public PgpMessage DecryptMessage(PgpPrivateKey privateKey)
{
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
foreach (var keyData in publicKeyEncSessionPackets)
{
if (keyData.KeyId == privateKey.KeyId)
{
byte[] sessionData = CryptoPool.Rent(keyData.SessionKey.Length);
try
{
privateKey.TryDecryptSessionInfo(keyData.SessionKey, sessionData, out int bytesWritten);
if (!ConfirmCheckSum(sessionData.AsSpan(0, bytesWritten)))
{
throw new PgpException("Checksum validation failed");
}
// Note: the oracle attack on the "quick check" bytes is deemed
// a security risk for typical public key encryption usages.
return(ReadMessage(packetReader.CreateNestedReader(GetDataStream(sessionData.AsSpan(0, bytesWritten - 2), verifyIntegrity: false))));
}
finally
{
CryptoPool.Return(sessionData);
}
}
}
throw new PgpException("No matching key data found");
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
public PgpSignatureGenerator(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4, bool ignoreTrailingWhitespace = false)
{
// TODO: Add version 5 support
if (version < 3 || version > 4)
{
throw new ArgumentOutOfRangeException(nameof(version));
}
this.version = version;
this.hashAlgorithm = hashAlgorithm;
this.helper = new PgpSignatureTransformation(signatureType, hashAlgorithm, ignoreTrailingWhitespace);
this.privateKey = privateKey;
}
// FIXME: This method is too advanced
public static PgpCertification GenerateUserCertification(
PgpSignatureType signatureType,
PgpKey signingKey,
PgpPrivateKey signingPrivateKey,
PgpUserAttributes userAttributes,
PgpKey userPublicKey,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null,
PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
if (signingPrivateKey == null)
{
throw new ArgumentNullException(nameof(signingPrivateKey));
}
if (signingKey.KeyId != signingPrivateKey.KeyId)
{
throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
}
if (userAttributes == null)
{
throw new ArgumentNullException(nameof(userAttributes));
}
if (userPublicKey == null)
{
throw new ArgumentNullException(nameof(userPublicKey));
}
var userPacket = new UserAttributePacket(userAttributes.ToSubpacketArray());
var signatureGenerator = new PgpSignatureGenerator(signatureType, signingPrivateKey, hashAlgorithm);
if (hashedAttributes != null)
{
signatureGenerator.HashedAttributes = hashedAttributes;
}
if (unhashedAttributes != null)
{
signatureGenerator.UnhashedAttributes = unhashedAttributes;
}
var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, userPacket, userPublicKey));
return(new PgpCertification(signature, userPacket, userPublicKey));
}
public PgpSecretKey(
PgpPublicKey pubKey,
PgpPrivateKey privKey,
ReadOnlySpan <byte> rawPassPhrase)
: base(pubKey)
{
var keyData = privKey.privateKey.ExportPrivateKey(
rawPassPhrase,
new S2kParameters());
if (pubKey.IsMasterKey)
{
this.keyPacket = new SecretKeyPacket(privKey.Algorithm, CreationTime, keyData);
}
else
{
this.keyPacket = new SecretSubkeyPacket(privKey.Algorithm, CreationTime, keyData);
}
}
public static PgpCertification GenerateKeyRevocation(
PgpKey signingKey,
PgpPrivateKey signingPrivateKey,
PgpKey revokedKey,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null,
PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
if (signingPrivateKey == null)
{
throw new ArgumentNullException(nameof(signingPrivateKey));
}
if (signingKey.KeyId != signingPrivateKey.KeyId)
{
throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
}
if (revokedKey == null)
{
throw new ArgumentNullException(nameof(revokedKey));
}
var signatureGenerator = new PgpSignatureGenerator(revokedKey.IsMasterKey ? PgpSignatureType.KeyRevocation : PgpSignatureType.SubkeyRevocation, signingPrivateKey, hashAlgorithm);
if (hashedAttributes != null)
{
signatureGenerator.HashedAttributes = hashedAttributes;
}
if (unhashedAttributes != null)
{
signatureGenerator.UnhashedAttributes = unhashedAttributes;
}
var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, null, revokedKey));
return(new PgpCertification(signature, null, revokedKey));
}
public PgpSignedMessageGenerator CreateSigned(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4)
{
return(new PgpSignedMessageGenerator(Open(), signatureType, privateKey, hashAlgorithm, version));
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
internal PgpSignedMessageGenerator(IPacketWriter writer, PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4)
: base(writer)
{
signatureGenerator = new PgpSignatureGenerator(
signatureType, privateKey, hashAlgorithm, version,
ignoreTrailingWhitespace: writer is ArmoredPacketWriter);
}
