public static void AddSignature(PgpPublicKey key, KeyStoreDB keyDb, string keyExportName, PgpSecretKey secKey, char[] passPhrase,
SignatureOperation op, DateTime expiryDate, PgpSignature certLevel = null, string userId = "")
{
string fileData = string.Empty;
bool useTemp = true;
if (key == null)
{
throw new ArgumentNullException("key");
}
if (keyDb == null)
{
throw new ArgumentNullException("keyDb");
}
if (!Enum.IsDefined(typeof(SignatureOperation), op))
{
throw new ArgumentOutOfRangeException(string.Format("op: {0}", op));
}
AlgorithmAgreement algorithms = new AlgorithmAgreement(new List <PgpPublicKey>()
{
key
});
PgpPrivateKey privateKey = secKey.ExtractPrivateKey(passPhrase);
PgpSignatureGenerator sigGen = new PgpSignatureGenerator(key.Algorithm, algorithms.AgreedHashAlgorithm);
switch (op)
{
case SignatureOperation.AddUserId:
break;
case SignatureOperation.RevokeKey:
MemoryStream mStream = new MemoryStream();
using (ArmoredOutputStream outArmour = new ArmoredOutputStream(mStream)) {
outArmour.SetHeader("Version", "Lynx Privacy");
sigGen.InitSign(PgpSignature.KeyRevocation, privateKey);
PgpSignature sig = sigGen.GenerateCertification(secKey.PublicKey);
PgpPublicKey.AddCertification(secKey.PublicKey, sig);
sig.InitVerify(secKey.PublicKey);
if (!sig.VerifyCertification(secKey.PublicKey))
{
throw new PgpException("revocation verification failed.");
}
sig.Encode(outArmour);
outArmour.Close();
}
mStream.Position = 0;
StreamReader srdr = new StreamReader(mStream);
string armour = srdr.ReadToEnd();
string outstr = armour.Replace("BEGIN PGP SIGNATURE", "BEGIN PGP PUBLIC KEY BLOCK")
.Replace("END PGP SIGNATURE", "END PGP PUBLIC KEY BLOCK");
mStream.Close();
if (string.IsNullOrEmpty(keyExportName))
{
useTemp = true;
string tempPath = Path.GetTempPath();
keyExportName = Path.Combine(tempPath, Guid.NewGuid().ToString() + ".tmppgp");
}
File.WriteAllText(keyExportName, outstr);
keyExportName = "";
//Debug.Assert(secKey.PublicKey.IsRevoked() == true);
break;
case SignatureOperation.SetKeyExpiry:
break;
case SignatureOperation.CertifyKey:
break;
default:
break;
}
if (secKey.PublicKey != null)
{
if (string.IsNullOrEmpty(keyExportName))
{
useTemp = true;
string tempPath = Path.GetTempPath();
keyExportName = Path.Combine(tempPath, Guid.NewGuid().ToString() + ".tmppgp");
}
ExportKey expKey = new ExportKey(keyDb);
expKey.UpdateDbSecretKey(secKey, keyExportName);
if (useTemp)
{
//File.Delete(keyExportName);
}
}
}
public override void PerformTest()
{
//
// RSA tests
//
PgpSecretKeyRing pgpPriv = new PgpSecretKeyRing(rsaKeyRing);
PgpSecretKey secretKey = pgpPriv.GetSecretKey();
PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(rsaPass);
try
{
doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("RSA wrong key test failed.");
}
catch (PgpException)
{
// expected
}
try
{
doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("RSA V3 wrong key test failed.");
}
catch (PgpException)
{
// expected
}
//
// certifications
//
PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.KeyRevocation, pgpPrivKey);
PgpSignature sig = sGen.GenerateCertification(secretKey.PublicKey);
sig.InitVerify(secretKey.PublicKey);
if (!sig.VerifyCertification(secretKey.PublicKey))
{
Fail("revocation verification failed.");
}
PgpSecretKeyRing pgpDSAPriv = new PgpSecretKeyRing(dsaKeyRing);
PgpSecretKey secretDSAKey = pgpDSAPriv.GetSecretKey();
PgpPrivateKey pgpPrivDSAKey = secretDSAKey.ExtractPrivateKey(dsaPass);
sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);
PgpSignatureSubpacketGenerator unhashedGen = new PgpSignatureSubpacketGenerator();
PgpSignatureSubpacketGenerator hashedGen = new PgpSignatureSubpacketGenerator();
hashedGen.SetSignatureExpirationTime(false, TEST_EXPIRATION_TIME);
hashedGen.SetSignerUserId(true, TEST_USER_ID);
hashedGen.SetPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS);
hashedGen.SetPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS);
hashedGen.SetPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS);
sGen.SetHashedSubpackets(hashedGen.Generate());
sGen.SetUnhashedSubpackets(unhashedGen.Generate());
sig = sGen.GenerateCertification(secretDSAKey.PublicKey, secretKey.PublicKey);
byte[] sigBytes = sig.GetEncoded();
PgpObjectFactory f = new PgpObjectFactory(sigBytes);
sig = ((PgpSignatureList)f.NextPgpObject())[0];
sig.InitVerify(secretDSAKey.PublicKey);
if (!sig.VerifyCertification(secretDSAKey.PublicKey, secretKey.PublicKey))
{
Fail("subkey binding verification failed.");
}
PgpSignatureSubpacketVector hashedPcks = sig.GetHashedSubPackets();
PgpSignatureSubpacketVector unhashedPcks = sig.GetUnhashedSubPackets();
if (hashedPcks.Count != 6)
{
Fail("wrong number of hashed packets found.");
}
if (unhashedPcks.Count != 1)
{
Fail("wrong number of unhashed packets found.");
}
if (!hashedPcks.GetSignerUserId().Equals(TEST_USER_ID))
{
Fail("test userid not matching");
}
if (hashedPcks.GetSignatureExpirationTime() != TEST_EXPIRATION_TIME)
{
Fail("test signature expiration time not matching");
}
if (unhashedPcks.GetIssuerKeyId() != secretDSAKey.KeyId)
{
