private PgpPublicKey GetPublicKeyByUserId(PgpPublicKeyRingBundle publicKeyRingBundle, String publicKeyUserId) { foreach (PgpPublicKeyRing kRing in publicKeyRingBundle.GetKeyRings()) { PgpPublicKey key = kRing.GetPublicKeys() .Cast <PgpPublicKey>() .Where(k => k.IsEncryptionKey) .FirstOrDefault(); if (key != null) { foreach (String userId in key.GetUserIds()) { if (userId.Contains(publicKeyUserId)) { return(key); } } } } return(null); }
public void AddKey(PgpPublicKey publicKey, bool nonErasable = false) { var fingerPrint = Tools.H16FP(publicKey.GetFingerprint().ToHexString()); if (!publicKeys.ContainsKey(fingerPrint)) { publicKeys[fingerPrint] = publicKey; FP8TO16[Tools.H8FP(fingerPrint)] = fingerPrint; publicKeysInfo[fingerPrint] = new KeyInfo { FingerPrint = fingerPrint, Identifier = publicKey.GetUserIds().Cast <string>().First(), Bits = publicKey.BitStrength, ContainsPrivateKey = false, PrivateKeyDecrypted = false }; if (!nonErasable) { fingerPrints.Enqueue(fingerPrint); } if (Count > MaxCacheKeys) { string fpToRemove = fingerPrints.Dequeue(); publicKeys.Remove(fpToRemove); publicKeysInfo.Remove(fpToRemove); } } }
/// <summary> /// Verify single signature against one pass signature. /// </summary> /// <param name="onePassSignature"> /// The one pass signature. /// </param> /// <param name="publicKey"> /// The public key for validating the signature. /// </param> /// <param name="signature"> /// Signature to verify. /// </param> /// <returns> /// The <see cref="bool"/> value indicating whether the signature was valid. /// </returns> private static bool VerifySingleSignatueAgainstOnePass( PgpOnePassSignature onePassSignature, PgpPublicKey publicKey, PgpSignature signature) { bool valid; if (onePassSignature.Verify(signature)) { var userIds = publicKey.GetUserIds(); foreach (var userId in userIds) { Console.WriteLine($"Signed by {userId}"); } Console.WriteLine("Signature verified"); valid = true; } else { valid = false; } return(valid); }
static void Main(string[] args) { using (Stream publicKeyStream = new FileStream(@"C:\inetpub\wwwroot\pgp\pgptest.asc", FileMode.Open)) { PgpPublicKey pubKey = ReadPublicKey(publicKeyStream); var UserId = pubKey.GetUserIds(); var KeyId = pubKey.KeyId.ToString("X"); } }
/// <summary> /// Attempt to sign a PGP message using the specific private key. /// </summary> /// <param name="messageStream">Stream containing the message to sign.</param> /// <param name="signatureStream">Stream to write the signature into.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the signature completed successfully.</returns> public static bool Sign(Stream messageStream, Stream signatureStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, bool armor = true) { // Create a signature generator. PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(senderPublicKey.Algorithm, hashAlgorithmTag); signatureGenerator.InitSign(PgpSignature.BinaryDocument, senderPrivateKey); // Add the public key user ID. foreach (string userId in senderPublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator signatureSubGenerator = new PgpSignatureSubpacketGenerator(); signatureSubGenerator.SetSignerUserId(false, userId); signatureGenerator.SetHashedSubpackets(signatureSubGenerator.Generate()); break; } // Handle ASCII armor. if (armor) { using (ArmoredOutputStream armoredStream = new ArmoredOutputStream(signatureStream)) { armoredStream.BeginClearText(hashAlgorithmTag); // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { armoredStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } armoredStream.EndClearText(); using (BcpgOutputStream bcpgStream = new BcpgOutputStream(armoredStream)) { signatureGenerator.Generate().Encode(bcpgStream); } } } else { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { signatureGenerator.Update((byte)messageChar); } signatureGenerator.Generate().Encode(signatureStream); } return(true); }
