public PgpMessage DecryptMessage(PgpPrivateKey privateKey) { if (privateKey == null) { throw new ArgumentNullException(nameof(privateKey)); } foreach (var keyData in publicKeyEncSessionPackets) { if (keyData.KeyId == privateKey.KeyId) { byte[] sessionData = CryptoPool.Rent(keyData.SessionKey.Length); try { privateKey.TryDecryptSessionInfo(keyData.SessionKey, sessionData, out int bytesWritten); if (!ConfirmCheckSum(sessionData.AsSpan(0, bytesWritten))) { throw new PgpException("Checksum validation failed"); } // Note: the oracle attack on the "quick check" bytes is deemed // a security risk for typical public key encryption usages. return(ReadMessage(packetReader.CreateNestedReader(GetDataStream(sessionData.AsSpan(0, bytesWritten - 2), verifyIntegrity: false)))); } finally { CryptoPool.Return(sessionData); } } } throw new PgpException("No matching key data found"); }
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary> public PgpSignatureGenerator(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4, bool ignoreTrailingWhitespace = false) { // TODO: Add version 5 support if (version < 3 || version > 4) { throw new ArgumentOutOfRangeException(nameof(version)); } this.version = version; this.hashAlgorithm = hashAlgorithm; this.helper = new PgpSignatureTransformation(signatureType, hashAlgorithm, ignoreTrailingWhitespace); this.privateKey = privateKey; }
// FIXME: This method is too advanced public static PgpCertification GenerateUserCertification( PgpSignatureType signatureType, PgpKey signingKey, PgpPrivateKey signingPrivateKey, PgpUserAttributes userAttributes, PgpKey userPublicKey, PgpSignatureAttributes?hashedAttributes = null, PgpSignatureAttributes?unhashedAttributes = null, PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1) { if (signingKey == null) { throw new ArgumentNullException(nameof(signingKey)); } if (signingPrivateKey == null) { throw new ArgumentNullException(nameof(signingPrivateKey)); } if (signingKey.KeyId != signingPrivateKey.KeyId) { throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch); } if (userAttributes == null) { throw new ArgumentNullException(nameof(userAttributes)); } if (userPublicKey == null) { throw new ArgumentNullException(nameof(userPublicKey)); } var userPacket = new UserAttributePacket(userAttributes.ToSubpacketArray()); var signatureGenerator = new PgpSignatureGenerator(signatureType, signingPrivateKey, hashAlgorithm); if (hashedAttributes != null) { signatureGenerator.HashedAttributes = hashedAttributes; } if (unhashedAttributes != null) { signatureGenerator.UnhashedAttributes = unhashedAttributes; } var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, userPacket, userPublicKey)); return(new PgpCertification(signature, userPacket, userPublicKey)); }
public PgpSecretKey( PgpPublicKey pubKey, PgpPrivateKey privKey, ReadOnlySpan <byte> rawPassPhrase) : base(pubKey) { var keyData = privKey.privateKey.ExportPrivateKey( rawPassPhrase, new S2kParameters()); if (pubKey.IsMasterKey) { this.keyPacket = new SecretKeyPacket(privKey.Algorithm, CreationTime, keyData); } else { this.keyPacket = new SecretSubkeyPacket(privKey.Algorithm, CreationTime, keyData); } }
public static PgpCertification GenerateKeyRevocation( PgpKey signingKey, PgpPrivateKey signingPrivateKey, PgpKey revokedKey, PgpSignatureAttributes?hashedAttributes = null, PgpSignatureAttributes?unhashedAttributes = null, PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1) { if (signingKey == null) { throw new ArgumentNullException(nameof(signingKey)); } if (signingPrivateKey == null) { throw new ArgumentNullException(nameof(signingPrivateKey)); } if (signingKey.KeyId != signingPrivateKey.KeyId) { throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch); } if (revokedKey == null) { throw new ArgumentNullException(nameof(revokedKey)); } var signatureGenerator = new PgpSignatureGenerator(revokedKey.IsMasterKey ? PgpSignatureType.KeyRevocation : PgpSignatureType.SubkeyRevocation, signingPrivateKey, hashAlgorithm); if (hashedAttributes != null) { signatureGenerator.HashedAttributes = hashedAttributes; } if (unhashedAttributes != null) { signatureGenerator.UnhashedAttributes = unhashedAttributes; } var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, null, revokedKey)); return(new PgpCertification(signature, null, revokedKey)); }
public PgpSignedMessageGenerator CreateSigned(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4) { return(new PgpSignedMessageGenerator(Open(), signatureType, privateKey, hashAlgorithm, version)); }
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary> internal PgpSignedMessageGenerator(IPacketWriter writer, PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4) : base(writer) { signatureGenerator = new PgpSignatureGenerator( signatureType, privateKey, hashAlgorithm, version, ignoreTrailingWhitespace: writer is ArmoredPacketWriter); }