OpenPGP Library for .NET version 1.7.3 is available

We are happy to announce that version 1.7.3 of OpenPGP Library for .NET is available for download.

This version ships with additional functionality and we have fixed a few bugs that we have found recently. Below is a short introduction to the new features that you can find in this release.

Inspecting the contents of an OpenPGP archive

This features is useful if we want to investigate the contents of an OpenPGP archive without decrypting it. The classes that provide this functionality are located in the DidiSoft.Pgp.Inspect namespace. Below is a quick example in C#.

String privateKey = @"DataFiles/private.key";
String privateKeyPassword = "changeit";
String encryptedFile = @"DataFiles/encrypted.pgp";
 
PGPInspectLib inspectLib = new PGPInspectLib();
ContentItem[] files = inspectLib.ListOpenPgpFile(encryptedFile, privateKey, privateKeyPassword);
foreach (ContentItem file in files)
{
	Console.Write(file.FileName);
	Console.Write(file.IsDirectory ? " DIR" : " ");
        Console.WriteLine(file.ModificationTime);
}

Operations with detached signatures
Below is a C# example that demonstrates how to create a detached OpenPGP signature for a file.

using System;
using DidiSoft.Pgp;
 
public class DetachedSignDemo
{
   public void Demo()
   {
       PGPLib pgp = new PGPLib();
       bool asciiArmor = true;
       pgp.DetachedSignFile(@"C:\Test\INPUT.txt",
                            @"C:\Test\private_key.asc",
                            "private key password",
                            @"C:\Test\INPUT.txt.sig",
                           asciiArmor);
   }
}

 

Methods for achieving the OpenPGP Web of Trust

The OpenPGP Web of Trust is a concept introduced first in 1992 by Phil Zimmermann. It provides a decentralized way of maintaining trust relationship between OpenPGP keys with signatures.

Below is a list of all the changes in this version.

[*] : Bug
[+] : New
[-] : Removed
[!] : Modification

Version 1.7.3
Published on March 20, 2012

I. Fixed bugs

[*] Fixed encrypting folders with long names (more than 100 characters)

[*] Fixed cleanup of half encrypted files after an exception for all methods.

[*] Fixed bug when creating an uncompressed one pass signed and encrypted archive.

[!] Decrypting methods now check the integrity protection of the data and throws Didisoft.Pgp.Exceptions.IntegrityCheckException

II. KeyStore modifications

[!] KeyStore.GenerateKeyPair now returns a KeyPairInformation instance representing the generated key
[!] KeyStore.ImportKeyRing now returns an array of KeyPairInformation instances representing the imported key(s)
[!] KeyStore.ImportPublicKey now returns an array of KeyPairInformation instances representing the imported key
[!] KeyStore.ImportPrivateKey now returns an array of KeyPairInformation instances representing the imported key

III. Inspecting the contents of OpenPGP encrypted data

Added namespace Didisoft.Pgp.Inspect

[+] Added class Didisoft.Pgp.PGPInspectLib that provides methods for inspecting the content of OpenPGP data
[+] Added class Didisoft.Pgp.ContentItem that represents information for an item in an OpenPGP archive

IV. Web of Trust

[+] Added enum TrustLevel that holds supported trust values

Added methods for marking a public key as Trusted introducer
[+] KeyStore.SignPublicKeyAsTrustedIntroducer(long keyId, long signKeyId, String signPassword)
[+] KeyStore.SignPublicKeyAsTrustedIntroducer(String keyUserId, String signKeyUserId, String signPassword)

Added methods for signing a public key
[+] KeyStore.SignPublicKey(long keyId, long signKeyId, String signPassword)
[+] KeyStore.SignPublicKey(String keyUserId, String signKeyUserId, String signPassword)

Added methods for explicitly setting the Trust of a key located in a KeyStore
[+] KeyStore.SetTrust(String keyUserId, TrustLevel trustValue)
[+] KeyStore.SetTrust(long keyId, TrustLevel trustValue)

Added methods and property for checking the trust value of a given key
[+] KeyStore.IsTrusted(String keyUserId)
[+] KeyStore.IsTrusted(long keyId)
[+] KeyPairInformation.Trust

V. Detached signatures

[+] PGPLib.DetachedSignFile creates a detached OpenPGP signature for a file
[+] PGPLib.DetachedSignStream creates a detached OpenPGP signature for a data stream
[+] PGPLib.DetachedSignString creates a detached OpenPGP signature for string message
[+] PGPLib.DetachedVerifyStream verifies a detached OpenPGP signature against a data stream
[+] PGPLib.DetachedVerifyString verifies a detached OpenPGP signature against a string message

VI. Partial match User Id’s

[+] Added property KeyStore.PartialMatchuserIds – if enabled the methods that search keys in a KeyStore by User Id
will match them on part of the User Id as well

VII. Expired and revoked keys

[+] Added property PGPLib.UseExpiredKeys – check are the encryption keys expired
[+] Added property PGPLib.UseRevokedKeys – check are the encryption keys revoked

VIII. New Exceptions:

[+] Added class Didisoft.Pgp.Exceptions.IntegrityCheckException (extends PGPException)
thrown if an integrity protected OpenPGP archive is corrupted

[+] Added Didisoft.Pgp.Exceptions.KeyIsExpiredException (extends PGPException)
thrown from all Encrypt and SignAndEncrypt methods when the supplied public key is expired.
Can be suppressed with PGPLib.UseExpiredKeys

[+] Added Didisoft.Pgp.Exceptions.KeyIsRevokedException (extends PGPException)
thrown from all Encrypt and SignAndEncrypt methods when the supplied public key is revoked.
Can be suppressed with PGPLib.UseRevokedKeys