public bool VerifyHash(byte[] hash, byte[] signature, CngAlgorithm hashAlgorithm)
{
if (hash == null)
{
throw new ArgumentNullException("hash");
}
if (signature == null)
{
throw new ArgumentNullException("signature");
}
if (hashAlgorithm == null)
{
throw new ArgumentNullException("hashAlgorithm");
}
switch (SignaturePaddingMode)
{
case AsymmetricPaddingMode.Pkcs1:
return(NCryptNative.VerifySignaturePkcs1(KeyHandle, hash, hashAlgorithm.Algorithm, signature));
case AsymmetricPaddingMode.Pss:
return(NCryptNative.VerifySignaturePss(KeyHandle, hash, hashAlgorithm.Algorithm, SignatureSaltBytes, signature));
default:
throw new InvalidOperationException(Properties.Resources.UnsupportedPaddingMode);
}
}
/// <summary>
/// Get an enumerator containing a <see cref="CngProvider" /> for each of the installed NCrypt
/// key storage providers on the current machine.
/// </summary>
public IEnumerator <CngProvider> GetEnumerator()
{
foreach (NCryptNative.NCryptProviderName providerName in NCryptNative.EnumerateStorageProviders())
{
yield return(new CngProvider(providerName.pszName));
}
}
public static IEnumerable <CngKey> GetKeys(this CngProvider provider, CngKeyOpenOptions openOptions)
{
using (SafeNCryptProviderHandle providerHandle = provider.OpenProvider())
{
foreach (var key in NCryptNative.EnumerateKeys(providerHandle, openOptions))
{
yield return(CngKey.Open(key.pszName, provider));
}
}
}
public static IEnumerable <CngAlgorithm> GetSupportedAlgorithms(this CngProvider provider,
NCryptAlgorithmOperations operations)
{
using (SafeNCryptProviderHandle providerHandle = provider.OpenProvider())
{
foreach (NCryptNative.NCryptAlgorithmName algorithm in NCryptNative.EnumerateAlgorithms(providerHandle, operations))
{
yield return(new CngAlgorithm(algorithm.pszName));
}
}
}
public static IEnumerable <CngKey> GetKeys(this CngProvider provider, CngKeyOpenOptions openOptions)
{
using (SafeNCryptProviderHandle providerHandle = provider.OpenProvider())
{
NCryptNative.NCryptKeyName[] keyNames = NCryptNative.EnumerateKeys(providerHandle, openOptions);
CngKey[] keys = new CngKey[keyNames.Length];
for (int i = 0; i < keys.Length; ++i)
{
keys[i] = CngKey.Open(keyNames[i].pszName, provider);
}
return(keys);
}
}
public static IEnumerable <CngAlgorithm> GetSupportedAlgorithms(this CngProvider provider,
NCryptAlgorithmOperations operations)
{
using (SafeNCryptProviderHandle providerHandle = provider.OpenProvider())
{
NCryptNative.NCryptAlgorithmName[] algorithmNames = NCryptNative.EnumerateAlgorithms(providerHandle, operations);
CngAlgorithm[] algorithms = new CngAlgorithm[algorithmNames.Length];
for (int i = 0; i < algorithmNames.Length; ++i)
{
algorithms[i] = new CngAlgorithm(algorithmNames[i].pszName);
}
return(algorithms);
}
}
public override byte[] EncryptValue(byte[] rgb)
{
if (rgb == null)
{
throw new ArgumentNullException("rgb");
}
switch (EncryptionPaddingMode)
{
case AsymmetricPaddingMode.Pkcs1:
return(NCryptNative.EncryptDataPkcs1(KeyHandle, rgb));
case AsymmetricPaddingMode.Oaep:
return(NCryptNative.EncryptDataOaep(KeyHandle, rgb, EncryptionHashAlgorithm.Algorithm));
default:
throw new InvalidOperationException(Properties.Resources.UnsupportedPaddingMode);
}
;
}
public byte[] SignHash(byte[] hash, CngAlgorithm hashAlgorithm)
{
if (hash == null)
{
throw new ArgumentNullException("hash");
}
if (hashAlgorithm == null)
{
throw new ArgumentNullException("hashAlgorithm");
}
// Keep a local copy of the key to prevent races with the key container that the key references
// and the key container permission we're going to demand.
CngKey key = Key;
KeyContainerPermission kcp = BuildKeyContainerPermission(key, KeyContainerPermissionFlags.Sign);
if (kcp != null)
{
kcp.Demand();
}
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert();
SafeNCryptKeyHandle keyHandle = key.Handle;
CodeAccessPermission.RevertAssert();
switch (SignaturePaddingMode)
{
case AsymmetricPaddingMode.Pkcs1:
return(NCryptNative.SignHashPkcs1(keyHandle, hash, hashAlgorithm.Algorithm));
case AsymmetricPaddingMode.Pss:
return(NCryptNative.SignHashPss(keyHandle, hash, hashAlgorithm.Algorithm, SignatureSaltBytes));
default:
throw new InvalidOperationException(Properties.Resources.UnsupportedPaddingMode);
}
}
public override byte[] DecryptValue(byte[] rgb)
{
if (rgb == null)
{
throw new ArgumentNullException("rgb");
}
// Keep a local copy of the key to prevent races with the key container that the key references
// and the key container permission we're going to demand.
CngKey key = Key;
// Make sure we have permission to use the private key to decrypt data
KeyContainerPermission kcp = BuildKeyContainerPermission(key, KeyContainerPermissionFlags.Decrypt);
if (kcp != null)
{
kcp.Demand();
}
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert();
SafeNCryptKeyHandle keyHandle = key.Handle;
CodeAccessPermission.RevertAssert();
switch (EncryptionPaddingMode)
{
case AsymmetricPaddingMode.Pkcs1:
return(NCryptNative.DecryptDataPkcs1(keyHandle, rgb));
case AsymmetricPaddingMode.Oaep:
return(NCryptNative.DecryptDataOaep(keyHandle, rgb, EncryptionHashAlgorithm.Algorithm));
default:
throw new InvalidOperationException(Properties.Resources.UnsupportedPaddingMode);
}
;
}
public static SafeNCryptProviderHandle OpenProvider(this CngProvider provider)
{
return(NCryptNative.OpenKeyStorageProvider(provider.Provider));
}