// Sign an XML file.
// This document cannot be verified unless the verifying
// code has the key with which it was signed.
public static void SignXml(XmlDocument xmlDoc, RSA Key)
{
// Check arguments.
if (xmlDoc == null)
throw new ArgumentException("xmlDoc");
if (Key == null)
throw new ArgumentException("Key");
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = Key;
// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";
// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
// Append the element to the XML document.
xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
}
public S3Storage()
{
const string filename = "keyxml.pk";
var path = WebServerPathUtils.GetPathTo(Path.Combine("bin", filename));
var f = new FileInfo(path);
if (f.Exists)
{
using (var file = f.OpenRead())
{
var keyString = new StreamReader(file).ReadToEnd();
_algorithm = RSA.Create();
_algorithm.FromXmlString(keyString);
var encryptionMaterials = new EncryptionMaterials(_algorithm);
try
{
_client = new AmazonS3EncryptionClient(encryptionMaterials);
var bucket = new S3DirectoryInfo(_client, PdfDocumentsBucketName);
if (!bucket.Exists)
{
bucket.Create();
}
}
catch (Exception ex)
{
Console.WriteLine("Unable to initialize S3 client\n" + ex);
}
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="RsaCryptographicKey" /> class.
/// </summary>
/// <param name="key">The RSA crypto service provider.</param>
/// <param name="algorithm">The algorithm.</param>
internal RsaCryptographicKey(RSA key, AsymmetricAlgorithm algorithm)
{
Requires.NotNull(key, "key");
this.key = key;
this.algorithm = algorithm;
}
// Verify the signature of an XML file against an asymmetric
// algorithm and return the result.
public static Boolean VerifyXml(XmlDocument Doc, RSA Key)
{
// Check arguments.
if (Doc == null)
throw new ArgumentException("Doc");
if (Key == null)
throw new ArgumentException("Key");
// Create a new SignedXml object and pass it
// the XML document class.
SignedXml signedXml = new SignedXml(Doc);
// Find the "Signature" node and create a new
// XmlNodeList object.
XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");
// Throw an exception if no signature was found.
if (nodeList.Count <= 0)
{
throw new CryptographicException("Verification failed: No Signature was found in the document.");
}
//One Sig per document
if (nodeList.Count >= 2)
{
throw new CryptographicException("Verification failed: More that one signature was found for the document.");
}
// Load the first <signature> node.
signedXml.LoadXml((XmlElement)nodeList[0]);
// Check the signature and return the result.
return signedXml.CheckSignature(Key);
}
public static int GetMaxRsaEncryptLength(System.Security.Cryptography.RSA rsa, RSAEncryptionPadding padding)
{
var offset = 0;
if (padding.Mode == RSAEncryptionPaddingMode.Pkcs1)
{
offset = 11;
}
else
{
if (padding.Equals(RSAEncryptionPadding.OaepSHA1))
{
offset = 42;
}
if (padding.Equals(RSAEncryptionPadding.OaepSHA256))
{
offset = 66;
}
if (padding.Equals(RSAEncryptionPadding.OaepSHA384))
{
offset = 98;
}
if (padding.Equals(RSAEncryptionPadding.OaepSHA512))
{
offset = 130;
}
}
var keySize = rsa.KeySize;
var maxLength = keySize / 8 - offset;
return(maxLength);
}
/// <summary>Constructs a new service account credential using the given initializer.</summary>
public ServiceAccountCredential(Initializer initializer) : base(initializer)
{
id = initializer.Id.ThrowIfNullOrEmpty("initializer.Id");
user = initializer.User;
scopes = initializer.Scopes;
key = initializer.Key.ThrowIfNull("initializer.Key");
}
/// <summary>
///
/// </summary>
/// <param name="subjectName"></param>
/// <param name="signingCertificate"></param>
/// <param name="keyUsageExtensions"></param>
/// <param name="enhancedKeyUsageExtensions"></param>
/// <returns></returns>
public static X509Certificate2 SignCertificate(string subjectName, X509Certificate2 signingCertificate, X509KeyUsageExtension keyUsageExtensions, OidCollection enhancedKeyUsageExtensions)
{
using (System.Security.Cryptography.RSA rsa = System.Security.Cryptography.RSA.Create(4096))
{
CertificateRequest request = new CertificateRequest(
subjectName,
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(
new X509BasicConstraintsExtension(false, false, 0, false));
request.CertificateExtensions.Add(keyUsageExtensions);
request.CertificateExtensions.Add(
new X509EnhancedKeyUsageExtension(
enhancedKeyUsageExtensions,
true));
request.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(request.PublicKey, false));
return(request.Create(signingCertificate, DateTime.UtcNow, DateTime.UtcNow.AddDays(30), new byte[] { 1, 2, 3, 4 }));
}
}
public RsaSecurityKey(RSA rsa)
{
if (rsa == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rsa");
this.rsa = rsa;
}
/// <summary>
/// Verifies the digital signature.