private void Load(PgpPublicKey key) { this.KeyId = key.KeyId.ToString("X"); if (this.KeyId != null && this.KeyId.Length >= 15) { this.KeyIdShort = this.KeyId.Substring(this.KeyId.Length - 8); } this.Algorithm = key.Algorithm.ToString(); this.BitStrength = key.BitStrength; this.IsMasterKey = key.IsMasterKey; this.IsEncryptionKey = key.IsEncryptionKey; this.Version = key.Version; this.CreatedOnUtc = key.CreationTime.ToUniversalTime(); var validForSeconds = key.GetValidSeconds(); if (validForSeconds > 0) { this.Expires = this.CreatedOnUtc.Value.AddSeconds(validForSeconds); } //this.ValidDays = key.ValidDays; //if (this.ValidDays.HasValue) //{ // this.Expires = this.CreatedOnUtc.Value.AddDays(this.ValidDays.Value); //} //else //{ // this.Expires = null; //} try { var userIds = key.GetUserIds(); if (userIds != null) { var enumerator = userIds.GetEnumerator(); if (enumerator.MoveNext()) { var userIdentity = enumerator.Current as string; if (userIdentity != null && userIdentity.Contains("<") && userIdentity.Contains(">")) { var name = userIdentity.Substring(0, userIdentity.IndexOf("<") - 1).Trim(); this.IdentityName = name; var email = userIdentity.Substring(userIdentity.IndexOf("<") + 1); email = email.Substring(0, email.IndexOf(">")).Trim(); this.IdentityEmail = email; } } } } catch { } }
/* * Checks to see if public key matches filter and returns true if so. */ internal static bool IsMatch(PgpPublicKey key, List <string> filters, bool matchUserIds) { // Checking if there are no filters, at which point we return everything. if (filters.Count == 0) { return(true); } // Looping through each filter. foreach (var filter in filters) { // Checking fingerprint. var fingerprint = Fingerprint.FingerprintString(key.GetFingerprint()); if (fingerprint == filter) { return(true); } // Checking key ID. var keyID = ((int)key.KeyId).ToString("X").ToLower(); if (keyID == filter) { return(true); } // Checking if caller wants to match user IDs. if (matchUserIds) { // Iterating all user IDs. foreach (var idxUserID in key.GetUserIds()) { // Checking if user ID is a string, and if so, checking for a match. var userID = idxUserID as string; if (userID != null) { // Checking if currently iterated userID contains specified filter. if (userID.ToLower().Contains(filter)) { return(true); } } } } } // No match. return(false); }
internal OpenPgpDigitalCertificate(PgpPublicKey pubkey) { var data = pubkey.GetFingerprint(); var builder = new StringBuilder(); for (int i = 0; i < data.Length; i++) { builder.Append(data[i].ToString("X")); } var trust = pubkey.GetTrustData(); if (trust != null) { TrustLevel = (TrustLevel)(trust[0] & 15); } else { TrustLevel = TrustLevel.None; } Fingerprint = builder.ToString(); PublicKey = pubkey; foreach (string userId in pubkey.GetUserIds()) { data = Encoding.UTF8.GetBytes(userId); InternetAddress address; int index = 0; if (!InternetAddress.TryParse(ParserOptions.Default, data, ref index, data.Length, false, out address)) { continue; } Name = address.Name; var mailbox = address as MailboxAddress; if (mailbox == null) { continue; } Email = mailbox.Address; break; } }
private PgpSignatureGenerator createSignatureGenerator() { PgpPrivateKey privateKey = secretKey.ExtractPrivateKey(password); PgpPublicKey internalPublicKey = secretKey.PublicKey; PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(internalPublicKey.Algorithm, HashAlgorithmTag.Sha1); signatureGenerator.InitSign(PgpSignature.BinaryDocument, privateKey); var userIds = internalPublicKey.GetUserIds(); foreach (var userId in userIds) { PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); spGen.SetSignerUserId(false, (String)userId); signatureGenerator.SetHashedSubpackets(spGen.Generate()); break; } return(signatureGenerator); }
