/// <summary>Create a key pair from a PgpPrivateKey and a PgpPublicKey.</summary>
/// <param name="pub">The public key.</param>
/// <param name="priv">The private key.</param>
public PgpKeyPair(
PgpPublicKey pub,
PgpPrivateKey priv)
{
this.pub = pub;
this.priv = priv;
}
internal PgpSecretKey(
SecretKeyPacket secret,
PgpPublicKey pub)
{
this.secret = secret;
this.pub = pub;
}
public PgpKeyPair(
PublicKeyAlgorithmTag algorithm,
AsymmetricKeyParameter pubKey,
AsymmetricKeyParameter privKey,
DateTime time)
{
this.pub = new PgpPublicKey(algorithm, pubKey, time);
this.priv = new PgpPrivateKey(privKey, pub.KeyId);
}
internal PgpSecretKey(
PgpPrivateKey privKey,
PgpPublicKey pubKey,
SymmetricKeyAlgorithmTag encAlgorithm,
char[] passPhrase,
bool useSha1,
SecureRandom rand)
: this(privKey, pubKey, encAlgorithm, passPhrase, useSha1, rand, false)
{
}
/// <summary>Initialise the signature object for verification.</summary>
public void InitVerify(
PgpPublicKey pubKey)
{
lastb = 0;
try
{
sig = SignerUtilities.GetSigner(
PgpUtilities.GetSignatureName(sigPack.KeyAlgorithm, sigPack.HashAlgorithm));
}
catch (Exception e)
{
throw new PgpException("can't set up signature object.", e);
}
try
{
sig.Init(false, pubKey.GetKey());
}
catch (InvalidKeyException e)
{
throw new PgpException("invalid key.", e);
}
}
/// <summary>Add a revocation or some other key certification to a key.</summary>
/// <param name="key">The key the revocation is to be added to.</param>
/// <param name="certification">The key signature to be added.</param>
/// <returns>The new changed public key object.</returns>
public static PgpPublicKey AddCertification(
PgpPublicKey key,
PgpSignature certification)
{
if (key.IsMasterKey)
{
if (certification.SignatureType == PgpSignature.SubkeyRevocation)
{
throw new ArgumentException("signature type incorrect for master key revocation.");
}
}
else
{
if (certification.SignatureType == PgpSignature.KeyRevocation)
{
throw new ArgumentException("signature type incorrect for sub-key revocation.");
}
}
PgpPublicKey returnKey = new PgpPublicKey(key);
if (returnKey.subSigs != null)
{
returnKey.subSigs.Add(certification);
}
else
{
returnKey.keySigs.Add(certification);
}
return returnKey;
}
private static PgpPublicKey RemoveCert(
PgpPublicKey key,
object id,
PgpSignature certification)
{
PgpPublicKey returnKey = new PgpPublicKey(key);
bool found = false;
for (int i = 0; i < returnKey.ids.Count; i++)
{
if (id.Equals(returnKey.ids[i]))
{
IList certs = (IList) returnKey.idSigs[i];
found = certs.Contains(certification);
if (found)
{
certs.Remove(certification);
}
}
}
return found ? returnKey : null;
}
/// <summary>
/// Returns a new key ring with the public key passed in either added or
/// replacing an existing one.
/// </summary>
/// <param name="pubRing">The public key ring to be modified.</param>
/// <param name="pubKey">The public key to be inserted.</param>
/// <returns>A new <c>PgpPublicKeyRing</c></returns>
public static PgpPublicKeyRing InsertPublicKey(
PgpPublicKeyRing pubRing,
PgpPublicKey pubKey)
{
IList keys = Platform.CreateArrayList(pubRing.keys);
bool found = false;
bool masterFound = false;
for (int i = 0; i != keys.Count; i++)
{
PgpPublicKey key = (PgpPublicKey) keys[i];
if (key.KeyId == pubKey.KeyId)
{
found = true;
keys[i] = pubKey;
}
if (key.IsMasterKey)
{
masterFound = true;
}
}
if (!found)
{
if (pubKey.IsMasterKey)
{
if (masterFound)
throw new ArgumentException("cannot add a master key to a ring that already has one");
keys.Insert(0, pubKey);
}
else
{
keys.Add(pubKey);
}
}
return new PgpPublicKeyRing(keys);
}
private byte[] GetEncodedPublicKey(
PgpPublicKey pubKey)
{
try
{
return pubKey.publicPk.GetEncodedContents();
}
catch (IOException e)
{
throw new PgpException("exception preparing key.", e);
}
}
/// <summary>
/// Verify the signature as certifying the passed in public key as associated
/// with the passed in user attributes.
