public void Sign(MimeMessage message, PgpSecretKey key)
{
// digitally sign our message body using our custom GnuPG cryptography context
using (var ctx = new MyGnuPGContext()) {
message.Body = MultipartSigned.Create(ctx, key, DigestAlgorithm.Sha1, message.Body);
}
}
/*
* Only signs the given MimeEntity
*/
private MultipartSigned SignEntity(
Node entityNode,
MimeEntity entity)
{
// Retrieving signature node to use for signing operation
var signatureNode = entityNode ["signature"];
// Getting signature email as provided by caller
var signatureAddress = GetSignatureMailboxAddress(signatureNode);
// Figuring out signature Digest Algorithm to use for signature, defaulting to Sha256
var algo = signatureNode.GetChildValue("digest-algorithm", _context, DigestAlgorithm.Sha256);
// Creating our Gnu Privacy Guard context
using (var ctx = new GnuPrivacyContext()) {
// Setting password to retrieve signing certificate from GnuPG context
ctx.Password = signatureAddress.Item1;
// Signing content of email and returning to caller
return(MultipartSigned.Create(
ctx,
signatureAddress.Item2,
algo,
entity));
}
}
public static bool SendSignedMessage(MimeMessage message)
{
bool IsMailSigned = false;
// digitally sign our message body using our custom S/MIME cryptography context
try
{
using (var ctx = new SecureMimeContext())
{
var signer = new CmsSigner(P12Stream(), "<PWD>")
{
DigestAlgorithm = DigestAlgorithm.Sha1
};
message.Body = MultipartSigned.Create(ctx, signer, message.Body);
}
SendEmailByMailServer(message);
IsMailSigned = true;
}
catch (Exception e)
{
Console.WriteLine(e.InnerException.ToString());
IsMailSigned = false;
}
return(IsMailSigned);
}
public void TestPgpMimeSigning()
{
var self = new MailboxAddress("MimeKit UnitTests", "*****@*****.**");
var cleartext = new TextPart("plain");
cleartext.Text = "This is some cleartext that we'll end up signing...";
using (var ctx = new DummyOpenPgpContext()) {
var multipart = MultipartSigned.Create(ctx, self, DigestAlgorithm.Sha1, cleartext);
Assert.AreEqual(2, multipart.Count, "The multipart/signed has an unexpected number of children.");
var protocol = multipart.ContentType.Parameters["protocol"];
Assert.AreEqual(ctx.SignatureProtocol, protocol, "The multipart/signed protocol does not match.");
Assert.IsInstanceOfType(typeof(TextPart), multipart[0], "The first child is not a text part.");
Assert.IsInstanceOfType(typeof(ApplicationPgpSignature), multipart[1], "The second child is not a detached signature.");
var signatures = multipart.Verify(ctx);
Assert.AreEqual(1, signatures.Count, "Verify returned an unexpected number of signatures.");
foreach (var signature in signatures)
{
try {
bool valid = signature.Verify();
Assert.IsTrue(valid, "Bad signature from {0}", signature.SignerCertificate.Email);
} catch (DigitalSignatureVerifyException ex) {
Assert.Fail("Failed to verify signature: {0}", ex);
}
}
}
}
/*
* Only signs the given MimeEntity.
*/
MultipartSigned SignEntity(Node entityNode, MimeEntity entity)
{
// Retrieving signature node to use for signing operation.
var signatureNode = entityNode ["sign"];
// Getting signature email as provided by caller.
var signatureAddress = GetSignatureMailboxAddress(signatureNode);
/*
* Figuring out signature Digest Algorithm to use for signature, defaulting to SHA256.
* SHA256 should be safe, since there are no known collision weaknesses in it.
* Therefor we default to SHA256, unlesss caller explicitly tells us he wants to use another algorithm.
*/
var algo = signatureNode.GetChildValue("digest-algorithm", _context, DigestAlgorithm.Sha256);
/*
* Creating our PGP context, passing in password specified by caller.
*/
using (var ctx = _context.RaiseEvent(
".p5.crypto.pgp-keys.context.create",
new Node("", false,
new Node [] {
new Node("password", signatureAddress.Item1),
new Node("fingerprint", signatureNode ["fingerprint"]?.GetExChildValue <string> ("fingerprint", _context, null) ??
