private const AsymmetricAlgorithm RsaType = AsymmetricAlgorithm.RsaPkcs1; //or OeapSha1 and OaepSha256
public void GenerateKeys()
{
ICryptographicKey key = GetAsymmetricKeyAlgorithm().CreateKeyPair(RsaKeySize);
PrivateKey = key.Export(CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey);
PublicKey = key.ExportPublicKey(CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey);
}
public void KeyPairRoundTrip()
{
foreach (var algorithm in KeyAlgorithmsToTest)
{
Debug.WriteLine("** Algorithm: {0} **", algorithm.Key);
var keyAlgorithm = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(algorithm.Key);
using (ICryptographicKey key = keyAlgorithm.CreateKeyPair(algorithm.Value))
{
int supportedFormats = 0;
foreach (CryptographicPrivateKeyBlobType format in Enum.GetValues(typeof(CryptographicPrivateKeyBlobType)))
{
try
{
byte[] keyBlob = key.Export(format);
using (var key2 = keyAlgorithm.ImportKeyPair(keyBlob, format))
{
byte[] key2Blob = key2.Export(format);
Assert.AreEqual(Convert.ToBase64String(keyBlob), Convert.ToBase64String(key2Blob));
Debug.WriteLine("Format {0} supported.", format);
Debug.WriteLine(Convert.ToBase64String(keyBlob));
supportedFormats++;
}
}
catch (NotSupportedException)
{
Debug.WriteLine("Format {0} NOT supported.", format);
}
}
Assert.IsTrue(supportedFormats > 0, "No supported formats.");
}
}
}
public void CreateSymmetricKey_Export()
{
var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
ICryptographicKey key = provider.CreateSymmetricKey(this.keyMaterial);
Assert.Throws <NotSupportedException>(
() => key.Export());
}
public void CreateKey_NotExportable()
{
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha1);
ICryptographicKey key = algorithm.CreateKey(this.keyMaterial);
ExceptionAssert.Throws <NotSupportedException>(
() => key.Export());
ExceptionAssert.Throws <NotSupportedException>(
() => key.ExportPublicKey());
}
/// <summary>
/// Exports the RSA parameters of a cryptographic key.
/// </summary>
/// <param name="key">The cryptographic key.</param>
/// <param name="includePrivateParameters"><c>true</c> to include the private key in the exported parameters; <c>false</c> to only include the public key.</param>
/// <returns>The RSA parameters for the key.</returns>
public static RSAParameters ExportParameters(this ICryptographicKey key, bool includePrivateParameters)
{
Requires.NotNull(key, nameof(key));
byte[] keyBlob = includePrivateParameters
? key.Export(CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey)
: key.ExportPublicKey(CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey);
RSAParameters parameters = KeyFormatter.Pkcs1.Read(keyBlob);
return(parameters);
}
public void RSAParametersPrivateKeyRoundtrip()
{
IAsymmetricKeyAlgorithmProvider?rsa = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
ICryptographicKey?keyPair = rsa.CreateKeyPair(512);
RSAParameters parameters = keyPair.ExportParameters(includePrivateParameters: true);
ICryptographicKey keyPair2 = rsa.ImportParameters(parameters);
var blob1 = keyPair.Export();
var blob2 = keyPair2.Export();
CollectionAssertEx.AreEqual(blob1, blob2);
}
/// <summary>Exports the RSA parameters of a cryptographic key.</summary>
/// <param name="key">The cryptographic key.</param>
/// <param name="includePrivateParameters"><c>true</c> to include the private key in the exported parameters; <c>false</c> to only include the public key.</param>
/// <returns>The RSA parameters for the key.</returns>
public static RSAParameters ExportParameters(this ICryptographicKey key, bool includePrivateParameters)
{
#if PCL
throw new NotImplementedException("Not implemented in reference assembly.");
#else
Requires.NotNull(key, "key");
byte[] keyBlob = includePrivateParameters
? key.Export(CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey)
: key.ExportPublicKey(CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey);
