private void verify(RopBind rop) { int alt = rop.tagging(); try { // initialize RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); // we do not load any keys here since we'll use key provider ses.set_key_provider(this, null); String err_desc = null; RopOutput output = null; try { // create file input and memory output objects for the signed message // and verified message err_desc = "Failed to open file 'signed.asc'. Did you run the sign example?"; RopInput input = rop.create_input("signed.asc"); err_desc = "Failed to create output object"; output = rop.create_output(0); err_desc = "Failed to create verification context"; RopOpVerify verify = ses.op_verify_create(input, output); err_desc = "Failed to execute verification operation"; verify.execute(); // now check signatures and get some info about them err_desc = "Failed to get signature count"; int sigcount = verify.signature_count(); for (int idx = 0; idx < sigcount; idx++) { rop.tagging(); err_desc = String.Format("Failed to get signature {0}", idx); RopVeriSignature sig = verify.get_signature_at(idx); err_desc = String.Format("failed to get signature's {0} key", idx); RopKey key = sig.get_key(); err_desc = String.Format("failed to get key id {0}", idx); Console.WriteLine(String.Format("Status for signature from key {0} : {1}", key.keyid(), sig.status())); rop.drop(); } } catch (RopError ex) { Console.WriteLine(err_desc); throw ex; } // get the verified message from the output structure RopData buf = output.memory_get_buf(false); Console.WriteLine(String.Format("Verified message: {0}", buf.getString())); } finally { rop.drop_from(alt); } }
private void encrypt(RopBind rop) { int alt = rop.tagging(); try { // initialize RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); RopInput keyfile = null; try { // load public keyring - we do not need secret for encryption keyfile = rop.create_input("pubring.pgp"); // we may use secret=True and public=True as well ses.load_keys_public(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine("Failed to read pubring"); throw ex; } finally { rop.drop(keyfile); } try { // create memory input and file output objects for the message and encrypted message RopInput input = rop.create_input(new RopData(message), false); RopOutput output = rop.create_output("encrypted.asc"); // create encryption operation RopOpEncrypt encrpt = ses.op_encrypt_create(input, output); // setup encryption parameters encrpt.set_armor(true); encrpt.set_file_name("message.txt"); encrpt.set_file_mtime(DateTime.Now); encrpt.set_compression("ZIP", 6); encrpt.set_cipher(RopBind.ALG_SYMM_AES_256); encrpt.set_aead("None"); // locate recipient's key and add it to the operation context. While we search by userid // (which is easier), you can search by keyid, fingerprint or grip. RopKey key = ses.locate_key("userid", "rsa@key"); encrpt.add_recipient(key); // add encryption password as well encrpt.add_password("encpassword", RopBind.ALG_HASH_SHA256, 0, RopBind.ALG_SYMM_AES_256); // execute encryption operation encrpt.execute(); Console.WriteLine("Encryption succeded. Encrypted message written to file encrypted.asc"); } catch (RopError ex) { Console.WriteLine("Encryption failed"); throw ex; } } finally { rop.drop_from(alt); } }
private void export_key(RopBind rop, RopSession ses, String uid, bool secret) { // you may search for the key via userid, keyid, fingerprint, grip RopKey key = ses.locate_key("userid", uid); // get key's id and build filename string filename = String.Format("key-{0}-{1}.asc", key.keyid(), secret? "sec" : "pub"); RopOutput keyfile = rop.create_output(filename); try { key.export(keyfile, !secret, secret, true, true); } finally { rop.drop(keyfile); } }
// this example function generates RSA/RSA and Eddsa/X25519 keypairs private void generate_keys(RopBind rop) { int alt = rop.tagging(); try { // initialize RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); try { // set password provider ses.set_pass_provider(this, null); // generate EDDSA/X25519 keypair RopData key_grips = ses.generate_key_json(new RopData(CURVE_25519_KEY_DESC)); // generate RSA keypair key_grips = ses.generate_key_json(new RopData(RSA_KEY_DESC)); Console.WriteLine(String.Format("Generated RSA key/subkey:\n%s\n", key_grips)); } catch (RopError ex) { Console.WriteLine("Failed to generate keys"); throw ex; } RopOutput keyfile = null; try { // create file output object and save public keyring with generated keys, overwriting // previous file if any. You may use max_alloc here as well. keyfile = rop.create_output("pubring.pgp"); ses.save_keys_public(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine("Failed to save pubring"); throw ex; } finally { rop.drop(keyfile); } keyfile = null; try { // create file output object and save secret keyring with generated keys keyfile = rop.create_output("secring.pgp"); ses.save_keys_secret(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine("Failed to save secring"); throw ex; } finally { rop.drop(keyfile); } } finally { rop.drop(alt); } }
private void decrypt(RopBind rop, bool usekeys) { int alt = rop.tagging(); try { // initialize FFI object RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); // check whether we want to use key or password for decryption if (usekeys) { RopInput keyfile = null; try { // load secret keyring, as it is required for public-key decryption. However, you may // need to load public keyring as well to validate key's signatures. keyfile = rop.create_input("secring.pgp"); // we may use secret=True and public=True as well ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine("Failed to read secring"); throw ex; } finally { rop.drop(keyfile); } } // set the password provider ses.set_pass_provider(this, null); String buf = null; try { // create file input and memory output objects for the encrypted message and decrypted // message RopInput input = rop.create_input("encrypted.asc"); RopOutput output = rop.create_output(0); ses.decrypt(input, output); // get the decrypted message from the output structure buf = output.memory_get_buf(false).getString(); } catch (RopError ex) { Console.WriteLine("Public-key decryption failed"); throw ex; } Console.WriteLine(String.Format("Decrypted message ({0}):\n{1}\n", usekeys? "with key" : "with password", buf)); Decrypt.message = buf; } finally { rop.drop_from(alt); } }
