Import keys in a pgp KeyStore with C# and VB.NET

The KeyStore object allows the import of keys from external sources.

Supported import sources are public PGP key files (usually with file name extension .asc), private PGP key files, key pairs (public and private key combined in one file), PGP command line and GnuPG key rings (all their keys at once).

As of version 1.9 the new GnuPG/gpg Keybox (.kbx) file format is also supported.

List of examples

Import public OpenPGP key

The KeyStore.ImportPublicKey method imports a public key inside the KeyStore and returns a DidiSoft.Pgp.KeyPairInformation object with details for the key:

C# example

using System;
using DidiSoft.Pgp;
 
public class ImportKeys
{
   public static void Demo()
   {
      // initialize the key store
      KeyStore keyStore = new KeyStore("pgp.keystore", "changeit");       
 
      KeyPairInformation key1 = keyStore.ImportPublicKey("public_key.asc");
    }
}

VB.NET code

Imports System
Imports DidiSoft.Pgp
 
Public Class ImportKeys
 Public Shared Sub Demo()
   ' initialize the key store
   Dim keyStore As New KeyStore("pgp.keystore", "changeit")
 
   Dim key1 As KeyPairInformation = keyStore.ImportPublicKey("public_key.asc")
 End Sub
End Class

Import private OpenPGP key

The KeyStore.ImportPrivateKey method imports a private key inside the KeyStore and returns a DidiSoft.Pgp.KeyPairInformation object with details for the key:

C# example

using System;
using DidiSoft.Pgp;
 
public class ImportKeys
{
   public static void Demo()
   {
      // initialize the key store
      KeyStore keyStore = new KeyStore("pgp.keystore", "changeit");       
 
      KeyPairInformation key = keyStore.ImportPrivateKey("private_key.asc");   
    }
}

VB.NET code

Imports System
Imports DidiSoft.Pgp
 
Public Class ImportKeys
 Public Shared Sub Demo()
   ' initialize the key store
   Dim keyStore As New KeyStore("pgp.keystore", "changeit")
 
   Dim key As KeyPairInformation = keyStore.ImportPrivateKey("private_key.asc")
 End Sub
End Class

Note that with the ImportPrivateKey method we can import a private key file without specifying its key password, but anyway in order to use it afterward we should pass its password when invoking decryption and signing methods.

Import OpenPGP key pair

The KeyStore.ImportKeyPair methods are designed to import a file containing both a public OpenPGP key and its corresponding private key. If the supplied file contains only public or only a private key, the result DidiSoft.Pgp.KeyPairInformation will reflect only them. If there are no keys inside the source, null will be returned.

C# example

using System;
using DidiSoft.Pgp;
 
public class ImportKeys
{
   public static void Demo()
   {
      // initialize the key store
      KeyStore keyStore = new KeyStore("pgp.keystore", "changeit");       
 
      KeyPairInformation key = KeyStore.ImportKeyPair("pgpkey.asc");
    }
}

VB.NET code

Imports System
Imports DidiSoft.Pgp
 
Public Class ImportKeys
 Public Shared Sub Demo()
   ' initialize the key store
   Dim keyStore As New KeyStore("pgp.keystore", "changeit")
 
   Dim key As KeyPairInformation = KeyStore.ImportKeyPair("pgpkey.asc")
 End Sub
End Class

Import OpenPGP key ring (a lot of keys stored in one file)

The KeyStore.ImportKeyRing method allows a lot of keys to be imported at once. This method is especially useful for importing keys from GnuPG and Symantec PGP Command line key containers (see below)

C# example

using System;
using DidiSoft.Pgp;
 
public class ImportKeys
{
   public static void Demo()
   {
      // initialize the key store
      KeyStore keyStore = new KeyStore("pgp.keystore", "changeit");       
 
      KeyPairInformation[] manyKeys = keyStore.ImportKeyRing("pubring.pkr");
    }
}

VB.NET code

Imports System
Imports DidiSoft.Pgp
 
Public Class ImportKeys
 Public Shared Sub Demo()
   ' initialize the key store
   Dim keyStore As New KeyStore("pgp.keystore", "changeit")
 
   Dim manyKeys As KeyPairInformation() = keyStore.ImportKeyRing("pubring.pkr")
 End Sub
End Class

Reusing existing keys from GnuPG and Symantec PGP

We can reuse existing key rings from GnuPG and Symantec PGP transparently by importing them in a KeyStore object.

For example, if we wish to use those existing keys in a read-only manner, we have to:

1. create an in-memory located KeyStore object

2. invoke KeyStore.ImportKeyRing to import the public key ring (pubring.pkr for Symantec PGP and pubring.gpg for GnuPG) and the secret key ring (secring.skr for Symantec PGP and secring.gpg for GnuPG)

Afterwards, we can refer to the keys the same way we do from the command line, either by hexadecimal Key Id or by User Id. Check here for an example.

Import GnuPG 2.x .kbx file

GnuPG 2.x uses a new optimized file format for storing public keys known as Keybox file format. In order to import the keys contained in gpg .kbx file we have to use the KeyStore.ImportGnuPgKbx method:

C# example

using System;
using DidiSoft.Pgp;
 
public class ImportKeys
{
   public static void Demo()
   {
      // initialize the key store
      KeyStore keyStore = new KeyStore("pgp.keystore", "changeit");       
 
      KeyPairInformation[] manyKeys = keyStore.ImportGnuPgKbx("C:\Users\me\AppData\Roaming\gnupg\pubring.kbx");
    }
}

VB.NET code

Imports System
Imports DidiSoft.Pgp
 
Public Class ImportKeys
 Public Shared Sub Demo()
   ' initialize the key store
   Dim keyStore As New KeyStore("pgp.keystore", "changeit")
 
   Dim manyKeys As KeyPairInformation() = keyStore.ImportGnuPgKbx("C:\Users\me\AppData\Roaming\gnupg\pubring.kbx")
 End Sub
End Class

Exceptions

All Import methods will throw System.IO.IOException in case of I/O related exception.
The caller can also catch the general OpenPGP related error DidiSoft.Pgp.PGPException.
KeyStore.ImportPublicKey will throw DidiSoft.Pgp.Exceptions.WrongPublicKey exception if the provided source doesn’t contain PGP public key
KeyStore.ImportPrivateKey will throw DidiSoft.Pgp.Exceptions.WrongPrivateKey exception if the provided source doesn’t contain PGP public key

Summary

In this chapter we have illustrated how to import OpenPGP keys and whole key rings into a KeyStore object.

You can also check how to export keys from a KeyStore and how to import X.509 keys wrapped transparently as OpenPGP keys.