public void Generate()
{
// Master/Signing key
var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
// Encryption key
var ecdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP256);
// Generate a key ring
var passPhrase = "test";
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase);
keyRingGen.AddSubKey(ecdh);
PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing();
// TODO: add check of KdfParameters
DoBasicKeyRingCheck(pubRing);
PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing();
PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded());
Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed");
PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded());
Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed");
PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase);
}
private void Generate()
{
SecureRandom random = SecureRandom.GetInstance("SHA1PRNG");
//
// Generate a master key
//
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random));
AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair();
PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow);
//
// Generate an encryption key
//
keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH");
keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random));
AsymmetricCipherKeyPair kpEnc = keyGen.GenerateKeyPair();
PgpKeyPair ecdhKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDH, kpEnc, DateTime.UtcNow);
//
// Generate a key ring
//
char[] passPhrase = "test".ToCharArray();
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair,
"*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random);
keyRingGen.AddSubKey(ecdhKeyPair);
PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing();
// TODO: add check of KdfParameters
DoBasicKeyRingCheck(pubRing);
PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing();
PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded());
if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded()))
{
Fail("public key ring encoding failed");
}
PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded());
if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded()))
{
Fail("secret key ring encoding failed");
}
PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase);
}
/// <summary>
/// Create master signing key.
/// </summary>
/// <param name="keyRingGen">
/// Key ring generator.
/// </param>
/// <param name="identity">
/// Identity of the key.
/// </param>
/// <param name="password">
/// Password to protect the secret key.
/// </param>
/// <param name="expires">
/// Key expiry; null means never expires.
/// </param>
/// <param name="encryptKeyLength">
/// Length of the encryption key.
/// </param>
/// <param name="encryptGenerator">
/// Generator for the encryption key.
/// </param>
/// <param name="encryptionAlgorithm">
/// Encryption algorithm.
/// </param>
/// <param name="symmetricAlgorithm">
/// Symmetric algorithm.
/// </param>
/// <returns>
/// Returns the <see cref="PgpKeyRingGenerator"/> with the keyring properties
/// thus far.
/// </returns>
public static PgpKeyRingGenerator CreateEncryptionSubkey(
PgpKeyRingGenerator keyRingGen,
string identity,
string password,
DateTime?expires,
int encryptKeyLength = 2048,
string encryptGenerator = "RSA",
PublicKeyAlgorithmTag encryptionAlgorithm = PublicKeyAlgorithmTag.RsaEncrypt,
SymmetricKeyAlgorithmTag symmetricAlgorithm = SymmetricKeyAlgorithmTag.Aes256)
{
var keyringParameters = new KeyRingParameters(encryptKeyLength, encryptGenerator)
{
Password = password,
Identity = identity,
PrivateKeyEncryptionAlgorithm = symmetricAlgorithm,
SymmetricAlgorithms = new[]
{
SymmetricKeyAlgorithmTag.Aes256,
SymmetricKeyAlgorithmTag.Aes192,
SymmetricKeyAlgorithmTag.Aes128
},
HashAlgorithms = new[]
{
HashAlgorithmTag.Sha256,
HashAlgorithmTag.Sha1,
HashAlgorithmTag.Sha384,
HashAlgorithmTag.Sha512,
HashAlgorithmTag.Sha224,
}
};
// encryption key
var generator = GeneratorUtilities.GetKeyPairGenerator(encryptGenerator);
generator.Init(keyringParameters.KeyParams);
var encKeyPair = new PgpKeyPair(encryptionAlgorithm, generator.GenerateKeyPair(), DateTime.UtcNow);
var symmetricAlgorithms = (from a in keyringParameters.SymmetricAlgorithms
select(int) a).ToArray();
var hashAlgorithms = (from a in keyringParameters.HashAlgorithms
select(int) a).ToArray();
Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X"));
var encSubpckGen = new PgpSignatureSubpacketGenerator();
encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
encSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms);
encSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms);
if (expires != null)
{
encSubpckGen.SetKeyExpirationTime(false, (long)((DateTime)expires - DateTime.Now).TotalSeconds);
