summary refs log tree commit diff
path: root/crypto/src/openpgp/PgpKeyRingGenerator.cs
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/openpgp/PgpKeyRingGenerator.cs')
-rw-r--r--crypto/src/openpgp/PgpKeyRingGenerator.cs94
1 files changed, 66 insertions, 28 deletions
diff --git a/crypto/src/openpgp/PgpKeyRingGenerator.cs b/crypto/src/openpgp/PgpKeyRingGenerator.cs
index 4f6a4b12f..352575b0b 100644
--- a/crypto/src/openpgp/PgpKeyRingGenerator.cs
+++ b/crypto/src/openpgp/PgpKeyRingGenerator.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections;
-
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
 
@@ -280,42 +279,70 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp
             this.AddSubKey(keyPair, this.hashedPacketVector, this.unhashedPacketVector, hashAlgorithm);
         }
 
-		/// <summary>
-		/// Add a subkey with specific hashed and unhashed packets associated with it and
-		/// default certification.
-		/// </summary>
-		/// <param name="keyPair">Public/private key pair.</param>
-		/// <param name="hashedPackets">Hashed packet values to be included in certification.</param>
-		/// <param name="unhashedPackets">Unhashed packets values to be included in certification.</param>
-		/// <exception cref="PgpException"></exception>
-		public void AddSubKey(
+        /// <summary>
+        /// Add a signing subkey to the key ring to be generated with default certification and a primary key binding signature.
+        /// </summary>
+        /// <param name="keyPair">The key pair.</param>
+        /// <param name="hashAlgorithm">The hash algorithm.</param>
+        /// <param name="primaryKeyBindingHashAlgorithm">The primary-key binding hash algorithm.</param>
+        public void AddSubKey(PgpKeyPair keyPair, HashAlgorithmTag hashAlgorithm, HashAlgorithmTag primaryKeyBindingHashAlgorithm)
+        {
+            this.AddSubKey(keyPair, this.hashedPacketVector, this.unhashedPacketVector, hashAlgorithm, primaryKeyBindingHashAlgorithm);
+        }
+
+        /// <summary>
+        /// Add a subkey with specific hashed and unhashed packets associated with it and
+        /// default certification using SHA-1.
+        /// </summary>
+        /// <param name="keyPair">Public/private key pair.</param>
+        /// <param name="hashedPackets">Hashed packet values to be included in certification.</param>
+        /// <param name="unhashedPackets">Unhashed packets values to be included in certification.</param>
+        /// <exception cref="PgpException"></exception>
+        public void AddSubKey(
 			PgpKeyPair					keyPair,
 			PgpSignatureSubpacketVector	hashedPackets,
 			PgpSignatureSubpacketVector	unhashedPackets)
 		{
-			try
+            AddSubKey(keyPair, hashedPackets, unhashedPackets, HashAlgorithmTag.Sha1);
+        }
+
+        /// <summary>
+        /// Add a subkey with specific hashed and unhashed packets associated with it and
+        /// default certification.
+        /// </summary>
+        /// <param name="keyPair">Public/private key pair.</param>
+        /// <param name="hashedPackets">Hashed packet values to be included in certification.</param>
+        /// <param name="unhashedPackets">Unhashed packets values to be included in certification.</param>
+        /// <param name="hashAlgorithm">The hash algorithm.</param>
+        /// <exception cref="Org.BouncyCastle.Bcpg.OpenPgp.PgpException">exception adding subkey: </exception>
+        /// <exception cref="PgpException"></exception>
+        public void AddSubKey(
+            PgpKeyPair keyPair,
+            PgpSignatureSubpacketVector hashedPackets,
+            PgpSignatureSubpacketVector unhashedPackets,
+            HashAlgorithmTag hashAlgorithm)
+        {
+            try
             {
-                PgpSignatureGenerator sGen = new PgpSignatureGenerator(
-					masterKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
+                PgpSignatureGenerator sGen = new PgpSignatureGenerator(masterKey.PublicKey.Algorithm, hashAlgorithm);
 
