Beispiel #1
0
        internal static AsymmetricCipherKeyPair Create(int pkSize, string pkAlgo)
        {
            SecureRandom            random   = new SecureRandom(new CryptoApiRandomGenerator());
            KeyGenerationParameters genParam = new KeyGenerationParameters(random, pkSize);
            AsymmetricCipherKeyPair keyPair;

            switch (pkAlgo)
            {
            case "RSA":
                RsaKeyPairGenerator rsaGenerator = new RsaKeyPairGenerator();
                rsaGenerator.Init(genParam);
                keyPair = rsaGenerator.GenerateKeyPair();
                break;

            case "DSA":
                DsaKeyPairGenerator dsaGenerator = new DsaKeyPairGenerator();
                dsaGenerator.Init(genParam);
                keyPair = dsaGenerator.GenerateKeyPair();
                break;

            case "ECDSA":
                ECKeyPairGenerator ecGenerator = new ECKeyPairGenerator(pkAlgo);
                ecGenerator.Init(genParam);
                keyPair = ecGenerator.GenerateKeyPair();
                break;

            default:
                throw new ArgumentException("Algorithm not supported", pkAlgo);
            }
            return(keyPair);
        }
Beispiel #2
0
        /// <summary>
        /// Create a key pair for according to the key size
        /// </summary>
        /// <param name="keySize">the key size in bits</param>
        public void CreateKeyPair(int keySize)
        {
            var dsaParametersGenerator = new DsaParametersGenerator();

            dsaParametersGenerator.Init(keySize, 80, new SecureRandom());
            var parameters   = new DsaKeyGenerationParameters(new SecureRandom(), dsaParametersGenerator.GenerateParameters());
            var keyGenerator = new DsaKeyPairGenerator();

            keyGenerator.Init(parameters);
            keyPair = keyGenerator.GenerateKeyPair();
        }
Beispiel #3
0
        /// <summary>
        /// Generate key pair.
        /// </summary>
        /// <returns></returns>
        public override AsymmetricCipherKeyPair GenerateKeyPair()
        {
            DsaParametersGenerator generator2 = new DsaParametersGenerator();

            generator2.Init(_keySize, _certainty, Common.ThreadSecureRandom.Value);
            DsaParameters                     parameters2 = generator2.GenerateParameters();
            KeyGenerationParameters           parameters  = new DsaKeyGenerationParameters(Common.ThreadSecureRandom.Value, parameters2);
            IAsymmetricCipherKeyPairGenerator generator   = new DsaKeyPairGenerator();

            generator.Init(parameters);
            return(generator.GenerateKeyPair());
        }
Beispiel #4
0
            // We do this using a pair-wise consistency test as per the IG 2nd March 2015, Section 9.4
            internal override void Evaluate(DsaSigner signer)
            {
                BigInteger q = new BigInteger("90EAF4D1AF0708B1B612FF35E0A2997EB9E9D263C9CE659528945C0D", 16);

                BigInteger p = new BigInteger(
                    "C196BA05AC29E1F9C3C72D56DFFC6154" +
                    "A033F1477AC88EC37F09BE6C5BB95F51C296DD20D1A28A06" +
                    "7CCC4D4316A4BD1DCA55ED1066D438C35AEBAABF57E7DAE4" +
                    "28782A95ECA1C143DB701FD48533A3C18F0FE23557EA7AE6" +
                    "19ECACC7E0B51652A8776D02A425567DED36EABD90CA33A1" +
                    "E8D988F0BBB92D02D1D20290113BB562CE1FC856EEB7CDD9" +
                    "2D33EEA6F410859B179E7E789A8F75F645FAE2E136D252BF" +
                    "FAFF89528945C1ABE705A38DBC2D364AADE99BE0D0AAD82E" +
                    "5320121496DC65B3930E38047294FF877831A16D5228418D" +
                    "E8AB275D7D75651CEFED65F78AFC3EA7FE4D79B35F62A040" +
                    "2A1117599ADAC7B269A59F353CF450E6982D3B1702D9CA83", 16);

                BigInteger g = new BigInteger(
                    "A59A749A11242C58C894E9E5A91804E8" +
                    "FA0AC64B56288F8D47D51B1EDC4D65444FECA0111D78F35F" +
                    "C9FDD4CB1F1B79A3BA9CBEE83A3F811012503C8117F98E50" +
                    "48B089E387AF6949BF8784EBD9EF45876F2E6A5A495BE64B" +
                    "6E770409494B7FEE1DBB1E4B2BC2A53D4F893D418B715959" +
                    "2E4FFFDF6969E91D770DAEBD0B5CB14C00AD68EC7DC1E574" +
                    "5EA55C706C4A1C5C88964E34D09DEB753AD418C1AD0F4FDF" +
                    "D049A955E5D78491C0B7A2F1575A008CCD727AB376DB6E69" +
                    "5515B05BD412F5B8C2F4C77EE10DA48ABD53F5DD498927EE" +
                    "7B692BBBCDA2FB23A516C5B4533D73980B2A3B60E384ED20" +
                    "0AE21B40D273651AD6060C13D97FD69AA13C5611A51B9085", 16);

                DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();

                kpGen.Init(new DsaKeyGenerationParameters(
                               new TestRandomBigInteger(Hex.Decode("947813B589EDBA642411AD79205E43CE9B859327A4F84CF4B02628DB058A7B22771EA1852903711B")),
                               new DsaParameters(p, q, g)));

                AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();

                signer.Init(true, new ParametersWithRandom(kp.Private, new TestRandomBigInteger(Hex.Decode("735959CC4463B8B440E407EECA8A473BF6A6D1FE657546F67D401F05"))));

                byte[] msg = Hex.Decode("23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7");

                BigInteger[] sig = signer.GenerateSignature(msg);

                signer.Init(false, kp.Public);

                if (!signer.VerifySignature(FipsKats.Values[FipsKats.Vec.DsaStartupVec], sig[0], sig[1]))
                {
                    Fail("KAT signature not verified");
                }
            }
        public AsymmetricCipherKeyPair GenerateDsaKeyPair(int keySize)
        {
            var dsaParameterGenerator = new DsaParametersGenerator(new Sha256Digest());

            //Key size is fixed to be either 2048 or 3072 (Table C.1 on FIPS 186-3)
            dsaParameterGenerator.Init(new DsaParameterGenerationParameters(keySize, 256, 128, secureRandom.Generator));

