public static Asn1Encodable GenerateAlgorithmParameters(
DerObjectIdentifier cipherAlgorithm,
DerObjectIdentifier hashAlgorithm,
byte[] salt,
int iterationCount,
SecureRandom secureRandom)
{
EncryptionScheme encScheme;
if (NistObjectIdentifiers.IdAes128Cbc.Equals(cipherAlgorithm) ||
NistObjectIdentifiers.IdAes192Cbc.Equals(cipherAlgorithm) ||
NistObjectIdentifiers.IdAes256Cbc.Equals(cipherAlgorithm) ||
NistObjectIdentifiers.IdAes128Cfb.Equals(cipherAlgorithm) ||
NistObjectIdentifiers.IdAes192Cfb.Equals(cipherAlgorithm) ||
NistObjectIdentifiers.IdAes256Cfb.Equals(cipherAlgorithm))
{
byte[] iv = new byte[16];
secureRandom.NextBytes(iv);
encScheme = new EncryptionScheme(cipherAlgorithm, new DerOctetString(iv));
}
else
{
throw new ArgumentException("unknown cipher: " + cipherAlgorithm);
}
KeyDerivationFunc func = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(salt, iterationCount, new AlgorithmIdentifier(hashAlgorithm, DerNull.Instance)));
return(new PbeS2Parameters(func, encScheme));
}
public PbeS2Parameters(Asn1Sequence seq)
{
if (seq.Count != 2)
{
throw new ArgumentException("Wrong number of elements in sequence", "seq");
}
Asn1Sequence asn1Sequence = (Asn1Sequence)seq[0].ToAsn1Object();
if (asn1Sequence[0].Equals(PkcsObjectIdentifiers.IdPbkdf2))
{
func = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, Pbkdf2Params.GetInstance(asn1Sequence[1]));
}
else
{
func = new KeyDerivationFunc(asn1Sequence);
}
scheme = EncryptionScheme.GetInstance(seq[1].ToAsn1Object());
}
private static string EncryptPrivateKey(AsymmetricKeyParameter privateKey, string password)
{
// Create salts
byte[] aesIv = new byte[16];
byte[] keySalt = new byte[20];
SecureRandom randomGen = new SecureRandom();
randomGen.NextBytes(aesIv);
randomGen.NextBytes(keySalt);
try {
PrivateKeyInfo decryptedPrivateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey);
// Prepare encryption
Pkcs5S2ParametersGenerator pkcs5S2Gen = new Pkcs5S2ParametersGenerator();
pkcs5S2Gen.Init(PKCS5PasswordToBytes(password.ToCharArray()), keySalt, hashIterationCount);
ICipherParameters cipherParams = pkcs5S2Gen.GenerateDerivedParameters(NistObjectIdentifiers.IdAes256Cbc.Id, 256);
IBufferedCipher cipher = CipherUtilities.GetCipher(NistObjectIdentifiers.IdAes256Cbc);
cipher.Init(true, new ParametersWithIV(cipherParams, aesIv));
// Generate encrypted private key info
Asn1OctetString aesIvOctetString = new DerOctetString(aesIv);
KeyDerivationFunc keyFunction = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(keySalt, hashIterationCount));
EncryptionScheme encScheme = new EncryptionScheme(NistObjectIdentifiers.IdAes256Cbc, aesIvOctetString);
Asn1EncodableVector encryptionInfo = new Asn1EncodableVector {
keyFunction, encScheme
};
AlgorithmIdentifier algIdentifier = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdPbeS2, new DerSequence(encryptionInfo));
EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(algIdentifier, cipher.DoFinal(decryptedPrivateKeyInfo.GetEncoded()));
Org.BouncyCastle.Utilities.IO.Pem.PemObject pkPemObject = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded());
// Write the PEM object to a string
StringWriter txtWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(txtWriter);
pemWriter.WriteObject(pkPemObject);
pemWriter.Writer.Close();
return(txtWriter.ToString());
} catch (Exception e) {
throw new CryptoException("Could not encrypt private key.", e);
}
}
public PbeS2Parameters(KeyDerivationFunc keyDevFunc, EncryptionScheme encScheme)
{
func = keyDevFunc;
scheme = encScheme;
}