bool UpdateUserId(PgpPublicKey pubkey) { foreach (string userId in pubkey.GetUserIds()) { var bytes = Encoding.UTF8.GetBytes(userId); MailboxAddress mailbox; int index = 0; if (!MailboxAddress.TryParse(ParserOptions.Default, bytes, ref index, bytes.Length, false, out mailbox)) { continue; } Email = mailbox.Address; Name = mailbox.Name; return(true); } return(false); }
internal static void InvokeLambda( ISignaler signaler, Node lambda, PgpPublicKey key) { // Parametrizing [.lambda] callback with key and data. var keyNode = new Node(".key"); keyNode.Add(new Node("private", false)); keyNode.Add(new Node("fingerprint", PgpHelpers.GetFingerprint(key))); keyNode.Add(new Node("id", key.KeyId)); keyNode.Add(new Node("content", PgpHelpers.GetAsciiArmoredPublicKey(key))); keyNode.Add(new Node("created", key.CreationTime)); keyNode.Add(new Node("valid-seconds", key.GetValidSeconds())); keyNode.Add(new Node("algorithm", key.Algorithm.ToString())); keyNode.Add(new Node("bit-strength", key.BitStrength)); keyNode.Add(new Node("is-encryption", key.IsEncryptionKey)); keyNode.Add(new Node("is-master", key.IsMasterKey)); keyNode.Add(new Node("is-revoked", key.IsRevoked())); // Adding ID for key. var ids = new Node("ids"); foreach (var idxId in key.GetUserIds()) { ids.Add(new Node(".", idxId.ToString())); } if (ids.Children.Any()) { keyNode.Add(ids); } // Invoking [.lambda] making sure we reset it after evaluation. var exe = lambda.Clone(); lambda.Insert(0, keyNode); signaler.Signal("eval", lambda); lambda.Clear(); lambda.AddRange(exe.Children.ToList()); }
/* * Checks to see if public key matches filter and returns true if so. */ internal static bool IsMatch(PgpPublicKey key, string filter, bool matchUserID = true) { // Checking fingerprint. var fingerprint = BitConverter.ToString(key.GetFingerprint()).Replace("-", "").ToLower(); if (fingerprint == filter.ToLower()) { return(true); } // Checking keyID. var keyID = ((int)key.KeyId).ToString("X").ToLower(); if (keyID == filter.ToLower()) { return(true); } // Enumerating user IDs for key, but only if caller has specified we should search in UserIDs. if (matchUserID) { // Enumerating UerIDs looking for a match. foreach (var idxUserID in key.GetUserIds()) { // Checking if user ID is a string, and if so, checking for a match. var userID = idxUserID as string; if (userID != null) { // Checking if currently iterated userID contains specified filter. if (userID.ToLower().Contains(filter)) { return(true); } } } } // No match! return(false); }
/// <summary> /// Sign public key with secret key. To access the private key from the /// secret container a password needs to be provided. /// </summary> /// <param name="secretKey"> /// The secret key containing the private key for signing the public /// key. /// </param> /// <param name="password"> /// The password of the secret key. /// </param> /// <param name="keyToBeSigned"> /// The public key to be signed. /// </param> /// <param name="certain"> /// Flag indicating whether or not the certification is positive or just /// casual. /// </param> /// <returns> /// Returns the <see cref="PgpPublicKey"/> adorned with a signature by the /// private key passed in. /// </returns> public static PgpPublicKey SignPublicKey( PgpSecretKey secretKey, string password, PgpPublicKey keyToBeSigned, bool certain) { var id = keyToBeSigned.GetUserIds().Cast <string>().FirstOrDefault(); // Extracting private key, and getting ready to create a signature. var privateKey = secretKey.ExtractPrivateKey(password.ToCharArray()); var signatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, HashAlgorithmTag.Sha256); signatureGenerator.InitSign( certain ? PgpSignature.PositiveCertification : PgpSignature.CasualCertification, privateKey); // Creating a stream to wrap the results of operation. var outputStream = new MemoryStream(); var packetOutputStream = new BcpgOutputStream(outputStream); signatureGenerator.GenerateOnePassVersion(false).Encode(packetOutputStream); // Creating a generator. var subpacketSignatureGenerator = new PgpSignatureSubpacketGenerator(); subpacketSignatureGenerator.SetSignerUserId(false, id); var packetVector = subpacketSignatureGenerator.Generate(); signatureGenerator.SetHashedSubpackets(packetVector); packetOutputStream.Flush(); // Returning the signed public key. return(PgpPublicKey.AddCertification( keyToBeSigned, id, signatureGenerator.GenerateCertification(id, keyToBeSigned))); }
public static string EncryptAndSign( Stream messageStream, string publicKeyIn, string privateKeyIn, string passPhrase, out Stream outputStream) { PgpPublicKey senderPublicKey = ReadPublicKey(publicKeyIn); PgpPrivateKey senderPrivateKey = ReadPrivateKey(privateKeyIn, passPhrase); outputStream = new MemoryStream(); // Create a signature generator. PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(senderPublicKey.Algorithm, HashAlgorithmTag.Sha256); signatureGenerator.InitSign(PgpSignature.BinaryDocument, senderPrivateKey); // Add the public key user ID. foreach (string userId in senderPublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator signatureSubGenerator = new PgpSignatureSubpacketGenerator(); signatureSubGenerator.SetSignerUserId(false, userId); signatureGenerator.SetHashedSubpackets(signatureSubGenerator.Generate()); break; } // Allow any of the corresponding keys to be used for decryption. PgpEncryptedDataGenerator encryptedDataGenerator = new PgpEncryptedDataGenerator(SymmetricKeyAlgorithmTag.TripleDes, true, new SecureRandom()); encryptedDataGenerator.AddMethod(senderPublicKey); using (Stream armoredStream = new ArmoredOutputStream(outputStream)) { using (Stream encryptedStream = encryptedDataGenerator.Open(armoredStream, new byte[0x10000])) { PgpCompressedDataGenerator compressedDataGenerator = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Uncompressed); using (Stream compressedStream = compressedDataGenerator.Open(encryptedStream)) { signatureGenerator.GenerateOnePassVersion(false).Encode(compressedStream); PgpLiteralDataGenerator literalDataGenerator = new PgpLiteralDataGenerator(); using (Stream literalStream = literalDataGenerator.Open(compressedStream, PgpLiteralData.Binary, PgpLiteralData.Console, DateTime.Now, new byte[0x10000])) { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { literalStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } } signatureGenerator.Generate().Encode(compressedStream); } } } byte[] signedAndEncryptedMessageBuffer = (outputStream as MemoryStream).ToArray(); Console.WriteLine(Encoding.ASCII.GetString(signedAndEncryptedMessageBuffer)); return(Encoding.ASCII.GetString(signedAndEncryptedMessageBuffer)); }
