Verify OpenPGP signed data in .NET
When we receive a signed OpenPGP data, we can both verify that it came from the sender we expect it and extract the original message. For the verification we need the public key of the sender.
The examples below demonstrate how to verify signed data with OpenPGP Library for .NET
1) Verify file using sender public key located in a file
2) Verify string message with sender public key located in a file
3) Verify string message with sender public key located in a KeyStore
1) Verify data using sender public key located in a file
C#
using System; using DidiSoft; public class VerifyDemo { public void Demo() { PGPLib pgp = new PGPLib(); bool validSignature = pgp.VerifyFile(@"C:\Test\INPUT.pgp", @"C:\Test\public.key", @"C:\Test\OUTPUT.txt"); Console.WriteLine("Valid Signature: " + validSignature); } }
VB.NET
Imports System Imports DidiSoft Public Class VerifyDemo Public Sub Demo() Dim pgp As New PGPLib() Dim validSignature As Boolean = _ pgp.VerifyFile("C:\Test\INPUT.pgp", _ "C:\Test\public.key", _ "C:\Test\OUTPUT.txt") Console.WriteLine("Valid Signature: " + validSignature) End Sub End Class
2) Verify string using sender public key located in a file
C#
using System; using System.IO; using DidiSoft; class VerifyString { public static void Demo() { // obtain an OpenPGP signed message String signedString = SignString.Demo(); // Extract the message and check the validity of the signature String plainText; PGPLib pgp = new PGPLib(); bool validSignature = pgp.VerifyString(signedString, new FileInfo(@"DataFiles\public.key"), out plainText); // Print the results Console.WriteLine("Extracted plain text message is " + plainText); if (validSignature) { Console.WriteLine("Signature is valid"); } else { Console.WriteLine("Signature is invalid"); } } }
VB.NET
Imports System Imports System.IO Imports DidiSoft Class VerifyString Public Shared Sub Demo() ' obtain an OpenPGP signed message Dim signedString As String = SignString.Demo() ' Extract the message and check the validity of the signature Dim plainText As String Dim pgp As New PGPLib() Dim validSignature As Boolean = _ pgp.VerifyString(signedString, _ New FileInfo("DataFiles\public.key"), _ plainText) ' Print the results Console.WriteLine("Extracted plain text message is " + plainText) If validSignature Then Console.WriteLine("Signature is valid") Else Console.WriteLine("Signature is invalid") End If End Sub End Class
3) Verify string using sender public key located in a KeyStore
If we keep our OpenPGP keys in a KeyStore we should use the overloaded VerifyString method that accepts KeyStore object:
C#
using System; using DidiSoft; class KeyStoreVerifyString { public static void Demo() { // obtain an OpenPGP signed message String signedString = KeyStoreSignString.Demo(); // Extract the message and check the validity of the signature String plainText; PGPLib pgp = new PGPLib(); KeyStore ks = new KeyStore(@"DataFiles\key.store", "changeit"); bool validSignature = pgp.VerifyString(signedString, ks, out plainText); // Print the results Console.WriteLine("Extracted plain text message is " + plainText); if (validSignature) { Console.WriteLine("Signature is valid"); } else { Console.WriteLine("Signature is invalid"); } } }
VB.NET
Imports System Imports DidiSoft Class KeyStoreVerifyString Public Shared Sub Demo() ' obtain an OpenPGP signed message Dim signedString As String = KeyStoreSignString.Demo() ' Extract the message and check the validity of the signature Dim plainText As String Dim pgp As New PGPLib() Dim ks As New KeyStore("DataFiles\key.store", "changeit") Dim validSignature As Boolean = pgp.VerifyString(signedString, ks, plainText) ' Print the results Console.WriteLine("Extracted plain text message is " + plainText) If validSignature Then Console.WriteLine("Signature is valid") Else Console.WriteLine("Signature is invalid") End If End Sub End Class