            DsaParameters dsaParameters           = dsaParameterGenerator.GenerateParameters();
            var           keyGenerationParameters = new DsaKeyGenerationParameters(secureRandom.Generator, dsaParameters);

            var keyPairGenerator = new DsaKeyPairGenerator();

            keyPairGenerator.Init(keyGenerationParameters);

            return(keyPairGenerator.GenerateKeyPair());
        }
Beispiel #6
0
            /// <summary>
            /// Generate a new DSA key pair.
            /// </summary>
            /// <returns>A new AsymmetricKeyPair containing a DSA key pair.</returns>
            public override AsymmetricKeyPair <AsymmetricDsaPublicKey, AsymmetricDsaPrivateKey> GenerateKeyPair()
            {
                AsymmetricCipherKeyPair kp = engine.GenerateKeyPair();

                DsaPublicKeyParameters  pubKey = (DsaPublicKeyParameters)kp.Public;
                DsaPrivateKeyParameters prvKey = (DsaPrivateKeyParameters)kp.Private;

                FipsAlgorithm algorithm = this.Parameters.Algorithm;

                // FSM_STATE:5.3, "DSA PAIRWISE CONSISTENCY TEST", "The module is performing DSA Pairwise Consistency self-test"
                // FSM_TRANS:5.DSA.0,"CONDITIONAL TEST", "DSA PAIRWISE CONSISTENCY TEST", "Invoke DSA Pairwise Consistency test"
                validateKeyPair(kp);
                // FSM_TRANS:5.DSA.1,"DSA PAIRWISE CONSISTENCY TEST", "CONDITIONAL TEST", "DSA Pairwise Consistency test successful"

                return(new AsymmetricKeyPair <AsymmetricDsaPublicKey, AsymmetricDsaPrivateKey>(new AsymmetricDsaPublicKey(algorithm, domainParameters, pubKey.Y), new AsymmetricDsaPrivateKey(algorithm, domainParameters, prvKey.X)));
            }
Beispiel #7
0
        private void InitKey()
        {
            _secure_random = new SecureRandom();
            DsaParametersGenerator _dsa_param_gen    = new DsaParametersGenerator();
            DsaKeyPairGenerator    _dsa_key_pair_gen = new DsaKeyPairGenerator();

            _dsa_param_gen.Init(1024, 80, _secure_random);

            DsaKeyGenerationParameters _dsa_key_gen_params = new DsaKeyGenerationParameters(_secure_random, _dsa_param_gen.GenerateParameters());

            _dsa_key_pair_gen.Init(_dsa_key_gen_params);
            _key_pair = _dsa_key_pair_gen.GenerateKeyPair();


            _private_key_param = (DsaPrivateKeyParameters)_key_pair.Private;
            _public_key_param  = (DsaPublicKeyParameters)_key_pair.Public;
        }
Beispiel #8
0
        //constructor
        /// <summary>
        /// A utility for easily using cryptographic functions. Automatically generates PGP and RSA keypairs.
        /// </summary>
        public CryptoHelper()
        {
            DsaKeyPairGenerator    gen  = new DsaKeyPairGenerator();
            DsaParametersGenerator pGen = new DsaParametersGenerator();

            pgpRng.SetSeed(GetRandomBytes(512));
            pGen.Init(1024, 100, pgpRng);
            DsaKeyGenerationParameters p = new DsaKeyGenerationParameters(pgpRng, pGen.GenerateParameters());

            gen.Init(p);
            AsymmetricCipherKeyPair keys = gen.GenerateKeyPair();

            pgpPublicKey  = new PgpPublicKey(Org.BouncyCastle.Bcpg.PublicKeyAlgorithmTag.Dsa, keys.Public, DateTime.Now);
            pgpPrivateKey = new PgpPrivateKey(pgpPublicKey.KeyId, pgpPublicKey.PublicKeyPacket, keys.Private);

            rsaPublicKey  = encodeRsaPublicKey(rsa.ExportParameters(false));
            rsaPrivateKey = encodeRsaPrivateKey(rsa.ExportParameters(true));
        }
        public (string publicKey, string privateKey) GetDsaKeys()
        {
            var secureRandom        = new SecureRandom();
            var parametersGenerator = new DsaParametersGenerator(new Sha1Digest());

            parametersGenerator.Init(1024, 100, secureRandom);
            var parameters = parametersGenerator.GenerateParameters();

            var g = new DsaKeyPairGenerator();

            g.Init(new DsaKeyGenerationParameters(secureRandom, parameters));
            var keyPair = g.GenerateKeyPair();

            var pkInfo     = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
            var privateKey = Convert.ToBase64String(pkInfo.ToAsn1Object().GetDerEncoded());

            var publicKeyInfo         = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
            var serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded();
            var publicKey             = Convert.ToBase64String(serializedPublicBytes);

            return(publicKey, privateKey);
        }
Beispiel #10
0
        /// <inheritdoc />
        public void GenerateCerts()
        {
            var dsaKeyPairGen = new DsaKeyPairGenerator();
            var dsaParamGen   = new DsaParametersGenerator();

            dsaParamGen.Init(512, 12, new SecureRandom());
            dsaKeyPairGen.
            Init(new DsaKeyGenerationParameters(new SecureRandom(),
                                                dsaParamGen.GenerateParameters()));

            var keyPair = dsaKeyPairGen.GenerateKeyPair();

            _privateKey = keyPair.Private;
            _publicKey  = keyPair.Public;

            var publicKeyDer = SubjectPublicKeyInfoFactory
                               .CreateSubjectPublicKeyInfo(_publicKey)
                               .GetDerEncoded();

            var publicKeyDerBase64 = Convert.ToBase64String(publicKeyDer);

            _config.SignaturePublicKey = publicKeyDerBase64;
        }
Beispiel #11
0
        /// <summary>
        /// Generates the key.
        /// </summary>
        /// <param name="size">The size.</param>
        protected override void GenerateKey(int size)
        {
            var paramgen = new DsaParametersGenerator();

            paramgen.Init(size, 100, Secure.Random);

            var keygen = new DsaKeyPairGenerator();

            keygen.Init(new DsaKeyGenerationParameters(Secure.Random, paramgen.GenerateParameters()));
            var pair = keygen.GenerateKeyPair();
            var priv = (DsaPrivateKeyParameters)pair.Private;