}
// add encryption subkey to keyring
keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
return(keyRingGen);
}
private static PgpKeyRingGenerator GeneratePgpRingKeys(string identity, string password)
{
var keyRingParams = new KeyRingParams
{
Password = password,
Identity = identity,
PrivateKeyEncryptionAlgorithm = SymmetricKeyAlgorithmTag.Aes128,
SymmetricAlgorithms = new SymmetricKeyAlgorithmTag[]
{
SymmetricKeyAlgorithmTag.Aes256,
SymmetricKeyAlgorithmTag.Aes192,
SymmetricKeyAlgorithmTag.Aes128
},
HashAlgorithms = new HashAlgorithmTag[]
{
HashAlgorithmTag.Sha256,
HashAlgorithmTag.Sha1,
HashAlgorithmTag.Sha384,
HashAlgorithmTag.Sha512,
HashAlgorithmTag.Sha224,
}
};
var generator = GeneratorUtilities.GetKeyPairGenerator("RSA");
generator.Init(keyRingParams.RsaParams);
var masterKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, generator.GenerateKeyPair(), DateTime.UtcNow);
Debug.WriteLine("Generated master key with Id {0}", masterKeyPair.KeyId.ToString("x"));
var masterSubpckGen = new PgpSignatureSubpacketGenerator();
masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (from a in keyRingParams.SymmetricAlgorithms select(int) a).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false, (from a in keyRingParams.HashAlgorithms select(int) a).ToArray());
var encKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow);
Debug.WriteLine("Generated encryption key with Id {0}", encKeyPair.KeyId.ToString("x"));
var encSubpckGen = new PgpSignatureSubpacketGenerator();
encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (from a in keyRingParams.SymmetricAlgorithms select(int) a).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false, (from a in keyRingParams.HashAlgorithms select(int) a).ToArray());
var keyRingGen = new PgpKeyRingGenerator(PgpSignature.DefaultCertification, masterKeyPair, keyRingParams.Identity, keyRingParams.PrivateKeyEncryptionAlgorithm.Value, keyRingParams.GetPassword(), true, masterSubpckGen.Generate(), null, new SecureRandom());
keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
return(keyRingGen);
}
private void Generate()
{
SecureRandom random = SecureRandom.GetInstance("SHA1PRNG");
//
// Generate a master key
//
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random));
AsymmetricCipherKeyPair kpSign = keyGen.GenerateKeyPair();
PgpKeyPair ecdsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDsa, kpSign, DateTime.UtcNow);
//
// Generate an encryption key
//
keyGen = GeneratorUtilities.GetKeyPairGenerator("ECDH");
keyGen.Init(new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, random));
AsymmetricCipherKeyPair kpEnc = keyGen.GenerateKeyPair();
PgpKeyPair ecdhKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ECDH, kpEnc, DateTime.UtcNow);
//
// Generate a key ring
//
char[] passPhrase = "test".ToCharArray();
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, ecdsaKeyPair,
"*****@*****.**", SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, random);
keyRingGen.AddSubKey(ecdhKeyPair);
PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing();
// TODO: add check of KdfParameters
DoBasicKeyRingCheck(pubRing);
PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing();
PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded());
if (!Arrays.AreEqual(pubRing.GetEncoded(), pubRingEnc.GetEncoded()))
{
Fail("public key ring encoding failed");
}
PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded());
if (!Arrays.AreEqual(secRing.GetEncoded(), secRingEnc.GetEncoded()))
{
Fail("secret key ring encoding failed");
}
PgpPrivateKey pgpPrivKey = secRing.GetSecretKey().ExtractPrivateKey(passPhrase);
}
public static PgpKeyRingGenerator GenerateKeyRing(String id, byte[] pass, RSAKeySize keysize)
{
RsaKeyPairGenerator kpg = new RsaKeyPairGenerator();
kpg.Init(new KeyGenerationParameters(new SecureRandom(), 4096));
AsymmetricCipherKeyPair rsakeys = kpg.GenerateKeyPair();
PgpKeyPair rsakp_sign = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, rsakeys, DateTime.UtcNow);
PgpKeyPair rsakp_enc = new PgpKeyPair(PublicKeyAlgorithmTag.RsaEncrypt, rsakeys, DateTime.UtcNow);
PgpSignatureSubpacketGenerator signhashgen = new PgpSignatureSubpacketGenerator();
signhashgen.SetKeyFlags(false, KeyFlags.SignData | KeyFlags.CertifyOther);
signhashgen.SetPreferredSymmetricAlgorithms
(false, new int[] {
(int)SymmetricKeyAlgorithmTag.Aes256,
(int)SymmetricKeyAlgorithmTag.Camellia256
});
signhashgen.SetPreferredHashAlgorithms
(false, new int[] {
(int)HashAlgorithmTag.Sha256,
(int)HashAlgorithmTag.Sha384,
(int)HashAlgorithmTag.Sha512
});
signhashgen.SetFeature(false, Features.FEATURE_MODIFICATION_DETECTION);
// Create a signature on the encryption subkey.
