private bool AddCertification(PgpKey publicKey, PgpSignature signature)
{
var certification = new PgpCertification(signature, userPacket, publicKey);
switch (signature.SignatureType)
{
case PgpSignatureType.CertificationRevocation:
revocationSignatures.Add(certification);
break;
case PgpSignatureType.DefaultCertification:
case PgpSignatureType.NoCertification:
case PgpSignatureType.CasualCertification:
case PgpSignatureType.PositiveCertification:
if (signature.KeyId == publicKey.KeyId)
{
selfCertifications.Add(certification);
}
else
{
otherCertifications.Add(certification);
}
break;
case PgpSignatureType.BinaryDocument: // Seen in test data
default:
return(false);
}
return(true);
}
public static PgpUser AddCertification(PgpUser user, PgpKey publicKey, PgpSignature signature)
{
var newUser = new PgpUser(user, publicKey);
newUser.AddCertification(publicKey, signature);
return(newUser);
}
public bool Verify(PgpKey publicKey, Stream stream, bool ignoreTrailingWhitespace = false)
{
var helper = new PgpSignatureTransformation(SignatureType, HashAlgorithm, ignoreTrailingWhitespace);
new CryptoStream(stream, helper, CryptoStreamMode.Read).CopyTo(Stream.Null);
helper.Finish(sigPck.Version, sigPck.KeyAlgorithm, sigPck.CreationTime, sigPck.GetHashedSubPackets());
return(publicKey.Verify(helper.Hash !, sigPck.GetSignature(), helper.HashAlgorithm));
}
internal PgpUser(ContainedPacket userPacket, PgpKey publicKey, PgpSignature signature)
{
this.userPacket = userPacket;
//this.publicKey = publicKey;
this.selfCertifications = new List <PgpCertification>();
this.otherCertifications = new List <PgpCertification>();
this.revocationSignatures = new List <PgpCertification>();
AddCertification(publicKey, signature);
}
/// <summary>Add a public key encrypted session key to the encrypted object.</summary>
public void AddMethod(PgpKey key)
{
if (!key.IsEncryptionKey)
{
throw new ArgumentException("passed in key not an encryption key!");
}
methods.Add(new PubMethod(key));
}
internal PgpCertification(
PgpSignature signature,
ContainedPacket?userPacket,
PgpKey publicKey)
{
this.signature = signature;
this.userPacket = userPacket;
this.publicKey = publicKey;
}
public static PgpUser RemoveCertification(PgpUser user, PgpKey publicKey, PgpCertification certification)
{
var newUser = new PgpUser(user, publicKey);
newUser.selfCertifications.RemoveAll(c => Equals(c.Signature, certification.Signature));
newUser.otherCertifications.RemoveAll(c => Equals(c.Signature, certification.Signature));
newUser.revocationSignatures.RemoveAll(c => Equals(c.Signature, certification.Signature));
return(newUser);
}
/// <summary>
/// Verify the signature as certifying by the passed in public key.
/// </summary>
/// <returns>True, if the signature matches, false otherwise.</returns>
public bool Verify(PgpKey signingKey)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
Debug.Assert(signingKey.KeyId == KeyId);
return(signature.Verify(signingKey, GenerateCertificationData(signingKey, userPacket, publicKey)));
}
// FIXME: This method is too advanced
public static PgpCertification GenerateUserCertification(
PgpSignatureType signatureType,
PgpKey signingKey,
PgpPrivateKey signingPrivateKey,
PgpUserAttributes userAttributes,
PgpKey userPublicKey,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null,
PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
if (signingPrivateKey == null)
{
throw new ArgumentNullException(nameof(signingPrivateKey));
}
if (signingKey.KeyId != signingPrivateKey.KeyId)
{
throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
}
if (userAttributes == null)
{
throw new ArgumentNullException(nameof(userAttributes));
}
if (userPublicKey == null)
{
throw new ArgumentNullException(nameof(userPublicKey));
}
var userPacket = new UserAttributePacket(userAttributes.ToSubpacketArray());
var signatureGenerator = new PgpSignatureGenerator(signatureType, signingPrivateKey, hashAlgorithm);
if (hashedAttributes != null)
{
signatureGenerator.HashedAttributes = hashedAttributes;
}
if (unhashedAttributes != null)
{
signatureGenerator.UnhashedAttributes = unhashedAttributes;
}
var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, userPacket, userPublicKey));
return(new PgpCertification(signature, userPacket, userPublicKey));
}
public bool Verify(PgpKey publicKey, out DateTime creationTime)
{
if (signatureHelper == null)
{
throw new InvalidOperationException();
}
if (signaturePacket == null)
{
signaturePacket = (SignaturePacket)packetReader.ReadContainedPacket();
}
creationTime = signaturePacket.CreationTime;
signatureHelper.Finish(signaturePacket);
return(publicKey.Verify(signatureHelper.Hash !, signaturePacket.GetSignature(), signatureHelper.HashAlgorithm));
}
/// <summary>Copy constructor.</summary>
/// <param name="pubKey">The public key to copy.</param>
protected PgpKey(PgpKey pubKey)
{
this.keyPacket = pubKey.keyPacket;
this.keyCertifications = new List <PgpCertification>(pubKey.keyCertifications.Count);
foreach (var keySig in pubKey.keyCertifications)
{
this.keyCertifications.Add(new PgpCertification(keySig.Signature, null, this));
}