            X         = priv.X.ToSystemBigInteger();
            Size      = size;
            PublicKey = new DsaPublicKey();
            var pub = (DsaPublicKeyParameters)pair.Public;

            PublicKey.Y    = pub.Y.ToSystemBigInteger();
            PublicKey.G    = pub.Parameters.G.ToSystemBigInteger();
            PublicKey.P    = pub.Parameters.P.ToSystemBigInteger();
            PublicKey.Q    = pub.Parameters.Q.ToSystemBigInteger();
            PublicKey.Size = size;
        }
Beispiel #12
0
        private void Dsa2Test3()
        {
            byte[] seed = Hex.Decode("4783081972865EA95D43318AB2EAF9C61A2FC7BBF1B772A09017BDF5A58F4FF0");

            DsaParametersGenerator pGen = new DsaParametersGenerator(new Sha256Digest());

            pGen.Init(new DsaParameterGenerationParameters(2048, 256, 80, new DsaTestSecureRandom(seed)));

            DsaParameters parameters = pGen.GenerateParameters();

            DsaValidationParameters pv = parameters.ValidationParameters;

            if (pv.Counter != 12)
            {
                Fail("counter incorrect");
            }

            if (!AreEqual(seed, pv.GetSeed()))
            {
                Fail("seed incorrect");
            }

            if (!parameters.Q.Equals(new BigInteger("C24ED361870B61E0D367F008F99F8A1F75525889C89DB1B673C45AF5867CB467", 16)))
            {
                Fail("Q incorrect");
            }

            if (!parameters.P.Equals(new BigInteger(
                                         "F56C2A7D366E3EBDEAA1891FD2A0D099" +
                                         "436438A673FED4D75F594959CFFEBCA7BE0FC72E4FE67D91" +
                                         "D801CBA0693AC4ED9E411B41D19E2FD1699C4390AD27D94C" +
                                         "69C0B143F1DC88932CFE2310C886412047BD9B1C7A67F8A2" +
                                         "5909132627F51A0C866877E672E555342BDF9355347DBD43" +
                                         "B47156B2C20BAD9D2B071BC2FDCF9757F75C168C5D9FC431" +
                                         "31BE162A0756D1BDEC2CA0EB0E3B018A8B38D3EF2487782A" +
                                         "EB9FBF99D8B30499C55E4F61E5C7DCEE2A2BB55BD7F75FCD" +
                                         "F00E48F2E8356BDB59D86114028F67B8E07B127744778AFF" +
                                         "1CF1399A4D679D92FDE7D941C5C85C5D7BFF91BA69F9489D" +
                                         "531D1EBFA727CFDA651390F8021719FA9F7216CEB177BD75", 16)))
            {
                Fail("P incorrect");
            }

            if (!parameters.G.Equals(new BigInteger(
                                         "8DC6CC814CAE4A1C05A3E186A6FE27EA" +
                                         "BA8CDB133FDCE14A963A92E809790CBA096EAA26140550C1" +
                                         "29FA2B98C16E84236AA33BF919CD6F587E048C52666576DB" +
                                         "6E925C6CBE9B9EC5C16020F9A44C9F1C8F7A8E611C1F6EC2" +
                                         "513EA6AA0B8D0F72FED73CA37DF240DB57BBB27431D61869" +
                                         "7B9E771B0B301D5DF05955425061A30DC6D33BB6D2A32BD0" +
                                         "A75A0A71D2184F506372ABF84A56AEEEA8EB693BF29A6403" +
                                         "45FA1298A16E85421B2208D00068A5A42915F82CF0B858C8" +
                                         "FA39D43D704B6927E0B2F916304E86FB6A1B487F07D8139E" +
                                         "428BB096C6D67A76EC0B8D4EF274B8A2CF556D279AD267CC" +
                                         "EF5AF477AFED029F485B5597739F5D0240F67C2D948A6279", 16)))
            {
                Fail("G incorrect");
            }

            DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();

            kpGen.Init(new DsaKeyGenerationParameters(
                           FixedSecureRandom.From(Hex.Decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C")), parameters));

            AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();

            DsaPublicKeyParameters  pub  = (DsaPublicKeyParameters)kp.Public;
            DsaPrivateKeyParameters priv = (DsaPrivateKeyParameters)kp.Private;

            if (!pub.Y.Equals(new BigInteger(
                                  "2828003D7C747199143C370FDD07A286" +
                                  "1524514ACC57F63F80C38C2087C6B795B62DE1C224BF8D1D" +
                                  "1424E60CE3F5AE3F76C754A2464AF292286D873A7A30B7EA" +
                                  "CBBC75AAFDE7191D9157598CDB0B60E0C5AA3F6EBE425500" +
                                  "C611957DBF5ED35490714A42811FDCDEB19AF2AB30BEADFF" +
                                  "2907931CEE7F3B55532CFFAEB371F84F01347630EB227A41" +
                                  "9B1F3F558BC8A509D64A765D8987D493B007C4412C297CAF" +
                                  "41566E26FAEE475137EC781A0DC088A26C8804A98C23140E" +
                                  "7C936281864B99571EE95C416AA38CEEBB41FDBFF1EB1D1D" +
                                  "C97B63CE1355257627C8B0FD840DDB20ED35BE92F08C49AE" +
                                  "A5613957D7E5C7A6D5A5834B4CB069E0831753ECF65BA02B", 16)))
            {
                Fail("Y value incorrect");
            }

            if (!priv.X.Equals(
                    new BigInteger("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C", 16)))
            {
                Fail("X value incorrect");
            }

            DsaSigner signer = new DsaSigner();

            signer.Init(true, new ParametersWithRandom(kp.Private,
                                                       FixedSecureRandom.From(Hex.Decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C"))));

            byte[] msg = Hex.Decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");

            BigInteger[] sig = signer.GenerateSignature(msg);

            if (!sig[0].Equals(new BigInteger("315C875DCD4850E948B8AC42824E9483A32D5BA5ABE0681B9B9448D444F2BE3C", 16)))
            {
                Fail("R value incorrect");
            }

            if (!sig[1].Equals(new BigInteger("89718D12E54A8D9ED066E4A55F7ED5A2229CD23B9A3CEE78F83ED6AA61F6BCB9", 16)))
            {
                Fail("S value incorrect");
            }

            signer.Init(false, kp.Public);

            if (!signer.VerifySignature(msg, sig[0], sig[1]))
            {
                Fail("signature not verified");
            }
        }
Beispiel #13
0
        private void Dsa2Test4()
        {
            byte[] seed = Hex.Decode("193AFCA7C1E77B3C1ECC618C81322E47B8B8B997C9C83515C59CC446C2D9BD47");