PgpSignatureSubpacketGenerator enchashgen = new PgpSignatureSubpacketGenerator();
enchashgen.SetKeyFlags(false, KeyFlags.EncryptComms | KeyFlags.EncryptStorage | KeyFlags.Authentication);
PgpKeyRingGenerator pgpKeyRing = new PgpKeyRingGenerator(
PgpSignature.DefaultCertification,
rsakp_sign,
id,
SymmetricKeyAlgorithmTag.Aes256,
pass,
false,
signhashgen.Generate(),
null,
new SecureRandom()
);
pgpKeyRing.AddSubKey(rsakp_enc, enchashgen.Generate(), null, HashAlgorithmTag.Sha512);
return(pgpKeyRing);
}
public static PgpKeyRingGenerator GenerateKeyRingGenerator(KeyRingParams keyRingParams)
{
var generator = GeneratorUtilities.GetKeyPairGenerator("RSA");
generator.Init(keyRingParams.RsaParams());
/* Create the master (signing-only) key. */
var masterKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, generator.GenerateKeyPair(), DateTime.UtcNow);
Debug.WriteLine("Generated master key with ID " + masterKeyPair.KeyId.ToString("X"));
var masterSubpckGen = new PgpSignatureSubpacketGenerator();
masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false, keyRingParams.SymmetricAlgorithms.Select(a => (int)a).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false, keyRingParams.HashAlgorithms.Select(a => (int)a).ToArray());
/* Create a signing and encryption key for daily use. */
var encKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaGeneral, generator.GenerateKeyPair(), DateTime.UtcNow);
Debug.WriteLine("Generated encryption key with ID " + encKeyPair.KeyId.ToString("X"));
var encSubpckGen = new PgpSignatureSubpacketGenerator();
encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false, (keyRingParams.SymmetricAlgorithms.Select(a => (int)a)).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false, (keyRingParams.HashAlgorithms.Select(a => (int)a)).ToArray());
/* Create the key ring. */
var keyRingGen = new PgpKeyRingGenerator(
PgpSignature.DefaultCertification,
masterKeyPair,
keyRingParams.Identity,
keyRingParams.PrivateKeyEncryptionAlgorithm.Value,
keyRingParams.GetPassword(),
true,
masterSubpckGen.Generate(),
null,
new SecureRandom());
/* Add encryption subkey. */
keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
return(keyRingGen);
}
public void Generate25519()
{
// Generate a master key
var ecdsa = new Ed25519();
// Generate an encryption key
var ecdh = new X25519();
// Generate a key ring
var passPhrase = "test";
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(ecdsa, "*****@*****.**", passPhrase);
keyRingGen.AddSubKey(ecdh);
PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing();
// TODO: add check of KdfParameters
DoBasicKeyRingCheck(pubRing);
PgpSecretKeyRing secRing = keyRingGen.GenerateSecretKeyRing();
PgpPublicKeyRing pubRingEnc = new PgpPublicKeyRing(pubRing.GetEncoded());
Assert.That(pubRing.GetEncoded(), Is.EqualTo(pubRingEnc.GetEncoded()), "public key ring encoding failed");
PgpSecretKeyRing secRingEnc = new PgpSecretKeyRing(secRing.GetEncoded());
Assert.That(secRing.GetEncoded(), Is.EqualTo(secRingEnc.GetEncoded()), "secret key ring encoding failed");
// Extract back the ECDH key and verify the encoded values to ensure correct endianness
PgpSecretKey pgpSecretKey = secRing.GetSecretKey(pubRing.GetPublicKey().KeyId);
PgpPrivateKey pgpPrivKey = pgpSecretKey.ExtractPrivateKey(passPhrase);