/// </summary>
/// <param name="digitalSignature"> The XML Digital Signature.</param>
/// <param name="publicKey"> The RSA public key.</param>
/// <returns> Returns true if valid, else false.</returns>
public static bool VerifyDigitalSignature(XmlTextReader digitalSignature, RSA publicKey)
{
bool valid = false;
try
{
// Load license file into XmlDocument
XmlDocument doc = new XmlDocument();
doc.Load(digitalSignature);
// Load Signature Element
SignedXml verifier = new SignedXml(doc);
verifier.LoadXml(doc.GetElementsByTagName("Signature")[0] as XmlElement);
// Validate license.
if ( verifier.CheckSignature(publicKey) )
{
valid = true;
}
else
{
valid = false;
}
}
catch
{
valid = false;
}
return valid;
}
public RSAPKCS1SignatureFormatter(AsymmetricAlgorithm key)
{
if (key == null)
throw new ArgumentNullException(nameof(key));
_rsaKey = (RSA)key;
}
/// <summary>
/// 加密
/// </summary>
/// <param name="rsa"></param>
/// <param name="data"></param>
/// <param name="padding"></param>
/// <returns></returns>
private static byte[] Encrypt(System.Security.Cryptography.RSA rsa, byte[] data, RSAEncryptionPadding padding = null)
{
padding ??= RSAEncryptionPadding.Pkcs1;
byte[] result;
var maxLength = rsa.KeySize / 8 - PaddingLength[padding];
// 长数据分割
if (maxLength < data.Length)
{
var pointer = 0;
var resBytes = new List <byte>();
while (pointer < data.Length)
{
var length = pointer + maxLength > data.Length ? data.Length - pointer : maxLength;
resBytes.AddRange(rsa.Encrypt(data.Skip(pointer).Take(length).ToArray(), padding));
pointer += maxLength;
}
result = resBytes.ToArray();
}
else
{
result = rsa.Encrypt(data, padding);
}
return(result);
}
public override void SetKey(AsymmetricAlgorithm key)
{
if (key == null)
throw new ArgumentNullException(nameof(key));
_rsaKey = (RSA)key;
}
/// <summary>
/// 验证 XML 文档的数字签名
/// </summary>
/// <param name="Doc"></param>
/// <param name="Key"></param>
/// <returns></returns>
public static Boolean VerifyXml(XmlDocument Doc, RSA Key)
{
// Check arguments.
if (Doc == null)
throw new ArgumentException("Doc");
if (Key == null)
throw new ArgumentException("Key");
// 创建一个新的 SignedXml 对象,并将 XmlDocument 对象传递给它。
SignedXml signedXml = new SignedXml(Doc);
// 找到 <signature> 元素,并创建新的 XmlNodeList 对象。
XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");
// 如果没有签名,那么抛异常.
if (nodeList.Count <= 0)
{
throw new CryptographicException("Verification failed: No Signature was found in the document.");
}
// 如果有多个签名,那么也抛异常.
if (nodeList.Count >= 2)
{
throw new CryptographicException("Verification failed: More that one signature was found for the document.");
}
// 将第一个 <signature> 元素的 XML 加载到 SignedXml 对象中。
signedXml.LoadXml((XmlElement)nodeList[0]);
// 使用 CheckSignature 方法和 RSA 公钥检查签名。 此方法将返回指示成功或失败的布尔值。
return signedXml.CheckSignature(Key);
}
// /// <summary>
// /// Signs a license.
// /// </summary>
// /// <param name="unsignedLicense"> The unsigned license stream.</param>
// /// <param name="keyPair"> The stream containing the private key file.</param>
// /// <param name="output"> The output stream containing the new signed license.</param>
// internal void SignLicense(XmlTextReader unsignedLicense, Stream keyPair, Stream output)
// {
// try
// {
// // setup the document to sign
// XmlDocument licenseDocument = new XmlDocument();
// licenseDocument.Load(unsignedLicense);
//
// // read in the public key
// RSA signingKey = new RSACryptoServiceProvider();
// using(StreamReader reader = new StreamReader(keyPair))
// {
// signingKey.FromXmlString(reader.ReadLine());
// }
//
// // now sign the document
// SignedXml signer = new SignedXml(licenseDocument);
// signer.SigningKey = signingKey;
//
// // create a reference to the root of the document
// Reference orderRef = new Reference("");
// orderRef.AddTransform(new XmlDsigEnvelopedSignatureTransform());
// signer.AddReference(orderRef);
//
// // add transforms that only select the order items, type, and
// // compute the signature, and add it to the document
// signer.ComputeSignature();
// licenseDocument.DocumentElement.AppendChild(signer.GetXml());
//
// licenseDocument.Save(output);
// }
// catch
// {
// throw;
// }
// }
/// <summary>
/// Signs the XmlDocument.