            DsaParametersGenerator pGen = new DsaParametersGenerator(new Sha256Digest());

            pGen.Init(new DsaParameterGenerationParameters(3072, 256, 80, new DsaTestSecureRandom(seed)));

            DsaParameters parameters = pGen.GenerateParameters();

            DsaValidationParameters pv = parameters.ValidationParameters;

            if (pv.Counter != 20)
            {
                Fail("counter incorrect");
            }

            if (!AreEqual(seed, pv.GetSeed()))
            {
                Fail("seed incorrect");
            }

            if (!parameters.Q.Equals(new BigInteger("CFA0478A54717B08CE64805B76E5B14249A77A4838469DF7F7DC987EFCCFB11D", 16)))
            {
                Fail("Q incorrect");
            }

            if (!parameters.P.Equals(new BigInteger(
                                         "90066455B5CFC38F9CAA4A48B4281F292C260FEEF01FD610" +
                                         "37E56258A7795A1C7AD46076982CE6BB956936C6AB4DCFE0" +
                                         "5E6784586940CA544B9B2140E1EB523F009D20A7E7880E4E" +
                                         "5BFA690F1B9004A27811CD9904AF70420EEFD6EA11EF7DA1" +
                                         "29F58835FF56B89FAA637BC9AC2EFAAB903402229F491D8D" +
                                         "3485261CD068699B6BA58A1DDBBEF6DB51E8FE34E8A78E54" +
                                         "2D7BA351C21EA8D8F1D29F5D5D15939487E27F4416B0CA63" +
                                         "2C59EFD1B1EB66511A5A0FBF615B766C5862D0BD8A3FE7A0" +
                                         "E0DA0FB2FE1FCB19E8F9996A8EA0FCCDE538175238FC8B0E" +
                                         "E6F29AF7F642773EBE8CD5402415A01451A840476B2FCEB0" +
                                         "E388D30D4B376C37FE401C2A2C2F941DAD179C540C1C8CE0" +
                                         "30D460C4D983BE9AB0B20F69144C1AE13F9383EA1C08504F" +
                                         "B0BF321503EFE43488310DD8DC77EC5B8349B8BFE97C2C56" +
                                         "0EA878DE87C11E3D597F1FEA742D73EEC7F37BE43949EF1A" +
                                         "0D15C3F3E3FC0A8335617055AC91328EC22B50FC15B941D3" +
                                         "D1624CD88BC25F3E941FDDC6200689581BFEC416B4B2CB73", 16)))
            {
                Fail("P incorrect");
            }

            if (!parameters.G.Equals(new BigInteger(
                                         "5E5CBA992E0A680D885EB903AEA78E4A45A469103D448EDE" +
                                         "3B7ACCC54D521E37F84A4BDD5B06B0970CC2D2BBB715F7B8" +
                                         "2846F9A0C393914C792E6A923E2117AB805276A975AADB52" +
                                         "61D91673EA9AAFFEECBFA6183DFCB5D3B7332AA19275AFA1" +
                                         "F8EC0B60FB6F66CC23AE4870791D5982AAD1AA9485FD8F4A" +
                                         "60126FEB2CF05DB8A7F0F09B3397F3937F2E90B9E5B9C9B6" +
                                         "EFEF642BC48351C46FB171B9BFA9EF17A961CE96C7E7A7CC" +
                                         "3D3D03DFAD1078BA21DA425198F07D2481622BCE45969D9C" +
                                         "4D6063D72AB7A0F08B2F49A7CC6AF335E08C4720E31476B6" +
                                         "7299E231F8BD90B39AC3AE3BE0C6B6CACEF8289A2E2873D5" +
                                         "8E51E029CAFBD55E6841489AB66B5B4B9BA6E2F784660896" +
                                         "AFF387D92844CCB8B69475496DE19DA2E58259B090489AC8" +
                                         "E62363CDF82CFD8EF2A427ABCD65750B506F56DDE3B98856" +
                                         "7A88126B914D7828E2B63A6D7ED0747EC59E0E0A23CE7D8A" +
                                         "74C1D2C2A7AFB6A29799620F00E11C33787F7DED3B30E1A2" +
                                         "2D09F1FBDA1ABBBFBF25CAE05A13F812E34563F99410E73B", 16)))
            {
                Fail("G incorrect");
            }

            DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();

            kpGen.Init(new DsaKeyGenerationParameters(
                           FixedSecureRandom.From(Hex.Decode("3ABC1587297CE7B9EA1AD6651CF2BC4D7F92ED25CABC8553F567D1B40EBB8764")), parameters));

            AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();

            DsaPublicKeyParameters  pub  = (DsaPublicKeyParameters)kp.Public;
            DsaPrivateKeyParameters priv = (DsaPrivateKeyParameters)kp.Private;

            if (!pub.Y.Equals(new BigInteger(
                                  "8B891C8692D3DE875879390F2698B26FBECCA6B075535DCE" +
                                  "6B0C862577F9FA0DEF6074E7A7624121224A595896ABD4CD" +
                                  "A56B2CEFB942E025D2A4282FFAA98A48CDB47E1A6FCB5CFB" +
                                  "393EF35AF9DF913102BB303C2B5C36C3F8FC04ED7B8B69FE" +
                                  "FE0CF3E1FC05CFA713B3435B2656E913BA8874AEA9F93600" +
                                  "6AEB448BCD005D18EC3562A33D04CF25C8D3D69844343442" +
                                  "FA3DB7DE618C5E2DA064573E61E6D5581BFB694A23AC87FD" +
                                  "5B52D62E954E1376DB8DDB524FFC0D469DF978792EE44173" +
                                  "8E5DB05A7DC43E94C11A2E7A4FBE383071FA36D2A7EC8A93" +
                                  "88FE1C4F79888A99D3B6105697C2556B79BB4D7E781CEBB3" +
                                  "D4866AD825A5E830846072289FDBC941FA679CA82F5F78B7" +
                                  "461B2404DB883D215F4E0676CF5493950AC5591697BFEA8D" +
                                  "1EE6EC016B89BA51CAFB5F9C84C989FA117375E94578F28B" +
                                  "E0B34CE0545DA46266FD77F62D8F2CEE92AB77012AFEBC11" +
                                  "008985A821CD2D978C7E6FE7499D1AAF8DE632C21BB48CA5" +
                                  "CBF9F31098FD3FD3854C49A65D9201744AACE540354974F9", 16)))
            {
                Fail("Y value incorrect");
            }

            if (!priv.X.Equals(
                    new BigInteger("3ABC1587297CE7B9EA1AD6651CF2BC4D7F92ED25CABC8553F567D1B40EBB8764", 16)))
            {
                Fail("X value incorrect");
            }

