// this example function generates RSA/RSA and Eddsa/X25519 keypairs
private void generate_keys(RopBind rop)
{
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
try {
// set password provider
ses.set_pass_provider(this, null);
// generate EDDSA/X25519 keypair
RopData key_grips = ses.generate_key_json(new RopData(CURVE_25519_KEY_DESC));
// generate RSA keypair
key_grips = ses.generate_key_json(new RopData(RSA_KEY_DESC));
Console.WriteLine(String.Format("Generated RSA key/subkey:\n%s\n", key_grips));
} catch (RopError ex) {
Console.WriteLine("Failed to generate keys");
throw ex;
}
RopOutput keyfile = null;
try {
// create file output object and save public keyring with generated keys, overwriting
// previous file if any. You may use max_alloc here as well.
keyfile = rop.create_output("pubring.pgp");
ses.save_keys_public(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to save pubring");
throw ex;
} finally {
rop.drop(keyfile);
}
keyfile = null;
try {
// create file output object and save secret keyring with generated keys
keyfile = rop.create_output("secring.pgp");
ses.save_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to save secring");
throw ex;
} finally {
rop.drop(keyfile);
}
} finally {
rop.drop(alt);
}
}
private void verify(RopBind rop)
{
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
// we do not load any keys here since we'll use key provider
ses.set_key_provider(this, null);
String err_desc = null;
RopOutput output = null;
try {
// create file input and memory output objects for the signed message
// and verified message
err_desc = "Failed to open file 'signed.asc'. Did you run the sign example?";
RopInput input = rop.create_input("signed.asc");
err_desc = "Failed to create output object";
output = rop.create_output(0);
err_desc = "Failed to create verification context";
RopOpVerify verify = ses.op_verify_create(input, output);
err_desc = "Failed to execute verification operation";
verify.execute();
// now check signatures and get some info about them
err_desc = "Failed to get signature count";
int sigcount = verify.signature_count();
for (int idx = 0; idx < sigcount; idx++)
{
rop.tagging();
err_desc = String.Format("Failed to get signature {0}", idx);
RopVeriSignature sig = verify.get_signature_at(idx);
err_desc = String.Format("failed to get signature's {0} key", idx);
RopKey key = sig.get_key();
err_desc = String.Format("failed to get key id {0}", idx);
Console.WriteLine(String.Format("Status for signature from key {0} : {1}", key.keyid(), sig.status()));
rop.drop();
}
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
}
// get the verified message from the output structure
RopData buf = output.memory_get_buf(false);
Console.WriteLine(String.Format("Verified message: {0}", buf.getString()));
} finally {
rop.drop_from(alt);
}
}
private void encrypt(RopBind rop)
{
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
RopInput keyfile = null;
try {
// load public keyring - we do not need secret for encryption
keyfile = rop.create_input("pubring.pgp");
// we may use secret=True and public=True as well
ses.load_keys_public(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to read pubring");
throw ex;
} finally {
rop.drop(keyfile);
}
try {
// create memory input and file output objects for the message and encrypted message
RopInput input = rop.create_input(new RopData(message), false);
RopOutput output = rop.create_output("encrypted.asc");
// create encryption operation
RopOpEncrypt encrpt = ses.op_encrypt_create(input, output);
// setup encryption parameters
encrpt.set_armor(true);
encrpt.set_file_name("message.txt");
encrpt.set_file_mtime(DateTime.Now);
encrpt.set_compression("ZIP", 6);
encrpt.set_cipher(RopBind.ALG_SYMM_AES_256);
encrpt.set_aead("None");
// locate recipient's key and add it to the operation context. While we search by userid
// (which is easier), you can search by keyid, fingerprint or grip.