this.ids = new List <PgpUser>(pubKey.ids.Count);
foreach (var id in pubKey.ids)
{
this.ids.Add(new PgpUser(id, this));
}
this.fingerprint = pubKey.fingerprint;
this.keyId = pubKey.keyId;
}
internal PgpUser(PgpUser user, PgpKey publicKey)
{
this.userPacket = user.userPacket;
//this.publicKey = publicKey;
this.selfCertifications = new List <PgpCertification>();
this.otherCertifications = new List <PgpCertification>();
this.revocationSignatures = new List <PgpCertification>();
foreach (var certification in user.selfCertifications)
{
this.selfCertifications.Add(new PgpCertification(certification.Signature, userPacket, publicKey));
}
foreach (var certification in user.otherCertifications)
{
this.otherCertifications.Add(new PgpCertification(certification.Signature, userPacket, publicKey));
}
foreach (var certification in user.revocationSignatures)
{
this.revocationSignatures.Add(new PgpCertification(certification.Signature, userPacket, publicKey));
}
}
internal PgpUser(IPacketReader packetReader, PgpKey publicKey)
{
Debug.Assert(packetReader.NextPacketTag() == PacketTag.UserId || packetReader.NextPacketTag() == PacketTag.UserAttribute);
//this.publicKey = publicKey;
this.userPacket = packetReader.ReadContainedPacket();
this.trustPacket = packetReader.NextPacketTag() == PacketTag.Trust ? (TrustPacket)packetReader.ReadContainedPacket() : null;
selfCertifications = new List <PgpCertification>();
otherCertifications = new List <PgpCertification>();
revocationSignatures = new List <PgpCertification>();
while (packetReader.NextPacketTag() == PacketTag.Signature)
{
var signaturePacket = (SignaturePacket)packetReader.ReadContainedPacket();
var signatureTrustPacket = packetReader.NextPacketTag() == PacketTag.Trust ? (TrustPacket)packetReader.ReadContainedPacket() : null;
var signature = new PgpSignature(signaturePacket, signatureTrustPacket);
AddCertification(publicKey, signature);
}
}
public static PgpCertification GenerateKeyRevocation(
PgpKey signingKey,
PgpPrivateKey signingPrivateKey,
PgpKey revokedKey,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null,
PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
if (signingPrivateKey == null)
{
throw new ArgumentNullException(nameof(signingPrivateKey));
}
if (signingKey.KeyId != signingPrivateKey.KeyId)
{
throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
}
if (revokedKey == null)
{
throw new ArgumentNullException(nameof(revokedKey));
}
var signatureGenerator = new PgpSignatureGenerator(revokedKey.IsMasterKey ? PgpSignatureType.KeyRevocation : PgpSignatureType.SubkeyRevocation, signingPrivateKey, hashAlgorithm);
if (hashedAttributes != null)
{
signatureGenerator.HashedAttributes = hashedAttributes;
}
if (unhashedAttributes != null)
{
signatureGenerator.UnhashedAttributes = unhashedAttributes;
}
var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, null, revokedKey));
return(new PgpCertification(signature, null, revokedKey));
}
public PubMethod(PgpKey pubKey)
{
this.pubKey = pubKey;
}
/// <summary>
/// Parse a secret key from one of the GPG S expression keys associating it with the passed in public key.
/// </summary>
public static PgpSecretKey ParseSecretKeyFromSExpr(Stream inputStream, byte[] rawPassPhrase, PgpKey pubKey)
{
return(DoParseSecretKeyFromSExpr(inputStream, rawPassPhrase, pubKey));
}
// TODO: Verify with key ring
public bool Verify(PgpKey publicKey) => Verify(publicKey, out var _);
internal PgpSecretKey(SecretKeyPacket keyPacket, PgpKey secretOrPublicKey)
: base(secretOrPublicKey)
{
this.keyPacket = keyPacket;
}
private static MemoryStream GenerateCertificationData(
PgpKey signingKey,
ContainedPacket?userPacket,
PgpKey publicKey)
{
var data = new MemoryStream();
if (!signingKey.Fingerprint.SequenceEqual(publicKey.Fingerprint) && userPacket == null)
{
byte[] signingKeyBytes = signingKey.KeyPacket.GetEncodedContents();
data.Write(new[] {
(byte)0x99,
(byte)(signingKeyBytes.Length >> 8),
(byte)(signingKeyBytes.Length)
});
data.Write(signingKeyBytes);
}
byte[] keyBytes = publicKey.KeyPacket.GetEncodedContents();
data.Write(new[] {
(byte)0x99,
(byte)(keyBytes.Length >> 8),
(byte)(keyBytes.Length)
});
data.Write(keyBytes);
byte idType = 0;
byte[]? idBytes = null;
if (userPacket is UserAttributePacket userAttributePacket)
{
using var bOut = new MemoryStream();
foreach (UserAttributeSubpacket packet in userAttributePacket.GetSubpackets())
{
packet.Encode(bOut);
}
idType = 0xd1;
idBytes = bOut.ToArray();
}
else if (userPacket is UserIdPacket userIdPacket)
{
idType = 0xb4;
idBytes = Encoding.UTF8.GetBytes(userIdPacket.GetId());
}
if (idBytes != null)
{
data.Write(new[] {
(byte)idType,
(byte)(idBytes.Length >> 24),
(byte)(idBytes.Length >> 16),
(byte)(idBytes.Length >> 8),
(byte)(idBytes.Length)
});
data.Write(idBytes);
}
data.Position = 0;
return(data);
}
/// <summary>
/// Parse a secret key from one of the GPG S expression keys associating it with the passed in public key.
/// </summary>
public static PgpSecretKey ParseSecretKeyFromSExpr(Stream inputStream, string passPhrase, PgpKey pubKey)
{
return(DoParseSecretKeyFromSExpr(inputStream, Encoding.UTF8.GetBytes(passPhrase), pubKey));
}