/// <summary>
/// Secret key operation. Signs biHash with the keydata
/// in the given secret key packet.
/// </summary>
/// <param name="biHash">The hash value of a message that is about to
/// be signed</param>
/// <param name="skpKey">The secret key packet with the key
/// material for the signature</param>
/// <param name="strPassphrase">The passphrase for the
/// keymaterial</param>
/// <returns>The signed hash as array of biginteger. Only return[0]
/// contains a value: the signed hash.</returns>
/// <remarks>No remarks</remarks>
public override BigInteger[] Sign(BigInteger biHash, SecretKeyPacket skpKey, string strPassphase)
{
DSA_Secret_Key dskKey = new DSA_Secret_Key();
dskKey = ParseSecretKey(skpKey, strPassphase);
//check if the key has been mangled with
if (!CheckKey(dskKey))
throw(new Exception("This key does not fullfill the requirements of a valid DSA key. Please check if someone messed with your keys!"));
//if (biHash == null)
// throw new ArgumentNullException();
// (a) Select a random secret integer k; 0 < k < q.
BigInteger k = new BigInteger();
k = BigInteger.genRandom(160);
while (k >= dskKey.q)
k = BigInteger.genRandom(160);
// (b) Compute r = ( k mod p) mod q
BigInteger r = (dskKey.g.modPow (k, dskKey.p)) % dskKey.q;
// (c) Compute k -1 mod q (e.g., using Algorithm 2.142).
// (d) Compute s = k -1 fh(m) +arg mod q.
BigInteger s = (k.modInverse (dskKey.q) * (biHash + dskKey.x * r)) % dskKey.q;
BigInteger[] biReturn = new BigInteger[2];
biReturn[0] = r;
biReturn[1] = s;
return biReturn;
}
/// <summary>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.
/// </summary>
/// <remarks>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.
/// </remarks>
/// <param name="nbits">The size of the key in bits.</param>
/// <returns>A new RSA secret key as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.</returns>
/// <exception cref="System.ArgumentException">Throws an
/// Argumentexception if the keysize is not between 768
/// and 4096 bits.</exception>
public override BigInteger[][] Generate(int nbits)
{
BigInteger p, q; /* the two primes */
BigInteger d; /* the private key */
BigInteger u;
BigInteger t1, t2;
BigInteger n = new BigInteger(); /* the public key */
BigInteger e; /* the exponent */
BigInteger phi; /* helper: (p-1)(q-1) */
BigInteger g;
BigInteger f;
Random rand = new Random();
if ((nbits < 768) || (nbits > 4096))
throw new ArgumentException("Only keysizes betwen 768 and 4096 bit are allowed!");
/* make sure that nbits is even so that we generate p, q of equal size */
if ( (nbits&1)==1 )
nbits++;
do {
/* select two (very secret) primes */
p = new BigInteger();
q = new BigInteger();
p = BigInteger.genPseudoPrime(nbits / 2);
q = BigInteger.genPseudoPrime(nbits / 2);
/* p shall be smaller than q (for calc of u)*/
if (q > p) {
BigInteger tmp = p;
p = q;
q = tmp;
}
/* calculate the modulus */
n = p * q;
} while ( n.bitCount() != nbits );
/* calculate Euler totient: phi = (p-1)(q-1) */
t1 = p - new BigInteger(1);
t2 = q - new BigInteger(1);
phi = t1 * t2;
g = t1.gcd(t2);
f = phi / g;
/* find an public exponent.
We use 41 as this is quite fast and more secure than the
commonly used 17.
*/
e = new BigInteger(41);
t1 = e.gcd(phi);
if( t1 != new BigInteger(1) ) {
e = new BigInteger(257);
t1 = e.gcd(phi);
if( t1 != new BigInteger(1) ) {
e = new BigInteger(65537);
t1 = e.gcd(phi);
/* (while gcd is not 1) */
while( t1 != new BigInteger(1) ) {
e += 2;
t1 = e.gcd(phi);
}
}
}
/* calculate the secret key d = e^1 mod phi */
d = e.modInverse(f);
/* calculate the inverse of p and q (used for chinese remainder theorem)*/
u = p.modInverse(q);
RSA_Secret_Key sk = new RSA_Secret_Key();
sk.n = n;
sk.e = e;
sk.p = p;
sk.q = q;
sk.d = d;
sk.u = u;
this.biGeneratedKey = ParseSecretKey(sk);
return this.biGeneratedKey;
/* now we can test our keys (this should never fail!) */
// test_keys( sk, nbits - 64 );
}