RopKey key = ses.locate_key("userid", "rsa@key");
encrpt.add_recipient(key);
// add encryption password as well
encrpt.add_password("encpassword", RopBind.ALG_HASH_SHA256, 0, RopBind.ALG_SYMM_AES_256);
// execute encryption operation
encrpt.execute();
Console.WriteLine("Encryption succeded. Encrypted message written to file encrypted.asc");
} catch (RopError ex) {
Console.WriteLine("Encryption failed");
throw ex;
}
} finally {
rop.drop_from(alt);
}
}
private void export_key(RopBind rop, RopSession ses, String uid, bool secret)
{
// you may search for the key via userid, keyid, fingerprint, grip
RopKey key = ses.locate_key("userid", uid);
// get key's id and build filename
string filename = String.Format("key-{0}-{1}.asc", key.keyid(), secret? "sec" : "pub");
RopOutput keyfile = rop.create_output(filename);
try {
key.export(keyfile, !secret, secret, true, true);
} finally {
rop.drop(keyfile);
}
}
private void decrypt(RopBind rop, bool usekeys)
{
int alt = rop.tagging();
try {
// initialize FFI object
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
// check whether we want to use key or password for decryption
if (usekeys)
{
RopInput keyfile = null;
try {
// load secret keyring, as it is required for public-key decryption. However, you may
// need to load public keyring as well to validate key's signatures.
keyfile = rop.create_input("secring.pgp");
// we may use secret=True and public=True as well
ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine("Failed to read secring");
throw ex;
} finally {
rop.drop(keyfile);
}
}
// set the password provider
ses.set_pass_provider(this, null);
String buf = null;
try {
// create file input and memory output objects for the encrypted message and decrypted
// message
RopInput input = rop.create_input("encrypted.asc");
RopOutput output = rop.create_output(0);
ses.decrypt(input, output);
// get the decrypted message from the output structure
buf = output.memory_get_buf(false).getString();
} catch (RopError ex) {
Console.WriteLine("Public-key decryption failed");
throw ex;
}
Console.WriteLine(String.Format("Decrypted message ({0}):\n{1}\n", usekeys? "with key" : "with password", buf));
Decrypt.message = buf;
} finally {
rop.drop_from(alt);
}
}
/**
* This simple helper function just prints armored key, searched by userid, to stdout.
*/
private void print_key(RopBind rop, RopSession ses, string uid, bool secret)
{
// you may search for the key via userid, keyid, fingerprint, grip
RopKey key = ses.locate_key("userid", uid);
// create in-memory output structure to later use buffer
RopOutput keydata = rop.create_output(0);
try {
if (secret)
{
key.export_secret(keydata, true, true);
}
else
{
key.export_public(keydata, true, true);
}
// get key's contents from the output structure
RopData buf = keydata.memory_get_buf(false);
Console.WriteLine(buf.getString());
} finally {
rop.drop(keydata);
}
}
private void sign(RopBind rop)
{
string message = "ROP signing sample message";
int alt = rop.tagging();
try {
// initialize
RopSession ses = rop.create_session(RopBind.KEYSTORE_GPG, RopBind.KEYSTORE_GPG);
RopInput keyfile = null;
string err_desc = null;
try {
// load secret keyring, as it is required for signing. However, you may need
// to load public keyring as well to validate key's signatures.
