public void TestHashMismatch()
{
var oaepPaddingKey = oaepReader.GetKey(1);
var pkcsPaddingKey = pkcsReader.GetKey(1);
Expect(oaepPaddingKey.GetKeyHash(), Is.Not.EqualTo(pkcsPaddingKey.GetKeyHash()));
}
public static Key GetPrimaryKey(this IKeySet keySet)
{
var version = keySet.Metadata.GetPrimaryKeyVersion();
return(version == null
? null
: keySet.GetKey(version.VersionNumber));
}
/// <summary>
/// Initializes a new instance of the <see cref="Keyczar"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
protected Keyczar(IKeySet keySet)
{
var metadata = keySet.Metadata;
var versions = metadata
.Versions
.Select(v =>
{
var key = keySet.GetKey(v.VersionNumber);
return(Tuple.Create(key.GetKeyHash(), v, key));
})
.ToList();
_primaryVersion = metadata.Versions.SingleOrDefault(it => it.Status == KeyStatus.Primary);
_versions = versions.ToDictionary(k => k.Item2.VersionNumber, v => v.Item3);
_hashedKeys = HashKeys(versions);
_hashedFallbackKeys = HashedFallbackKeys(versions);
}
public static bool ExportPrimaryAsPkcs(this IKeySet keySet, string location, Func <string> passwordPrompt)
{
var i = keySet.Metadata.Versions.First(it => it.Status == KeyStatus.Primary).VersionNumber;
using (var key = keySet.GetKey(i))
{
using (var stream = new FileStream(location, FileMode.Create))
using (var writer = new StreamWriter(stream))
{
var pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
AsymmetricKeyParameter writeKey;
if (!(key is IPrivateKey))
{
if (key.KeyType == KeyType.DsaPub)
{
var dsaKey = (DsaPublicKey)key;
writeKey = new DsaPublicKeyParameters(dsaKey.Y.ToBouncyBigInteger(),
new DsaParameters(
dsaKey.P.ToBouncyBigInteger(),
dsaKey.Q.ToBouncyBigInteger(),
dsaKey.G.ToBouncyBigInteger()));
}
else if (key is IRsaPublicKey)
{
var rsaKey = (IRsaPublicKey)key;
writeKey = new RsaKeyParameters(false,
rsaKey.Modulus.ToBouncyBigInteger(),
rsaKey.PublicExponent.ToBouncyBigInteger());
}
else
{
throw new InvalidKeyTypeException("Non exportable key type.");
}
pemWriter.WriteObject(new MiscPemGenerator(writeKey));
}
else
{
if (key.KeyType == KeyType.DsaPriv)
{
var dsaKey = (DsaPrivateKey)key;
writeKey = new DsaPrivateKeyParameters(dsaKey.X.ToBouncyBigInteger(),
new DsaParameters(
dsaKey.PublicKey.P.ToBouncyBigInteger(),
dsaKey.PublicKey.Q.ToBouncyBigInteger(),
dsaKey.PublicKey.G.ToBouncyBigInteger()));
}
else if (key is IRsaPrivateKey)
{
var rsaKey = (IRsaPrivateKey)key;
writeKey = new RsaPrivateCrtKeyParameters(
rsaKey.PublicKey.Modulus.ToBouncyBigInteger(),
rsaKey.PublicKey.PublicExponent.ToBouncyBigInteger(),
rsaKey.PrivateExponent.ToBouncyBigInteger(),
rsaKey.PrimeP.ToBouncyBigInteger(),
rsaKey.PrimeQ.ToBouncyBigInteger(),
rsaKey.PrimeExponentP.ToBouncyBigInteger(),
rsaKey.PrimeExponentQ.ToBouncyBigInteger(),
rsaKey.CrtCoefficient.ToBouncyBigInteger());
}
else
{
throw new InvalidKeyTypeException("Non exportable key type.");
}
pemWriter.WriteObject(new Pkcs8Generator(writeKey, Pkcs8Generator.PbeSha1_RC2_128)
{
Password = (passwordPrompt() ?? String.Empty).ToCharArray(),
SecureRandom = Secure.Random,
IterationCount = 4096
});
}
}
}
return(true);
}
public static bool ExportAsPkcs12(this IKeySet keySet, Stream saveStream, Func <string> passwordPrompt)
{
var issuerGenerator = new RsaKeyPairGenerator();
issuerGenerator.Init(new KeyGenerationParameters(Secure.Random, 2048));
var issuerKp = issuerGenerator.GenerateKeyPair();
