Пример #1
0
        public PgpMessage DecryptMessage(PgpPrivateKey privateKey)
        {
            if (privateKey == null)
            {
                throw new ArgumentNullException(nameof(privateKey));
            }

            foreach (var keyData in publicKeyEncSessionPackets)
            {
                if (keyData.KeyId == privateKey.KeyId)
                {
                    byte[] sessionData = CryptoPool.Rent(keyData.SessionKey.Length);
                    try
                    {
                        privateKey.TryDecryptSessionInfo(keyData.SessionKey, sessionData, out int bytesWritten);

                        if (!ConfirmCheckSum(sessionData.AsSpan(0, bytesWritten)))
                        {
                            throw new PgpException("Checksum validation failed");
                        }

                        // Note: the oracle attack on the "quick check" bytes is deemed
                        // a security risk for typical public key encryption usages.
                        return(ReadMessage(packetReader.CreateNestedReader(GetDataStream(sessionData.AsSpan(0, bytesWritten - 2), verifyIntegrity: false))));
                    }
                    finally
                    {
                        CryptoPool.Return(sessionData);
                    }
                }
            }

            throw new PgpException("No matching key data found");
        }
Пример #2
0
        /// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
        public PgpSignatureGenerator(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4, bool ignoreTrailingWhitespace = false)
        {
            // TODO: Add version 5 support
            if (version < 3 || version > 4)
            {
                throw new ArgumentOutOfRangeException(nameof(version));
            }

            this.version       = version;
            this.hashAlgorithm = hashAlgorithm;
            this.helper        = new PgpSignatureTransformation(signatureType, hashAlgorithm, ignoreTrailingWhitespace);
            this.privateKey    = privateKey;
        }
Пример #3
0
        // FIXME: This method is too advanced
        public static PgpCertification GenerateUserCertification(
            PgpSignatureType signatureType,
            PgpKey signingKey,
            PgpPrivateKey signingPrivateKey,
            PgpUserAttributes userAttributes,
            PgpKey userPublicKey,
            PgpSignatureAttributes?hashedAttributes   = null,
            PgpSignatureAttributes?unhashedAttributes = null,
            PgpHashAlgorithm hashAlgorithm            = PgpHashAlgorithm.Sha1)
        {
            if (signingKey == null)
            {
                throw new ArgumentNullException(nameof(signingKey));
            }
            if (signingPrivateKey == null)
            {
                throw new ArgumentNullException(nameof(signingPrivateKey));
            }
            if (signingKey.KeyId != signingPrivateKey.KeyId)
            {
                throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
            }
            if (userAttributes == null)
            {
                throw new ArgumentNullException(nameof(userAttributes));
            }
            if (userPublicKey == null)
            {
                throw new ArgumentNullException(nameof(userPublicKey));
            }

            var userPacket         = new UserAttributePacket(userAttributes.ToSubpacketArray());
            var signatureGenerator = new PgpSignatureGenerator(signatureType, signingPrivateKey, hashAlgorithm);

            if (hashedAttributes != null)
            {
                signatureGenerator.HashedAttributes = hashedAttributes;
            }
            if (unhashedAttributes != null)
            {
                signatureGenerator.UnhashedAttributes = unhashedAttributes;
            }
            var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, userPacket, userPublicKey));

            return(new PgpCertification(signature, userPacket, userPublicKey));
        }
Пример #4
0
        public PgpSecretKey(
            PgpPublicKey pubKey,
            PgpPrivateKey privKey,
            ReadOnlySpan <byte> rawPassPhrase)
            : base(pubKey)
        {
            var keyData = privKey.privateKey.ExportPrivateKey(
                rawPassPhrase,
                new S2kParameters());

            if (pubKey.IsMasterKey)
            {
                this.keyPacket = new SecretKeyPacket(privKey.Algorithm, CreationTime, keyData);
            }
            else
            {
                this.keyPacket = new SecretSubkeyPacket(privKey.Algorithm, CreationTime, keyData);
            }
        }
Пример #5
0
        public static PgpCertification GenerateKeyRevocation(
            PgpKey signingKey,
            PgpPrivateKey signingPrivateKey,
            PgpKey revokedKey,
            PgpSignatureAttributes?hashedAttributes   = null,
            PgpSignatureAttributes?unhashedAttributes = null,
            PgpHashAlgorithm hashAlgorithm            = PgpHashAlgorithm.Sha1)
        {
            if (signingKey == null)
            {
                throw new ArgumentNullException(nameof(signingKey));
            }
            if (signingPrivateKey == null)
            {
                throw new ArgumentNullException(nameof(signingPrivateKey));
            }
            if (signingKey.KeyId != signingPrivateKey.KeyId)
            {
                throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
            }
            if (revokedKey == null)
            {
                throw new ArgumentNullException(nameof(revokedKey));
            }

            var signatureGenerator = new PgpSignatureGenerator(revokedKey.IsMasterKey ? PgpSignatureType.KeyRevocation : PgpSignatureType.SubkeyRevocation, signingPrivateKey, hashAlgorithm);

            if (hashedAttributes != null)
            {
                signatureGenerator.HashedAttributes = hashedAttributes;
            }
            if (unhashedAttributes != null)
            {
                signatureGenerator.UnhashedAttributes = unhashedAttributes;
            }
            var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, null, revokedKey));

            return(new PgpCertification(signature, null, revokedKey));
        }
Пример #6
0
 public PgpSignedMessageGenerator CreateSigned(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4)
 {
     return(new PgpSignedMessageGenerator(Open(), signatureType, privateKey, hashAlgorithm, version));
 }
Пример #7
0
 /// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
 internal PgpSignedMessageGenerator(IPacketWriter writer, PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4)
     : base(writer)
 {
     signatureGenerator = new PgpSignatureGenerator(
         signatureType, privateKey, hashAlgorithm, version,
         ignoreTrailingWhitespace: writer is ArmoredPacketWriter);
 }