public S2k( PgpHashAlgorithm algorithm) { this.type = 0; this.algorithm = algorithm; iv = Array.Empty <byte>(); }
//[TestCase("DSA-2048-224.sec", "DSA-2048-224.pub", PgpHashAlgorithm.Sha256)] //[TestCase("DSA-2048-224.sec", "DSA-2048-224.pub", PgpHashAlgorithm.Sha512)] public void GenerateTest(string privateKeyFile, string publicKeyFile, PgpHashAlgorithm digest) { PgpSecretKeyRing secRing = loadSecretKey(privateKeyFile); PgpPublicKeyRing pubRing = loadPublicKey(publicKeyFile); string data = "hello world!"; byte[] dataBytes = Encoding.ASCII.GetBytes(data); MemoryStream bOut = new MemoryStream(); DateTime testDate = new DateTime((DateTime.UtcNow.Ticks / TimeSpan.TicksPerSecond) * TimeSpan.TicksPerSecond); var messageGenerator = new PgpMessageGenerator(bOut); using (var signingGenerator = messageGenerator.CreateSigned(PgpSignatureType.BinaryDocument, secRing.GetSecretKey().ExtractPrivateKey("test"), digest)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDate)) { literalStream.Write(dataBytes); } bOut.Position = 0; var signedMessage = (PgpSignedMessage)PgpMessage.ReadMessage(bOut); Assert.AreEqual(digest, signedMessage.HashAlgorithm); Assert.AreEqual(PgpPublicKeyAlgorithm.Dsa, signedMessage.KeyAlgorithm); var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); Assert.AreEqual(testDate, literalMessage.ModificationTime); literalMessage.GetStream().CopyTo(Stream.Null); Assert.IsTrue(signedMessage.Verify(pubRing.GetPublicKey())); }
private void PerformTestSig( PgpHashAlgorithm hashAlgorithm, PgpKey pubKey, PgpPrivateKey privKey) { const string data = "hello world!"; byte[] dataBytes = Encoding.ASCII.GetBytes(data); DateTime testDateTime = new DateTime(1973, 7, 27); MemoryStream bOut = new MemoryStream(); var messageGenerator = new PgpMessageGenerator(bOut); using (var compressedGenerator = messageGenerator.CreateCompressed(PgpCompressionAlgorithm.Zip)) using (var signingGenerator = compressedGenerator.CreateSigned(PgpSignatureType.BinaryDocument, privKey, hashAlgorithm)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDateTime)) { literalStream.Write(dataBytes); } // Verify generated signature bOut.Position = 0; var compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(bOut); var signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage(); var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); Assert.AreEqual(testDateTime, literalMessage.ModificationTime); literalMessage.GetStream().CopyTo(Stream.Null); Assert.IsTrue(signedMessage.Verify(pubKey)); }
private void verifySignature( byte[] encodedSig, PgpHashAlgorithm hashAlgorithm, PgpKey pubKey, byte[] original, bool checkTime = false) { var now = DateTime.UtcNow; var signedMessage = (PgpSignedMessage)PgpMessage.ReadMessage(encodedSig); var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); literalMessage.GetStream().CopyTo(Stream.Null); Assert.IsTrue(signedMessage.Verify(pubKey, out DateTime creationTime)); Assert.IsTrue(!checkTime || Math.Abs((creationTime - now).TotalMinutes) < 10); Assert.AreEqual(pubKey.KeyId, signedMessage.KeyId); /* * sig.InitVerify(pubKey); * * sig.Update(original); * sig.Update(original); * * if (!sig.Verify()) * { * Fail("Failed generated signature check against original data"); * }*/ }
