public PgpMessage DecryptMessage(PgpPrivateKey privateKey)
{
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
foreach (var keyData in publicKeyEncSessionPackets)
{
if (keyData.KeyId == privateKey.KeyId)
{
byte[] sessionData = CryptoPool.Rent(keyData.SessionKey.Length);
try
{
privateKey.TryDecryptSessionInfo(keyData.SessionKey, sessionData, out int bytesWritten);
if (!ConfirmCheckSum(sessionData.AsSpan(0, bytesWritten)))
{
throw new PgpException("Checksum validation failed");
}
// Note: the oracle attack on the "quick check" bytes is deemed
// a security risk for typical public key encryption usages.
return(ReadMessage(packetReader.CreateNestedReader(GetDataStream(sessionData.AsSpan(0, bytesWritten - 2), verifyIntegrity: false))));
}
finally
{
CryptoPool.Return(sessionData);
}
}
}
throw new PgpException("No matching key data found");
}
public IPacketReader CreateNestedReader(Stream stream)
{
return(new SigningPacketReader(innerReader.CreateNestedReader(stream), hashTransform));
}
public PgpMessage ReadMessage()
{
return(ReadMessage(packetReader.CreateNestedReader(GetDataStream())));
}
