/// <summary>
/// Create a new key ring generator.
/// </summary>
/// <param name="asymmetricAlgorithm">The master key pair.</param>
/// <param name="id">User id associated with the keys in the ring.</param>
/// <param name="creationTime">The creation time for the master key pair.</param>
/// <param name="rawPassPhrase">The passPhrase to be used to protect secret keys.</param>
/// <param name="certificationLevel">The certification level for keys on this ring.</param>
/// <param name="hashedAttributes">Packets to be included in the certification hash.</param>
/// <param name="unhashedAttributes">Packets to be attached unhashed to the certification.</param>
public PgpKeyRingGenerator(
AsymmetricAlgorithm asymmetricAlgorithm,
string id,
byte[]?rawPassPhrase = null,
DateTime creationTime = default(DateTime),
PgpSignatureType certificationLevel = PgpSignatureType.DefaultCertification,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null)
{
this.masterKey = new PgpKeyPair(
asymmetricAlgorithm,
creationTime == default(DateTime) ? DateTime.UtcNow : creationTime);
this.rawPassPhrase = rawPassPhrase ?? Array.Empty <byte>();
// Certify the ID/public key
var selfCertification = PgpCertification.GenerateUserCertification(
certificationLevel,
this.masterKey.PublicKey,
this.masterKey.PrivateKey,
id,
this.masterKey.PublicKey,
hashedAttributes,
unhashedAttributes,
PgpHashAlgorithm.Sha1);
var certifiedPublicKey = PgpPublicKey.AddCertification(this.masterKey.PublicKey, id, selfCertification);
keys.Add(new PgpSecretKey(certifiedPublicKey, this.masterKey.PrivateKey, this.rawPassPhrase));
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
internal PgpSignedMessageGenerator(IPacketWriter writer, PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4)
: base(writer)
{
signatureGenerator = new PgpSignatureGenerator(
signatureType, privateKey, hashAlgorithm, version,
ignoreTrailingWhitespace: writer is ArmoredPacketWriter);
}
public PgpSignatureTransformation(PgpSignatureType signatureType, PgpHashAlgorithm hashAlgorithm, bool ignoreTrailingWhitespace)
{
this.signatureType = signatureType;
this.hashAlgorithm = hashAlgorithm;
this.lastb = 0;
this.sig = PgpUtilities.GetHashAlgorithm(hashAlgorithm);
this.ignoreTrailingWhitespace = ignoreTrailingWhitespace;
}
/// <summary>
/// Create a new key ring generator.
/// </summary>
/// <param name="masterKey">The master key pair.</param>
/// <param name="id">User id associated with the keys in the ring.</param>
/// <param name="creationTime">The creation time for the master key pair.</param>
/// <param name="passPhrase">The passPhrase to be used to protect secret keys.</param>
/// <param name="useSha1">Checksum the secret keys with SHA1 rather than the older 16 bit checksum.</param>
/// <param name="certificationLevel">The certification level for keys on this ring.</param>
/// <param name="encAlgorithm">The algorithm to be used to protect secret keys.</param>
/// <param name="hashAlgorithm">The hash algorithm for key signatures and certifications.</param>
/// <param name="hashedAttributes">Packets to be included in the certification hash.</param>
/// <param name="unhashedAttributes">Packets to be attached unhashed to the certification.</param>
public PgpKeyRingGenerator(
AsymmetricAlgorithm masterKey,
string id,
string passPhrase, // FIXME: Should be ReadOnlySpan<char>
DateTime creationTime = default(DateTime),
PgpSignatureType certificationLevel = PgpSignatureType.DefaultCertification,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null)
: this(masterKey, id, Encoding.UTF8.GetBytes(passPhrase), creationTime, certificationLevel, hashedAttributes, unhashedAttributes)
{
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
public PgpSignatureGenerator(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4, bool ignoreTrailingWhitespace = false)
{
// TODO: Add version 5 support
if (version < 3 || version > 4)
{
throw new ArgumentOutOfRangeException(nameof(version));
}
this.version = version;
this.hashAlgorithm = hashAlgorithm;
this.helper = new PgpSignatureTransformation(signatureType, hashAlgorithm, ignoreTrailingWhitespace);
this.privateKey = privateKey;
}
public OnePassSignaturePacket(
PgpSignatureType sigType,
PgpHashAlgorithm hashAlgorithm,
PgpPublicKeyAlgorithm keyAlgorithm,
long keyId,
bool isNested)
{
this.version = 3;
this.sigType = sigType;
this.hashAlgorithm = hashAlgorithm;
this.keyAlgorithm = keyAlgorithm;
this.keyId = keyId;
this.nested = (isNested) ? 0 : 1;
}
/// <summary>Check whether this (sub)key has a revocation signature on it.</summary>
/// <returns>True, if this (sub)key has been revoked.</returns>
public bool IsRevoked()
{
PgpSignatureType signatureType = IsMasterKey ? PgpSignatureType.KeyRevocation : PgpSignatureType.SubkeyRevocation;
foreach (var keyCertification in KeyCertifications)
{
if (keyCertification.Signature.SignatureType == signatureType)
{
return(true);
}
}
return(false);
}
// FIXME: This method is too advanced
public static PgpCertification GenerateUserCertification(
