C# (CSharp) DSA.ExportPkcs8PrivateKey Examples

Example #1

        public static void NoPrivKeyFromPublicOnly()
        {
            using (DSA key = DSAFactory.Create())
            {
                DSAParameters dsaParameters = DSATestData.GetDSA1024Params();
                dsaParameters.X = null;
                key.ImportParameters(dsaParameters);

                Assert.ThrowsAny <CryptographicException>(
                    () => key.ExportPkcs8PrivateKey());

                Assert.ThrowsAny <CryptographicException>(
                    () => key.TryExportPkcs8PrivateKey(Span <byte> .Empty, out _));

                Assert.ThrowsAny <CryptographicException>(
                    () => key.ExportEncryptedPkcs8PrivateKey(
                        ReadOnlySpan <byte> .Empty,
                        new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72)));

                Assert.ThrowsAny <CryptographicException>(
                    () => key.TryExportEncryptedPkcs8PrivateKey(
                        ReadOnlySpan <byte> .Empty,
                        new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72),
                        Span <byte> .Empty,
                        out _));
            }
        }

Example #2

        public static void NoFuzzySubjectPublicKeyInfo()
        {
            using (DSA key = DSAFactory.Create())
            {
                key.ImportParameters(DSATestData.GetDSA1024Params());

                int    bytesRead = -1;
                byte[] pkcs8     = key.ExportPkcs8PrivateKey();

                Assert.ThrowsAny <CryptographicException>(
                    () => key.ImportSubjectPublicKeyInfo(pkcs8, out bytesRead));

                Assert.Equal(-1, bytesRead);

                ReadOnlySpan <byte> passwordBytes = pkcs8.AsSpan(0, 15);

                byte[] encryptedPkcs8 = key.ExportEncryptedPkcs8PrivateKey(
                    passwordBytes,
                    new PbeParameters(
                        PbeEncryptionAlgorithm.Aes256Cbc,
                        HashAlgorithmName.SHA512,
                        123));

                Assert.ThrowsAny <CryptographicException>(
                    () => key.ImportSubjectPublicKeyInfo(encryptedPkcs8, out bytesRead));

                Assert.Equal(-1, bytesRead);
            }
        }

Example #3

        private static void UseAfterDispose(bool importKey)
        {
            DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);

            byte[] pkcs8Private;
            byte[] pkcs8EncryptedPrivate;
            byte[] subjectPublicKeyInfo;

            string pwStr = "Hello";

            // Because the PBE algorithm uses PBES2 the string->byte encoding is UTF-8.
            byte[] pwBytes = Encoding.UTF8.GetBytes(pwStr);

            PbeParameters pbeParameters = new PbeParameters(
                PbeEncryptionAlgorithm.Aes192Cbc,
                HashAlgorithmName.SHA256,
                3072);

            // Ensure the key was loaded, then dispose it.
            // Also ensures all of the inputs are valid for the disposed tests.
            using (key)
            {
                pkcs8Private          = key.ExportPkcs8PrivateKey();
                pkcs8EncryptedPrivate = key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters);
                subjectPublicKeyInfo  = key.ExportSubjectPublicKeyInfo();
            }

            Assert.Throws <ObjectDisposedException>(() => key.ImportPkcs8PrivateKey(pkcs8Private, out _));
            Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwStr, pkcs8EncryptedPrivate, out _));
            Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
            Assert.Throws <ObjectDisposedException>(() => key.ImportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));

            Assert.Throws <ObjectDisposedException>(() => key.ExportPkcs8PrivateKey());
            Assert.Throws <ObjectDisposedException>(() => key.TryExportPkcs8PrivateKey(pkcs8Private, out _));
            Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters));
            Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters, pkcs8EncryptedPrivate, out _));
            Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters));
            Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters, pkcs8EncryptedPrivate, out _));
            Assert.Throws <ObjectDisposedException>(() => key.ExportSubjectPublicKeyInfo());
            Assert.Throws <ObjectDisposedException>(() => key.TryExportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));

            // Check encrypted import with the wrong password.
            // It shouldn't do enough work to realize it was wrong.
            pwBytes = Array.Empty <byte>();
            Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey("", pkcs8EncryptedPrivate, out _));
            Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
        }