/** * This simple helper function just prints armored key, searched by userid, to stdout. */ private void print_key(RopBind rop, RopSession ses, string uid, bool secret) { // you may search for the key via userid, keyid, fingerprint, grip RopKey key = ses.locate_key("userid", uid); // create in-memory output structure to later use buffer RopOutput keydata = rop.create_output(0); try { if (secret) { key.export_secret(keydata, true, true); } else { key.export_public(keydata, true, true); } // get key's contents from the output structure RopData buf = keydata.memory_get_buf(false); Console.WriteLine(buf.getString()); } finally { rop.drop(keydata); } }
private void sign(RopBind rop) { string message = "ROP signing sample message"; int alt = rop.tagging(); try { // initialize RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG); RopInput keyfile = null; string err_desc = null; try { // load secret keyring, as it is required for signing. However, you may need // to load public keyring as well to validate key's signatures. err_desc = "Failed to open secring.pgp. Did you run Generate.java sample?"; keyfile = rop.create_input("secring.pgp"); // we may use public=True and secret=True as well err_desc = "Failed to read secring.pgp"; ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile); } catch (RopError ex) { Console.WriteLine(err_desc); throw ex; } finally { rop.drop(keyfile); } // set the password provider - we'll need password to unlock secret keys ses.set_pass_provider(this, null); // create file input and memory output objects for the encrypted message // and decrypted message RopOpSign sign = null; try { err_desc = "Failed to create input object"; RopInput input = rop.create_input(new RopData(message), false); err_desc = "Failed to create output object"; RopOutput output = rop.create_output("signed.asc"); // initialize and configure sign operation, use op_sign_create(cleartext/detached) // for cleartext or detached signature err_desc = "Failed to create sign operation"; sign = ses.op_sign_create(input, output); } catch (RopError ex) { Console.WriteLine(err_desc); throw ex; } // armor, file name, compression sign.set_armor(true); sign.set_file_name("message.txt"); sign.set_file_mtime(DateTime.Now); sign.set_compression("ZIP", 6); // signatures creation time - by default will be set to the current time as well sign.set_creation_time(DateTime.Now); // signatures expiration time - by default will be 0, i.e. never expire sign.set_expiration(TimeSpan.FromDays(365)); // set hash algorithm - should be compatible for all signatures sign.set_hash(RopBind.ALG_HASH_SHA256); try { // now add signatures. First locate the signing key, then add and setup signature // RSA signature err_desc = "Failed to locate signing key rsa@key."; RopKey key = ses.locate_key("userid", "rsa@key"); Sign.key_ids[0] = key.keyid(); Sign.key_fprints[0] = key.fprint(); err_desc = "Failed to add signature for key rsa@key."; sign.add_signature(key); // EdDSA signature err_desc = "Failed to locate signing key 25519@key."; key = ses.locate_key("userid", "25519@key"); Sign.key_ids[1] = key.keyid(); Sign.key_fprints[1] = key.fprint(); err_desc = "Failed to add signature for key 25519@key."; sign.add_signature(key); // finally do signing err_desc = "Failed to add signature for key 25519@key."; sign.execute(); Console.WriteLine("Signing succeeded. See file signed.asc."); } catch (RopError ex) { Console.WriteLine(err_desc); throw ex; } } finally { rop.drop_from(alt); } }
public void execute(string[] argv, string[] json_out) { string input_file = null; bool raw = false; bool mpi = false; bool grip = false; bool json = false; bool help = (argv.Length < 2); /* Parse command line options: * -i input_file [mandatory]: specifies name of the file with PGP packets * -d : indicates wether to dump whole packet content * -m : dump mpi contents * -g : dump key grips and fingerprints * -j : JSON output * -h : prints help and exists */ List <string> opts = new List <string>(), args = new List <string>(); for (int idx = 1; idx < argv.Length; idx++) { if (argv[idx].Length >= 2 && argv[idx][0] == '-' && "dmgjh".IndexOf(argv[idx][1]) >= 0) { opts.Add(argv[idx]); } else { args.Add(argv[idx]); } } foreach (string opt in opts) { if (opt.CompareTo("-d") == 0) { raw = true; } else if (opt.CompareTo("-m") == 0) { mpi = true; } else if (opt.CompareTo("-g") == 0) { grip = true; } else if (opt.CompareTo("-j") == 0) { json = true; } else if (opt.Length > 0) { help = true; } } if (!help) { if (args.Count > 0) { input_file = args[0]; } RopBind rop = new RopBind(); try { RopInput input = null; RopOutput output = null; try { if (input_file != null) { input = rop.create_input(input_file); } else { input = rop.create_input(this, null); } } catch (RopError err) { Console.WriteLine(String.Format("Failed to open source: error {0}", err.getErrCode())); throw err; } if (!json) { try { output = rop.create_output(this, null); } catch (RopError err) { Console.WriteLine(String.Format("Failed to open stdout: error {0}", err.getErrCode())); throw err; } input.dump_packets_to_output(output, mpi, raw, grip); } else { string jsn = input.dump_packets_to_json(mpi, raw, grip).getString(); if (json_out == null) { Console.WriteLine(jsn); Console.WriteLine(""); } else { json_out[0] = jsn; } } } catch (RopError err) { // Inform in case of error occured during parsing Console.WriteLine(String.Format("Operation failed [error code: {0}]", err.getErrCode())); throw err; } finally { rop.Close(); } } else { print_usage(argv[0]); } }