private void doTestTextSig( PgpHashAlgorithm hashAlgorithm, PgpKey pubKey, PgpPrivateKey privKey, byte[] data, byte[] canonicalData, int version = 4) { MemoryStream bOut = new MemoryStream(); var messageGenerator = new PgpMessageGenerator(bOut); using (var signingGenerator = messageGenerator.CreateSigned(PgpSignatureType.CanonicalTextDocument, privKey, PgpHashAlgorithm.Sha1, version)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Text, "_CONSOLE", DateTime.UtcNow)) { literalStream.Write(data); literalStream.Write(canonicalData); } /*if (sig.CreationTime == DateTimeOffset.FromUnixTimeSeconds(0).DateTime) * { * Fail("creation time not set in v4 signature"); * }*/ verifySignature(bOut.ToArray(), hashAlgorithm, pubKey, canonicalData); }
public bool VerifySignature( ReadOnlySpan <byte> rgbHash, ReadOnlySpan <byte> rgbSignature, PgpHashAlgorithm hashAlgorithm) { throw new NotSupportedException(); }
public PgpSignatureTransformation(PgpSignatureType signatureType, PgpHashAlgorithm hashAlgorithm, bool ignoreTrailingWhitespace) { this.signatureType = signatureType; this.hashAlgorithm = hashAlgorithm; this.lastb = 0; this.sig = PgpUtilities.GetHashAlgorithm(hashAlgorithm); this.ignoreTrailingWhitespace = ignoreTrailingWhitespace; }
public S2k( PgpHashAlgorithm algorithm, byte[] iv) { this.type = 1; this.algorithm = algorithm; this.iv = iv; }
public byte[] CreateSignature(ReadOnlySpan <byte> rgbHash, PgpHashAlgorithm hashAlgorithm) { byte[] ieeeSignature = ecdsa.SignHash(rgbHash.ToArray(), DSASignatureFormat.IeeeP1363FixedFieldConcatenation); byte[] pgpSignature = new byte[ieeeSignature.Length + 4]; // Maximum possible length MPInteger.TryWriteInteger(ieeeSignature.AsSpan(0, ieeeSignature.Length / 2), pgpSignature, out int rWritten); MPInteger.TryWriteInteger(ieeeSignature.AsSpan(ieeeSignature.Length / 2), pgpSignature.AsSpan(rWritten), out int sWritten); return(pgpSignature.AsSpan(0, rWritten + sWritten).ToArray()); }
/// <summary>Add a PBE encryption method to the encrypted object.</summary> public void AddMethod(ReadOnlySpan <byte> rawPassPhrase, PgpHashAlgorithm s2kDigest) { S2k s2k = PgpUtilities.GenerateS2k(s2kDigest, 0x60); byte[] key = new byte[PgpUtilities.GetKeySize(defAlgorithm) / 8]; S2kBasedEncryption.MakeKey(rawPassPhrase, s2kDigest, s2k.GetIV(), s2k.IterationCount, key); methods.Add(new PbeMethod(defAlgorithm, s2k, key)); }
public bool VerifySignature( ReadOnlySpan <byte> rgbHash, ReadOnlySpan <byte> rgbSignature, PgpHashAlgorithm hashAlgorithm) { var signature = MPInteger.ReadInteger(rgbSignature, out var _); return(rsa.VerifyHash(rgbHash, signature, PgpUtilities.GetHashAlgorithmName(hashAlgorithm), RSASignaturePadding.Pkcs1)); }
public byte[] CreateSignature( ReadOnlySpan <byte> rgbHash, PgpHashAlgorithm hashAlgorithm) { var signature = rsa.SignHash(rgbHash.ToArray(), PgpUtilities.GetHashAlgorithmName(hashAlgorithm), RSASignaturePadding.Pkcs1); var signatureBytes = new byte[MPInteger.GetMPEncodedLength(signature)]; MPInteger.TryWriteInteger(signature, signatureBytes, out var _); return(signatureBytes); }
public S2k( PgpHashAlgorithm algorithm, byte[] iv, int itCount) { this.type = 3; this.algorithm = algorithm; this.iv = iv; this.itCount = itCount; }
public byte[] CreateSignature(ReadOnlySpan <byte> rgbHash, PgpHashAlgorithm hashAlgorithm) { byte[] ieeeSignature = dsa.CreateSignature(rgbHash.ToArray(), DSASignatureFormat.IeeeP1363FixedFieldConcatenation); var r = ieeeSignature.AsSpan(0, ieeeSignature.Length / 2); var s = ieeeSignature.AsSpan(ieeeSignature.Length / 2); byte[] pgpSignature = new byte[MPInteger.GetMPEncodedLength(r) + MPInteger.GetMPEncodedLength(s)]; MPInteger.TryWriteInteger(r, pgpSignature, out int rWritten); MPInteger.TryWriteInteger(s, pgpSignature.AsSpan(rWritten), out int _); return(pgpSignature); }