public int ImportPublicKey(string fileName, string filePath, KeyStoreDB keyStoreDB) { int cntImport = 0; string keyPath = Path.Combine(filePath, fileName); string stringFileContent = File.ReadAllText(keyPath); PgpPublicKey pubKey = ReadPublicKey(keyPath); try { keyStoreDB.KeyStores.Add(new KeyStores() { KeyStoreID = pubKey.KeyId, ArmouredKeyFile = stringFileContent, Fingerprint = pubKey.GetFingerprint(), CreationTime = pubKey.CreationTime, ValidDays = pubKey.ValidDays, IsEncryptionKey = pubKey.IsEncryptionKey, IsMasterKey = pubKey.IsMasterKey, IsSigningKey = false, IsRevoked = pubKey.IsRevoked(), KeyType = "Public" }); IEnumerable userIDs = pubKey.GetUserIds(); foreach (string userId in userIDs) { Match match = Regex.Match(userId, strRegex, RegexOptions.Compiled); if (match != null) { string comment1 = match.Groups["comment1"] != null ? match.Groups["comment1"].Value : string.Empty; string comment2 = match.Groups["comment2"] != null ? match.Groups["comment2"].Value : string.Empty; if (!string.IsNullOrEmpty(comment2)) { comment1 += " " + comment2; } KeyUsers userExists = keyStoreDB.KeyUsers.Find(pubKey.KeyId); if (userExists != null) { keyStoreDB.KeyUsers.Remove(userExists); keyStoreDB.SaveChanges(); } keyStoreDB.KeyUsers.Add(new KeyUsers() { KeyStoreID = pubKey.KeyId, UserName = match.Groups["user"] != null ? match.Groups["user"].Value : string.Empty, Email = match.Groups["email"] != null ? match.Groups["email"].Value : string.Empty, Comment = comment1, EncryptionType = ((PublicKeyAlgorithmTag)pubKey.Algorithm).ToString(), KeySize = pubKey.BitStrength }); } } keyStoreDB.SaveChanges(); } catch (DbUpdateConcurrencyException dbConEx) { throw new DbUpdateConcurrencyException(dbConEx.Message); } catch (DbUpdateException dbEx) { throw new DbUpdateException(dbEx.Message); } catch (Exception ex) { throw new Exception(ex.Message); } return(++cntImport); }
public void PerformTest() { // // Read the public key // PgpPublicKeyRing pgpPub = new PgpPublicKeyRing(testPubKey); var firstUserId = pgpPub.GetPublicKey().GetUserIds().FirstOrDefault(); Assert.NotNull(firstUserId); Assert.AreEqual(1, firstUserId.SelfCertifications.Count); Assert.IsTrue(firstUserId.SelfCertifications[0].Verify()); // // write a public key // MemoryStream bOut = new MemoryStream(); pgpPub.Encode(bOut); Assert.AreEqual(testPubKey, bOut.ToArray()); // // Read the public key // PgpPublicKeyRing pgpPubV3 = new PgpPublicKeyRing(testPubKeyV3); // // write a V3 public key // bOut = new MemoryStream(); pgpPubV3.Encode(bOut); // // Read a v3 private key // var passP = "FIXCITY_QA"; { PgpSecretKeyRing pgpPriv2 = new PgpSecretKeyRing(testPrivKeyV3); PgpSecretKey pgpPrivSecretKey = pgpPriv2.GetSecretKey(); PgpPrivateKey pgpPrivKey2 = pgpPrivSecretKey.ExtractPrivateKey(passP); // // write a v3 private key // bOut = new MemoryStream(); pgpPriv2.Encode(bOut); byte[] result = bOut.ToArray(); Assert.AreEqual(testPrivKeyV3, result); } // // Read the private key // PgpSecretKeyRing pgpPriv = new PgpSecretKeyRing(testPrivKey); PgpPrivateKey pgpPrivKey = pgpPriv.GetSecretKey().ExtractPrivateKey(pass); // // write a private key // bOut = new MemoryStream(); pgpPriv.Encode(bOut); Assert.AreEqual(testPrivKey, bOut.ToArray()); // // test encryption // /*var c = pubKey; * * // c.Init(Cipher.ENCRYPT_MODE, pubKey); * * byte[] inBytes = Encoding.ASCII.GetBytes("hello world"); * byte[] outBytes = c.DoFinal(inBytes); * * // c.Init(Cipher.DECRYPT_MODE, pgpPrivKey.GetKey()); * c.Init(false, pgpPrivKey.Key); * * outBytes = c.DoFinal(outBytes); * * if (!Arrays.AreEqual(inBytes, outBytes)) * { * Fail("decryption failed."); * }*/ // // test signature message // var compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(sig1); var signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage(); var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); literalMessage.GetStream().CopyTo(Stream.Null); Assert.True(signedMessage.Verify(pgpPub.GetPublicKey(signedMessage.KeyId))); // // encrypted message - read subkey // pgpPriv = new PgpSecretKeyRing(subKey); // // encrypted message // byte[] text = Encoding.ASCII.GetBytes("hello world!