/// </summary>
/// <param name="document"> The XmlDocument to sign.</param>
/// <param name="signingKey"> The signing key.</param>
/// <returns> A signed XmlDocument.</returns>
internal XmlDocument SignXmlDocument(XmlDocument document, RSA signingKey)
{
try
{
// // setup the document to sign
// XmlDocument licenseDocument = new XmlDocument();
// licenseDocument.Load(unsignedLicense);
// now sign the document
SignedXml signer = new SignedXml(document);
signer.SigningKey = signingKey;
// create a reference to the root of the document
Reference reference = new Reference("");
reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
signer.AddReference(reference);
// compute the signature, and add it to the document
signer.ComputeSignature();
document.DocumentElement.AppendChild(signer.GetXml());
return document;
}
catch
{
throw;
}
}
public bool CheckStrongSignature(RSA publicKey, byte[] tail)
{
if (!hasStrongSignature) throw new InvalidOperationException();
// Hash the whole archive with the SHA1 algorithm
var sha1 = CommonMethods.SharedSHA1;
byte[] signature = new byte[2048];
lock (syncRoot)
{
var buffer = new byte[4096];
long bytesRemaining = archiveDataLength;
stream.Seek(archiveDataOffset, SeekOrigin.Begin);
do
{
int count = stream.Read(buffer, 0, bytesRemaining > buffer.Length ? buffer.Length : (int)bytesRemaining);
sha1.TransformBlock(buffer, 0, count, null, 0);
bytesRemaining -= count;
}
while (bytesRemaining > 0);
sha1.TransformFinalBlock(tail, 0, tail != null ? tail.Length : 0);
stream.Seek(sizeof(uint), SeekOrigin.Current); // Skip the strong signature header, as it has already been verified earlier
if (stream.Read(signature, 0, signature.Length) != signature.Length) throw new EndOfStreamException();
}
return new RSAPKCS1SignatureDeformatter(publicKey).VerifySignature(sha1, signature);
}
public StrongNameCertificate(RSA rsa) {
if (rsa == null) {
throw new ArgumentNullException("rsa");
}
RSA = rsa;
}
/// <summary>
/// RSA导入key
/// </summary>
/// <param name="rsa">RSA实例<see cref="RSA"/></param>
/// <param name="jsonString">RSA的Key序列化JSON字符串</param>
internal static void FromJsonString(this System.Security.Cryptography.RSA rsa, string jsonString)
{
Check.Argument.IsNotEmpty(jsonString, nameof(jsonString));
RSAParameters parameters = new RSAParameters();
try
{
var paramsJson = JsonConvert.DeserializeObject <RSAParametersJson>(jsonString);
parameters.Modulus = paramsJson.Modulus != null?Convert.FromBase64String(paramsJson.Modulus) : null;
parameters.Exponent = paramsJson.Exponent != null?Convert.FromBase64String(paramsJson.Exponent) : null;
parameters.P = paramsJson.P != null?Convert.FromBase64String(paramsJson.P) : null;
parameters.Q = paramsJson.Q != null?Convert.FromBase64String(paramsJson.Q) : null;
parameters.DP = paramsJson.DP != null?Convert.FromBase64String(paramsJson.DP) : null;
parameters.DQ = paramsJson.DQ != null?Convert.FromBase64String(paramsJson.DQ) : null;
parameters.InverseQ = paramsJson.InverseQ != null?Convert.FromBase64String(paramsJson.InverseQ) : null;
parameters.D = paramsJson.D != null?Convert.FromBase64String(paramsJson.D) : null;
}
catch
{
throw new Exception("Invalid Json RSA key.");
}
rsa.ImportParameters(parameters);
}
public static void TouchFromPrivateKeyInPkcs1(this MsRSA rsa, string privateKey, out RSAParameters parameters)
{
var pr = new PemReader(new StringReader(privateKey.RemovePkcs1PrivateKeyFormat()));
if (!(pr.ReadObject() is AsymmetricCipherKeyPair asymmetricCipherKeyPair))
{
throw new Exception("Private key format is incorrect");
}
var rsaPrivateCrtKeyParameters = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(
PrivateKeyInfoFactory.CreatePrivateKeyInfo(asymmetricCipherKeyPair.Private));
parameters = new RSAParameters
{
Modulus = rsaPrivateCrtKeyParameters.Modulus.ToByteArrayUnsigned(),
Exponent = rsaPrivateCrtKeyParameters.PublicExponent.ToByteArrayUnsigned(),
P = rsaPrivateCrtKeyParameters.P.ToByteArrayUnsigned(),
Q = rsaPrivateCrtKeyParameters.Q.ToByteArrayUnsigned(),
DP = rsaPrivateCrtKeyParameters.DP.ToByteArrayUnsigned(),
DQ = rsaPrivateCrtKeyParameters.DQ.ToByteArrayUnsigned(),
InverseQ = rsaPrivateCrtKeyParameters.QInv.ToByteArrayUnsigned(),
D = rsaPrivateCrtKeyParameters.Exponent.ToByteArrayUnsigned()
};
rsa.ImportParameters(parameters);
}
/// <summary>
/// Decrypt binary.