/*if (!Arrays.AreEqual(((X25519PrivateKeyParameters)kpEnc.Private).GetEncoded(), ((X25519PrivateKeyParameters)pgpPrivKey.Key).GetEncoded()))
* {
* Fail("private key round trip failed");
* }
* if (!Arrays.AreEqual(((X25519PublicKeyParameters)kpEnc.Public).GetEncoded(), ((X25519PublicKeyParameters)pgpSecretKey.PublicKey.GetKey()).GetEncoded()))
* {
* Fail("private key round trip failed");
* }*/
}
void AddEncryptionKeyPair(PgpKeyRingGenerator keyRingGenerator, KeyGenerationParameters parameters, PublicKeyAlgorithmTag algorithm, DateTime now, long expirationTime, int[] encryptionAlgorithms, int[] digestAlgorithms)
{
var keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator("RSA");
keyPairGenerator.Init(parameters);
var keyPair = new PgpKeyPair(algorithm, keyPairGenerator.GenerateKeyPair(), now);
var subpacketGenerator = new PgpSignatureSubpacketGenerator();
subpacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
subpacketGenerator.SetPreferredSymmetricAlgorithms(false, encryptionAlgorithms);
subpacketGenerator.SetPreferredHashAlgorithms(false, digestAlgorithms);
if (expirationTime > 0)
{
subpacketGenerator.SetKeyExpirationTime(false, expirationTime);
subpacketGenerator.SetSignatureExpirationTime(false, expirationTime);
}
keyRingGenerator.AddSubKey(keyPair, subpacketGenerator.Generate(), null);
}
public static void ExportKeyPair(
Stream secretOut,
Stream publicOut,
AsymmetricCipherKeyPair dsaKp,
AsymmetricCipherKeyPair elgKp,
string identity,
char[] passPhrase,
bool armor)
{
if (armor)
{
secretOut = new ArmoredOutputStream(secretOut);
}
PgpKeyPair dsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, dsaKp, DateTime.UtcNow);
PgpKeyPair elgKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalEncrypt, elgKp, DateTime.UtcNow);
// Prepare a strong Secure Random with seed
SecureRandom secureRandom = PgpEncryptionUtil.GetSecureRandom();
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, dsaKeyPair,
identity, SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, secureRandom);
keyRingGen.AddSubKey(elgKeyPair);
keyRingGen.GenerateSecretKeyRing().Encode(secretOut);
if (armor)
{
secretOut.Dispose();
publicOut = new ArmoredOutputStream(publicOut);
}
keyRingGen.GeneratePublicKeyRing().Encode(publicOut);
if (armor)
{
publicOut.Dispose();
}
}
private static void ExportKeyPair(
Stream secretOut,
Stream publicOut,
IAsymmetricCipherKeyPair signingKey,
IAsymmetricCipherKeyPair encryptionKey,
string identity,
char[] passPhrase,
bool armor,
ISecureRandom random)
{
if (armor)
{
secretOut = new ArmoredOutputStream(secretOut);
}
var masterKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdsa, signingKey, DateTime.UtcNow);
var subKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdh, encryptionKey, DateTime.UtcNow);
var keyRingGenerator = new PgpKeyRingGenerator(
PgpSignature.PositiveCertification, masterKey, identity,
SymmetricKeyAlgorithmTag.Aes256, HashAlgorithmTag.Sha256, passPhrase, true, null, null, random);
keyRingGenerator.AddSubKey(subKey);
keyRingGenerator.GenerateSecretKeyRing().Encode(secretOut);
if (armor)
{
secretOut.Close();
publicOut = new ArmoredOutputStream(publicOut);
}
keyRingGenerator.GeneratePublicKeyRing().Encode(publicOut);
{
publicOut.Close();
}
}
/// <summary>
/// Generates a <see cref="PgpKeyRingGenerator"/>
/// </summary>
/// <param name="identity">
/// The name of the identity.