_context.RaiseEvent("p5.auth.pgp.get-fingerprint").Get <string> (_context))
}))
.Get <OpenPgpContext> (_context)) {
// Signing content of email and returning to caller.
return(MultipartSigned.Create(
ctx,
signatureAddress.Item2,
algo,
entity));
}
}
/*
* tries to sign a MimeEntity
*/
public static MimeEntity SignEntity(MimeEntity entity, MailboxAddress signer)
{
using (WindowsSecureMimeContext ctx = new WindowsSecureMimeContext(sys.StoreLocation.CurrentUser))
{
return(MultipartSigned.Create(ctx, signer, DigestAlgorithm.Sha1, entity));
}
}
public void MultipartSign(MimeMessage message)
{
// digitally sign our message body using our custom S/MIME cryptography context
using (var ctx = new MySecureMimeContext()) {
// Note: this assumes that the Sender address has an S/MIME signing certificate
// and private key with an X.509 Subject Email identifier that matches the
// sender's email address.
var sender = message.From.Mailboxes.FirstOrDefault();
message.Body = MultipartSigned.Create(ctx, sender, DigestAlgorithm.Sha1, message.Body);
}
}
public void MultipartSign(MimeMessage message, X509Certificate2 certificate)
{
// digitally sign our message body using our custom S/MIME cryptography context
using (var ctx = new MySecureMimeContext()) {
var signer = new CmsSigner(certificate)
{
DigestAlgorithm = DigestAlgorithm.Sha1
};
message.Body = MultipartSigned.Create(ctx, signer, message.Body);
}
}
public void TestMultipartSignedSignUsingKeys()
{
var body = new TextPart("plain")
{
Text = "This is some cleartext that we'll end up signing..."
};
var self = new SecureMailboxAddress("MimeKit UnitTests", "*****@*****.**", "44CD48EEC90D8849961F36BA50DCD107AB0821A2");
PgpSecretKey signer;
using (var ctx = new DummyOpenPgpContext()) {
signer = ctx.GetSigningKey(self);
foreach (DigestAlgorithm digest in Enum.GetValues(typeof(DigestAlgorithm)))
{
if (digest == DigestAlgorithm.None ||
digest == DigestAlgorithm.DoubleSha ||
digest == DigestAlgorithm.Tiger192 ||
digest == DigestAlgorithm.Haval5160 ||
digest == DigestAlgorithm.MD4)
{
continue;
}
var multipart = MultipartSigned.Create(signer, digest, body);
Assert.AreEqual(2, multipart.Count, "The multipart/signed has an unexpected number of children.");
var protocol = multipart.ContentType.Parameters["protocol"];
Assert.AreEqual("application/pgp-signature", protocol, "The multipart/signed protocol does not match.");
var micalg = multipart.ContentType.Parameters["micalg"];
var algorithm = ctx.GetDigestAlgorithm(micalg);
Assert.AreEqual(digest, algorithm, "The multipart/signed micalg does not match.");
Assert.IsInstanceOf <TextPart> (multipart[0], "The first child is not a text part.");
Assert.IsInstanceOf <ApplicationPgpSignature> (multipart[1], "The second child is not a detached signature.");
var signatures = multipart.Verify();
Assert.AreEqual(1, signatures.Count, "Verify returned an unexpected number of signatures.");
foreach (var signature in signatures)
{
try {
bool valid = signature.Verify();
Assert.IsTrue(valid, "Bad signature from {0}", signature.SignerCertificate.Email);
} catch (DigitalSignatureVerifyException ex) {
Assert.Fail("Failed to verify signature: {0}", ex);
}
}
}
}
}
/// <summary>
/// Creates an S/MIME message using the supplied MimeBodyPart. The signature is generated using the private key
/// as supplied in the constructor. Our certificate, which is required to verify the signature is enclosed.
/// </summary>
/// <param name="mimeBodyPart"></param>
/// <param name="digestMethod"></param>
/// <returns></returns>
public MimeMessage CreateSignedMimeMessage(MimeMessage mimeBodyPart, SMimeDigestMethod digestMethod)
{
MimeMessage message = new MimeMessage();
using (var ctx = this.secContentFactory())
{
// Algorithm lookup
DigestAlgorithm algorithm;
if (digestMethod.Equals(SMimeDigestMethod.Sha1))
{
algorithm = DigestAlgorithm.Sha1;
}
else if (digestMethod.Equals(SMimeDigestMethod.Sha512))
{
algorithm = DigestAlgorithm.Sha512;
}
else
{
throw new NotSupportedException($"Algorithm {digestMethod.GetAlgorithm()} not supported");
}
// Signer identification
var cmsSigner = new CmsSigner(this.ourCertificate, this.privateKey)
{
DigestAlgorithm = algorithm
};
// Create and sign message
message.Body = MultipartSigned.Create(ctx, cmsSigner, mimeBodyPart.Body);
// Force signed content to be transferred in binary format
MimePart xml = (MimePart)message.BodyParts.First();