\n"); var encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(enc1); var encKeyId = encryptedMessage.KeyIds.First(); pgpPrivKey = pgpPriv.GetSecretKey(encKeyId).ExtractPrivateKey(pass); compressedMessage = (PgpCompressedMessage)encryptedMessage.DecryptMessage(pgpPrivKey); literalMessage = (PgpLiteralMessage)compressedMessage.ReadMessage(); Assert.AreEqual("test.txt", literalMessage.FileName); byte[] bytes = Streams.ReadAll(literalMessage.GetStream()); Assert.AreEqual(text, bytes); // // encrypt - short message // byte[] shortText = { (byte)'h', (byte)'e', (byte)'l', (byte)'l', (byte)'o' }; MemoryStream cbOut = new MemoryStream(); var messageGenerator = new PgpMessageGenerator(cbOut); using (var encryptedGenerator = messageGenerator.CreateEncrypted(PgpSymmetricKeyAlgorithm.Cast5)) { encryptedGenerator.AddMethod(pgpPriv.GetSecretKey(encKeyId)); using (var literalStream = encryptedGenerator.CreateLiteral(PgpDataFormat.Binary, "", DateTime.UtcNow)) { literalStream.Write(shortText); } } cbOut.Position = 0; encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(cbOut); pgpPrivKey = pgpPriv.GetSecretKey(encryptedMessage.KeyIds.First()).ExtractPrivateKey(pass); //Assert.AreEqual(SymmetricKeyAlgorithmTag.Cast5, ((PgpPublicKeyEncryptedData)encryptedMessage.Methods[0]).GetSymmetricAlgorithm(pgpPrivKey)); literalMessage = (PgpLiteralMessage)encryptedMessage.DecryptMessage(pgpPrivKey); Assert.AreEqual("", literalMessage.FileName); bytes = Streams.ReadAll(literalMessage.GetStream()); Assert.AreEqual(shortText, bytes); // // encrypt // cbOut = new MemoryStream(); messageGenerator = new PgpMessageGenerator(cbOut); using (var encryptedGenerator = messageGenerator.CreateEncrypted(PgpSymmetricKeyAlgorithm.Cast5)) { encryptedGenerator.AddMethod(pgpPriv.GetSecretKey(encKeyId)); using (var literalStream = encryptedGenerator.CreateLiteral(PgpDataFormat.Binary, "", DateTime.UtcNow)) { literalStream.Write(text); } } cbOut.Position = 0; encryptedMessage = (PgpEncryptedMessage)PgpMessage.ReadMessage(cbOut); pgpPrivKey = pgpPriv.GetSecretKey(encryptedMessage.KeyIds.First()).ExtractPrivateKey(pass); literalMessage = (PgpLiteralMessage)encryptedMessage.DecryptMessage(pgpPrivKey); bytes = Streams.ReadAll(literalMessage.GetStream()); Assert.AreEqual(text, bytes); // // read public key with sub key. // /*pgpF = new PgpObjectFactory(subPubKey); * object o; * while ((o = pgpFact.NextPgpObject()) != null) * { * // TODO Should something be tested here? * // Console.WriteLine(o); * }*/ // // key pair generation - CAST5 encryption // var passPhrase = "hello"; var rsa = RSA.Create(1024); var keyRingGenerator = new PgpKeyRingGenerator(rsa, "fred", passPhrase); var secretKey = keyRingGenerator.GenerateSecretKeyRing().GetSecretKey(); PgpPublicKey key = new PgpPublicKey(secretKey); firstUserId = key.GetUserIds().FirstOrDefault(); Assert.NotNull(firstUserId); Assert.AreEqual(1, firstUserId.SelfCertifications.Count); Assert.IsTrue(firstUserId.SelfCertifications[0].Verify()); pgpPrivKey = secretKey.ExtractPrivateKey(passPhrase); key = PgpPublicKey.RemoveCertification(key, firstUserId, firstUserId.SelfCertifications[0]); Assert.NotNull(key); byte[] keyEnc = key.GetEncoded(); key = PgpPublicKey.AddCertification(key, firstUserId.UserId, firstUserId.SelfCertifications[0]); keyEnc = key.GetEncoded(); var revocation = PgpCertification.GenerateKeyRevocation( secretKey, secretKey.ExtractPrivateKey(passPhrase), key); key = PgpPublicKey.AddCertification(key, revocation); keyEnc = key.GetEncoded(); PgpPublicKeyRing tmpRing = new PgpPublicKeyRing(keyEnc); key = tmpRing.GetPublicKey(); revocation = key.KeyCertifications.Where(c => c.SignatureType == PgpSignatureType.KeyRevocation).FirstOrDefault(); Assert.NotNull(revocation); Assert.IsTrue(revocation.Verify(key)); // // use of PgpKeyPair // PgpKeyPair pgpKp = new