/// </summary>
/// <param name="userAttributes">User attributes the key was stored under.</param>
/// <param name="key">The key to be verified.</param>
/// <returns>True, if the signature matches, false otherwise.</returns>
public bool VerifyCertification(
PgpUserAttributeSubpacketVector userAttributes,
PgpPublicKey key)
{
UpdateWithPublicKey(key);
//
// hash in the userAttributes
//
try
{
MemoryStream bOut = new MemoryStream();
foreach (UserAttributeSubpacket packet in userAttributes.ToSubpacketArray())
{
packet.Encode(bOut);
}
UpdateWithIdData(0xd1, bOut.ToArray());
}
catch (IOException e)
{
throw new PgpException("cannot encode subpacket array", e);
}
this.Update(sigPck.GetSignatureTrailer());
return sig.VerifySignature(this.GetSignature());
}
/// <summary>Copy constructor.</summary>
/// <param name="pubKey">The public key to copy.</param>
internal PgpPublicKey(
PgpPublicKey pubKey)
{
this.publicPk = pubKey.publicPk;
this.keySigs = Platform.CreateArrayList(pubKey.keySigs);
this.ids = Platform.CreateArrayList(pubKey.ids);
this.idTrusts = Platform.CreateArrayList(pubKey.idTrusts);
this.idSigs = Platform.CreateArrayList(pubKey.idSigs.Count);
for (int i = 0; i != pubKey.idSigs.Count; i++)
{
this.idSigs.Add(Platform.CreateArrayList((IList)pubKey.idSigs[i]));
}
if (pubKey.subSigs != null)
{
this.subSigs = Platform.CreateArrayList(pubKey.subSigs.Count);
for (int i = 0; i != pubKey.subSigs.Count; i++)
{
this.subSigs.Add(pubKey.subSigs[i]);
}
}
this.fingerprint = pubKey.fingerprint;
this.keyId = pubKey.keyId;
this.keyStrength = pubKey.keyStrength;
}
public void InitVerify(
PgpPublicKey pubKey)
{
lastb = 0;
if (sig == null)
{
GetSig();
}
try
{
sig.Init(false, pubKey.GetKey());
}
catch (InvalidKeyException e)
{
throw new PgpException("invalid key.", e);
}
}
internal PgpPublicKey(
PgpPublicKey key,
TrustPacket trust,
IList subSigs)
{
this.publicPk = key.publicPk;
this.trustPk = trust;
this.subSigs = subSigs;
this.fingerprint = key.fingerprint;
this.keyId = key.keyId;
this.keyStrength = key.keyStrength;
}
/// <summary>Verify a key certification, such as revocation, for the passed in key.</summary>
/// <param name="pubKey">The key we are checking.</param>
/// <returns>True, if the certification is valid, false otherwise.</returns>
public bool VerifyCertification(
PgpPublicKey pubKey)
{
if (SignatureType != KeyRevocation
&& SignatureType != SubkeyRevocation)
{
throw new InvalidOperationException("signature is not a key signature");
}
UpdateWithPublicKey(pubKey);
Update(sigPck.GetSignatureTrailer());
return sig.VerifySignature(GetSignature());
}
/// <summary>Verify a certification for the passed in key against the passed in master key.</summary>
/// <param name="masterKey">The key we are verifying against.</param>
/// <param name="pubKey">The key we are verifying.</param>
/// <returns>True, if the certification is valid, false otherwise.</returns>
public bool VerifyCertification(
PgpPublicKey masterKey,
PgpPublicKey pubKey)
{
UpdateWithPublicKey(masterKey);
UpdateWithPublicKey(pubKey);
Update(sigPck.GetSignatureTrailer());
return sig.VerifySignature(GetSignature());
}
/// <summary>
/// Verify the signature as certifying the passed in public key as associated
/// with the passed in ID.
