateSubkeyBinding(
this.masterKey.PublicKey,
this.masterKey.PrivateKey,
subKey.PublicKey,
hashedAttributes,
unhashedAttributes,
PgpHashAlgorithm.Sha1);
var certifiedSubKey = PgpPublicKey.AddCertification(subKey.PublicKey, subkeyBinding);
keys.Add(new PgpSecretKey(certifiedSubKey, subKey.PrivateKey, rawPassPhrase));
}