/// </param>
/// <param name="password">
/// The passphrase used to protect the keyring.</param>
/// <returns>
/// A <see cref="PgpKeyRingGenerator"/>.
/// </returns>
public static PgpKeyRingGenerator GenerateKeyRingGenerator(string identity, string password)
{
var rsaParams = new RsaKeyGenerationParameters(BigInteger.ValueOf(0x10001), new SecureRandom(), 2048, 12);
var symmetricAlgorithms = new SymmetricKeyAlgorithmTag[] {
SymmetricKeyAlgorithmTag.Aes256,
SymmetricKeyAlgorithmTag.Aes192,
SymmetricKeyAlgorithmTag.Aes128
}.Select(a => (int)a).ToArray();
var hashAlgorithms = new HashAlgorithmTag[] {
HashAlgorithmTag.Sha256,
HashAlgorithmTag.Sha1,
HashAlgorithmTag.Sha384,
HashAlgorithmTag.Sha512,
HashAlgorithmTag.Sha224,
}.Select(a => (int)a).ToArray();
IAsymmetricCipherKeyPairGenerator generator = GeneratorUtilities.GetKeyPairGenerator("RSA");
generator.Init(rsaParams);
// Create the master (signing-only) key.
PgpKeyPair masterKeyPair = new PgpKeyPair(
PublicKeyAlgorithmTag.RsaSign,
generator.GenerateKeyPair(),
DateTime.UtcNow);
PgpSignatureSubpacketGenerator masterSubpckGen
= new PgpSignatureSubpacketGenerator();
masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign
| PgpKeyFlags.CanCertify);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms);
masterSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms);
// Create a signing and encryption key for daily use.
PgpKeyPair encKeyPair = new PgpKeyPair(
PublicKeyAlgorithmTag.RsaGeneral,
generator.GenerateKeyPair(),
DateTime.UtcNow);
PgpSignatureSubpacketGenerator encSubpckGen = new PgpSignatureSubpacketGenerator();
encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false, symmetricAlgorithms);
masterSubpckGen.SetPreferredHashAlgorithms(false, hashAlgorithms);
// Create the key ring.
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(
PgpSignature.DefaultCertification,
masterKeyPair,
identity,
SymmetricKeyAlgorithmTag.Aes128,
password.ToCharArray(),
true,
masterSubpckGen.Generate(),
null,
new SecureRandom());
// Add encryption subkey.
keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
return(keyRingGen);
}
private static void ExportKeyPair(
Stream secretOut,
Stream publicOut,
IAsymmetricCipherKeyPair signingKey,
IAsymmetricCipherKeyPair encryptionKey,
string identity,
char[] passPhrase,
bool armor,
ISecureRandom random)
{
if (armor)
{
secretOut = new ArmoredOutputStream(secretOut);
}
var masterKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdsa, signingKey, DateTime.UtcNow);
var subKey = new PgpKeyPair(PublicKeyAlgorithmTag.Ecdh, encryptionKey, DateTime.UtcNow);
var keyRingGenerator = new PgpKeyRingGenerator(
PgpSignature.PositiveCertification, masterKey, identity,
SymmetricKeyAlgorithmTag.Aes256, HashAlgorithmTag.Sha256, passPhrase, true, null, null, random);
keyRingGenerator.AddSubKey(subKey);
keyRingGenerator.GenerateSecretKeyRing().Encode(secretOut);
if (armor)
{
secretOut.Close();
publicOut = new ArmoredOutputStream(publicOut);
}
keyRingGenerator.GeneratePublicKeyRing().Encode(publicOut);
{
publicOut.Close();
}
}
public void GenerateTest()
{
char[] passPhrase = "hello".ToCharArray();
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, new SecureRandom());
DsaParameters dsaParams = pGen.GenerateParameters();
DsaKeyGenerationParameters dsaKgp = new DsaKeyGenerationParameters(new SecureRandom(), dsaParams);
IAsymmetricCipherKeyPairGenerator dsaKpg = GeneratorUtilities.GetKeyPairGenerator("DSA");
dsaKpg.Init(dsaKgp);
//
// this takes a while as the key generator has to Generate some DSA parameters
// before it Generates the key.