public bool Verify(byte[] hash, byte[] signature, PgpHashAlgorithm hashAlgorithm) { var key = GetKey(); if (!key.CanSign) { throw new PgpException("Key is not usable for singing"); } return(key.VerifySignature(hash, signature, hashAlgorithm)); }
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary> public PgpSignatureGenerator(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4, bool ignoreTrailingWhitespace = false) { // TODO: Add version 5 support if (version < 3 || version > 4) { throw new ArgumentOutOfRangeException(nameof(version)); } this.version = version; this.hashAlgorithm = hashAlgorithm; this.helper = new PgpSignatureTransformation(signatureType, hashAlgorithm, ignoreTrailingWhitespace); this.privateKey = privateKey; }
public OnePassSignaturePacket( PgpSignatureType sigType, PgpHashAlgorithm hashAlgorithm, PgpPublicKeyAlgorithm keyAlgorithm, long keyId, bool isNested) { this.version = 3; this.sigType = sigType; this.hashAlgorithm = hashAlgorithm; this.keyAlgorithm = keyAlgorithm; this.keyId = keyId; this.nested = (isNested) ? 0 : 1; }
public bool VerifySignature( ReadOnlySpan <byte> rgbHash, ReadOnlySpan <byte> rgbSignature, PgpHashAlgorithm hashAlgorithm) { var asnWriter = new AsnWriter(AsnEncodingRules.DER); using (var scope = asnWriter.PushSequence()) { asnWriter.WriteIntegerUnsigned(MPInteger.ReadInteger(rgbSignature, out int rConsumed)); asnWriter.WriteIntegerUnsigned(MPInteger.ReadInteger(rgbSignature.Slice(rConsumed), out var _)); } return(dsa.VerifySignature(rgbHash, asnWriter.Encode(), DSASignatureFormat.Rfc3279DerSequence)); }
/// <summary>Add a PBE encryption method to the encrypted object.</summary> public void AddMethod(ReadOnlySpan <char> passPhrase, PgpHashAlgorithm s2kDigest) { byte[] rawPassPhrase = Array.Empty <byte>(); try { rawPassPhrase = CryptoPool.Rent(Encoding.UTF8.GetByteCount(passPhrase)); int bytesWritten = Encoding.UTF8.GetBytes(passPhrase, rawPassPhrase); AddMethod(rawPassPhrase.AsSpan(0, bytesWritten), s2kDigest); } finally { CryptoPool.Return(rawPassPhrase); } }
// FIXME: This method is too advanced public static PgpCertification GenerateUserCertification( PgpSignatureType signatureType, PgpKey signingKey, PgpPrivateKey signingPrivateKey, PgpUserAttributes userAttributes, PgpKey userPublicKey, PgpSignatureAttributes?hashedAttributes = null, PgpSignatureAttributes?unhashedAttributes = null, PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1) { if (signingKey == null) { throw new ArgumentNullException(nameof(signingKey)); } if (signingPrivateKey == null) { throw new ArgumentNullException(nameof(signingPrivateKey)); } if (signingKey.KeyId != signingPrivateKey.KeyId) { throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch); } if (userAttributes == null) { throw new ArgumentNullException(nameof(userAttributes)); } if (userPublicKey == null) { throw new ArgumentNullException(nameof(userPublicKey)); } var userPacket = new UserAttributePacket(userAttributes.ToSubpacketArray()); var signatureGenerator = new PgpSignatureGenerator(signatureType, signingPrivateKey, hashAlgorithm); if (hashedAttributes != null) { signatureGenerator.HashedAttributes = hashedAttributes; } if (unhashedAttributes != null) { signatureGenerator.UnhashedAttributes = unhashedAttributes; } var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, userPacket, userPublicKey)); return(new PgpCertification(signature, userPacket, userPublicKey)); }