/// </summary>
/// <param name="binary">The data to encrypt.</param>
/// <param name="privateKey">The private key.</param>
/// <param name="symmetricAlgorithmName">Optional. The name of the symmetric algorithm to use. Defaults to "Rijndael" (128 bits AES). See http://msdn.microsoft.com/en-us/library/k74a682y(v=vs.100).aspx for a list of valid values.</param>
/// <returns></returns>
public static byte[] Decrypt(this byte[] binary, RSA privateKey, string symmetricAlgorithmName = "Rijndael")
{
if (binary == null) throw new ArgumentNullException("binary");
if (privateKey == null) throw new ArgumentNullException("privateKey");
//create sym key of given type
var symmetricKey = SymmetricAlgorithm.Create(symmetricAlgorithmName);
if(symmetricKey == null)
throw new ArgumentException("Unsupported symmetricAlgorithmName: '{0}'".FormatWith(symmetricAlgorithmName), "symmetricAlgorithmName");
//retrieve encrypted sym key
var encryptedSymmetricKey = new byte[privateKey.KeySize >> 3];
Buffer.BlockCopy(binary, 0, encryptedSymmetricKey, 0, encryptedSymmetricKey.Length);
//decrypt sym key using asym key
var key = new RSAOAEPKeyExchangeDeformatter(privateKey).DecryptKeyExchange(encryptedSymmetricKey);
//get IV (public)
var iv = new byte[symmetricKey.IV.Length];
Buffer.BlockCopy(binary, encryptedSymmetricKey.Length, iv, 0, iv.Length);
//decrypt binary using sym key and IV
return symmetricKey.CreateDecryptor(key, iv).TransformFinalBlock(binary, encryptedSymmetricKey.Length + iv.Length, binary.Length - (encryptedSymmetricKey.Length + iv.Length));
}
public override void SetKey(AsymmetricAlgorithm key) {
if (key == null)
throw new ArgumentNullException("key");
Contract.EndContractBlock();
_rsaKey = (RSA) key;
_rsaOverridesDecrypt = default(bool?);
}
/// <summary>
/// Signiert ein Xml-Document.
/// </summary>
/// <param name="xDoc">Das Dokument welches die Daten enthält die signiert werden sollen.</param>
/// <param name="privateKey">Der private Schlüssel.</param>
/// <returns>Gibt ein Xml Element mit den Signierten daten zurück.</returns>
public static XmlElement SignXmlDocument(XmlDocument xDoc, string privateKey)
{
var signedXml = new SignedXml();
System.Security.Cryptography.RSA pvk = System.Security.Cryptography.RSA.Create();
pvk.FromXmlString(privateKey);
signedXml.SigningKey = pvk;
var dataObject = new DataObject();
dataObject.Id = "content";
dataObject.Data = xDoc.ChildNodes;
signedXml.AddObject(dataObject);
var reference = new Reference();
reference.Uri = "#content";
signedXml.AddReference(reference);
var keyinfo = new KeyInfo();
keyinfo.AddClause(new RSAKeyValue(pvk));
signedXml.KeyInfo = keyinfo;
signedXml.ComputeSignature();
return(signedXml.GetXml());
}
public static X509Certificate2 GenerateCert(string certificateName, RSA key)
{
byte[] sn = GenerateSerialNumber();
string subject = string.Format("CN={0}", certificateName);
DateTime notBefore = DateTime.Now;
DateTime notAfter = DateTime.Now.AddYears(20);
string hashName = "SHA512";
X509CertificateBuilder cb = new X509CertificateBuilder(3);
cb.SerialNumber = sn;
cb.IssuerName = subject;
cb.NotBefore = notBefore;
cb.NotAfter = notAfter;
cb.SubjectName = subject;
cb.SubjectPublicKey = key;
cb.Hash = hashName;
byte[] rawcert = cb.Sign(key);
PKCS12 p12 = new PKCS12();
Hashtable attributes = GetAttributes();
p12.AddCertificate(new Mono.Security.X509.X509Certificate(rawcert), attributes);
p12.AddPkcs8ShroudedKeyBag(key, attributes);
rawcert = p12.GetBytes();
return new X509Certificate2(rawcert, "", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
}
public StrongName(System.Security.Cryptography.RSA rsa)
{
if (rsa == null)
{
throw new ArgumentNullException("rsa");
}
this.RSA = rsa;
}
internal Initializer(ServiceAccountCredential other) : base(other)
{
Id = other.Id;
ProjectId = other.ProjectId;
User = other.User;
Scopes = other.Scopes;
Key = other.Key;
}
public Product()
{
_key = RSA.Create();
_id = Guid.NewGuid();
_issuedLicenses = new ObservableCollection<License>();