//
AsymmetricCipherKeyPair dsaKp = dsaKpg.GenerateKeyPair();
IAsymmetricCipherKeyPairGenerator elgKpg = GeneratorUtilities.GetKeyPairGenerator("ELGAMAL");
BigInteger g = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16);
BigInteger p = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16);
ElGamalParameters elParams = new ElGamalParameters(p, g);
ElGamalKeyGenerationParameters elKgp = new ElGamalKeyGenerationParameters(new SecureRandom(), elParams);
elgKpg.Init(elKgp);
//
// this is quicker because we are using preGenerated parameters.
//
AsymmetricCipherKeyPair elgKp = elgKpg.GenerateKeyPair();
PgpKeyPair dsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, dsaKp, DateTime.UtcNow);
PgpKeyPair elgKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalEncrypt, elgKp, DateTime.UtcNow);
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, dsaKeyPair,
"test", SymmetricKeyAlgorithmTag.Aes256, passPhrase, null, null, new SecureRandom());
keyRingGen.AddSubKey(elgKeyPair);
PgpSecretKeyRing keyRing = keyRingGen.GenerateSecretKeyRing();
keyRing.GetSecretKey().ExtractPrivateKey(passPhrase);
PgpPublicKeyRing pubRing = keyRingGen.GeneratePublicKeyRing();
PgpPublicKey vKey = null;
PgpPublicKey sKey = null;
foreach (PgpPublicKey pk in pubRing.GetPublicKeys())
{
if (pk.IsMasterKey)
{
vKey = pk;
}
else
{
sKey = pk;
}
}
foreach (PgpSignature sig in sKey.GetSignatures())
{
if (sig.KeyId == vKey.KeyId
&& sig.SignatureType == PgpSignature.SubkeyBinding)
{
sig.InitVerify(vKey);
if (!sig.VerifyCertification(vKey, sKey))
{
Fail("failed to verify sub-key signature.");
}
}
}
}
/*
* Creates a key ring generator and returns to caller
*/
public static PgpKeyRingGenerator GetKeyRingGenerator(
ApplicationContext context,
Node args,
string identity,
string password,
DateTime expires,
int strength,
long publicExponent,
int certainty)
{
// Creating a secure random generator to use when creating keypairs, seeding with all sorts of different unique values
var sr = CreateNewSecureRandom(context, args);
// Creating our generator
IAsymmetricCipherKeyPairGenerator generator = GeneratorUtilities.GetKeyPairGenerator("RSA");
generator.Init(
new RsaKeyGenerationParameters(
BigInteger.ValueOf(publicExponent),
sr,
strength,
certainty));
// Creates the master key (signing-only key)
PgpKeyPair masterKeyPair = new PgpKeyPair(
PublicKeyAlgorithmTag.RsaGeneral,
generator.GenerateKeyPair(),
DateTime.UtcNow);
PgpSignatureSubpacketGenerator masterSubPacketGenerator = new PgpSignatureSubpacketGenerator();
masterSubPacketGenerator.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
masterSubPacketGenerator.SetPreferredSymmetricAlgorithms(false,
new SymmetricKeyAlgorithmTag [] {
SymmetricKeyAlgorithmTag.Aes256,
SymmetricKeyAlgorithmTag.Aes192,
SymmetricKeyAlgorithmTag.Aes128
}.Select(ix => (int)ix).ToArray());
masterSubPacketGenerator.SetPreferredHashAlgorithms(false,
new HashAlgorithmTag [] {
HashAlgorithmTag.Sha256,
HashAlgorithmTag.Sha1,
HashAlgorithmTag.Sha384,
HashAlgorithmTag.Sha512,
HashAlgorithmTag.Sha224
}.Select(ix => (int)ix).ToArray());
masterSubPacketGenerator.SetKeyExpirationTime(false, (long)(expires - DateTime.Now).TotalSeconds);
