private ESKSequence CreateESKSequence(TransportablePublicKey[] tpkKeys, AsymActions aaAction, SymAlgorithms saAlgo, byte[] bSymKey) { ESKSequence esksReturn = new ESKSequence(); for (int i = 0; i < tpkKeys.Length; i++) { TransportablePublicKey tpkKey = tpkKeys[i]; PublicKeyPacket pkpKey = tpkKey.FindKey(aaAction); if (pkpKey == null) { throw new Exception("Could not find subkey fitting to the selected action. Concerned Key: " + tpkKey.PrimaryUserID); } AsymSessionKeyPacket skpKey = new AsymSessionKeyPacket(); skpKey.KeyID = pkpKey.KeyID; skpKey.PublicAlgorithm = pkpKey.Algorithm; skpKey.SymmetricAlgorithm = saAlgo; skpKey.SessionKey = bSymKey; skpKey.EncryptSessionKey(pkpKey); esksReturn.AddAsymSessionKey(skpKey); } return(esksReturn); }
private static ESKSequence CreateESKSequence(ArrayList alKeys, AsymActions aaAction, SymAlgorithms saAlgo, byte[] bSymKey) { IEnumerator ieKeys = alKeys.GetEnumerator(); ESKSequence esksReturn = new ESKSequence(); while (ieKeys.MoveNext()) { TransportablePublicKey tpkKey = (TransportablePublicKey)ieKeys.Current; PublicKeyPacket pkpKey = tpkKey.FindKey(aaAction); if (pkpKey == null) { throw new Exception("Could not find subkey fitting to the selected action. Concerned Key: " + tpkKey.PrimaryUserID); } AsymSessionKeyPacket skpKey = new AsymSessionKeyPacket(); skpKey.KeyID = pkpKey.KeyID; skpKey.PublicAlgorithm = pkpKey.Algorithm; skpKey.SymmetricAlgorithm = saAlgo; skpKey.SessionKey = bSymKey; skpKey.EncryptSessionKey(pkpKey); esksReturn.AddAsymSessionKey(skpKey); } return(esksReturn); }
/// <summary> /// Verifies the revocation status of a key /// </summary> /// <param name="KeyID">the key to verify</param> /// <returns>the revocation status of the key</returns> public bool isRevoked(ulong KeyID) { TransportablePublicKey tpkKey = this.Find(KeyID, true); if (tpkKey == null) { return(false); } if (tpkKey.PrimaryKey.KeyID == KeyID) { ArrayList nvsigatures = this.verifySignatures(tpkKey); foreach (SignaturePacket sp in tpkKey.PrimaryUserIDCert.Certificates) { if (sp.SignatureType == SignatureTypes.UserIDSignature || sp.SignatureType == SignatureTypes.UserIDSignature_CasualVerification || sp.SignatureType == SignatureTypes.UserIDSignature_NoVerification || sp.SignatureType == SignatureTypes.UserIDSignature_PositivVerification) { if (!sp.isRevocable()) { return(false); } } } if (tpkKey.RevocationSignatures == null || tpkKey.RevocationSignatures.Count == 0) { return(false); } else { foreach (SignaturePacket revocation in tpkKey.RevocationSignatures) { if (revocation.KeyID == tpkKey.PrimaryKey.KeyID) { PublicKeyPacket pkpKey = tpkKey.FindKey(revocation.KeyID); byte[] key = new byte[tpkKey.PrimaryKey.Length]; tpkKey.PrimaryKey.Header.CopyTo(key, 0); tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length); revocation.Verify(key, pkpKey); if (revocation.SignatureStatus == SignatureStatusTypes.Valid) { return(true); } else if (revocation.SignatureStatus == SignatureStatusTypes.Invalid) { continue; } else { continue; } } else { TransportablePublicKey revtpkKey = this.Find(revocation.KeyID, true); if (revtpkKey == null) { return(false); } foreach (SignaturePacket spPacket in tpkKey.RevocationKeys) { foreach (BigInteger revoker in spPacket.FindRevokerKeys()) { if (revoker.ToString() == revtpkKey.PrimaryKey.Fingerprint.ToString()) { PublicKeyPacket pkpKey = revtpkKey.PrimaryKey; byte[] key = new byte[tpkKey.PrimaryKey.Length]; tpkKey.PrimaryKey.Header.CopyTo(key, 0); tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length); revocation.Verify(key, pkpKey); if (revocation.SignatureStatus == SignatureStatusTypes.Valid) { return(true); } else if (revocation.SignatureStatus == SignatureStatusTypes.Invalid) { continue; } else { continue; } } } } } } } } else { ArrayList signaturesNotOK = this.verifySignatures(tpkKey); foreach (CertifiedPublicSubkey cps in tpkKey.SubKeys) { if (cps.Subkey.KeyID == KeyID) { if (cps.RevocationSignature != null && !signaturesNotOK.Contains(cps.RevocationSignature) && cps.KeyBindingSignature.isRevocable()) { ulong issuer = cps.RevocationSignature.KeyID; if (issuer == tpkKey.PrimaryKey.KeyID) { return(true); } else { foreach (SignaturePacket spPacket in tpkKey.RevocationKeys) { foreach (BigInteger revoker in spPacket.FindRevokerKeys()) { if (revoker == this.Find(issuer, true).PrimaryKey.Fingerprint) { return(true); } } } } } } } } return(false); }