_publicKey = _key.ToXmlString(false);
_privateKey = _key.ToXmlString(true);
}
/// <summary>Extracts the <see cref="Key"/> from the given PKCS8 private key.</summary>
public Initializer FromPrivateKey(string privateKey)
{
RSAParameters rsaParameters = Pkcs8.DecodeRsaParameters(privateKey);
Key = (RsaKey)RSA.Create();
Key.ImportParameters(rsaParameters);
return(this);
}
/// <summary>
/// Erstellt ein neues Schlüsselpaar
/// </summary>
/// <returns></returns>
public static string[] CreateNewKeys()
{
System.Security.Cryptography.RSA rsa = System.Security.Cryptography.RSA.Create();
return(new[] {
rsa.ToXmlString(true), //PrivateKey
rsa.ToXmlString(false) //PublicKey
});
}
public RSAPKCS1SignatureDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
this._rsaKey = (RSA) key;
}
public RSAOAEPKeyExchangeDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
this._rsaKey = (RSA) key;
}
public override void SetKey(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
this._rsaKey = (RSA) key;
}
public bool Matches(RSA rsa)
{
if (rsa == null)
{
return false;
}
RSAParameters parameters = rsa.ExportParameters(false);
return (System.IdentityModel.SecurityUtils.MatchesBuffer(this.rsaParameters.Modulus, parameters.Modulus) && System.IdentityModel.SecurityUtils.MatchesBuffer(this.rsaParameters.Exponent, parameters.Exponent));
}
public static LongRSACryptKey GetLongRSACryptKeyFromEncryptedAES(ReadOnlySpan <Byte> encryptedkey, ReadOnlySpan <Byte> encryptediv,
ReadOnlySpan <Byte> privatekey, RSAKeyType type = Cryptography.RSA.DefaultRSAKeyType, RSAParameters?parameters = null)
{
Rsa rsa = Cryptography.RSA.Create(privatekey, type, parameters);
ReadOnlySpan <Byte> key = rsa.Decrypt(encryptedkey.ToArray());
ReadOnlySpan <Byte> iv = rsa.Decrypt(encryptediv.ToArray());
return(new LongRSACryptKey(key, iv));
}
public void SetUp ()
{
if (rsa == null) {
rsa = RSA.Create ();
rsa.ImportParameters (AllTests.GetRsaKey (true));
}
if (dsa == null)
dsa = DSA.Create ();
}
/// <summary>
/// 把java的公钥转换成.net的xml格式,java->.net
/// </summary>
/// <param name="privateKey">java提供的第三方公钥</param>
/// <returns></returns>
public static string ConvertToXmlPublicJavaKey(this System.Security.Cryptography.RSA rsa, string publicJavaKey)
{
RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicJavaKey));
string xmlpublicKey = string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent></RSAKeyValue>",
Convert.ToBase64String(publicKeyParam.Modulus.ToByteArrayUnsigned()),
Convert.ToBase64String(publicKeyParam.Exponent.ToByteArrayUnsigned()));
return(xmlpublicKey);
}
/// <summary>
/// Creates a new instance of <see cref="RsaEncryptionCookieTransform"/>
/// </summary>
/// <param name="certificate">Certificate whose private key is used to encrypt and decrypt.</param>
/// <exception cref="ArgumentNullException">When certificate is null.</exception>
/// <exception cref="ArgumentException">When the certificate has no private key.</exception>
/// <exception cref="ArgumentException">When the certificate's key is not RSA.</exception>
public RsaEncryptionCookieTransform( X509Certificate2 certificate )
{
if ( null == certificate )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "certificate" );
}
_encryptionKey = X509Util.EnsureAndGetPrivateRSAKey( certificate );
_decryptionKeys.Add( _encryptionKey );
}
public Saml2EncryptedXml(XmlDocument document, RSA decryptionPrivateKey)
: this(document)
{
if (decryptionPrivateKey == null)
{
throw new ArgumentNullException("decryptionPrivateKey");
}
DecryptionPrivateKey = decryptionPrivateKey;
}
public RSA(int keysize)
{
_rsa = System.Security.Cryptography.RSA.Create();
_rsa.KeySize = keysize;//默认是2048,也就是_parameter.Modulus是256字节,但是js那边的算法会卡死
//把公钥适当转换,准备发往客户端
_parameter = _rsa.ExportParameters(true);
_KeyExponent = BytesToHexString(_parameter.Exponent);
_KeyModulus = BytesToHexString(_parameter.Modulus);
}
/// <summary>
/// Creates a new instance of <see cref="RsaEncryptionCookieTransform"/>.