internal OnePassSignaturePacket(Stream bcpgIn) { version = bcpgIn.ReadByte(); sigType = (PgpSignatureType)bcpgIn.ReadByte(); hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte(); keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte(); keyId |= (long)bcpgIn.ReadByte() << 56; keyId |= (long)bcpgIn.ReadByte() << 48; keyId |= (long)bcpgIn.ReadByte() << 40; keyId |= (long)bcpgIn.ReadByte() << 32; keyId |= (long)bcpgIn.ReadByte() << 24; keyId |= (long)bcpgIn.ReadByte() << 16; keyId |= (long)bcpgIn.ReadByte() << 8; keyId |= (uint)bcpgIn.ReadByte(); nested = bcpgIn.ReadByte(); }
public ECDiffieHellmanKey( ECDiffieHellman ecdh, PgpHashAlgorithm hashAlgorithm, PgpSymmetricKeyAlgorithm symmetricAlgorithm, byte[] fingerprint) { if (fingerprint == null) { throw new ArgumentNullException(nameof(fingerprint)); } this.ecdh = ecdh; this.hashAlgorithm = hashAlgorithm; this.symmetricAlgorithm = symmetricAlgorithm; this.fingerprint = fingerprint; VerifyHashAlgorithm(); VerifySymmetricKeyAlgorithm(); }
private void doTestSig( PgpHashAlgorithm hashAlgorithm, PgpKey pubKey, PgpPrivateKey privKey, int version = 4) { MemoryStream bOut = new MemoryStream(); var messageGenerator = new PgpMessageGenerator(bOut); using (var signingGenerator = messageGenerator.CreateSigned(PgpSignatureType.BinaryDocument, privKey, hashAlgorithm, version)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", DateTime.UtcNow)) { literalStream.Write(TEST_DATA); literalStream.Write(TEST_DATA); } verifySignature(bOut.ToArray(), hashAlgorithm, pubKey, TEST_DATA); }
public static PgpCertification GenerateKeyRevocation( PgpKey signingKey, PgpPrivateKey signingPrivateKey, PgpKey revokedKey, PgpSignatureAttributes?hashedAttributes = null, PgpSignatureAttributes?unhashedAttributes = null, PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1) { if (signingKey == null) { throw new ArgumentNullException(nameof(signingKey)); } if (signingPrivateKey == null) { throw new ArgumentNullException(nameof(signingPrivateKey)); } if (signingKey.KeyId != signingPrivateKey.KeyId) { throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch); } if (revokedKey == null) { throw new ArgumentNullException(nameof(revokedKey)); } var signatureGenerator = new PgpSignatureGenerator(revokedKey.IsMasterKey ? PgpSignatureType.KeyRevocation : PgpSignatureType.SubkeyRevocation, signingPrivateKey, hashAlgorithm); if (hashedAttributes != null) { signatureGenerator.HashedAttributes = hashedAttributes; } if (unhashedAttributes != null) { signatureGenerator.UnhashedAttributes = unhashedAttributes; } var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, null, revokedKey)); return(new PgpCertification(signature, null, revokedKey)); }
public SignaturePacket( int version, PgpSignatureType signatureType, long keyId, PgpPublicKeyAlgorithm keyAlgorithm, PgpHashAlgorithm hashAlgorithm, DateTime creationTime, SignatureSubpacket[] hashedData, SignatureSubpacket[] unhashedData, byte[] fingerprint, byte[] signature) { this.version = version; this.signatureType = signatureType; this.keyId = keyId; this.keyAlgorithm = keyAlgorithm; this.hashAlgorithm = hashAlgorithm; this.hashedData = hashedData; this.unhashedData = unhashedData; this.fingerprint = fingerprint; this.signature = signature; this.creationTime = creationTime; }
internal S2k(Stream inStr) { type = inStr.ReadByte(); algorithm = (PgpHashAlgorithm)inStr.ReadByte(); // // if this happens we have a dummy-S2k packet. // if (type != GnuDummyS2K) { if (type != 0) { iv = new byte[8]; if (inStr.ReadFully(iv) < iv.Length) { throw new EndOfStreamException(); } if (type == 3) { itCount = inStr.ReadByte(); } } else { iv = Array.Empty <byte>(); } } else { iv = Array.Empty <byte>(); inStr.ReadByte(); // G inStr.ReadByte(); // N inStr.ReadByte(); // U protectionMode = inStr.ReadByte(); // protection mode } }
