byte[] EncryptAsymmetricKeyParameter (AsymmetricKeyParameter key)
{
var cipher = PbeUtilities.CreateEngine (EncryptionAlgorithm.Id) as IBufferedCipher;
var keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo (key);
var random = new SecureRandom ();
var salt = new byte[SaltSize];
if (cipher == null)
throw new Exception ("Unknown encryption algorithm: " + EncryptionAlgorithm.Id);
random.NextBytes (salt);
var pbeParameters = PbeUtilities.GenerateAlgorithmParameters (EncryptionAlgorithm.Id, salt, MinIterations);
var algorithm = new AlgorithmIdentifier (EncryptionAlgorithm, pbeParameters);
var cipherParameters = PbeUtilities.GenerateCipherParameters (algorithm, passwd);
if (cipherParameters == null)
throw new Exception ("BouncyCastle bug detected: Failed to generate cipher parameters.");
cipher.Init (true, cipherParameters);
var encoded = cipher.DoFinal (keyInfo.GetEncoded ());
var encrypted = new EncryptedPrivateKeyInfo (algorithm, encoded);
return encrypted.GetEncoded ();
}
public static AsymmetricKeyParameter DecryptKey(
char[] passPhrase,
EncryptedPrivateKeyInfo encInfo)
{
return CreateKey(PrivateKeyInfoFactory.CreatePrivateKeyInfo(passPhrase, encInfo));
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
char[] passPhrase,
bool wrongPkcs12Zero,
EncryptedPrivateKeyInfo encInfo)
{
AlgorithmIdentifier algID = encInfo.EncryptionAlgorithm;
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
if (cipher == null)
throw new Exception("Unknown encryption algorithm: " + algID.ObjectID);
ICipherParameters cipherParameters = PbeUtilities.GenerateCipherParameters(
algID, passPhrase, wrongPkcs12Zero);
cipher.Init(false, cipherParameters);
byte[] keyBytes = cipher.DoFinal(encInfo.GetEncryptedData());
return PrivateKeyInfo.GetInstance(keyBytes);
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
char[] passPhrase,
EncryptedPrivateKeyInfo encInfo)
{
return CreatePrivateKeyInfo(passPhrase, false, encInfo);
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
char[] passPhrase,
bool wrongPkcs12Zero,
EncryptedPrivateKeyInfo encInfo)
{
AlgorithmIdentifier algID = encInfo.EncryptionAlgorithm;
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
if (cipher == null)
{
// TODO Throw exception?
}
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
algID, passPhrase, wrongPkcs12Zero);
cipher.Init(false, keyParameters);
byte[] keyBytes = encInfo.GetEncryptedData();
byte[] encoding = cipher.DoFinal(keyBytes);
Asn1Object asn1Data = Asn1Object.FromByteArray(encoding);
return PrivateKeyInfo.GetInstance(asn1Data);
}
protected virtual void LoadPkcs8ShroudedKeyBag(EncryptedPrivateKeyInfo encPrivKeyInfo, Asn1Set bagAttributes,
char[] password, bool wrongPkcs12Zero)
{
if (password != null)
{
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, encPrivKeyInfo);
LoadKeyBag(privInfo, bagAttributes);
}
}
public override void PerformTest()
{
Asn1Sequence obj = (Asn1Sequence) Asn1Object.FromByteArray(pkcs12);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] octets = ((Asn1OctetString) info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence) Asn1Object.FromByteArray(octets));
ContentInfo[] c = authSafe.GetContentInfo();
//
// private key section
//
if (!c[0].ContentType.Equals(PkcsObjectIdentifiers.Data))
{
Fail("Failed comparison data test");
}
octets = ((Asn1OctetString)c[0].Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(octets);
SafeBag b = new SafeBag((Asn1Sequence)seq[0]);
if (!b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
Fail("Failed comparison shroudedKeyBag test");
}
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
encInfo = new EncryptedPrivateKeyInfo(encInfo.EncryptionAlgorithm, encInfo.GetEncryptedData());
b = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, encInfo.ToAsn1Object(), b.BagAttributes);
byte[] encodedBytes = new DerSequence(b).GetEncoded();
c[0] = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(encodedBytes));
//
// certificates
//
if (!c[1].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData))
{
Fail("Failed comparison encryptedData test");
}
EncryptedData eData = EncryptedData.GetInstance(c[1].Content);
c[1] = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, eData);
//
// create an octet stream to represent the BER encoding of authSafe
//
authSafe = new AuthenticatedSafe(c);
info = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(authSafe.GetEncoded()));
mData = new MacData(new DigestInfo(algId, dInfo.GetDigest()), salt, itCount);
bag = new Pfx(info, mData);
//
// comparison test
//
if (!Arrays.AreEqual(bag.GetEncoded(), pkcs12))
{
Fail("Failed comparison test");
}
}