            DsaSigner signer = new DsaSigner();

            signer.Init(true, new ParametersWithRandom(kp.Private,
                                                       FixedSecureRandom.From(Hex.Decode("A6902C1E6E3943C5628061588A8B007BCCEA91DBF12915483F04B24AB0678BEE"))));

            byte[] msg = Hex.Decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");

            BigInteger[] sig = signer.GenerateSignature(msg);

            if (!sig[0].Equals(new BigInteger("5F184E645A38BE8FB4A6871B6503A9D12924C7ABE04B71410066C2ECA6E3BE3E", 16)))
            {
                Fail("R value incorrect");
            }

            if (!sig[1].Equals(new BigInteger("91EB0C7BA3D4B9B60B825C3D9F2CADA8A2C9D7723267B033CBCDCF8803DB9C18", 16)))
            {
                Fail("S value incorrect");
            }

            signer.Init(false, kp.Public);

            if (!signer.VerifySignature(msg, sig[0], sig[1]))
            {
                Fail("signature not verified");
            }
        }
Beispiel #14
0
        public override void PerformTest()
        {
            byte[] k1 = Hex.Decode("d5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
            byte[] k2 = Hex.Decode("345e8d05c075c3a508df729a1685690e68fcfb8c8117847e89063bca1f85d968fd281540b6e13bd1af989a1fbf17e06462bf511f9d0b140fb48ac1b1baa5bded");

            SecureRandom random = FixedSecureRandom.From(k1, k2);

            byte[] keyData = Hex.Decode("b5014e4b60ef2ba8b6211b4062ba3224e0427dd3");

            SecureRandom keyRandom = FixedSecureRandom.From(keyData, keyData);

            BigInteger             r    = new BigInteger("68076202252361894315274692543577577550894681403");
            BigInteger             s    = new BigInteger("1089214853334067536215539335472893651470583479365");
            DsaParametersGenerator pGen = new DsaParametersGenerator();

            pGen.Init(512, 80, random);

            DsaParameters           parameters = pGen.GenerateParameters();
            DsaValidationParameters pValid     = parameters.ValidationParameters;

            if (pValid.Counter != 105)
            {
                Fail("Counter wrong");
            }

            if (!pValue.Equals(parameters.P) || !qValue.Equals(parameters.Q))
            {
                Fail("p or q wrong");
            }

            DsaKeyPairGenerator        dsaKeyGen = new DsaKeyPairGenerator();
            DsaKeyGenerationParameters genParam  = new DsaKeyGenerationParameters(keyRandom, parameters);

            dsaKeyGen.Init(genParam);

            AsymmetricCipherKeyPair pair = dsaKeyGen.GenerateKeyPair();

            ParametersWithRandom param = new ParametersWithRandom(pair.Private, keyRandom);

            DsaSigner dsa = new DsaSigner();

            dsa.Init(true, param);

            byte[]       message = new BigInteger("968236873715988614170569073515315707566766479517").ToByteArrayUnsigned();
            BigInteger[] sig     = dsa.GenerateSignature(message);

            if (!r.Equals(sig[0]))
            {
                Fail("r component wrong." + SimpleTest.NewLine
                     + " expecting: " + r + SimpleTest.NewLine
                     + " got      : " + sig[0]);
            }

            if (!s.Equals(sig[1]))
            {
                Fail("s component wrong." + SimpleTest.NewLine
                     + " expecting: " + s + SimpleTest.NewLine
                     + " got      : " + sig[1]);
            }

            dsa.Init(false, pair.Public);

            if (!dsa.VerifySignature(message, sig[0], sig[1]))
            {
                Fail("verification fails");
            }

            Dsa2Test1();
            Dsa2Test2();
            Dsa2Test3();
            Dsa2Test4();
        }
Beispiel #15
0
        private void Dsa2Test2()
        {
            byte[] seed = Hex.Decode("5AFCC1EFFC079A9CCA6ECA86D6E3CC3B18642D9BE1CC6207C84002A9");

            DsaParametersGenerator pGen = new DsaParametersGenerator(new Sha224Digest());

            pGen.Init(new DsaParameterGenerationParameters(2048, 224, 80, new DsaTestSecureRandom(seed)));

            DsaParameters parameters = pGen.GenerateParameters();

            DsaValidationParameters pv = parameters.ValidationParameters;

            if (pv.Counter != 21)
            {
                Fail("counter incorrect");
            }

            if (!AreEqual(seed, pv.GetSeed()))
            {
                Fail("seed incorrect");
            }

            if (!parameters.Q.Equals(new BigInteger("90EAF4D1AF0708B1B612FF35E0A2997EB9E9D263C9CE659528945C0D", 16)))
            {
                Fail("Q incorrect");
            }

            if (!parameters.P.Equals(new BigInteger(
                                         "C196BA05AC29E1F9C3C72D56DFFC6154" +
                                         "A033F1477AC88EC37F09BE6C5BB95F51C296DD20D1A28A06" +
                                         "7CCC4D4316A4BD1DCA55ED1066D438C35AEBAABF57E7DAE4" +
                                         "28782A95ECA1C143DB701FD48533A3C18F0FE23557EA7AE6" +
                                         "19ECACC7E0B51652A8776D02A425567DED36EABD90CA33A1" +
                                         "E8D988F0BBB92D02D1D20290113BB562CE1FC856EEB7CDD9" +
                                         "2D33EEA6F410859B179E7E789A8F75F645FAE2E136D252BF" +
                                         "FAFF89528945C1ABE705A38DBC2D364AADE99BE0D0AAD82E" +
                                         "5320121496DC65B3930E38047294FF877831A16D5228418D" +
                                         "E8AB275D7D75651CEFED65F78AFC3EA7FE4D79B35F62A040" +
                                         "2A1117599ADAC7B269A59F353CF450E6982D3B1702D9CA83", 16)))
            {
                Fail("P incorrect");
            }