PgpSignatureType signatureType,
PgpKey signingKey,
PgpPrivateKey signingPrivateKey,
PgpUserAttributes userAttributes,
PgpKey userPublicKey,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null,
PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
if (signingPrivateKey == null)
{
throw new ArgumentNullException(nameof(signingPrivateKey));
}
if (signingKey.KeyId != signingPrivateKey.KeyId)
{
throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
}
if (userAttributes == null)
{
throw new ArgumentNullException(nameof(userAttributes));
}
if (userPublicKey == null)
{
throw new ArgumentNullException(nameof(userPublicKey));
}
var userPacket = new UserAttributePacket(userAttributes.ToSubpacketArray());
var signatureGenerator = new PgpSignatureGenerator(signatureType, signingPrivateKey, hashAlgorithm);
if (hashedAttributes != null)
{
signatureGenerator.HashedAttributes = hashedAttributes;
}
if (unhashedAttributes != null)
{
signatureGenerator.UnhashedAttributes = unhashedAttributes;
}
var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, userPacket, userPublicKey));
return(new PgpCertification(signature, userPacket, userPublicKey));
}
internal OnePassSignaturePacket(Stream bcpgIn)
{
version = bcpgIn.ReadByte();
sigType = (PgpSignatureType)bcpgIn.ReadByte();
hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte();
keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte();
keyId |= (long)bcpgIn.ReadByte() << 56;
keyId |= (long)bcpgIn.ReadByte() << 48;
keyId |= (long)bcpgIn.ReadByte() << 40;
keyId |= (long)bcpgIn.ReadByte() << 32;
keyId |= (long)bcpgIn.ReadByte() << 24;
keyId |= (long)bcpgIn.ReadByte() << 16;
keyId |= (long)bcpgIn.ReadByte() << 8;
keyId |= (uint)bcpgIn.ReadByte();
nested = bcpgIn.ReadByte();
}
public SignaturePacket(
int version,
PgpSignatureType signatureType,
long keyId,
PgpPublicKeyAlgorithm keyAlgorithm,
PgpHashAlgorithm hashAlgorithm,
DateTime creationTime,
SignatureSubpacket[] hashedData,
SignatureSubpacket[] unhashedData,
byte[] fingerprint,
byte[] signature)
{
this.version = version;
this.signatureType = signatureType;
this.keyId = keyId;
this.keyAlgorithm = keyAlgorithm;
this.hashAlgorithm = hashAlgorithm;
this.hashedData = hashedData;
this.unhashedData = unhashedData;
this.fingerprint = fingerprint;
this.signature = signature;
this.creationTime = creationTime;
}
internal SignaturePacket(Stream bcpgIn)
{
version = bcpgIn.ReadByte();
if (version == 3 || version == 2)
{
// int l =
bcpgIn.ReadByte();
signatureType = (PgpSignatureType)bcpgIn.ReadByte();
creationTime = DateTimeOffset.FromUnixTimeSeconds(
((long)bcpgIn.ReadByte() << 24) | ((long)bcpgIn.ReadByte() << 16) | ((long)bcpgIn.ReadByte() << 8) | (uint)bcpgIn.ReadByte()).UtcDateTime;
keyId |= (long)bcpgIn.ReadByte() << 56;
keyId |= (long)bcpgIn.ReadByte() << 48;
keyId |= (long)bcpgIn.ReadByte() << 40;
keyId |= (long)bcpgIn.ReadByte() << 32;
keyId |= (long)bcpgIn.ReadByte() << 24;
keyId |= (long)bcpgIn.ReadByte() << 16;
keyId |= (long)bcpgIn.ReadByte() << 8;
keyId |= (uint)bcpgIn.ReadByte();
keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte();
hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte();
hashedData = Array.Empty <SignatureSubpacket>();
unhashedData = Array.Empty <SignatureSubpacket>();
}
else if (version == 4)
{
signatureType = (PgpSignatureType)bcpgIn.ReadByte();
keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte();
hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte();
int hashedLength = (bcpgIn.ReadByte() << 8) | bcpgIn.ReadByte();
byte[] hashed = new byte[hashedLength];
if (bcpgIn.ReadFully(hashed) < hashed.Length)
{
throw new EndOfStreamException();
}
//
// read the signature sub packet data.
//
SignatureSubpacketParser sIn = new SignatureSubpacketParser(new MemoryStream(hashed, false));
IList <SignatureSubpacket> v = new List <SignatureSubpacket>();
SignatureSubpacket? sub;
while ((sub = sIn.ReadPacket()) != null)
{
v.Add(sub);
if (sub is IssuerKeyId issuerKeyId)
{
keyId = issuerKeyId.KeyId;
}
else if (sub is SignatureCreationTime signatureCreationTime)
{
creationTime = signatureCreationTime.Time;
}
}
hashedData = v.ToArray();
int unhashedLength = (bcpgIn.ReadByte() << 8) | bcpgIn.ReadByte();
byte[] unhashed = new byte[unhashedLength];
if (bcpgIn.ReadFully(unhashed) < unhashed.Length)
{
throw new EndOfStreamException();
}
sIn = new SignatureSubpacketParser(new MemoryStream(unhashed, false));
v.Clear();
while ((sub = sIn.ReadPacket()) != null)
{
v.Add(sub);
if (sub is IssuerKeyId issuerKeyId && keyId == 0)
{
keyId = issuerKeyId.KeyId;
}
}
unhashedData = v.ToArray();
}
else
{
throw new PgpException("unsupported version: " + version);
}
fingerprint = new byte[2];
if (bcpgIn.ReadFully(fingerprint) < fingerprint.Length)
{
throw new EndOfStreamException();
}
signature = bcpgIn.ReadAll();
}
public PgpSignedMessageGenerator CreateSigned(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4)
{
return(new PgpSignedMessageGenerator(Open(), signatureType, privateKey, hashAlgorithm, version));
}