var issuercn = new X509Name($"CN=Keyczar|{keySet.Metadata.Name}|TEMPCA");
var issuerGenertor = new X509V3CertificateGenerator();
BigInteger issueSerialNumber = BigInteger.ProbablePrime(128, Secure.Random);
issuerGenertor.SetSerialNumber(issueSerialNumber);
issuerGenertor.SetSubjectDN(issuercn);
issuerGenertor.SetIssuerDN(issuercn);
issuerGenertor.SetNotAfter(DateTime.Now.AddYears(100));
issuerGenertor.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
issuerGenertor.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.AnyExtendedKeyUsage));
issuerGenertor.SetPublicKey(issuerKp.Public);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKp.Private, Secure.Random);
var issuerCert = issuerGenertor.Generate(signatureFactory);
var builder = new Pkcs12StoreBuilder();
var store = builder.Build();
var issueEntryCert = new X509CertificateEntry(issuerCert);
var hasPrivateKeys = false;
foreach (var version in keySet.Metadata.Versions)
{
using (var key = keySet.GetKey(version.VersionNumber))
{
var cn = new X509Name($"CN=Keyczar|{keySet.Metadata.Name}|{version.VersionNumber}");
var certificateGenerator = new X509V3CertificateGenerator();
BigInteger serialNo = BigInteger.ProbablePrime(128, Secure.Random);
certificateGenerator.SetSerialNumber(serialNo);
certificateGenerator.SetSubjectDN(cn);
certificateGenerator.SetIssuerDN(issuercn);
certificateGenerator.SetNotAfter(DateTime.Now.AddYears(100));
certificateGenerator.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.AnyExtendedKeyUsage));
switch (key)
{
case IRsaPrivateKey k:
{
hasPrivateKeys = true;
var publicKey = BouncyCastleFromKey(k.PublicKey);
var privateKey = BouncyCastleFromKey(k);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
var keyEntry = new AsymmetricKeyEntry(privateKey);
store.SetKeyEntry(certificate.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { entryCert, issueEntryCert });
}
break;
case IRsaPublicKey rsaPub:
{
var publicKey = BouncyCastleFromKey(rsaPub);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
}
break;
case DsaPrivateKey dsaKey:
{
hasPrivateKeys = true;
var publicKey = BouncyCastleFromKey(dsaKey.PublicKey);
var privateKey = BouncyCastleFromKey(dsaKey);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
var keyEntry = new AsymmetricKeyEntry(privateKey);
store.SetKeyEntry(certificate.SubjectDN.ToString() + "|key", keyEntry, new X509CertificateEntry[] { entryCert, issueEntryCert });
}
break;
case DsaPublicKey dsaKey:
{
var publicKey = BouncyCastleFromKey(dsaKey);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
}
break;
}
}
}
if (!hasPrivateKeys)
{
passwordPrompt = null;
}
var password = passwordPrompt?.Invoke();
if (String.IsNullOrEmpty(password))
{
password = null;
}
store.Save(saveStream, password?.ToCharArray(), new SecureRandom());
return(true);
}
/// <summary>
/// Initializes a new instance of the <see cref="Keyczar"/> class.
/// </summary>
/// <param name="keySet">The key set.</param>
protected Keyczar(IKeySet keySet)
{
var metadata = keySet.Metadata;
var versions = metadata
.Versions
.Select(v =>
{
var key = keySet.GetKey(v.VersionNumber);
return Tuple.Create(key.GetKeyHash(), v, key);
})
.ToList();
_primaryVersion = metadata.Versions.SingleOrDefault(it => it.Status == KeyStatus.Primary);
_versions = versions.ToDictionary(k => k.Item2.VersionNumber, v => v.Item3);
_hashedKeys = HashKeys(versions);
_hashedFallbackKeys = HashedFallbackKeys(versions);
}