            if (!parameters.G.Equals(new BigInteger(
                                         "A59A749A11242C58C894E9E5A91804E8" +
                                         "FA0AC64B56288F8D47D51B1EDC4D65444FECA0111D78F35F" +
                                         "C9FDD4CB1F1B79A3BA9CBEE83A3F811012503C8117F98E50" +
                                         "48B089E387AF6949BF8784EBD9EF45876F2E6A5A495BE64B" +
                                         "6E770409494B7FEE1DBB1E4B2BC2A53D4F893D418B715959" +
                                         "2E4FFFDF6969E91D770DAEBD0B5CB14C00AD68EC7DC1E574" +
                                         "5EA55C706C4A1C5C88964E34D09DEB753AD418C1AD0F4FDF" +
                                         "D049A955E5D78491C0B7A2F1575A008CCD727AB376DB6E69" +
                                         "5515B05BD412F5B8C2F4C77EE10DA48ABD53F5DD498927EE" +
                                         "7B692BBBCDA2FB23A516C5B4533D73980B2A3B60E384ED20" +
                                         "0AE21B40D273651AD6060C13D97FD69AA13C5611A51B9085", 16)))
            {
                Fail("G incorrect");
            }

            DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();

            kpGen.Init(new DsaKeyGenerationParameters(
                           FixedSecureRandom.From(Hex.Decode("00D0F09ED3E2568F6CADF9224117DA2AEC5A4300E009DE1366023E17")), parameters));

            AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();

            DsaPublicKeyParameters  pub  = (DsaPublicKeyParameters)kp.Public;
            DsaPrivateKeyParameters priv = (DsaPrivateKeyParameters)kp.Private;

            if (!pub.Y.Equals(new BigInteger(
                                  "70035C9A3B225B258F16741F3941FBF0" +
                                  "6F3D056CD7BD864604CBB5EE9DD85304EE8E8E4ABD5E9032" +
                                  "11DDF25CE149075510ACE166970AFDC7DF552B7244F342FA" +
                                  "02F7A621405B754909D757F97290E1FE5036E904CF593446" +
                                  "0C046D95659821E1597ED9F2B1F0E20863A6BBD0CE74DACB" +
                                  "A5D8C68A90B29C2157CDEDB82EC12B81EE3068F9BF5F7F34" +
                                  "6ECA41ED174CCCD7D154FA4F42F80FFE1BF46AE9D8125DEB" +
                                  "5B4BA08A72BDD86596DBEDDC9550FDD650C58F5AE5133509" +
                                  "A702F79A31ECB490F7A3C5581631F7C5BE4FF7F9E9F27FA3" +
                                  "90E47347AD1183509FED6FCF198BA9A71AB3335B4F38BE8D" +
                                  "15496A00B6DC2263E20A5F6B662320A3A1EC033AA61E3B68", 16)))
            {
                Fail("Y value incorrect");
            }

            if (!priv.X.Equals(
                    new BigInteger("00D0F09ED3E2568F6CADF9224117DA2AEC5A4300E009DE1366023E17", 16)))
            {
                Fail("X value incorrect");
            }

            DsaSigner signer = new DsaSigner();

            signer.Init(true, new ParametersWithRandom(kp.Private,
                                                       FixedSecureRandom.From(Hex.Decode("735959CC4463B8B440E407EECA8A473BF6A6D1FE657546F67D401F05"))));

            byte[] msg = Hex.Decode("23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7");

            BigInteger[] sig = signer.GenerateSignature(msg);

            if (!sig[0].Equals(new BigInteger("4400138D05F9639CAF54A583CAAF25D2B76D0C3EAD752CE17DBC85FE", 16)))
            {
                Fail("R value incorrect");
            }

            if (!sig[1].Equals(new BigInteger("874D4F12CB13B61732D398445698CFA9D92381D938AA57EE2C9327B3", 16)))
            {
                Fail("S value incorrect");
            }

            signer.Init(false, kp.Public);

            if (!signer.VerifySignature(msg, sig[0], sig[1]))
            {
                Fail("signature not verified");
            }
        }
Beispiel #16
0
        private void Dsa2Test1()
        {
            byte[] seed = Hex.Decode("ED8BEE8D1CB89229D2903CBF0E51EE7377F48698");

            DsaParametersGenerator pGen = new DsaParametersGenerator();

            pGen.Init(new DsaParameterGenerationParameters(1024, 160, 80, new DsaTestSecureRandom(seed)));

            DsaParameters parameters = pGen.GenerateParameters();

            DsaValidationParameters pv = parameters.ValidationParameters;

            if (pv.Counter != 5)
            {
                Fail("counter incorrect");
            }

            if (!AreEqual(seed, pv.GetSeed()))
            {
                Fail("seed incorrect");
            }

            if (!parameters.Q.Equals(new BigInteger("E950511EAB424B9A19A2AEB4E159B7844C589C4F", 16)))
            {
                Fail("Q incorrect");
            }

            if (!parameters.P.Equals(new BigInteger(
                                         "E0A67598CD1B763B" +
                                         "C98C8ABB333E5DDA0CD3AA0E5E1FB5BA8A7B4EABC10BA338" +
                                         "FAE06DD4B90FDA70D7CF0CB0C638BE3341BEC0AF8A7330A3" +
                                         "307DED2299A0EE606DF035177A239C34A912C202AA5F83B9" +
                                         "C4A7CF0235B5316BFC6EFB9A248411258B30B839AF172440" +
                                         "F32563056CB67A861158DDD90E6A894C72A5BBEF9E286C6B", 16)))
            {
                Fail("P incorrect");
            }

            if (!parameters.G.Equals(new BigInteger(
                                         "D29D5121B0423C27" +
                                         "69AB21843E5A3240FF19CACC792264E3BB6BE4F78EDD1B15" +
                                         "C4DFF7F1D905431F0AB16790E1F773B5CE01C804E509066A" +
                                         "9919F5195F4ABC58189FD9FF987389CB5BEDF21B4DAB4F8B" +
                                         "76A055FFE2770988FE2EC2DE11AD92219F0B351869AC24DA" +
                                         "3D7BA87011A701CE8EE7BFE49486ED4527B7186CA4610A75", 16)))
            {
                Fail("G incorrect");
            }