RSAParameters parameters = KeyFormatter.Pkcs1.Read(keyBlob);
return(parameters);
#endif
}
public void KeyPairRoundTrip(AsymmetricAlgorithm algorithm, int keySize, CryptographicPrivateKeyBlobType format)
{
IAsymmetricKeyAlgorithmProvider keyAlgorithm = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(algorithm);
using (ICryptographicKey key = keyAlgorithm.CreateKeyPair(keySize))
{
byte[] keyBlob = key.Export(format);
using (var key2 = keyAlgorithm.ImportKeyPair(keyBlob, format))
{
byte[] key2Blob = key2.Export(format);
Assert.Equal(Convert.ToBase64String(keyBlob), Convert.ToBase64String(key2Blob));
this.logger.WriteLine(Convert.ToBase64String(keyBlob));
}
}
}
private ICryptographicKey GetAppCryptoKey()
{
var asym = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaPkcs1);
ICryptographicKey key = null;
if (!string.IsNullOrEmpty(AccountEncryptionKey))
{
var blob = Encoding.UTF8.GetBytes(AccountEncryptionKey);
key = asym.ImportKeyPair(blob);
}
else
{
key = asym.CreateKeyPair(512);
var blob = key.Export();
AccountEncryptionKey = Encoding.UTF8.GetString(blob, 0, blob.Length);
}
return(key);
}
/// <summary>
/// Initializes a new instance of the <see cref="OwnEndpoint" /> class.
/// </summary>
/// <param name="signingKey">The signing key.</param>
/// <param name="encryptionKey">The encryption key.</param>
/// <param name="inboxOwnerCode">The secret that proves ownership of the inbox at the <see cref="Endpoint.MessageReceivingEndpoint" />.</param>
public OwnEndpoint(ICryptographicKey signingKey, ICryptographicKey encryptionKey, string inboxOwnerCode = null)
: this()
{
Requires.NotNull(signingKey, "signingKey");
Requires.NotNull(encryptionKey, "encryptionKey");
this.PublicEndpoint = new Endpoint
{
SigningKeyPublicMaterial = signingKey.ExportPublicKey(CryptoSettings.PublicKeyFormat),
EncryptionKeyPublicMaterial = encryptionKey.ExportPublicKey(CryptoSettings.PublicKeyFormat),
};
// We could preserve the key instances, but that could make
// our behavior a little less repeatable if we had problems
// with key serialization.
////this.signingKey = signingKey;
////this.encryptionKey = encryptionKey;
// Since this is a new endpoint we can choose a more modern format for the private keys.
this.PrivateKeyFormat = CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo;
this.SigningKeyPrivateMaterial = signingKey.Export(this.PrivateKeyFormat);
this.EncryptionKeyPrivateMaterial = encryptionKey.Export(this.PrivateKeyFormat);
this.InboxOwnerCode = inboxOwnerCode;
}
/// <summary>
/// Initializes a new instance of the <see cref="OwnEndpoint" /> class.
/// </summary>
/// <param name="signingKey">The signing key.</param>
/// <param name="encryptionKey">The encryption key.</param>
/// <param name="inboxOwnerCode">The secret that proves ownership of the inbox at the <see cref="Endpoint.MessageReceivingEndpoint" />.</param>
public OwnEndpoint(ICryptographicKey signingKey, ICryptographicKey encryptionKey, string inboxOwnerCode = null)
: this()
{
Requires.NotNull(signingKey, "signingKey");
Requires.NotNull(encryptionKey, "encryptionKey");
this.PublicEndpoint = new Endpoint
{
SigningKeyPublicMaterial = signingKey.ExportPublicKey(CryptoSettings.PublicKeyFormat),
EncryptionKeyPublicMaterial = encryptionKey.ExportPublicKey(CryptoSettings.PublicKeyFormat),
};
// We could preserve the key instances, but that could make
// our behavior a little less repeatable if we had problems
// with key serialization.
////this.signingKey = signingKey;
////this.encryptionKey = encryptionKey;
// Since this is a new endpoint we can choose a more modern format for the private keys.
this.PrivateKeyFormat = CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo;
this.SigningKeyPrivateMaterial = signingKey.Export(this.PrivateKeyFormat);
this.EncryptionKeyPrivateMaterial = encryptionKey.Export(this.PrivateKeyFormat);
this.InboxOwnerCode = inboxOwnerCode;
}