// Creating a new secure random generator to use when creating keypairs, seeding with all sorts of different unique values
sr = CreateNewSecureRandom(context, args);
// Create signing and encryption key, for daily use
PgpKeyPair encryptionKeyPair = new PgpKeyPair(
PublicKeyAlgorithmTag.RsaGeneral,
generator.GenerateKeyPair(),
DateTime.UtcNow);
PgpSignatureSubpacketGenerator encryptionSubPacketGenerator = new PgpSignatureSubpacketGenerator();
encryptionSubPacketGenerator.SetKeyFlags(false,
PgpKeyFlags.CanEncryptCommunications |
PgpKeyFlags.CanEncryptStorage |
PgpKeyFlags.CanSign);
encryptionSubPacketGenerator.SetKeyExpirationTime(false, (long)(expires - DateTime.Now).TotalSeconds);
// Creating keyring
PgpKeyRingGenerator keyRingGenerator = new PgpKeyRingGenerator(
PgpSignature.DefaultCertification,
masterKeyPair,
identity,
SymmetricKeyAlgorithmTag.Aes256,
password.ToCharArray(),
true,
masterSubPacketGenerator.Generate(),
null,
sr);
// Add encryption subkey
keyRingGenerator.AddSubKey(encryptionKeyPair, encryptionSubPacketGenerator.Generate(), null);
// Returning keyring to caller
return(keyRingGenerator);
}
public static PgpKeyRingGenerator GenerateKeyRing(string identity, string password)
{
var keyRingParams = new KeyRingParams
{
Password = password,
Identity = identity,
PrivateKeyEncryptionAlgorithm = SymmetricKeyAlgorithmTag.Aes128,
SymmetricAlgorithms =
new SymmetricKeyAlgorithmTag[]
{
SymmetricKeyAlgorithmTag.Aes256, SymmetricKeyAlgorithmTag.Aes192,
SymmetricKeyAlgorithmTag.Aes128
},
HashAlgorithms = new HashAlgorithmTag[]
{
HashAlgorithmTag.Sha256, HashAlgorithmTag.Sha1, HashAlgorithmTag.Sha384,
HashAlgorithmTag.Sha512, HashAlgorithmTag.Sha224,
}
};
var generator = GeneratorUtilities.GetKeyPairGenerator("RSA");
generator.Init(keyRingParams.RsaParams);
/* Create the master (signing-only) key. */
var masterKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.RsaSign, generator.GenerateKeyPair(), DateTime.UtcNow);
var masterSubpckGen = new PgpSignatureSubpacketGenerator();
masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign | PgpKeyFlags.CanCertify);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false,
(from a in keyRingParams.SymmetricAlgorithms
select(int) a).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false,
(from a in keyRingParams.HashAlgorithms
select(int) a).ToArray());
/* Create a signing and encryption key for daily use. */
var encKeyPair = new PgpKeyPair(
PublicKeyAlgorithmTag.RsaGeneral,
generator.GenerateKeyPair(),
DateTime.UtcNow);
var encSubpckGen = new PgpSignatureSubpacketGenerator();
encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false,
(from a in keyRingParams.SymmetricAlgorithms
select(int) a).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false,
(from a in keyRingParams.HashAlgorithms
select(int) a).ToArray());
/* Create the key ring. */
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(
PgpSignature.DefaultCertification,
masterKeyPair,
keyRingParams.Identity,
keyRingParams.PrivateKeyEncryptionAlgorithm.Value,
keyRingParams.GetPassword(),
true,
masterSubpckGen.Generate(),
null,
new SecureRandom());
/* Add encryption subkey. */
keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
return(keyRingGen);
}