Fail("wrong issuer key ID found in certification");
}
int[] prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms();
preferredAlgorithmCheck("compression", PREFERRED_COMPRESSION_ALGORITHMS, prefAlgs);
prefAlgs = hashedPcks.GetPreferredHashAlgorithms();
preferredAlgorithmCheck("hash", PREFERRED_HASH_ALGORITHMS, prefAlgs);
prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms();
preferredAlgorithmCheck("symmetric", PREFERRED_SYMMETRIC_ALGORITHMS, prefAlgs);
SignatureSubpacketTag[] criticalHashed = hashedPcks.GetCriticalTags();
if (criticalHashed.Length != 1)
{
Fail("wrong number of critical packets found.");
}
if (criticalHashed[0] != SignatureSubpacketTag.SignerUserId)
{
Fail("wrong critical packet found in tag list.");
}
//
// no packets passed
//
sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);
sGen.SetHashedSubpackets(null);
sGen.SetUnhashedSubpackets(null);
sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey);
sig.InitVerify(secretDSAKey.PublicKey);
if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey))
{
Fail("subkey binding verification failed.");
}
hashedPcks = sig.GetHashedSubPackets();
if (hashedPcks.Count != 1)
{
Fail("found wrong number of hashed packets");
}
unhashedPcks = sig.GetUnhashedSubPackets();
if (unhashedPcks.Count != 1)
{
Fail("found wrong number of unhashed packets");
}
try
{
sig.VerifyCertification(secretKey.PublicKey);
Fail("failed to detect non-key signature.");
}
catch (InvalidOperationException)
{
// expected
}
//
// override hash packets
//
sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1);
sGen.InitSign(PgpSignature.SubkeyBinding, pgpPrivDSAKey);
hashedGen = new PgpSignatureSubpacketGenerator();
DateTime creationTime = new DateTime(1973, 7, 27);
hashedGen.SetSignatureCreationTime(false, creationTime);
sGen.SetHashedSubpackets(hashedGen.Generate());
sGen.SetUnhashedSubpackets(null);
sig = sGen.GenerateCertification(TEST_USER_ID, secretKey.PublicKey);
sig.InitVerify(secretDSAKey.PublicKey);
if (!sig.VerifyCertification(TEST_USER_ID, secretKey.PublicKey))
{
Fail("subkey binding verification failed.");
}
hashedPcks = sig.GetHashedSubPackets();
if (hashedPcks.Count != 1)
{
Fail("found wrong number of hashed packets in override test");
}
if (!hashedPcks.HasSubpacket(SignatureSubpacketTag.CreationTime))
{
Fail("hasSubpacket test for creation time failed");
}
DateTime sigCreationTime = hashedPcks.GetSignatureCreationTime();
if (!sigCreationTime.Equals(creationTime))
{
Fail("creation of overridden date failed.");
}
prefAlgs = hashedPcks.GetPreferredCompressionAlgorithms();
preferredAlgorithmCheck("compression", NO_PREFERENCES, prefAlgs);
prefAlgs = hashedPcks.GetPreferredHashAlgorithms();
preferredAlgorithmCheck("hash", NO_PREFERENCES, prefAlgs);
prefAlgs = hashedPcks.GetPreferredSymmetricAlgorithms();
preferredAlgorithmCheck("symmetric", NO_PREFERENCES, prefAlgs);
if (hashedPcks.GetKeyExpirationTime() != 0)
{
Fail("unexpected key expiration time found");
}
if (hashedPcks.GetSignatureExpirationTime() != 0)
{
Fail("unexpected signature expiration time found");
}
if (hashedPcks.GetSignerUserId() != null)
{
Fail("unexpected signer user ID found");
}
criticalHashed = hashedPcks.GetCriticalTags();
if (criticalHashed.Length != 0)
{
Fail("critical packets found when none expected");
}
unhashedPcks = sig.GetUnhashedSubPackets();
if (unhashedPcks.Count != 1)
{
Fail("found wrong number of unhashed packets in override test");
}
//
// general signatures
//
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha256, secretKey.PublicKey, pgpPrivKey);
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha384, secretKey.PublicKey, pgpPrivKey);
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha512, secretKey.PublicKey, pgpPrivKey);
doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
//
// DSA Tests
//
pgpPriv = new PgpSecretKeyRing(dsaKeyRing);
secretKey = pgpPriv.GetSecretKey();
pgpPrivKey = secretKey.ExtractPrivateKey(dsaPass);
try
{
doTestSig(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("DSA wrong key test failed.");
}
catch (PgpException)
{
// expected
}
try
{
doTestSigV3(PublicKeyAlgorithmTag.RsaGeneral, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
Fail("DSA V3 wrong key test failed.");
}
catch (PgpException)
{
// expected
}
doTestSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
doTestSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey);
doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSig(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA_WITH_CRLF, TEST_DATA_WITH_CRLF);
doTestTextSigV3(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1, secretKey.PublicKey, pgpPrivKey, TEST_DATA, TEST_DATA_WITH_CRLF);
// special cases
//
doTestMissingSubpackets(nullPacketsSubKeyBinding);
doTestMissingSubpackets(generateV3BinarySig(pgpPrivKey, PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1));
// keyflags
doTestKeyFlagsValues();
}
private static bool IsGoodUidSignature(PgpSignature sig, PgpPublicKey masterpk, string uid)
{
sig.InitVerify(masterpk);
return sig.VerifyCertification(uid, masterpk);
}