/// </summary>
/// <param name="id">ID the key was stored under.</param>
/// <param name="key">The key to be verified.</param>
/// <returns>True, if the signature matches, false otherwise.</returns>
public bool VerifyCertification(
string id,
PgpPublicKey key)
{
UpdateWithPublicKey(key);
//
// hash in the id
//
UpdateWithIdData(0xb4, Strings.ToByteArray(id));
Update(sigPck.GetSignatureTrailer());
return sig.VerifySignature(GetSignature());
}
/// <summary>Remove a certification from the key.</summary>
/// <param name="key">The key the certifications are to be removed from.</param>
/// <param name="certification">The certfication to be removed.</param>
/// <returns>The modified key, null if the certification was not found.</returns>
public static PgpPublicKey RemoveCertification(
PgpPublicKey key,
PgpSignature certification)
{
PgpPublicKey returnKey = new PgpPublicKey(key);
IList sigs = returnKey.subSigs != null
? returnKey.subSigs
: returnKey.keySigs;
// bool found = sigs.Remove(certification);
int pos = sigs.IndexOf(certification);
bool found = pos >= 0;
if (found)
{
sigs.RemoveAt(pos);
}
else
{
foreach (String id in key.GetUserIds())
{
foreach (object sig in key.GetSignaturesForId(id))
{
// TODO Is this the right type of equality test?
if (certification == sig)
{
found = true;
returnKey = PgpPublicKey.RemoveCertification(returnKey, id, certification);
}
}
}
if (!found)
{
foreach (PgpUserAttributeSubpacketVector id in key.GetUserAttributes())
{
foreach (object sig in key.GetSignaturesForUserAttribute(id))
{
// TODO Is this the right type of equality test?
if (certification == sig)
{
found = true;
returnKey = PgpPublicKey.RemoveCertification(returnKey, id, certification);
}
}
}
}
}
return returnKey;
}
/// <summary>Add a public key encrypted session key to the encrypted object.</summary>
public void AddMethod(
PgpPublicKey key)
{
if (!key.IsEncryptionKey)
{
throw new ArgumentException("passed in key not an encryption key!");
}
methods.Add(new PubMethod(key));
}
/// <summary>Return the public key ring that corresponds to the secret key ring.</summary>
public PgpPublicKeyRing GeneratePublicKeyRing()
{
IList pubKeys = Platform.CreateArrayList();
IEnumerator enumerator = keys.GetEnumerator();
enumerator.MoveNext();
PgpSecretKey pgpSecretKey = (PgpSecretKey) enumerator.Current;
pubKeys.Add(pgpSecretKey.PublicKey);
while (enumerator.MoveNext())
{
pgpSecretKey = (PgpSecretKey) enumerator.Current;
PgpPublicKey k = new PgpPublicKey(pgpSecretKey.PublicKey);
k.publicPk = new PublicSubkeyPacket(
k.Algorithm, k.CreationTime, k.publicPk.Key);
pubKeys.Add(k);
}
return new PgpPublicKeyRing(pubKeys);
}
/// <summary>Generate a certification for the passed in userAttributes.</summary>
/// <param name="userAttributes">The ID we are certifying against the public key.</param>
/// <param name="pubKey">The key we are certifying against the ID.</param>
/// <returns>The certification.</returns>
public PgpSignature GenerateCertification(
PgpUserAttributeSubpacketVector userAttributes,
PgpPublicKey pubKey)
{
UpdateWithPublicKey(pubKey);
//
// hash in the attributes
//
try
{
MemoryStream bOut = new MemoryStream();
foreach (UserAttributeSubpacket packet in userAttributes.ToSubpacketArray())
{
packet.Encode(bOut);
}
UpdateWithIdData(0xd1, bOut.ToArray());
}
catch (IOException e)
{
throw new PgpException("cannot encode subpacket array", e);
}
return this.Generate();
}
private static PgpPublicKey AddCert(
PgpPublicKey key,
object id,
PgpSignature certification)
{
PgpPublicKey returnKey = new PgpPublicKey(key);
IList sigList = null;
for (int i = 0; i != returnKey.ids.Count; i++)
{
if (id.Equals(returnKey.ids[i]))
{
sigList = (IList) returnKey.idSigs[i];
}
}
if (sigList != null)
{
sigList.Add(certification);
}
else
{
sigList = Platform.CreateArrayList();
sigList.Add(certification);
returnKey.ids.Add(id);
