/// <summary> /// Create master signing key. /// </summary> /// <param name="keyRingGen"> /// Key ring generator. /// </param> /// <param name="identity"> /// Identity of the key. /// </param> /// <param name="password"> /// Password to protect the secret key. /// </param> /// <param name="expires"> /// Key expiry; null means never expires. /// </param> /// <param name="encryptKeyLength"> /// Length of the encryption key. /// </param> /// <param name="encryptGenerator"> /// Generator for the encryption key. /// </param> /// <param name="encryptionAlgorithm"> /// Encryption algorithm. /// </param> /// <param name="symmetricAlgorithm"> /// Symmetric algorithm. /// </param> /// <returns> /// Returns the <see cref="PgpKeyRingGenerator"/> with the keyring properties /// thus far. /// </returns> public static PgpKeyRingGenerator CreateEncryptionSubkey( PgpKeyRingGenerator keyRingGen, string identity, string password, DateTime?expires, int encryptKeyLength = 2048, string encryptGenerator = "RSA", PublicKeyAlgorithmTag encryptionAlgorithm = PublicKeyAlgorithmTag.RsaEncrypt, SymmetricKeyAlgorithmTag symmetricAlgorithm = SymmetricKeyAlgorithmTag.Aes256) { var keyringParameters = new KeyRingParameters(encryptKeyLength, encryptGenerator) { Password = password, Identity = identity, PrivateKeyEncryptionAlgorithm = symmetricAlgorithm, SymmetricAlgorithms = new[] { SymmetricKeyAlgorithmTag.Aes256, SymmetricKeyAlgorithmTag.Aes192, SymmetricKeyAlgorithmTag.Aes128 }, HashAlgorithms = new[] { HashAlgorithmTag.Sha256, HashAlgorithmTag.Sha1, HashAlgorithmTag.Sha384, HashAlgorithmTag.Sha512, HashAlgorithmTag.Sha224, } }; // encryption key var generator = GeneratorUtilities.GetKeyPairGenerator(encryptGenerator); generator.Init(keyringParameters.KeyParams); var encKeyPair = new PgpKeyPair(encryptionAlgorithm, generator.GenerateKeyPair(), DateTime.UtcNow); var symmetricAlgorithms = (from a in keyringParameters.SymmetricAlgorithms select(int) a).ToArray(); var hashAlgorithms = (from a in keyringParameters.HashAlgorithms select(int) a).ToArray(); Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X")); var encSubpckGen = new PgpSignatureSubpacketGenerator(); encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage); encSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms); encSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms); if (expires != null) { encSubpckGen.SetKeyExpirationTime(false, (long)((DateTime)expires - DateTime.Now).TotalSeconds); } // add encryption subkey to keyring keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null); return(keyRingGen); }
PgpKeyRingGenerator CreateKeyRingGenerator(MailboxAddress mailbox, EncryptionAlgorithm algorithm, long expirationTime, string password, DateTime now, SecureRandom random) { var enabledEncryptionAlgorithms = EnabledEncryptionAlgorithms; var enabledDigestAlgorithms = EnabledDigestAlgorithms; var encryptionAlgorithms = new int[enabledEncryptionAlgorithms.Length]; var digestAlgorithms = new int[enabledDigestAlgorithms.Length]; for (int i = 0; i < enabledEncryptionAlgorithms.Length; i++) { encryptionAlgorithms[i] = (int)enabledEncryptionAlgorithms[i]; } for (int i = 0; i < enabledDigestAlgorithms.Length; i++) { digestAlgorithms[i] = (int)enabledDigestAlgorithms[i]; } var parameters = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x10001), random, 2048, 12); var signingAlgorithm = PublicKeyAlgorithmTag.RsaSign; var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA"); keyPairGenerator.Init(parameters); var signingKeyPair = new PgpKeyPair(signingAlgorithm, keyPairGenerator.GenerateKeyPair(), now); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify); subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms); subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms); if (expirationTime > 0) { subpacketGenerator.SetKeyExpirationTime(false, expirationTime); subpacketGenerator.SetSignatureExpirationTime(false, expirationTime); } subpacketGenerator.SetFeature(false, Org.BouncyCastle.Bcpg.Sig.Features.FEATURE_MODIFICATION_DETECTION); var keyRingGenerator = new PgpKeyRingGenerator( PgpSignature.PositiveCertification, signingKeyPair, mailbox.ToString(false), GetSymmetricKeyAlgorithm(algorithm), CharsetUtils.UTF8.GetBytes(password), true, subpacketGenerator.Generate(), null, random); // Add the (optional) encryption subkey. AddEncryptionKeyPair(keyRingGenerator, parameters, PublicKeyAlgorithmTag.RsaGeneral, now, expirationTime, encryptionAlgorithms, digestAlgorithms); return(keyRingGenerator); }
void AddEncryptionKeyPair(PgpKeyRingGenerator keyRingGenerator, KeyGenerationParameters parameters, PublicKeyAlgorithmTag algorithm, DateTime now, long expirationTime, int[] encryptionAlgorithms, int[] digestAlgorithms) { var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA"); keyPairGenerator.Init(parameters); var keyPair = new PgpKeyPair(algorithm, keyPairGenerator.GenerateKeyPair(), now); var subpacketGenerator = new PgpSignatureSubpacketGenerator(); subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage); subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms); subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms); if (expirationTime > 0) { subpacketGenerator.SetKeyExpirationTime(false, expirationTime); subpacketGenerator.SetSignatureExpirationTime(false, expirationTime); } keyRingGenerator.AddSubKey(keyPair, subpacketGenerator.Generate(), null); }