public static string GetDigestName(PgpHashAlgorithm hashAlgorithm) { switch (hashAlgorithm) { case PgpHashAlgorithm.Sha1: return("SHA1"); case PgpHashAlgorithm.MD2: return("MD2"); case PgpHashAlgorithm.MD5: return("MD5"); case PgpHashAlgorithm.RipeMD160: return("RIPEMD160"); case PgpHashAlgorithm.Sha224: return("SHA224"); case PgpHashAlgorithm.Sha256: return("SHA256"); case PgpHashAlgorithm.Sha384: return("SHA384"); case PgpHashAlgorithm.Sha512: return("SHA512"); default: throw new PgpException("unknown hash algorithm tag in GetDigestName: " + hashAlgorithm); } }
internal SignaturePacket(Stream bcpgIn) { version = bcpgIn.ReadByte(); if (version == 3 || version == 2) { // int l = bcpgIn.ReadByte(); signatureType = (PgpSignatureType)bcpgIn.ReadByte(); creationTime = DateTimeOffset.FromUnixTimeSeconds( ((long)bcpgIn.ReadByte() << 24) | ((long)bcpgIn.ReadByte() << 16) | ((long)bcpgIn.ReadByte() << 8) | (uint)bcpgIn.ReadByte()).UtcDateTime; keyId |= (long)bcpgIn.ReadByte() << 56; keyId |= (long)bcpgIn.ReadByte() << 48; keyId |= (long)bcpgIn.ReadByte() << 40; keyId |= (long)bcpgIn.ReadByte() << 32; keyId |= (long)bcpgIn.ReadByte() << 24; keyId |= (long)bcpgIn.ReadByte() << 16; keyId |= (long)bcpgIn.ReadByte() << 8; keyId |= (uint)bcpgIn.ReadByte(); keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte(); hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte(); hashedData = Array.Empty <SignatureSubpacket>(); unhashedData = Array.Empty <SignatureSubpacket>(); } else if (version == 4) { signatureType = (PgpSignatureType)bcpgIn.ReadByte(); keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte(); hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte(); int hashedLength = (bcpgIn.ReadByte() << 8) | bcpgIn.ReadByte(); byte[] hashed = new byte[hashedLength]; if (bcpgIn.ReadFully(hashed) < hashed.Length) { throw new EndOfStreamException(); } // // read the signature sub packet data. // SignatureSubpacketParser sIn = new SignatureSubpacketParser(new MemoryStream(hashed, false)); IList <SignatureSubpacket> v = new List <SignatureSubpacket>(); SignatureSubpacket? sub; while ((sub = sIn.ReadPacket()) != null) { v.Add(sub); if (sub is IssuerKeyId issuerKeyId) { keyId = issuerKeyId.KeyId; } else if (sub is SignatureCreationTime signatureCreationTime) { creationTime = signatureCreationTime.Time; } } hashedData = v.ToArray(); int unhashedLength = (bcpgIn.ReadByte() << 8) | bcpgIn.ReadByte(); byte[] unhashed = new byte[unhashedLength]; if (bcpgIn.ReadFully(unhashed) < unhashed.Length) { throw new EndOfStreamException(); } sIn = new SignatureSubpacketParser(new MemoryStream(unhashed, false)); v.Clear(); while ((sub = sIn.ReadPacket()) != null) { v.Add(sub); if (sub is IssuerKeyId issuerKeyId && keyId == 0) { keyId = issuerKeyId.KeyId; } } unhashedData = v.ToArray(); } else { throw new PgpException("unsupported version: " + version); } fingerprint = new byte[2]; if (bcpgIn.ReadFully(fingerprint) < fingerprint.Length) { throw new EndOfStreamException(); } signature = bcpgIn.ReadAll(); }
internal static S2k GenerateS2k(PgpHashAlgorithm hashAlgorithm, int s2kCount) { byte[] iv = new byte[8]; RandomNumberGenerator.Fill(iv); return(new S2k(hashAlgorithm, iv, s2kCount)); }
internal MyS2k(PgpHashAlgorithm algorithm, byte[] iv, long iterationCount64) : base(algorithm, iv, (int)iterationCount64) { this.mIterationCount64 = iterationCount64; }