/// <summary> /// Verifies key signatures /// </summary> /// <param name="tpkKey">the key to be verified</param> /// <returns> /// list of invalid signatures or objects containing invalid signatures: /// SignaturePacket /// CertifiedUserID /// CertifiedPublicSubkey /// </returns> private ArrayList verifySignatures(TransportablePublicKey tpkKey) { ArrayList signaturesNotOK = new ArrayList(); //Verify Revocation Signatures foreach (SignaturePacket revocation in tpkKey.RevocationSignatures) { if (revocation.KeyID == tpkKey.PrimaryKey.KeyID) { PublicKeyPacket pkpKey = tpkKey.FindKey(revocation.KeyID); byte[] key = new byte[tpkKey.PrimaryKey.Length]; tpkKey.PrimaryKey.Header.CopyTo(key, 0); tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length); if (pkpKey == null) { revocation.SignatureStatus = SignatureStatusTypes.Signing_Key_Not_Available; signaturesNotOK.Add(revocation); } else { revocation.Verify(key, pkpKey); if (revocation.SignatureStatus == SignatureStatusTypes.Invalid || revocation.SignatureStatus == SignatureStatusTypes.Not_Verified || revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available) { signaturesNotOK.Add(revocation); } } } else { TransportablePublicKey revtpkKey = this.Find(revocation.KeyID, true); if (revtpkKey != null) { foreach (SignaturePacket spPacket in tpkKey.RevocationKeys) { foreach (BigInteger revoker in spPacket.FindRevokerKeys()) { if (revoker.ToString() == revtpkKey.PrimaryKey.Fingerprint.ToString()) { PublicKeyPacket pkpKey = revtpkKey.PrimaryKey; byte[] key = new byte[tpkKey.PrimaryKey.Length]; tpkKey.PrimaryKey.Header.CopyTo(key, 0); tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length); revocation.Verify(key, pkpKey); if (revocation.SignatureStatus == SignatureStatusTypes.Invalid || revocation.SignatureStatus == SignatureStatusTypes.Not_Verified || revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available) { signaturesNotOK.Add(revocation); } } } } } else { revocation.SignatureStatus = SignatureStatusTypes.Signing_Key_Not_Available; signaturesNotOK.Add(revocation); } } } //Verify UserID foreach (CertifiedUserID userId in tpkKey.Certifications) { userId.Validate(tpkKey.PrimaryKey, this); if (userId.CertificationValidityStatus == CertifiedUserID.ValidityStatus.Invalid || userId.CertificationValidityStatus == CertifiedUserID.ValidityStatus.NotYetValidated || userId.CertificationValidityStatus == CertifiedUserID.ValidityStatus.ValidationKeyUnavailable) { foreach (SignaturePacket sp in userId.Certificates) { if (sp.SignatureStatus != SignatureStatusTypes.Valid) { signaturesNotOK.Add(sp); } } } } foreach (CertifiedPublicSubkey cps in tpkKey.SubKeys) { if (cps.KeyBindingSignature == null) { signaturesNotOK.Add(cps); } else { cps.VerifyKeyBindingSignature(tpkKey.PrimaryKey); if (cps.KeyBindingSignature.SignatureStatus == SignatureStatusTypes.Invalid || cps.KeyBindingSignature.SignatureStatus == SignatureStatusTypes.Not_Verified || cps.KeyBindingSignature.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available) { signaturesNotOK.Add(cps.KeyBindingSignature); } } //Verify Subkey Revocation Signature SignaturePacket revocation = cps.RevocationSignature; if (revocation != null) { if (revocation.KeyID == tpkKey.PrimaryKey.KeyID) { byte[] subkey = new byte[cps.Subkey.Length]; cps.Subkey.Header.CopyTo(subkey, 0); cps.Subkey.Body.CopyTo(subkey, cps.Subkey.Header.Length); subkey[0] = 0x99; byte[] mainkey = new byte[tpkKey.PrimaryKey.Length]; tpkKey.PrimaryKey.Header.CopyTo(mainkey, 0); tpkKey.PrimaryKey.Body.CopyTo(mainkey, tpkKey.PrimaryKey.Header.Length); byte[] key = new byte[subkey.Length + mainkey.Length]; mainkey.CopyTo(key, 0); subkey.CopyTo(key, mainkey.Length); revocation.Verify(key, tpkKey.PrimaryKey); if (revocation.SignatureStatus == SignatureStatusTypes.Invalid || revocation.SignatureStatus == SignatureStatusTypes.Not_Verified || revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available) { signaturesNotOK.Add(revocation); } } else { TransportablePublicKey revtpkKey = this.Find(revocation.KeyID, true); if (revtpkKey != null) { foreach (SignaturePacket spPacket in tpkKey.RevocationKeys) { foreach (BigInteger revoker in spPacket.FindRevokerKeys()) { if (revoker.ToString() == revtpkKey.PrimaryKey.Fingerprint.ToString()) { byte[] subkey = new byte[cps.Subkey.Length]; cps.Subkey.Header.CopyTo(subkey, 0); cps.Subkey.Body.CopyTo(subkey, cps.Subkey.Header.Length); subkey[0] = 0x99; byte[] mainkey = new byte[revtpkKey.PrimaryKey.Length]; tpkKey.PrimaryKey.Header.CopyTo(mainkey, 0); tpkKey.PrimaryKey.Body.CopyTo(mainkey, revtpkKey.PrimaryKey.Header.Length); byte[] key = new byte[subkey.Length + mainkey.Length]; mainkey.CopyTo(key, 0); subkey.CopyTo(key, mainkey.Length); revocation.Verify(key, revtpkKey.PrimaryKey); if (revocation.SignatureStatus == SignatureStatusTypes.Invalid || revocation.SignatureStatus == SignatureStatusTypes.Not_Verified || revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available) { signaturesNotOK.Add(revocation); } } } } } else { signaturesNotOK.Add(revocation); } } } } return(signaturesNotOK); }