xml.ContentTransferEncoding = ContentEncoding.Binary;
}
// Remove unused headers
foreach (var header in message.Headers.Select(x => x.Id).ToList())
{
if (header != HeaderId.MessageId && header != HeaderId.MimeVersion && header != HeaderId.ContentType)
{
message.Headers.Remove(header);
}
}
return(message);
}
public void TestSecureMimeSigning()
{
var self = new MailboxAddress("MimeKit UnitTests", "*****@*****.**");
var cleartext = new TextPart("plain");
cleartext.Text = "This is some cleartext that we'll end up signing...";
using (var ctx = CreateContext()) {
var multipart = MultipartSigned.Create(ctx, self, DigestAlgorithm.Sha1, cleartext);
Assert.AreEqual(2, multipart.Count, "The multipart/signed has an unexpected number of children.");
var protocol = multipart.ContentType.Parameters["protocol"];
Assert.AreEqual(ctx.SignatureProtocol, protocol, "The multipart/signed protocol does not match.");
Assert.IsInstanceOfType(typeof(TextPart), multipart[0], "The first child is not a text part.");
Assert.IsInstanceOfType(typeof(ApplicationPkcs7Signature), multipart[1], "The second child is not a detached signature.");
var signatures = multipart.Verify(ctx);
Assert.AreEqual(1, signatures.Count, "Verify returned an unexpected number of signatures.");
foreach (var signature in signatures)
{
try {
bool valid = signature.Verify();
Assert.IsTrue(valid, "Bad signature from {0}", signature.SignerCertificate.Email);
} catch (DigitalSignatureVerifyException ex) {
Assert.Fail("Failed to verify signature: {0}", ex);
}
var algorithms = ((SecureMimeDigitalSignature)signature).EncryptionAlgorithms;
Assert.AreEqual(EncryptionAlgorithm.Camellia256, algorithms[0], "Expected Camellia-256 capability");
Assert.AreEqual(EncryptionAlgorithm.Aes256, algorithms[1], "Expected AES-256 capability");
Assert.AreEqual(EncryptionAlgorithm.Camellia192, algorithms[2], "Expected Camellia-192 capability");
Assert.AreEqual(EncryptionAlgorithm.Aes192, algorithms[3], "Expected AES-192 capability");
Assert.AreEqual(EncryptionAlgorithm.Camellia128, algorithms[4], "Expected Camellia-128 capability");
Assert.AreEqual(EncryptionAlgorithm.Aes128, algorithms[5], "Expected AES-128 capability");
Assert.AreEqual(EncryptionAlgorithm.Idea, algorithms[6], "Expected IDEA capability");
Assert.AreEqual(EncryptionAlgorithm.Cast5, algorithms[7], "Expected Cast5 capability");
Assert.AreEqual(EncryptionAlgorithm.TripleDes, algorithms[8], "Expected Triple-DES capability");
//Assert.AreEqual (EncryptionAlgorithm.RC2128, algorithms[9], "Expected RC2-128 capability");
//Assert.AreEqual (EncryptionAlgorithm.RC264, algorithms[10], "Expected RC2-64 capability");
//Assert.AreEqual (EncryptionAlgorithm.Des, algorithms[11], "Expected DES capability");
//Assert.AreEqual (EncryptionAlgorithm.RC240, algorithms[12], "Expected RC2-40 capability");
}
}
}
public void Sign(MimeMessage message)
{
// digitally sign our message body using our custom GnuPG cryptography context
using (var ctx = new MyGnuPGContext()) {
// Note: this assumes that the Sender address has an S/MIME signing certificate
// and private key with an X.509 Subject Email identifier that matches the
// sender's email address.
//
// If this is not the case, you can use a SecureMailboxAddress instead of a
// normal MailboxAddress which would allow you to specify the fingerprint
// of the sender's private PGP key. You could also choose to use one of the
// Create() overloads that take a PgpSecretKey, instead.
var sender = message.From.Mailboxes.FirstOrDefault();
message.Body = MultipartSigned.Create(ctx, sender, DigestAlgorithm.Sha1, message.Body);
}
}
/*
* returns true if email address can sign email
*/
public static bool CanSign(string email)
{
try
{
MailboxAddress signer = new MailboxAddress("", email);
TextPart entity = new TextPart("text");
using (WindowsSecureMimeContext ctx = new WindowsSecureMimeContext(sys.StoreLocation.CurrentUser))
{
MultipartSigned.Create(ctx, signer, DigestAlgorithm.Sha1, entity);
return(true);
}
}
catch
{
return(false);
}
}
/*
* Cryptographically signs an entity.
*/
static MultipartSigned Sign(
MimeEntity entity,
string armoredPrivateKey,
string keyPassword)
{
var algo = DigestAlgorithm.Sha256;
using (var ctx = new CreatePgpMimeContext {
Password = keyPassword
})
{
return(MultipartSigned.Create(
ctx,
PgpHelpers.GetSecretKeyFromAsciiArmored(armoredPrivateKey),
algo,
entity));
}
}