/// </summary>
/// <param name="key">The provided key will be used as the encryption and decryption key by default.</param>
/// <exception cref="ArgumentNullException">When the key is null.</exception>
public RsaEncryptionCookieTransform( RSA key )
{
if ( null == key )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "key" );
}
_encryptionKey = key;
_decryptionKeys.Add( _encryptionKey );
}
public void SetUp ()
{
sig = new SignatureDescription();
// key generation is VERY long so one time is enough
if (dsa == null)
dsa = DSA.Create ();
if (rsa == null)
rsa = RSA.Create ();
}
/// <summary>
/// Creates a new instance of <see cref="RsaSignatureCookieTransform"/>
/// </summary>
/// <param name="certificate">Certificate whose private key is used to sign and verify.</param>
/// <exception cref="ArgumentNullException">When certificate is null.</exception>
/// <exception cref="ArgumentException">When the certificate has no private key.</exception>
/// <exception cref="ArgumentException">When the certificate's key is not RSA.</exception>
public RsaSignatureCookieTransform(X509Certificate2 certificate)
{
if (null == certificate)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
}
_signingKey = X509Util.EnsureAndGetPrivateRSAKey(certificate);
_verificationKeys.Add(_signingKey);
}
/// <summary>
/// Creates a new instance of <see cref="RsaSignatureCookieTransform"/>.
/// </summary>
/// <param name="key">The provided key will be used as the signing and verification key by default.</param>
/// <exception cref="ArgumentNullException">When the key is null.</exception>
public RsaSignatureCookieTransform(RSA key)
{
if (null == key)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
}
_signingKey = key;
_verificationKeys.Add(_signingKey);
}
/// <summary>
/// Constructs a proof token based on RSA key.
/// </summary>
/// <param name="rsaAlgorithm"></param>
public AsymmetricProofDescriptor( RSA rsaAlgorithm )
{
if ( rsaAlgorithm == null )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "rsaAlgorithm" );
}
_keyIdentifier = new SecurityKeyIdentifier(new RsaKeyIdentifierClause(rsaAlgorithm));
}
public bool Matches(RSA rsa)
{
if (rsa == null)
return false;
RSAParameters rsaParameters = rsa.ExportParameters(false);
return SecurityUtils.MatchesBuffer(this.rsaParameters.Modulus, rsaParameters.Modulus) &&
SecurityUtils.MatchesBuffer(this.rsaParameters.Exponent, rsaParameters.Exponent);
}
public RsaKeyIdentifierClause(RSA rsa)
: base(clauseType)
{
if (rsa == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rsa");
this.rsa = rsa;
this.rsaParameters = rsa.ExportParameters(false);
}
public byte[] sign()
{
SSC.RSA rsa = SSC.RSA.Create();
rsa.ImportParameters(RSAparams);
SSC.RSAPKCS1SignatureFormatter signer = new SSC.RSAPKCS1SignatureFormatter(rsa);
signer.SetHashAlgorithm("SHA1");
sc.Close();
return(signer.CreateSignature(md.Hash));
}
public void Dispose()
{
if (_rsa != null)
{
_rsa.Dispose();
_rsa = null;
}
_parameter = new RSAParameters();
_KeyExponent = null;
_KeyModulus = null;
}
/// <summary>
/// RSA公钥格式转换,.net->java
/// </summary>
/// <param name="publicCSharpKey">.net生成的公钥</param>
/// <returns></returns>
public static string ConvertToJavaPublicKey(this System.Security.Cryptography.RSA rsa, string publicCSharpKey)
{
XmlDocument doc = new XmlDocument(); doc.LoadXml(publicCSharpKey);
BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));
BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));
RsaKeyParameters pub = new RsaKeyParameters(false, m, p);
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub);
byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded();
return(Convert.ToBase64String(serializedPublicBytes));
}
public static void ImportFromXmlString(this System.Security.Cryptography.RSA rsa, string filename)
{
var parameters = new RSAParameters();
var xmlDoc = new XmlDocument();
xmlDoc.Load(filename);
if (xmlDoc.DocumentElement.Name.Equals("RSAKeyValue"))
{
foreach (XmlNode node in xmlDoc.DocumentElement.ChildNodes)
