// From: // http://blogs.interfacett.com/selecting-a-cryptographic-key-provider-in-windows-server-2012-ad-cs // https://msdn.microsoft.com/en-us/library/windows/desktop/aa386983(v=vs.85).aspx // // Microsoft Base Smart Card Crypto Provider // Microsoft Enhanced Cryptographic Provider v1.0 // ECDA_P256#Microsoft Smart Card Key Storage Provider // ECDA_P521#Microsoft Smart Card Key Storage Provider // RSA#Microsoft Software Key Storage Provider // Microsoft Base Cryptographic Provider v1.0 // ECDA_P256#Microsoft Software Key Storage Provider // ECDA_P521#Microsoft Software Key Storage Provider // Microsoft Strong Cryptographic Provider // ECDA_P384#Microsoft Software Key Storage Provider // Microsoft Base DSS Cryptographic Provider // RSA#Microsoft Smart Card Key Storage Provider // DSA#Microsoft Software Key Storage Provider // ECDA_P384#Microsoft Smart Card Key Storage Provider public override PrivateKey GeneratePrivateKey(PrivateKeyParams pkp) { var rsaPkp = pkp as RsaPrivateKeyParams; var ecPkp = pkp as EcPrivateKeyParams; var algId = new CERTENROLLLib.CObjectId(); if (rsaPkp != null) { var oid = new System.Security.Cryptography.Oid("RSA"); algId.InitializeFromValue(oid.Value); } else if (ecPkp != null) { throw new NotImplementedException("EC keys not implemented YET!"); } else { throw new NotSupportedException("unsupported private key parameters type"); } var cePk = new CERTENROLLLib.CX509PrivateKey(); // MS_DEF_PROV //cePk.ProviderName = "Microsoft Base Cryptographic Provider"; cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; //cePk.ProviderType = CERTENROLLLib.X509ProviderType.XCN_PROV_RSA_FULL; cePk.Algorithm = algId; cePk.KeySpec = CERTENROLLLib.X509KeySpec.XCN_AT_KEYEXCHANGE; cePk.Length = rsaPkp.NumBits; // Don't store in the machine's local cert store and allow exporting of private key cePk.MachineContext = false; cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG; cePk.Create(); var pk = new CeRsaPrivateKey(rsaPkp.NumBits, null, null) { Exported = cePk.Export(BCRYPT_PRIVATE_KEY_BLOB), }; return(pk); }
public override PrivateKey ImportPrivateKey <PK>(EncodingFormat fmt, Stream source) { if (typeof(PK) == typeof(RsaPrivateKey)) { byte[] keyBytes; string encodedKey; CERTENROLLLib.EncodingType encodingType; using (var ms = new MemoryStream()) { source.CopyTo(ms); keyBytes = ms.ToArray(); } switch (fmt) { case EncodingFormat.PEM: encodedKey = Encoding.UTF8.GetString(keyBytes); encodingType = CERTENROLLLib.EncodingType.XCN_CRYPT_STRING_ANY; break; case EncodingFormat.DER: var buff = new StringBuilder(); for (int i = 0; i < keyBytes.Length; ++i) { buff.Append((char)keyBytes[i]); } encodedKey = buff.ToString(); encodingType = CERTENROLLLib.EncodingType.XCN_CRYPT_STRING_BINARY; break; default: throw new NotSupportedException("unsupported encoding format"); } var cePk = new CERTENROLLLib.CX509PrivateKey(); // MS_DEF_PROV //cePk.ProviderName = "Microsoft Base Cryptographic Provider"; //cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; cePk.ProviderName = "Microsoft Strong Cryptographic Provider"; // Don't store in the machine's local cert store and allow exporting of private key cePk.MachineContext = false; cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG; cePk.Import(BCRYPT_PRIVATE_KEY_BLOB, encodedKey, encodingType); var pk = new CeRsaPrivateKey(cePk.Length, null, null) { Exported = cePk.Export(BCRYPT_PRIVATE_KEY_BLOB), }; return(pk); } else { throw new NotSupportedException("unsupported private key type"); } }