PgpKeyPair(rsa, DateTime.UtcNow); PgpPublicKey k1 = pgpKp.PublicKey; PgpPrivateKey k2 = pgpKp.PrivateKey; k1.GetEncoded(); MixedTest(k2, k1); // // key pair generation - AES_256 encryption. -- XXX // //kp = kpg.GenerateKeyPair(); rsa = RSA.Create(1024); keyRingGenerator = new PgpKeyRingGenerator(rsa, "fred", passPhrase /*, encAlgorithm: PgpSymmetricKeyAlgorithm.Aes256*/); secretKey = keyRingGenerator.GenerateSecretKeyRing().GetSecretKey(); secretKey.ExtractPrivateKey(passPhrase); secretKey.Encode(new MemoryStream()); // // secret key password changing. // const string newPass = "******"; secretKey = PgpSecretKey.CopyWithNewPassword(secretKey, passPhrase, newPass); secretKey.ExtractPrivateKey(newPass); secretKey.Encode(new MemoryStream()); key = new PgpPublicKey(secretKey); key.Encode(new MemoryStream()); firstUserId = key.GetUserIds().FirstOrDefault(); Assert.NotNull(firstUserId); Assert.AreEqual(1, firstUserId.SelfCertifications.Count); Assert.IsTrue(firstUserId.SelfCertifications[0].Verify()); pgpPrivKey = secretKey.ExtractPrivateKey(newPass); // // signature generation // const string data = "hello world!"; byte[] dataBytes = Encoding.ASCII.GetBytes(data); DateTime testDateTime = new DateTime(1973, 7, 27); bOut = new MemoryStream(); messageGenerator = new PgpMessageGenerator(bOut); using (var compressedGenerator = messageGenerator.CreateCompressed(PgpCompressionAlgorithm.Zip)) using (var signingGenerator = compressedGenerator.CreateSigned(PgpSignatureType.BinaryDocument, pgpPrivKey, PgpHashAlgorithm.Sha1)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDateTime)) { literalStream.Write(dataBytes); } // // verify generated signature // bOut.Position = 0; compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(bOut); signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage(); literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); Assert.AreEqual(testDateTime, literalMessage.ModificationTime); literalMessage.GetStream().CopyTo(Stream.Null); Assert.IsTrue(signedMessage.Verify(secretKey)); // // signature generation - version 3 // bOut = new MemoryStream(); messageGenerator = new PgpMessageGenerator(bOut); using (var compressedGenerator = messageGenerator.CreateCompressed(PgpCompressionAlgorithm.Zip)) using (var signingGenerator = compressedGenerator.CreateSigned(PgpSignatureType.BinaryDocument, pgpPrivKey, PgpHashAlgorithm.Sha1, version: 3)) using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDateTime)) { literalStream.Write(dataBytes); } // // verify generated signature // bOut.Position = 0; compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(bOut); signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage(); literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage(); Assert.AreEqual(testDateTime, literalMessage.ModificationTime); literalMessage.GetStream().CopyTo(Stream.Null); Assert.IsTrue(signedMessage.Verify(secretKey)); // // extract PGP 8 private key // pgpPriv = new PgpSecretKeyRing(pgp8Key); secretKey = pgpPriv.GetSecretKey(); pgpPrivKey = secretKey.ExtractPrivateKey(pgp8Pass); // // other sig tests // PerformTestSig(PgpHashAlgorithm.Sha256, secretKey, pgpPrivKey); PerformTestSig(PgpHashAlgorithm.Sha384, secretKey, pgpPrivKey); PerformTestSig(PgpHashAlgorithm.Sha512, secretKey, pgpPrivKey); }