/* * Creates a key ring generator and returns to caller */ public static PgpKeyRingGenerator GetKeyRingGenerator( ApplicationContext context, Node args, string identity, string password, DateTime expires, int strength, long publicExponent, int certainty) { // Creating a secure random generator to use when creating keypairs, seeding with all sorts of different unique values var sr = CreateNewSecureRandom(context, args); // Creating our generator IAsymmetricCipherKeyPairGenerator generator = GeneratorUtilities.GetKeyPairGenerator("RSA"); generator.Init( new RsaKeyGenerationParameters( BigInteger.ValueOf(publicExponent), sr, strength, certainty)); // Creates the master key (signing-only key) PgpKeyPair masterKeyPair = new PgpKeyPair( PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow); PgpSignatureSubpacketGenerator masterSubPacketGenerator = new PgpSignatureSubpacketGenerator(); masterSubPacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify); masterSubPacketGenerator.SetPreferredSymmetricAlgorithms(false, new SymmetricKeyAlgorithmTag [] { SymmetricKeyAlgorithmTag.Aes256, SymmetricKeyAlgorithmTag.Aes192, SymmetricKeyAlgorithmTag.Aes128 }.Select(ix => (int)ix).ToArray()); masterSubPacketGenerator.SetPreferredHashAlgorithms(false, new HashAlgorithmTag [] { HashAlgorithmTag.Sha256, HashAlgorithmTag.Sha1, HashAlgorithmTag.Sha384, HashAlgorithmTag.Sha512, HashAlgorithmTag.Sha224 }.Select(ix => (int)ix).ToArray()); masterSubPacketGenerator.SetKeyExpirationTime(false, (long)(expires - DateTime.Now).TotalSeconds); // Creating a new secure random generator to use when creating keypairs, seeding with all sorts of different unique values sr = CreateNewSecureRandom(context, args); // Create signing and encryption key, for daily use PgpKeyPair encryptionKeyPair = new PgpKeyPair( PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow); PgpSignatureSubpacketGenerator encryptionSubPacketGenerator = new PgpSignatureSubpacketGenerator(); encryptionSubPacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage | PgpKeyFlags.CanSign); encryptionSubPacketGenerator.SetKeyExpirationTime(false, (long)(expires - DateTime.Now).TotalSeconds); // Creating keyring PgpKeyRingGenerator keyRingGenerator = new PgpKeyRingGenerator( PgpSignature.DefaultCertification, masterKeyPair, identity, SymmetricKeyAlgorithmTag.Aes256, password.ToCharArray(), true, masterSubPacketGenerator.Generate(), null, sr); // Add encryption subkey keyRingGenerator.AddSubKey(encryptionKeyPair, encryptionSubPacketGenerator.Generate(), null); // Returning keyring to caller return(keyRingGenerator); }
/// <summary> /// Create master signing key. /// </summary> /// <param name="identity"> /// Identity of the key. /// </param> /// <param name="password"> /// Password to protect the secret key. /// </param> /// <param name="expires"> /// Key expiry; null means never expires. /// </param> /// <param name="signKeyLength"> /// Length of the signing key. /// </param> /// <param name="signGenerator"> /// Generator for the signing key. /// </param> /// <param name="signingAlgorithm"> /// Signing algorithm. /// </param> /// <param name="symmetricAlgorithm"> /// Symmetric algorithm. /// </param> /// <returns> /// Returns the <see cref="PgpKeyRingGenerator"/> with the keyring properties /// thus far. /// </returns> public static PgpKeyRingGenerator CreateMasterSigningKey( string identity, string password, DateTime?expires, int signKeyLength = 2048, string signGenerator = "RSA", PublicKeyAlgorithmTag signingAlgorithm = PublicKeyAlgorithmTag.RsaSign, SymmetricKeyAlgorithmTag symmetricAlgorithm = SymmetricKeyAlgorithmTag.Aes256) { var keyringParameters = new KeyRingParameters(signKeyLength, signGenerator) { Password = password, Identity = identity, PrivateKeyEncryptionAlgorithm = symmetricAlgorithm, SymmetricAlgorithms = new[] { SymmetricKeyAlgorithmTag.Aes256, SymmetricKeyAlgorithmTag.Aes192, SymmetricKeyAlgorithmTag.Aes128 }, HashAlgorithms = new[] { HashAlgorithmTag.Sha256, HashAlgorithmTag.Sha1, HashAlgorithmTag.Sha384, HashAlgorithmTag.Sha512, HashAlgorithmTag.Sha224, } }; // master signing key var generator = GeneratorUtilities.GetKeyPairGenerator(signGenerator); generator.Init(keyringParameters.KeyParams); var masterKeyPair = new PgpKeyPair(signingAlgorithm, generator.GenerateKeyPair(), DateTime.UtcNow); Debug.WriteLine("Generated master key with ID " + masterKeyPair.KeyId.ToString("X")); var symmetricAlgorithms = (from a in keyringParameters.SymmetricAlgorithms select(int) a).ToArray(); var hashAlgorithms = (from a in keyringParameters.HashAlgorithms select(int) a).ToArray(); var masterSubpckGen = new PgpSignatureSubpacketGenerator(); masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify); masterSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms); masterSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms); if (expires != null) { masterSubpckGen.SetKeyExpirationTime(false, (long)((DateTime)expires - DateTime.Now).TotalSeconds); } // keyring -- adding master key return(new PgpKeyRingGenerator( PgpSignature.DefaultCertification, masterKeyPair, keyringParameters.Identity, keyringParameters.PrivateKeyEncryptionAlgorithm, keyringParameters.GetPassword(), true, masterSubpckGen.Generate(), null, new SecureRandom())); }