err_desc = "Failed to open secring.pgp. Did you run Generate.java sample?";
keyfile = rop.create_input("secring.pgp");
// we may use public=True and secret=True as well
err_desc = "Failed to read secring.pgp";
ses.load_keys_secret(RopBind.KEYSTORE_GPG, keyfile);
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
} finally {
rop.drop(keyfile);
}
// set the password provider - we'll need password to unlock secret keys
ses.set_pass_provider(this, null);
// create file input and memory output objects for the encrypted message
// and decrypted message
RopOpSign sign = null;
try {
err_desc = "Failed to create input object";
RopInput input = rop.create_input(new RopData(message), false);
err_desc = "Failed to create output object";
RopOutput output = rop.create_output("signed.asc");
// initialize and configure sign operation, use op_sign_create(cleartext/detached)
// for cleartext or detached signature
err_desc = "Failed to create sign operation";
sign = ses.op_sign_create(input, output);
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
}
// armor, file name, compression
sign.set_armor(true);
sign.set_file_name("message.txt");
sign.set_file_mtime(DateTime.Now);
sign.set_compression("ZIP", 6);
// signatures creation time - by default will be set to the current time as well
sign.set_creation_time(DateTime.Now);
// signatures expiration time - by default will be 0, i.e. never expire
sign.set_expiration(TimeSpan.FromDays(365));
// set hash algorithm - should be compatible for all signatures
sign.set_hash(RopBind.ALG_HASH_SHA256);
try {
// now add signatures. First locate the signing key, then add and setup signature
// RSA signature
err_desc = "Failed to locate signing key rsa@key.";
RopKey key = ses.locate_key("userid", "rsa@key");
Sign.key_ids[0] = key.keyid();
Sign.key_fprints[0] = key.fprint();
err_desc = "Failed to add signature for key rsa@key.";
sign.add_signature(key);
// EdDSA signature
err_desc = "Failed to locate signing key 25519@key.";
key = ses.locate_key("userid", "25519@key");
Sign.key_ids[1] = key.keyid();
Sign.key_fprints[1] = key.fprint();
err_desc = "Failed to add signature for key 25519@key.";
sign.add_signature(key);
// finally do signing
err_desc = "Failed to add signature for key 25519@key.";
sign.execute();
Console.WriteLine("Signing succeeded. See file signed.asc.");
} catch (RopError ex) {
Console.WriteLine(err_desc);
throw ex;
}
} finally {
rop.drop_from(alt);
}
}
public void execute(string[] argv, string[] json_out)
{
string input_file = null;
bool raw = false;
bool mpi = false;
bool grip = false;
bool json = false;
bool help = (argv.Length < 2);
/* Parse command line options:
* -i input_file [mandatory]: specifies name of the file with PGP packets
* -d : indicates wether to dump whole packet content
* -m : dump mpi contents
* -g : dump key grips and fingerprints
* -j : JSON output
* -h : prints help and exists
*/
List <string> opts = new List <string>(), args = new List <string>();
for (int idx = 1; idx < argv.Length; idx++)
{
if (argv[idx].Length >= 2 && argv[idx][0] == '-' && "dmgjh".IndexOf(argv[idx][1]) >= 0)
{
opts.Add(argv[idx]);
}
else
{
args.Add(argv[idx]);
}
}
foreach (string opt in opts)
{
if (opt.CompareTo("-d") == 0)
{
raw = true;
}
else if (opt.CompareTo("-m") == 0)
{
mpi = true;
}
else if (opt.CompareTo("-g") == 0)
{
grip = true;
}
else if (opt.CompareTo("-j") == 0)
{
json = true;
}
else if (opt.Length > 0)
{
help = true;
}
}
if (!help)
{
if (args.Count > 0)
{
input_file = args[0];
}
RopBind rop = new RopBind();
try {
RopInput input = null;
RopOutput output = null;
try {
if (input_file != null)
{
input = rop.create_input(input_file);
}
else
{
input = rop.create_input(this, null);
}
} catch (RopError err) {
Console.WriteLine(String.Format("Failed to open source: error {0}", err.getErrCode()));
throw err;
}
if (!json)
{
try {
output = rop.create_output(this, null);
} catch (RopError err) {
Console.WriteLine(String.Format("Failed to open stdout: error {0}", err.getErrCode()));
throw err;
}
input.dump_packets_to_output(output, mpi, raw, grip);
}
else
{
string jsn = input.dump_packets_to_json(mpi, raw, grip).getString();
if (json_out == null)
{
Console.WriteLine(jsn);
Console.WriteLine("");
}
else
{
json_out[0] = jsn;
}
}
} catch (RopError err) {
// Inform in case of error occured during parsing
Console.WriteLine(String.Format("Operation failed [error code: {0}]", err.getErrCode()));
throw err;
} finally {
rop.Close();
}
}
else
{
print_usage(argv[0]);
}
}