/// <summary> /// Attempt to encrypt a message using PGP with the specified public key(s). /// </summary> /// <param name="messageStream">Stream containing the message to encrypt.</param> /// <param name="fileName">File name of for the message.</param> /// <param name="signedAndEncryptedMessageStream">Stream to write the encrypted message into.</param> /// <param name="senderPublicKey">The BouncyCastle public key associated with the signature.</param> /// <param name="senderPrivateKey">The BouncyCastle private key to be used for signing.</param> /// <param name="recipientPublicKeys">Collection of BouncyCastle public keys to be used for encryption.</param> /// <param name="hashAlgorithmTag">The hash algorithm tag to use for signing.</param> /// <param name="symmetricKeyAlgorithmTag">The symmetric key algorithm tag to use for encryption.</param> /// <param name="armor">Whether to wrap the message with ASCII armor.</param> /// <returns>Whether the encryption completed successfully.</returns> public static bool SignAndEncrypt(Stream messageStream, string fileName, Stream signedAndEncryptedMessageStream, PgpPublicKey senderPublicKey, PgpPrivateKey senderPrivateKey, IEnumerable <PgpPublicKey> recipientPublicKeys, HashAlgorithmTag hashAlgorithmTag = HashAlgorithmTag.Sha256, SymmetricKeyAlgorithmTag symmetricKeyAlgorithmTag = SymmetricKeyAlgorithmTag.TripleDes, bool armor = true) { // Create a signature generator. PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(senderPublicKey.Algorithm, hashAlgorithmTag); signatureGenerator.InitSign(PgpSignature.BinaryDocument, senderPrivateKey); // Add the public key user ID. foreach (string userId in senderPublicKey.GetUserIds()) { PgpSignatureSubpacketGenerator signatureSubGenerator = new PgpSignatureSubpacketGenerator(); signatureSubGenerator.SetSignerUserId(false, userId); signatureGenerator.SetHashedSubpackets(signatureSubGenerator.Generate()); break; } // Allow any of the corresponding keys to be used for decryption. PgpEncryptedDataGenerator encryptedDataGenerator = new PgpEncryptedDataGenerator(SymmetricKeyAlgorithmTag.TripleDes, true, new SecureRandom()); foreach (PgpPublicKey publicKey in recipientPublicKeys) { encryptedDataGenerator.AddMethod(publicKey); } // Handle optional ASCII armor. if (armor) { using (Stream armoredStream = new ArmoredOutputStream(signedAndEncryptedMessageStream)) { using (Stream encryptedStream = encryptedDataGenerator.Open(armoredStream, new byte[Constants.LARGEBUFFERSIZE])) { PgpCompressedDataGenerator compressedDataGenerator = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Uncompressed); using (Stream compressedStream = compressedDataGenerator.Open(encryptedStream)) { signatureGenerator.GenerateOnePassVersion(false).Encode(compressedStream); PgpLiteralDataGenerator literalDataGenerator = new PgpLiteralDataGenerator(); using (Stream literalStream = literalDataGenerator.Open(compressedStream, PgpLiteralData.Binary, fileName, DateTime.Now, new byte[Constants.LARGEBUFFERSIZE])) { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { literalStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } } signatureGenerator.Generate().Encode(compressedStream); } } } } else { using (Stream encryptedStream = encryptedDataGenerator.Open(signedAndEncryptedMessageStream, new byte[Constants.LARGEBUFFERSIZE])) { PgpCompressedDataGenerator compressedDataGenerator = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Uncompressed); using (Stream compressedStream = compressedDataGenerator.Open(encryptedStream)) { signatureGenerator.GenerateOnePassVersion(false).Encode(compressedStream); PgpLiteralDataGenerator literalDataGenerator = new PgpLiteralDataGenerator(); using (Stream literalStream = literalDataGenerator.Open(compressedStream, PgpLiteralData.Binary, fileName, DateTime.Now, new byte[Constants.LARGEBUFFERSIZE])) { // Process each character in the message. int messageChar; while ((messageChar = messageStream.ReadByte()) >= 0) { literalStream.WriteByte((byte)messageChar); signatureGenerator.Update((byte)messageChar); } } signatureGenerator.Generate().Encode(compressedStream); } } } return(true); }