returnKey.idTrusts.Add(null);
returnKey.idSigs.Add(sigList);
}
return returnKey;
}
internal PubMethod(
PgpPublicKey pubKey)
{
this.pubKey = pubKey;
}
/// <summary>Generate a certification for the passed in ID and key.</summary>
/// <param name="id">The ID we are certifying against the public key.</param>
/// <param name="pubKey">The key we are certifying against the ID.</param>
/// <returns>The certification.</returns>
public PgpSignature GenerateCertification(
string id,
PgpPublicKey pubKey)
{
UpdateWithPublicKey(pubKey);
//
// hash in the id
//
UpdateWithIdData(0xb4, Strings.ToByteArray(id));
return Generate();
}
/// <summary>Remove any certifications associated with a given ID on a key.</summary>
/// <param name="key">The key the certifications are to be removed from.</param>
/// <param name="id">The ID that is to be removed.</param>
/// <returns>The re-certified key, or null if the ID was not found on the key.</returns>
public static PgpPublicKey RemoveCertification(
PgpPublicKey key,
string id)
{
return RemoveCert(key, id);
}
/// <summary>Generate a certification, such as a revocation, for the passed in key.</summary>
/// <param name="pubKey">The key we are certifying.</param>
/// <returns>The certification.</returns>
public PgpSignature GenerateCertification(
PgpPublicKey pubKey)
{
UpdateWithPublicKey(pubKey);
return Generate();
}
private static PgpPublicKey RemoveCert(
PgpPublicKey key,
object id)
{
PgpPublicKey returnKey = new PgpPublicKey(key);
bool found = false;
for (int i = 0; i < returnKey.ids.Count; i++)
{
if (id.Equals(returnKey.ids[i]))
{
found = true;
returnKey.ids.RemoveAt(i);
returnKey.idTrusts.RemoveAt(i);
returnKey.idSigs.RemoveAt(i);
}
}
return found ? returnKey : null;
}
private void UpdateWithPublicKey(
PgpPublicKey key)
{
byte[] keyBytes = GetEncodedPublicKey(key);
this.Update(
(byte) 0x99,
(byte)(keyBytes.Length >> 8),
(byte)(keyBytes.Length));
this.Update(keyBytes);
}
/// <summary>Remove a certification associated with a given ID on a key.</summary>
/// <param name="key">The key the certifications are to be removed from.</param>
/// <param name="id">The ID that the certfication is to be removed from.</param>
/// <param name="certification">The certfication to be removed.</param>
/// <returns>The re-certified key, or null if the certification was not found.</returns>
public static PgpPublicKey RemoveCertification(
PgpPublicKey key,
string id,
PgpSignature certification)
{
return RemoveCert(key, id, certification);
}
/// <summary>Returns a new key ring with the public key passed in removed from the key ring.</summary>
/// <param name="pubRing">The public key ring to be modified.</param>
/// <param name="pubKey">The public key to be removed.</param>
/// <returns>A new <c>PgpPublicKeyRing</c>, or null if pubKey is not found.</returns>
public static PgpPublicKeyRing RemovePublicKey(
PgpPublicKeyRing pubRing,
PgpPublicKey pubKey)
{
IList keys = Platform.CreateArrayList(pubRing.keys);
bool found = false;
for (int i = 0; i < keys.Count; i++)
{
PgpPublicKey key = (PgpPublicKey) keys[i];
if (key.KeyId == pubKey.KeyId)
{
found = true;
keys.RemoveAt(i);
}
}
return found ? new PgpPublicKeyRing(keys) : null;
}
/// <summary>Remove a certification associated with a given user attributes on a key.</summary>
/// <param name="key">The key the certifications are to be removed from.</param>
/// <param name="userAttributes">The user attributes that the certfication is to be removed from.</param>
/// <param name="certification">The certification to be removed.</param>
/// <returns>The re-certified key, or null if the certification was not found.</returns>
public static PgpPublicKey RemoveCertification(
PgpPublicKey key,
PgpUserAttributeSubpacketVector userAttributes,
PgpSignature certification)
{
return RemoveCert(key, userAttributes, certification);
}