            DsaKeyPairGenerator kpGen = new DsaKeyPairGenerator();

            kpGen.Init(new DsaKeyGenerationParameters(FixedSecureRandom.From(Hex.Decode("D0EC4E50BB290A42E9E355C73D8809345DE2E139")), parameters));

            AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();

            DsaPublicKeyParameters  pub  = (DsaPublicKeyParameters)kp.Public;
            DsaPrivateKeyParameters priv = (DsaPrivateKeyParameters)kp.Private;

            if (!pub.Y.Equals(new BigInteger(
                                  "25282217F5730501" +
                                  "DD8DBA3EDFCF349AAFFEC20921128D70FAC44110332201BB" +
                                  "A3F10986140CBB97C726938060473C8EC97B4731DB004293" +
                                  "B5E730363609DF9780F8D883D8C4D41DED6A2F1E1BBBDC97" +
                                  "9E1B9D6D3C940301F4E978D65B19041FCF1E8B518F5C0576" +
                                  "C770FE5A7A485D8329EE2914A2DE1B5DA4A6128CEAB70F79", 16)))
            {
                Fail("Y value incorrect");
            }

            if (!priv.X.Equals(
                    new BigInteger("D0EC4E50BB290A42E9E355C73D8809345DE2E139", 16)))
            {
                Fail("X value incorrect");
            }

            DsaSigner signer = new DsaSigner();

            signer.Init(true, new ParametersWithRandom(kp.Private, FixedSecureRandom.From(Hex.Decode("349C55648DCF992F3F33E8026CFAC87C1D2BA075"))));

            byte[] msg = Hex.Decode("A9993E364706816ABA3E25717850C26C9CD0D89D");

            BigInteger[] sig = signer.GenerateSignature(msg);

            if (!sig[0].Equals(new BigInteger("636155AC9A4633B4665D179F9E4117DF68601F34", 16)))
            {
                Fail("R value incorrect");
            }

            if (!sig[1].Equals(new BigInteger("6C540B02D9D4852F89DF8CFC99963204F4347704", 16)))
            {
                Fail("S value incorrect");
            }

            signer.Init(false, kp.Public);

            if (!signer.VerifySignature(msg, sig[0], sig[1]))
            {
                Fail("signature not verified");
            }
        }
Beispiel #17
0
        /// <summary>
        ///   Creates a new signing key pair
        /// </summary>
        /// <param name="name">The name of the key or zone</param>
        /// <param name="recordClass">The record class of the DnsKeyRecord</param>
        /// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param>
        /// <param name="flags">The Flags of the DnsKeyRecord</param>
        /// <param name="protocol">The protocol version</param>
        /// <param name="algorithm">The key algorithm</param>
        /// <param name="keyStrength">The key strength or 0 for default strength</param>
        /// <returns></returns>
        public static DnsKeyRecord CreateSigningKey(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, int keyStrength = 0)
        {
            byte[] privateKey;
            byte[] publicKey;

            switch (algorithm)
            {
            case DnsSecAlgorithm.RsaSha1:
            case DnsSecAlgorithm.RsaSha1Nsec3Sha1:
            case DnsSecAlgorithm.RsaSha256:
            case DnsSecAlgorithm.RsaSha512:
                if (keyStrength == 0)
                {
                    keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024;
                }

                RsaKeyPairGenerator rsaKeyGen = new RsaKeyPairGenerator();
                rsaKeyGen.Init(new KeyGenerationParameters(_secureRandom, keyStrength));
                var rsaKey = rsaKeyGen.GenerateKeyPair();
                privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded();
                var rsaPublicKey = (RsaKeyParameters)rsaKey.Public;
                var rsaExponent  = rsaPublicKey.Exponent.ToByteArrayUnsigned();
                var rsaModulus   = rsaPublicKey.Modulus.ToByteArrayUnsigned();

                int offset = 1;
                if (rsaExponent.Length > 255)
                {
                    publicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length];
                    DnsMessageBase.EncodeUShort(publicKey, ref offset, (ushort)publicKey.Length);
                }
                else
                {
                    publicKey    = new byte[1 + rsaExponent.Length + rsaModulus.Length];
                    publicKey[0] = (byte)rsaExponent.Length;
                }
                DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaExponent);
                DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaModulus);
                break;

            case DnsSecAlgorithm.Dsa:
            case DnsSecAlgorithm.DsaNsec3Sha1:
                if (keyStrength == 0)
                {
                    keyStrength = 1024;
                }

                DsaParametersGenerator dsaParamsGen = new DsaParametersGenerator();
                dsaParamsGen.Init(keyStrength, 12, _secureRandom);
                DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator();
                dsaKeyGen.Init(new DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters()));
                var dsaKey = dsaKeyGen.GenerateKeyPair();
                privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded();
                var dsaPublicKey = (DsaPublicKeyParameters)dsaKey.Public;

                var dsaY = dsaPublicKey.Y.ToByteArrayUnsigned();
                var dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned();
                var dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned();
                var dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned();
                var dsaT = (byte)((dsaY.Length - 64) / 8);

                publicKey    = new byte[21 + 3 * dsaY.Length];
                publicKey[0] = dsaT;
                dsaQ.CopyTo(publicKey, 1);
                dsaP.CopyTo(publicKey, 21);
                dsaG.CopyTo(publicKey, 21 + dsaY.Length);
                dsaY.CopyTo(publicKey, 21 + 2 * dsaY.Length);
                break;

            case DnsSecAlgorithm.EccGost:
                ECDomainParameters gostEcDomainParameters = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA);

                var gostKeyGen = new ECKeyPairGenerator();
                gostKeyGen.Init(new ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom));

                var gostKey = gostKeyGen.GenerateKeyPair();
                privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded();
                var gostPublicKey = (ECPublicKeyParameters)gostKey.Public;

                publicKey = new byte[64];

                gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32);
                gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0);

                publicKey = publicKey.Reverse().ToArray();
                break;

            case DnsSecAlgorithm.EcDsaP256Sha256:
            case DnsSecAlgorithm.EcDsaP384Sha384:
                int            ecDsaDigestSize;
                X9ECParameters ecDsaCurveParameter;

                if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256)
                {
                    ecDsaDigestSize     = new Sha256Digest().GetDigestSize();
                    ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP256r1);
                }
                else
                {
                    ecDsaDigestSize     = new Sha384Digest().GetDigestSize();
                    ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP384r1);
                }