{
switch (node.Name)
{
case "Modulus":
parameters.Modulus = Convert.FromBase64String(node.InnerText);
break;
case "Exponent":
parameters.Exponent = Convert.FromBase64String(node.InnerText);
break;
case "P":
parameters.P = Convert.FromBase64String(node.InnerText);
break;
case "Q":
parameters.Q = Convert.FromBase64String(node.InnerText);
break;
case "DP":
parameters.DP = Convert.FromBase64String(node.InnerText);
break;
case "DQ":
parameters.DQ = Convert.FromBase64String(node.InnerText);
break;
case "InverseQ":
parameters.InverseQ = Convert.FromBase64String(node.InnerText);
break;
case "D":
parameters.D = Convert.FromBase64String(node.InnerText);
break;
}
}
}
else
{
throw new Exception("Invalid XML RSA key.");
}
rsa.ImportParameters(parameters);
}
/// <summary>Extracts the <see cref="Key"/> from the given PKCS8 private key.</summary>
public Initializer FromPrivateKey(string privateKey)
{
#if NETSTANDARD
RsaPrivateCrtKeyParameters parameters = ConvertPKCS8ToRsaPrivateCrtKeyParameters(privateKey);
Key = new RsaStandard(parameters);
#else
RSAParameters rsaParameters = ConvertPKCS8ToRSAParameters(privateKey);
Key = new RSACryptoServiceProvider();
Key.ImportParameters(rsaParameters);
#endif
return(this);
}
internal bool VerifySignature(System.Security.Cryptography.RSA rsa)
{
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(rsa);
string signaturealgo = this.m_signaturealgo;
if (signaturealgo != null)
{
if (__f__switch_map11 == null)
{
Dictionary <string, int> dictionary = new Dictionary <string, int>(4)
{
{
"1.2.840.113549.1.1.2",
0
},
{
"1.2.840.113549.1.1.4",
1
},
{
"1.2.840.113549.1.1.5",
2
},
{
"1.3.14.3.2.29",
2
}
};
__f__switch_map11 = dictionary;
}
if (__f__switch_map11.TryGetValue(signaturealgo, out int num))
{
switch (num)
{
case 0:
deformatter.SetHashAlgorithm("MD2");
goto Label_00CA;
case 1:
deformatter.SetHashAlgorithm("MD5");
goto Label_00CA;
case 2:
deformatter.SetHashAlgorithm("SHA1");
goto Label_00CA;
}
}
}
throw new CryptographicException("Unsupported hash algorithm: " + this.m_signaturealgo);
Label_00CA:
return(deformatter.VerifySignature(this.Hash, this.Signature));
}
/// <summary>Extracts a <see cref="Key"/> from the given certificate.</summary>
public Initializer FromCertificate(X509Certificate2 certificate)
{
#if NETSTANDARD
Key = certificate.GetRSAPrivateKey();
#else
// Workaround to correctly cast the private key as a RSACryptoServiceProvider type 24.
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;
byte[] privateKeyBlob = rsa.ExportCspBlob(true);
Key = new RSACryptoServiceProvider();
Key.ImportCspBlob(privateKeyBlob);
#endif
return(this);
}
public static void TouchFromPublicKeyInPkcs8(this MsRSA rsa, string publicKey, out RSAParameters parameters)
{
var publicKeyBytes = BaseConv.FromBase64(publicKey.RemovePkcs8PublicKeyFormat());
var publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(publicKeyBytes);
parameters = new RSAParameters
{
Modulus = publicKeyParam.Modulus.ToByteArrayUnsigned(),
Exponent = publicKeyParam.Exponent.ToByteArrayUnsigned()
};
rsa.ImportParameters(parameters);
}
protected virtual void Dispose(bool disposing)
{
if (disposed)
{
return;
}
if (disposing)
{
rsa = null;
}
disposed = true;
}
/// <summary>
/// 获取RSA Key序列化XML
/// </summary>
/// <param name="rsa">RSA实例<see cref="RSA"/></param>
/// <param name="includePrivateParameters">是否包含私钥</param>
/// <returns></returns>
public static string ToLvccXmlString(this System.Security.Cryptography.RSA rsa, bool includePrivateParameters)
{
RSAParameters parameters = rsa.ExportParameters(includePrivateParameters);
return(string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",
parameters.Modulus != null ? Convert.ToBase64String(parameters.Modulus) : null,
parameters.Exponent != null ? Convert.ToBase64String(parameters.Exponent) : null,
parameters.P != null ? Convert.ToBase64String(parameters.P) : null,
parameters.Q != null ? Convert.ToBase64String(parameters.Q) : null,
