Beispiel #1
0
        public static Asn1Encodable GenerateAlgorithmParameters(
            DerObjectIdentifier cipherAlgorithm,
            DerObjectIdentifier hashAlgorithm,
            byte[] salt,
            int iterationCount,
            SecureRandom secureRandom)
        {
            EncryptionScheme encScheme;

            if (NistObjectIdentifiers.IdAes128Cbc.Equals(cipherAlgorithm) ||
                NistObjectIdentifiers.IdAes192Cbc.Equals(cipherAlgorithm) ||
                NistObjectIdentifiers.IdAes256Cbc.Equals(cipherAlgorithm) ||
                NistObjectIdentifiers.IdAes128Cfb.Equals(cipherAlgorithm) ||
                NistObjectIdentifiers.IdAes192Cfb.Equals(cipherAlgorithm) ||
                NistObjectIdentifiers.IdAes256Cfb.Equals(cipherAlgorithm))
            {
                byte[] iv = new byte[16];
                secureRandom.NextBytes(iv);
                encScheme = new EncryptionScheme(cipherAlgorithm, new DerOctetString(iv));
            }
            else
            {
                throw new ArgumentException("unknown cipher: " + cipherAlgorithm);
            }

            KeyDerivationFunc func = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(salt, iterationCount, new AlgorithmIdentifier(hashAlgorithm, DerNull.Instance)));

            return(new PbeS2Parameters(func, encScheme));
        }
Beispiel #2
0
    public PbeS2Parameters(Asn1Sequence seq)
    {
        if (seq.Count != 2)
        {
            throw new ArgumentException("Wrong number of elements in sequence", "seq");
        }
        Asn1Sequence asn1Sequence = (Asn1Sequence)seq[0].ToAsn1Object();

        if (asn1Sequence[0].Equals(PkcsObjectIdentifiers.IdPbkdf2))
        {
            func = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, Pbkdf2Params.GetInstance(asn1Sequence[1]));
        }
        else
        {
            func = new KeyDerivationFunc(asn1Sequence);
        }
        scheme = EncryptionScheme.GetInstance(seq[1].ToAsn1Object());
    }
        private static string EncryptPrivateKey(AsymmetricKeyParameter privateKey, string password)
        {
            // Create salts
            byte[]       aesIv     = new byte[16];
            byte[]       keySalt   = new byte[20];
            SecureRandom randomGen = new SecureRandom();

            randomGen.NextBytes(aesIv);
            randomGen.NextBytes(keySalt);
            try {
                PrivateKeyInfo decryptedPrivateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey);

                // Prepare encryption
                Pkcs5S2ParametersGenerator pkcs5S2Gen = new Pkcs5S2ParametersGenerator();
                pkcs5S2Gen.Init(PKCS5PasswordToBytes(password.ToCharArray()), keySalt, hashIterationCount);
                ICipherParameters cipherParams = pkcs5S2Gen.GenerateDerivedParameters(NistObjectIdentifiers.IdAes256Cbc.Id, 256);
                IBufferedCipher   cipher       = CipherUtilities.GetCipher(NistObjectIdentifiers.IdAes256Cbc);
                cipher.Init(true, new ParametersWithIV(cipherParams, aesIv));

                // Generate encrypted private key info
                Asn1OctetString     aesIvOctetString = new DerOctetString(aesIv);
                KeyDerivationFunc   keyFunction      = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(keySalt, hashIterationCount));
                EncryptionScheme    encScheme        = new EncryptionScheme(NistObjectIdentifiers.IdAes256Cbc, aesIvOctetString);
                Asn1EncodableVector encryptionInfo   = new Asn1EncodableVector {
                    keyFunction, encScheme
                };
                AlgorithmIdentifier     algIdentifier                   = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdPbeS2, new DerSequence(encryptionInfo));
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo         = new EncryptedPrivateKeyInfo(algIdentifier, cipher.DoFinal(decryptedPrivateKeyInfo.GetEncoded()));
                Org.BouncyCastle.Utilities.IO.Pem.PemObject pkPemObject = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded());

                // Write the PEM object to a string
                StringWriter txtWriter = new StringWriter();
                PemWriter    pemWriter = new PemWriter(txtWriter);
                pemWriter.WriteObject(pkPemObject);
                pemWriter.Writer.Close();
                return(txtWriter.ToString());
            } catch (Exception e) {
                throw new CryptoException("Could not encrypt private key.", e);
            }
        }
Beispiel #4
0
 public PbeS2Parameters(KeyDerivationFunc keyDevFunc, EncryptionScheme encScheme)
 {
     func   = keyDevFunc;
     scheme = encScheme;
 }