GenerateDsaKeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength)
{
Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen = new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator();
Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator pGen = new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator();
pGen.Init(keystrength, 80, random); //TODO:
Org.BouncyCastle.Crypto.Parameters.DsaParameters parameters = pGen.GenerateParameters();
Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(random, parameters);
keypairGen.Init(genParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = keypairGen.GenerateKeyPair();
return(kp);
}
} // End Function GenerateRsaKeyPair
public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateDsaKeyPair(
int length
, Org.BouncyCastle.Security.SecureRandom secureRandom
)
{
Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator paramgen =
new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator();
paramgen.Init(length, 100, secureRandom);
Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters param = new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(secureRandom, paramgen.GenerateParameters());
Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator keyGenerator =
new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator();
keyGenerator.Init(param);
return(keyGenerator.GenerateKeyPair());
} // End Function GenerateDsaKeyPair
/// <summary>
/// Creates a new signing key pair
/// </summary>
/// <param name="name">The name of the key or zone</param>
/// <param name="recordClass">The record class of the DnsKeyRecord</param>
/// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param>
/// <param name="flags">The Flags of the DnsKeyRecord</param>
/// <param name="protocol">The protocol version</param>
/// <param name="algorithm">The key algorithm</param>
/// <param name="keyStrength">The key strength or 0 for default strength</param>
/// <returns></returns>
public static KeyPairRecord CreateSigningKey(DnsSecAlgorithm algorithm, DnsKeyFlags flags, int keyStrength = 0)
{
// Found in DnsKeyRecord.CreateSigningKey
KeyPairRecord rec = new KeyPairRecord();
rec.Flags = flags;
rec.Algorithm = algorithm;
Org.BouncyCastle.Security.SecureRandom _secureRandom =
new Org.BouncyCastle.Security.SecureRandom(new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator());
// https://csharp.hotexamples.com/examples/Org.BouncyCastle.Crypto.Generators/DsaKeyPairGenerator/GenerateKeyPair/php-dsakeypairgenerator-generatekeypair-method-examples.html
switch (algorithm)
{
case DnsSecAlgorithm.RsaSha1:
case DnsSecAlgorithm.RsaSha1Nsec3Sha1:
case DnsSecAlgorithm.RsaSha256:
case DnsSecAlgorithm.RsaSha512:
if (keyStrength == 0)
{
keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024;
}
Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator rsaKeyGen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator();
rsaKeyGen.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(_secureRandom, keyStrength));
var rsaKey = rsaKeyGen.GenerateKeyPair();
rec.KeyPair = rsaKey;
rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded();
var rsaPublicKey = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)rsaKey.Public;
var rsaExponent = rsaPublicKey.Exponent.ToByteArrayUnsigned();
var rsaModulus = rsaPublicKey.Modulus.ToByteArrayUnsigned();
int offset = 1;
if (rsaExponent.Length > 255)
{
rec.PublicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length];
EncodeUShort(rec.PublicKey, ref offset, (ushort)rec.PublicKey.Length);
}
else
{
rec.PublicKey = new byte[1 + rsaExponent.Length + rsaModulus.Length];
rec.PublicKey[0] = (byte)rsaExponent.Length;
}
EncodeByteArray(rec.PublicKey, ref offset, rsaExponent);
EncodeByteArray(rec.PublicKey, ref offset, rsaModulus);
break;
case DnsSecAlgorithm.Dsa:
case DnsSecAlgorithm.DsaNsec3Sha1:
if (keyStrength == 0)
{
keyStrength = 1024;
}
Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator dsaParamsGen = new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator();
dsaParamsGen.Init(keyStrength, 12, _secureRandom);
Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator dsaKeyGen = new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator();
dsaKeyGen.Init(new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters()));
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair dsaKey = dsaKeyGen.GenerateKeyPair();
rec.KeyPair = dsaKey;
rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded();
var dsaPublicKey = (Org.BouncyCastle.Crypto.Parameters.DsaPublicKeyParameters)dsaKey.Public;
byte[] dsaY = dsaPublicKey.Y.ToByteArrayUnsigned();
byte[] dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned();
byte[] dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned();
byte[] dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned();
byte dsaT = (byte)((dsaY.Length - 64) / 8);
rec.PublicKey = new byte[21 + 3 * dsaY.Length];
rec.PublicKey[0] = dsaT;
dsaQ.CopyTo(rec.PublicKey, 1);
dsaP.CopyTo(rec.PublicKey, 21);
dsaG.CopyTo(rec.PublicKey, 21 + dsaY.Length);
dsaY.CopyTo(rec.PublicKey, 21 + 2 * dsaY.Length);
break;
case DnsSecAlgorithm.EccGost:
Org.BouncyCastle.Crypto.Parameters.ECDomainParameters gostEcDomainParameters = Org.BouncyCastle.Asn1.CryptoPro.ECGost3410NamedCurves.GetByOid(Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA);
var gostKeyGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
gostKeyGen.Init(new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom));
var gostKey = gostKeyGen.GenerateKeyPair();
rec.KeyPair = gostKey;
rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded();
var gostPublicKey = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)gostKey.Public;
rec.PublicKey = new byte[64];
// gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32);
gostPublicKey.Q.AffineXCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, 32);
// gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0);
gostPublicKey.Q.AffineYCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, 0);
System.Array.Reverse(rec.PublicKey);
break;
case DnsSecAlgorithm.EcDsaP256Sha256:
case DnsSecAlgorithm.EcDsaP384Sha384:
int ecDsaDigestSize;
Org.BouncyCastle.Asn1.X9.X9ECParameters ecDsaCurveParameter;
if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256)
{
ecDsaDigestSize = new Org.BouncyCastle.Crypto.Digests.Sha256Digest().GetDigestSize();
ecDsaCurveParameter = Org.BouncyCastle.Asn1.Nist.NistNamedCurves.GetByOid(Org.BouncyCastle.Asn1.Sec.SecObjectIdentifiers.SecP256r1);
}
else
{
ecDsaDigestSize = new Org.BouncyCastle.Crypto.Digests.Sha384Digest().GetDigestSize();
ecDsaCurveParameter = Org.BouncyCastle.Asn1.Nist.NistNamedCurves.GetByOid(Org.BouncyCastle.Asn1.Sec.SecObjectIdentifiers.SecP384r1);
}
Org.BouncyCastle.Crypto.Parameters.ECDomainParameters ecDsaP384EcDomainParameters = new Org.BouncyCastle.Crypto.Parameters.ECDomainParameters(
ecDsaCurveParameter.Curve,
ecDsaCurveParameter.G,
ecDsaCurveParameter.N,
ecDsaCurveParameter.H,
ecDsaCurveParameter.GetSeed());
var ecDsaKeyGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
ecDsaKeyGen.Init(new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom));
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair ecDsaKey = ecDsaKeyGen.GenerateKeyPair();
rec.KeyPair = ecDsaKey;
rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded();
var ecDsaPublicKey = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)ecDsaKey.Public;
rec.PublicKey = new byte[ecDsaDigestSize * 2];
// ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0);
ecDsaPublicKey.Q.AffineXCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, 0);
// ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize);
ecDsaPublicKey.Q.AffineYCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, ecDsaDigestSize);
break;
default:
throw new System.NotSupportedException();
}
// return new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, rec.PublicKey, rec.PrivateKey);
return(rec);
}