                ECDomainParameters ecDsaP384EcDomainParameters = new ECDomainParameters(
                    ecDsaCurveParameter.Curve,
                    ecDsaCurveParameter.G,
                    ecDsaCurveParameter.N,
                    ecDsaCurveParameter.H,
                    ecDsaCurveParameter.GetSeed());

                var ecDsaKeyGen = new ECKeyPairGenerator();
                ecDsaKeyGen.Init(new ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom));

                var ecDsaKey = ecDsaKeyGen.GenerateKeyPair();
                privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded();
                var ecDsaPublicKey = (ECPublicKeyParameters)ecDsaKey.Public;

                publicKey = new byte[ecDsaDigestSize * 2];

                ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0);
                ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize);
                break;

            default:
                throw new NotSupportedException();
            }

            return(new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, privateKey));
        }
Beispiel #18
0
        public static SshKey CreateKey(SshVersion version,
                                       PublicKeyAlgorithm algorithm, string comment = "")
        {
            if (version == SshVersion.SSH1 &&
                algorithm != PublicKeyAlgorithm.SSH_RSA)
            {
                throw new Exception("unsupported version/algorithm combination");
            }

            switch (algorithm)
            {
            case PublicKeyAlgorithm.SSH_RSA:
            case PublicKeyAlgorithm.SSH_RSA_CERT_V1:
                KeyGenerationParameters keyGenParam =
                    new KeyGenerationParameters(secureRandom, 512);

                var rsaKeyPairGen = new RsaKeyPairGenerator();
                rsaKeyPairGen.Init(keyGenParam);
                var keyPair = rsaKeyPairGen.GenerateKeyPair();
                var rsaKey  = new SshKey(version, keyPair, comment);
                return(rsaKey);

            case PublicKeyAlgorithm.SSH_DSS:
            case PublicKeyAlgorithm.SSH_DSS_CERT_V1:
                DsaParametersGenerator dsaParamGen = new DsaParametersGenerator();
                dsaParamGen.Init(512, 10, secureRandom);
                DsaParameters dsaParam = dsaParamGen.GenerateParameters();
                DsaKeyGenerationParameters dsaKeyGenParam =
                    new DsaKeyGenerationParameters(secureRandom, dsaParam);
                DsaKeyPairGenerator dsaKeyPairGen = new DsaKeyPairGenerator();
                dsaKeyPairGen.Init(dsaKeyGenParam);
                keyPair = dsaKeyPairGen.GenerateKeyPair();
                var dsaKey = new SshKey(SshVersion.SSH2, keyPair);
                dsaKey.Comment = comment;
                return(dsaKey);

            case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256:
            case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256_CERT_V1:
                X9ECParameters ecdsa256X9Params =
                    SecNamedCurves.GetByName("secp256r1");
                ECDomainParameters ecdsa256DomainParams =
                    new ECDomainParameters(ecdsa256X9Params.Curve, ecdsa256X9Params.G,
                                           ecdsa256X9Params.N, ecdsa256X9Params.H);
                ECKeyGenerationParameters ecdsa256GenParams =
                    new ECKeyGenerationParameters(ecdsa256DomainParams, secureRandom);
                ECKeyPairGenerator ecdsa256Gen = new ECKeyPairGenerator();
                ecdsa256Gen.Init(ecdsa256GenParams);
                keyPair = ecdsa256Gen.GenerateKeyPair();
                var ecdsa256Key = new SshKey(SshVersion.SSH2, keyPair);
                ecdsa256Key.Comment = comment;
                return(ecdsa256Key);

            case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384:
            case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384_CERT_V1:
                X9ECParameters ecdsa384X9Params =
                    SecNamedCurves.GetByName("secp384r1");
                ECDomainParameters ecdsa384DomainParams =
                    new ECDomainParameters(ecdsa384X9Params.Curve, ecdsa384X9Params.G,
                                           ecdsa384X9Params.N, ecdsa384X9Params.H);
                ECKeyGenerationParameters ecdsa384GenParams =
                    new ECKeyGenerationParameters(ecdsa384DomainParams, secureRandom);
                ECKeyPairGenerator ecdsa384Gen = new ECKeyPairGenerator();
                ecdsa384Gen.Init(ecdsa384GenParams);
                keyPair = ecdsa384Gen.GenerateKeyPair();
                var ecdsa384Key = new SshKey(SshVersion.SSH2, keyPair);
                ecdsa384Key.Comment = comment;
                return(ecdsa384Key);

            case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521:
            case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521_CERT_V1:
                X9ECParameters ecdsa521X9Params =
                    SecNamedCurves.GetByName("secp521r1");
                ECDomainParameters ecdsa521DomainParams =
                    new ECDomainParameters(ecdsa521X9Params.Curve, ecdsa521X9Params.G,
                                           ecdsa521X9Params.N, ecdsa521X9Params.H);
                ECKeyGenerationParameters ecdsa521GenParams =
                    new ECKeyGenerationParameters(ecdsa521DomainParams, secureRandom);
                ECKeyPairGenerator ecdsa521Gen = new ECKeyPairGenerator();
                ecdsa521Gen.Init(ecdsa521GenParams);
                keyPair = ecdsa521Gen.GenerateKeyPair();
                var ecdsa521Key = new SshKey(SshVersion.SSH2, keyPair);
                ecdsa521Key.Comment = comment;
                return(ecdsa521Key);

            case PublicKeyAlgorithm.ED25519:
            case PublicKeyAlgorithm.ED25519_CERT_V1:
                var privateKeySeed  = secureRandom.GenerateSeed(Ed25519.PrivateKeySeedSizeInBytes);
                var publicKeyBytes  = new byte[Ed25519.PublicKeySizeInBytes];
                var privateKeyBytes = new byte[Ed25519.ExpandedPrivateKeySizeInBytes];
                Ed25519.KeyPairFromSeed(out publicKeyBytes, out privateKeyBytes, privateKeySeed);
                var publicKey  = new Ed25519PublicKeyParameter(publicKeyBytes);
                var privateKey = new Ed25519PrivateKeyParameter(privateKeyBytes);
                var ed25519Key = new SshKey(SshVersion.SSH2, publicKey, privateKey, comment);
                return(ed25519Key);

            default:
                throw new Exception("unsupported algorithm");
            }
        }