-				//
+                //
                 // Generate the certification
                 //
                 sGen.InitSign(PgpSignature.SubkeyBinding, masterKey.PrivateKey);
 
-				sGen.SetHashedSubpackets(hashedPackets);
+                sGen.SetHashedSubpackets(hashedPackets);
                 sGen.SetUnhashedSubpackets(unhashedPackets);
 
-				IList subSigs = Platform.CreateArrayList();
-
-				subSigs.Add(sGen.GenerateCertification(masterKey.PublicKey, keyPair.PublicKey));
+                IList subSigs = Platform.CreateArrayList();
+                subSigs.Add(sGen.GenerateCertification(masterKey.PublicKey, keyPair.PublicKey));
 
-				keys.Add(new PgpSecretKey(keyPair.PrivateKey, new PgpPublicKey(keyPair.PublicKey, null, subSigs), encAlgorithm,
+                keys.Add(new PgpSecretKey(keyPair.PrivateKey, new PgpPublicKey(keyPair.PublicKey, null, subSigs), encAlgorithm,
                     rawPassPhrase, false, useSha1, rand, false));
-			}
-            catch (PgpException e)
+            }
+            catch (PgpException)
             {
-                throw e;
+                throw;
             }
             catch (Exception e)
             {
@@ -324,20 +351,22 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp
         }
 
         /// <summary>
-        /// Add a subkey with specific hashed and unhashed packets associated with it and
-        /// default certification.
+        /// Add a signing subkey with specific hashed and unhashed packets associated with it and
+        /// default certifications, including the primary-key binding signature.
         /// </summary>
         /// <param name="keyPair">Public/private key pair.</param>
         /// <param name="hashedPackets">Hashed packet values to be included in certification.</param>
         /// <param name="unhashedPackets">Unhashed packets values to be included in certification.</param>
         /// <param name="hashAlgorithm">The hash algorithm.</param>
+        /// <param name="primaryKeyBindingHashAlgorithm">The primary-key binding hash algorithm.</param>
         /// <exception cref="Org.BouncyCastle.Bcpg.OpenPgp.PgpException">exception adding subkey: </exception>
         /// <exception cref="PgpException"></exception>
         public void AddSubKey(
             PgpKeyPair keyPair,
             PgpSignatureSubpacketVector hashedPackets,
             PgpSignatureSubpacketVector unhashedPackets,
-            HashAlgorithmTag hashAlgorithm)
+            HashAlgorithmTag hashAlgorithm,
+            HashAlgorithmTag primaryKeyBindingHashAlgorithm)
         {
             try
             {
@@ -348,7 +377,17 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp
                 //
                 sGen.InitSign(PgpSignature.SubkeyBinding, masterKey.PrivateKey);
 
-                sGen.SetHashedSubpackets(hashedPackets);
+                // add primary key binding sub packet
+                PgpSignatureGenerator pGen = new PgpSignatureGenerator(keyPair.PublicKey.Algorithm, primaryKeyBindingHashAlgorithm);
+
+                pGen.InitSign(PgpSignature.PrimaryKeyBinding, keyPair.PrivateKey);
+
+                PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(hashedPackets);
+
+                spGen.SetEmbeddedSignature(false,
+                        pGen.GenerateCertification(masterKey.PublicKey, keyPair.PublicKey));
+                
+                sGen.SetHashedSubpackets(spGen.Generate());
                 sGen.SetUnhashedSubpackets(unhashedPackets);
 
                 IList subSigs = Platform.CreateArrayList();
@@ -367,8 +406,7 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp
             }
         }
 
-
-		/// <summary>Return the secret key ring.</summary>
+        /// <summary>Return the secret key ring.</summary>
         public PgpSecretKeyRing GenerateSecretKeyRing()
         {
             return new PgpSecretKeyRing(keys);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 11:32:44 +0000