Ejemplo n.º 1
0
        /// <summary>
        /// Get the signature alogorithm.
        /// </summary>
        /// <param name="signatureAlgorithm">The RSA signature algorithm.</param>
        /// <returns>The signature.</returns>
        private string GetSignatureAlgorithm(Nequeo.Cryptography.Signing.SignatureAlgorithm signatureAlgorithm = Nequeo.Cryptography.Signing.SignatureAlgorithm.SHA512withRSA)
        {
            string signature = "SHA-1withRSA";

            // Select the signature.
            switch (signatureAlgorithm)
            {
            case Signing.SignatureAlgorithm.MD5withRSA:
                signature = "MD5WITHRSA";
                break;

            case Signing.SignatureAlgorithm.SHA1withRSA:
                signature = "SHA1WITHRSA";
                break;

            case Signing.SignatureAlgorithm.SHA224withRSA:
                signature = "SHA224WITHRSA";
                break;

            case Signing.SignatureAlgorithm.SHA256withRSA:
                signature = "SHA256WITHRSA";
                break;

            case Signing.SignatureAlgorithm.SHA384withRSA:
                signature = "SHA384WITHRSA";
                break;

            case Signing.SignatureAlgorithm.SHA512withRSA:
                signature = "SHA512WITHRSA";
                break;
            }

            // Return the signature
            return(signature);
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Generate an X509 certificate.
        /// </summary>
        /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
        /// <param name="publicKey">The public key of the issuer that is signing this certificate.</param>
        /// <param name="serialNumber">The certificate serial number.</param>
        /// <param name="issuerDN">The issuer.</param>
        /// <param name="subjectDN">The subject.</param>
        /// <param name="notBefore">Not before date.</param>
        /// <param name="notAfter">Not after data.</param>
        /// <param name="publicExponent">The public exponent (e; the public key is now represented as {e, n}).</param>
        /// <param name="strength">The strength of the cipher.</param>
        /// <param name="signatureAlgorithm">The signature algorithm to use.</param>
        /// <returns>The X509 certificate.</returns>
        public X509Certificate2 Generate(RSACryptoServiceProvider privateKey, RSACryptoServiceProvider publicKey, long serialNumber,
                                         Openssl.Subject issuerDN, Openssl.Subject subjectDN, DateTime notBefore, DateTime notAfter, long publicExponent = 3, int strength = 4096,
                                         Nequeo.Cryptography.Signing.SignatureAlgorithm signatureAlgorithm = Nequeo.Cryptography.Signing.SignatureAlgorithm.SHA512withRSA)
        {
            // Clear the certificate.
            _certificate    = null;
            _subjectDN      = subjectDN;
            _rsPrivateParam = null;

            // Create the rsa key paramaters from the strength and public exponent.
            Key.Crypto.Generators.RsaKeyPairGenerator        keyPair      = new Key.Crypto.Generators.RsaKeyPairGenerator();
            Key.Crypto.Parameters.RsaKeyGenerationParameters keyPairParam =
                new Key.Crypto.Parameters.RsaKeyGenerationParameters(
                    Key.Math.BigInteger.ValueOf(publicExponent), new Key.Security.SecureRandom(), strength, 25);

            // Initialise the parameters and generate the public private key pair.
            keyPair.Init(keyPairParam);
            Key.Crypto.AsymmetricCipherKeyPair rsaKeyPair = keyPair.GenerateKeyPair();

            // Assign the rsa parameters.
            RSAParameters rsaParam = new RSAParameters();

            Key.Crypto.Parameters.RsaKeyParameters rsaPublicParam = (Key.Crypto.Parameters.RsaKeyParameters)rsaKeyPair.Public;
            _rsPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)rsaKeyPair.Private;

            rsaParam.D        = _rsPrivateParam.Exponent.ToByteArrayUnsigned();
            rsaParam.DP       = _rsPrivateParam.DP.ToByteArrayUnsigned();
            rsaParam.DQ       = _rsPrivateParam.DQ.ToByteArrayUnsigned();
            rsaParam.InverseQ = _rsPrivateParam.QInv.ToByteArrayUnsigned();
            rsaParam.P        = _rsPrivateParam.P.ToByteArrayUnsigned();
            rsaParam.Q        = _rsPrivateParam.Q.ToByteArrayUnsigned();
            rsaParam.Modulus  = _rsPrivateParam.Modulus.ToByteArrayUnsigned();
            rsaParam.Exponent = _rsPrivateParam.PublicExponent.ToByteArrayUnsigned();

            // Create the encyption provider.
            RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider();

            rsaProvider.ImportParameters(rsaParam);

            // Create a new certificate generator.
            Key.X509.X509V3CertificateGenerator certGenerator = new Key.X509.X509V3CertificateGenerator();
            certGenerator.Reset();

            // Set the certificate values.
            certGenerator.SetSerialNumber(Key.Math.BigInteger.ValueOf(serialNumber));
            certGenerator.SetIssuerDN(GetNames(issuerDN));
            certGenerator.SetSubjectDN(GetNames(subjectDN));
            certGenerator.SetNotBefore(notBefore);
            certGenerator.SetNotAfter(notAfter);
            certGenerator.SetPublicKey(rsaPublicParam);
            certGenerator.SetSignatureAlgorithm(GetSignatureAlgorithm(signatureAlgorithm));

            // Export the signer private key parameters.
            RSAParameters rsaPrivateKeySignerParam = privateKey.ExportParameters(true);

            Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaPrivateKeySigner =
                new Key.Crypto.Parameters.RsaPrivateCrtKeyParameters(
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.Modulus),
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.Exponent),
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.D),
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.P),
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.Q),
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.DP),
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.DQ),
                    new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.InverseQ)
                    );

            // Export the signer public key parameters.
            RSAParameters rsaPublicKeySignerParam = publicKey.ExportParameters(false);

            Key.Crypto.Parameters.RsaKeyParameters rsaPublicKeySigner =
                new Key.Crypto.Parameters.RsaKeyParameters(
                    false,
                    new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Modulus),
                    new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Exponent)
                    );

            // Add the extensions
            certGenerator.AddExtension(
                Key.Asn1.X509.X509Extensions.SubjectKeyIdentifier,
                false,
                new Key.X509.Extension.SubjectKeyIdentifierStructure(rsaPublicParam));

            certGenerator.AddExtension(
                Key.Asn1.X509.X509Extensions.AuthorityKeyIdentifier,
                false,
                new Key.X509.Extension.AuthorityKeyIdentifierStructure(rsaPublicKeySigner));

            // Create the certificate.
            _certificate = certGenerator.Generate(rsaPrivateKeySigner);
            _certificate.CheckValidity(DateTime.UtcNow);
            _certificate.Verify(rsaPublicKeySigner);
            byte[] raw = _certificate.GetEncoded();

            // Return the certificate.
            X509Certificate2 x509Certificate2 = new X509Certificate2(raw);

            x509Certificate2.PrivateKey   = rsaProvider;
            x509Certificate2.FriendlyName = subjectDN.CommonName;
            return(x509Certificate2);
        }