OpenPGP Key Revocation Generations

Carlos Perez

2013-10-10 00:25:56 UTC

Seems that the latest development code in GitHub has it implemented, I downloaded made some formatting fixes on file that made compilation fail and was able to come up with a way to generate a revocation certificate. Any idea when the next version of BC in C# will be released with this changes? or at least point me in the correct direction to get all of these changes in to a single DLL for some reason it compiled to several DLLs for me.

Thanks,
Carlos

Here is the method I came up with that I will later fix up.

public static void GenerateCertificate(PgpSecretKey SecretKey, char[] Passhrase, string Reason, string RevokeDescription, string OutFile)
{
RevocationReasonTag RevokeReason;
if (string.Equals(Reason, "Compromised", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeyCompromised;
}
else if (string.Equals(Reason, "Retired", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeyRetired;
}
else if (string.Equals(Reason, "Superseded", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.KeySuperseded;
}
else if (string.Equals(Reason, "NoReason", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.NoReason;
}
else if (string.Equals(Reason, "Invalid", StringComparison.CurrentCultureIgnoreCase))
{
RevokeReason = RevocationReasonTag.UserNoLongerValid;
}
else
{
RevokeReason = RevocationReasonTag.NoReason;
}

PgpSignatureSubpacketGenerator subHashGenerator = new PgpSignatureSubpacketGenerator();
PgpSignatureSubpacketGenerator subUnHashGenerator = new PgpSignatureSubpacketGenerator();
PgpPrivateKey privKey = SecretKey.ExtractPrivateKey(Passhrase);
PgpSignatureGenerator generator = new PgpSignatureGenerator(SecretKey.PublicKey.Algorithm , HashAlgorithmTag.Sha256);
generator.InitSign(PgpSignature.KeyRevocation, privKey, new SecureRandom());
subHashGenerator.SetSignatureCreationTime(false, DateTime.UtcNow);
subHashGenerator.SetRevocationReason(false, RevokeReason, RevokeDescription);
subUnHashGenerator.SetRevocationKey(false, SecretKey.PublicKey.Algorithm, SecretKey.PublicKey.GetFingerprint());
generator.SetHashedSubpackets(subHashGenerator.Generate());
generator.SetUnhashedSubpackets(subUnHashGenerator.Generate());
PgpSignature signature = generator.GenerateCertification(SecretKey.PublicKey);

MemoryStream mStream = new MemoryStream();
using (ArmoredOutputStream outAStream = new ArmoredOutputStream(mStream))
{
outAStream.SetHeader("Version", "Posh-OpenPGP");
signature.Encode(outAStream);
outAStream.Close();
}

mStream.Position = 0;
var sr = new StreamReader(mStream);
string armour = sr.ReadToEnd();
string outstr = armour.Replace("BEGIN PGP SIGNATURE", "BEGIN PGP PUBLIC KEY BLOCK").Replace("END PGP SIGNATURE", "END PGP PUBLIC KEY BLOCK");

System.IO.File.WriteAllText(OutFile, outstr);
}

Post by Carlos Perez
Hi
As I started to work on key revocation I noticed that some methods where missing from PgpSignatureSubPacketGenerator that are present on the Java library for setting the revocation reason and the the key fingerprint to generate the certificate for, I should be able with the generator to do .setRevocationReason(false, reason, description) and add that to the HashedPacket and use .setIssuerKeyID() in another generator to generate an unhashed packet to add. Are these implemented in the C# library or the Java approach is different from the C# approach on this one?
PgpSignatureSubpacketGenerator subHashGenerator = new PgpSignatureSubpacketGenerator();
PgpPrivateKey privKey = SecretKey.ExtractPrivateKey(passPhrase);
PgpSignatureGenerator generator = new PgpSignatureGenerator(SecretKey.PublicKey.Algorithm , HashAlgorithmTag.Sha1);
generator.InitSign(PgpSignature.KeyRevocation, privKey, new SecureRandom());
subHashGenerator.SetSignatureCreationTime(true, DateTime.UtcNow);