Example #4

        public static void NoFuzzyEncryptedPkcs8()
        {
            using (DSA key = DSAFactory.Create())
            {
                key.ImportParameters(DSATestData.GetDSA1024Params());

                int    bytesRead = -1;
                byte[] spki      = key.ExportSubjectPublicKeyInfo();
                byte[] empty     = Array.Empty <byte>();

                Assert.ThrowsAny <CryptographicException>(
                    () => key.ImportEncryptedPkcs8PrivateKey(empty, spki, out bytesRead));

                Assert.Equal(-1, bytesRead);

                byte[] pkcs8 = key.ExportPkcs8PrivateKey();

                Assert.ThrowsAny <CryptographicException>(
                    () => key.ImportEncryptedPkcs8PrivateKey(empty, pkcs8, out bytesRead));

                Assert.Equal(-1, bytesRead);
            }
        }

Example #5

File: SftpClientConnection.cs Project: ARKlab/Ark.Tools

        private Renci.SshNet.SftpClient _getSFtpClientWithCertificate()
        {
#if NETSTANDARD2_0 || NET472
            throw new NotSupportedException($"ClientCertificate does not support X509 Certificate in NETCORE2.0 nor NET472");
#else
            var connInfo = _getConnectionInfo();

            var cert = FtpConfig.ClientCertificate;

            string keyExchangeAlgorithm = null;
            byte[] privateKeyBytes      = null;
            string privateKeyPemString;
            bool   isKeyNull = false;

            switch (cert.PublicKey.Oid.Value)
            {
            case _rsa:
            {
                using RSA rsaKey = cert.GetRSAPrivateKey();

                keyExchangeAlgorithm = rsaKey.KeyExchangeAlgorithm;
                if (rsaKey != null)
                {
                    privateKeyBytes = rsaKey.ExportRSAPrivateKey();
                }
                else
                {
                    isKeyNull = true;
                }
                break;
            }

            case _dsa:
            {
                using DSA dsaKey = cert.GetDSAPrivateKey();

                keyExchangeAlgorithm = dsaKey.KeyExchangeAlgorithm;
                if (dsaKey != null)
                {
                    privateKeyBytes = dsaKey.ExportPkcs8PrivateKey();
                }
                else
                {
                    isKeyNull = true;
                }
                break;
            }

            case _ecdsa:
            {
                using ECDsa ecdsaKey = cert.GetECDsaPrivateKey();

                keyExchangeAlgorithm = ecdsaKey.KeyExchangeAlgorithm;
                if (ecdsaKey != null)
                {
                    privateKeyBytes = ecdsaKey.ExportPkcs8PrivateKey();
                }
                else
                {
                    isKeyNull = true;
                }
                break;
            }

            default:
                throw new NotSupportedException($"ClientCertificate does not support the given algorithm {cert.PublicKey.Oid.FriendlyName}");
            }

            if (isKeyNull)
            {
                throw new ArgumentNullException($"ClientCertificate has a null Key");
            }

#if NET5_0_OR_GREATER
            var privateKeyPem = PemEncoding.Write($"{keyExchangeAlgorithm} PRIVATE KEY", privateKeyBytes);
            privateKeyPemString = new string(privateKeyPem);
#else
            var builder = new StringBuilder();
            builder.AppendLine($"-----BEGIN {keyExchangeAlgorithm} PRIVATE KEY-----");
            builder.AppendLine(
                Convert.ToBase64String(privateKeyBytes, Base64FormattingOptions.InsertLineBreaks));
            builder.AppendLine($"-----END {keyExchangeAlgorithm} PRIVATE KEY-----");

            privateKeyPemString = builder.ToString();
#endif

            var byteArray = Encoding.UTF8.GetBytes(privateKeyPemString);

            using var ms             = new MemoryStream(byteArray);
            using var privateKeyFile = new PrivateKeyFile(ms);

            return(new Renci.SshNet.SftpClient(connInfo.Host, connInfo.Username, new PrivateKeyFile[] { privateKeyFile })
            {
                KeepAliveInterval = _keepAliveInterval,
                OperationTimeout = _operationTimeout,
            });
#endif
        }