public static PgpKeyRingGenerator generateKeyRingGenerator(String identity, String password)
{
KeyRingParams keyRingParams = new KeyRingParams();
keyRingParams.Password = password;
keyRingParams.Identity = identity;
keyRingParams.PrivateKeyEncryptionAlgorithm = SymmetricKeyAlgorithmTag.Aes256;
keyRingParams.SymmetricAlgorithms = new SymmetricKeyAlgorithmTag[] {
SymmetricKeyAlgorithmTag.Cast5
/*SymmetricKeyAlgorithmTag.Aes256,
* SymmetricKeyAlgorithmTag.Aes192,
* SymmetricKeyAlgorithmTag.Aes128*/
};
keyRingParams.HashAlgorithms = new HashAlgorithmTag[] {
HashAlgorithmTag.Sha512,
};
IAsymmetricCipherKeyPairGenerator generator
= GeneratorUtilities.GetKeyPairGenerator("RSA");
generator.Init(keyRingParams.RsaParams);
/* Create the master (signing-only) key. */
PgpKeyPair masterKeyPair = new PgpKeyPair(
PublicKeyAlgorithmTag.RsaSign,
generator.GenerateKeyPair(),
DateTime.UtcNow);
//Debug.WriteLine("Generated master key with ID "
// + masterKeyPair.KeyId.ToString("X"));
PgpSignatureSubpacketGenerator masterSubpckGen
= new PgpSignatureSubpacketGenerator();
masterSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanSign
| PgpKeyFlags.CanCertify);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false,
(from a in keyRingParams.SymmetricAlgorithms
select(int) a).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false,
(from a in keyRingParams.HashAlgorithms
select(int) a).ToArray());
/* Create a signing and encryption key for daily use. */
PgpKeyPair encKeyPair = new PgpKeyPair(
PublicKeyAlgorithmTag.RsaGeneral,
generator.GenerateKeyPair(),
DateTime.UtcNow);
PgpSignatureSubpacketGenerator encSubpckGen = new PgpSignatureSubpacketGenerator();
encSubpckGen.SetKeyFlags(false, PgpKeyFlags.CanEncryptCommunications | PgpKeyFlags.CanEncryptStorage);
masterSubpckGen.SetPreferredSymmetricAlgorithms(false,
(from a in keyRingParams.SymmetricAlgorithms
select(int) a).ToArray());
masterSubpckGen.SetPreferredHashAlgorithms(false,
(from a in keyRingParams.HashAlgorithms
select(int) a).ToArray());
/* Create the key ring. */
PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(
PgpSignature.DefaultCertification,
masterKeyPair,
keyRingParams.Identity,
keyRingParams.PrivateKeyEncryptionAlgorithm.Value,
keyRingParams.GetPassword(),
true,
masterSubpckGen.Generate(),
null,
new SecureRandom());
/* Add encryption subkey. */
keyRingGen.AddSubKey(encKeyPair, encSubpckGen.Generate(), null);
return(keyRingGen);
}
public void GenerateEccKeyTest()
{
const string identity = "GenerateEccKeyTest Identity";
var secureRandom = new SecureRandom();
var keyParamSet = SecObjectIdentifiers.SecP256r1;
var ecParams = new ECKeyGenerationParameters(keyParamSet, secureRandom);
var now = DateTime.UtcNow;
var masterKey = GenerateKeyPair(PublicKeyAlgorithmTag.Ecdsa, ecParams, now);
var subKey = GenerateKeyPair(PublicKeyAlgorithmTag.Ecdh, ecParams, now);
var keyRingGenerator = new PgpKeyRingGenerator(
PgpSignature.PositiveCertification,
masterKey,
identity,
SymmetricKeyAlgorithmTag.Aes256,
HashAlgorithmTag.Sha256,
"".ToCharArray(),
true,
GenerateSignatureSubpackets(identity),
null,
secureRandom);
keyRingGenerator.AddSubKey(subKey);
var secretKeyRing = keyRingGenerator.GenerateSecretKeyRing();
CheckEccKey(secretKeyRing);
}