Discuss this help topic in SecureBlackbox Forum

Encrypt a file with a public key

Public key-based encryption is the most common way of exchanging information securely within a PGP infrastructure. SecureBlackbox supports such encryption through a dedicated encryption mode of TElPGPWriter component.

First, we need to load the public key that we will be encrypting our file for. This is normally a public key of the intended recipient of the encrypted message.

TElPGPWriter expects the encryption key to be placed in a dedicated keyring object. Therefore if you want to use a particular key from your local keyring, you will need to load the whole keyring, find the needed key in it, and then put it into a separate keyring object:

    TElPGPKeyring myKeys = new TElPGPKeyring();
	myKeys.Load("pubring.pkr", "secring.skr", true);
	int keyIndex = myKeys.FindPublicKeyByEmailAddress("luke@sky.com");

	TElPGPKeyring encryptionKeys = new TElPGPKeyring();

Now, let's proceed to the encryption itself.

  1. To start with, create an instance of TElPGPWriter class:
    TElPGPWriter writer = new TElPGPWriter();
  2. Set its EncryptionType property to TSBPGPEncryptionType.etPublicKey:
    pgpWriter.EncryptionType = SBPGP.TSBPGPEncryptionType.etPublicKey;
  3. Assign the keyring with the encryption key to the pgpWriter.EncryptingKeys property:
    pgpWriter.EncryptingKeys = encryptionKeys;
  4. Provide the source filename (doesn't need to be the real file name) and the encryption date:
    pgpWriter.Filename = "picture.jpg";
    pgpWriter.Timestamp = DateTime.UtcNow;
    Note: an empty string assigned to the Filename property will make the components create a for-your-eyes-only file, which won't be decrypted to a persistent media.
  5. Tune-up encryption settings:
    pgpWriter.SymmetricKeyAlgorithm = SBPGPConstants.Unit.SB_PGP_ALGORITHM_SK_AES256;
    Note: in default configuration, TElPGPWriter comes with its own pre-defined encryption settings (CAST5 with 128 bit key, on the date of creation of this article).
  6. Optionally tune-up supplementary options, such as armouring:
    pgpWriter.Armor = true;
    pgpWriter.Compress = true;
  7. Call EncryptFile() method:
    pgpWriter.EncryptFile("picture.jpg", "picture.jpg.pgp");

Note: in certain scenarios, especially where heavy multi-subkey structures are used, there might be a need to specify the exact subkey to be used for encryption. While SecureBlackbox does its best to find the appropriate encryption key or subkey automatically, sometimes this is not possible due to lack of information stored within the keys. If unsure about the purpose of a particular primary key or subkey (i.e. whether it is signing-only, encryption-only or both encryption and signing capable), SecureBlackbox always uses it for encryption. As a result, the resulting file may be encrypted with multiple keys, which might be confusing for the receiving software. You can tell TElPGPWriter that it must not encrypt the file for a particular key or subkey by setting its Enabled property to false. For instance, the following setting makes TElPGPWriter not encrypt the file with the primary key and only use its subkeys:

encryptionKeys.get_PublicKeys(0).Enabled = false;

How To articles about file encryption and signing with OpenPGP

Discuss this help topic in SecureBlackbox Forum