parameters.DP != null ? Convert.ToBase64String(parameters.DP) : null,
parameters.DQ != null ? Convert.ToBase64String(parameters.DQ) : null,
parameters.InverseQ != null ? Convert.ToBase64String(parameters.InverseQ) : null,
parameters.D != null ? Convert.ToBase64String(parameters.D) : null));
}
/// <summary>
/// RSA Verify
/// </summary>
/// <param name="content">raw content</param>
/// <param name="signStr">sign str</param>
/// <param name="publickKey">public key</param>
/// <param name="hashAlgorithmName">hashAlgorithm name</param>
/// <param name="rSASignaturePadding">ras siginature padding</param>
/// <param name="encoding">text encoding</param>
/// <returns></returns>
public static bool RSAVerify(string content, string signStr, string publickKey, HashAlgorithmName hashAlgorithmName, RSASignaturePadding rSASignaturePadding, Encoding encoding)
{
Check.Argument.IsNotEmpty(content, nameof(content));
Check.Argument.IsNotEmpty(signStr, nameof(signStr));
byte[] dataBytes = encoding.GetBytes(content);
byte[] signBytes = Convert.FromBase64String(signStr);
using (System.Security.Cryptography.RSA rsa = System.Security.Cryptography.RSA.Create())
{
rsa.FromJsonString(publickKey);
return(rsa.VerifyData(dataBytes, signBytes, hashAlgorithmName, rSASignaturePadding));
}
}
internal static byte[] WrapSecretKey(System.Security.Cryptography.RSA publicKey, byte[] keyBytes, String oaepDigestAlgorithm)
{
try
{
return(publicKey.Encrypt(keyBytes,
"SHA-256".Equals(oaepDigestAlgorithm)
? RSAEncryptionPadding.OaepSHA256
: RSAEncryptionPadding.OaepSHA512));
}
catch (Exception e)
{
throw new EncryptionException("Failed to wrap secret key!", e);
}
}
private static string Rsa(string data, string privateKeyPem, string charset, string signType, bool keyFromFile)
{
byte[] signatureBytes = null;
try
{
System.Security.Cryptography.RSA rsaCsp = null;
if (keyFromFile)
{
//文件读取
rsaCsp = LoadCertificateFile(privateKeyPem, signType);
}
else
{
//字符串获取
rsaCsp = LoadCertificateString(privateKeyPem, signType);
}
byte[] dataBytes = null;
if (string.IsNullOrEmpty(charset))
{
dataBytes = Encoding.UTF8.GetBytes(data);
}
else
{
dataBytes = Encoding.GetEncoding(charset).GetBytes(data);
}
if (null == rsaCsp)
{
throw new SpearPayException("您使用的私钥格式错误,请检查RSA私钥配置" + ",charset = " + charset);
}
if ("RSA2".Equals(signType))
{
signatureBytes = rsaCsp.SignData(dataBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
else
{
signatureBytes = rsaCsp.SignData(dataBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
}
}
catch
{
throw new SpearPayException("您使用的私钥格式错误,请检查RSA私钥配置" + ",charset = " + charset);
}
return(Convert.ToBase64String(signatureBytes));
}
public RSA(RSAType rsaType, System.Text.Encoding encoding, string privateKey, string publicKey = null)
{
_encoding = encoding;
if (!string.IsNullOrEmpty(privateKey))
{
_privateKeyRsaProvider = CreateRsaProviderFromPrivateKey(privateKey);
}
if (!string.IsNullOrEmpty(publicKey))
{
_publicKeyRsaProvider = CreateRsaProviderFromPublicKey(publicKey);
}
_hashAlgorithmName = rsaType == RSAType.RSA ? HashAlgorithmName.SHA1 : HashAlgorithmName.SHA256;
}
public static string Encrypt(string encryptString, String key)
{
System.Security.Cryptography.RSA rsa = System.Security.Cryptography.RSA.Create();
RSAParameters para = new RSAParameters();
byte[] b1 = null;
byte[] b2 = null;
ResolveKey(key, out b1, out b2);
para.Exponent = b1;
para.Modulus = b2;
rsa.ImportParameters(para);
byte[] enBytes = rsa.Encrypt(Encoding.UTF8.GetBytes(encryptString), RSAEncryptionPadding.Pkcs1);
return(bytes2hex(enBytes));
}
public static string GetPublicKeyInPkcs1(this MsRSA rsa)
{
var privateKeyParameters = rsa.ExportParameters(false);
var rsaKeyParameters = new RsaKeyParameters(
false,
new BigInteger(1, privateKeyParameters.Modulus),
new BigInteger(1, privateKeyParameters.Exponent));
using var writer = new StringWriter();
var pemWriter = new PemWriter(writer);
pemWriter.WriteObject(rsaKeyParameters);
pemWriter.Writer.Close();
return(writer.ToString());
}