public void TestHashMismatch() { var oaepPaddingKey = oaepReader.GetKey(1); var pkcsPaddingKey = pkcsReader.GetKey(1); Expect(oaepPaddingKey.GetKeyHash(), Is.Not.EqualTo(pkcsPaddingKey.GetKeyHash())); }
public static Key GetPrimaryKey(this IKeySet keySet) { var version = keySet.Metadata.GetPrimaryKeyVersion(); return(version == null ? null : keySet.GetKey(version.VersionNumber)); }
/// <summary> /// Initializes a new instance of the <see cref="Keyczar"/> class. /// </summary> /// <param name="keySet">The key set.</param> protected Keyczar(IKeySet keySet) { var metadata = keySet.Metadata; var versions = metadata .Versions .Select(v => { var key = keySet.GetKey(v.VersionNumber); return(Tuple.Create(key.GetKeyHash(), v, key)); }) .ToList(); _primaryVersion = metadata.Versions.SingleOrDefault(it => it.Status == KeyStatus.Primary); _versions = versions.ToDictionary(k => k.Item2.VersionNumber, v => v.Item3); _hashedKeys = HashKeys(versions); _hashedFallbackKeys = HashedFallbackKeys(versions); }
public static bool ExportPrimaryAsPkcs(this IKeySet keySet, string location, Func <string> passwordPrompt) { var i = keySet.Metadata.Versions.First(it => it.Status == KeyStatus.Primary).VersionNumber; using (var key = keySet.GetKey(i)) { using (var stream = new FileStream(location, FileMode.Create)) using (var writer = new StreamWriter(stream)) { var pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer); AsymmetricKeyParameter writeKey; if (!(key is IPrivateKey)) { if (key.KeyType == KeyType.DsaPub) { var dsaKey = (DsaPublicKey)key; writeKey = new DsaPublicKeyParameters(dsaKey.Y.ToBouncyBigInteger(), new DsaParameters( dsaKey.P.ToBouncyBigInteger(), dsaKey.Q.ToBouncyBigInteger(), dsaKey.G.ToBouncyBigInteger())); } else if (key is IRsaPublicKey) { var rsaKey = (IRsaPublicKey)key; writeKey = new RsaKeyParameters(false, rsaKey.Modulus.ToBouncyBigInteger(), rsaKey.PublicExponent.ToBouncyBigInteger()); } else { throw new InvalidKeyTypeException("Non exportable key type."); } pemWriter.WriteObject(new MiscPemGenerator(writeKey)); } else { if (key.KeyType == KeyType.DsaPriv) { var dsaKey = (DsaPrivateKey)key; writeKey = new DsaPrivateKeyParameters(dsaKey.X.ToBouncyBigInteger(), new DsaParameters( dsaKey.PublicKey.P.ToBouncyBigInteger(), dsaKey.PublicKey.Q.ToBouncyBigInteger(), dsaKey.PublicKey.G.ToBouncyBigInteger())); } else if (key is IRsaPrivateKey) { var rsaKey = (IRsaPrivateKey)key; writeKey = new RsaPrivateCrtKeyParameters( rsaKey.PublicKey.Modulus.ToBouncyBigInteger(), rsaKey.PublicKey.PublicExponent.ToBouncyBigInteger(), rsaKey.PrivateExponent.ToBouncyBigInteger(), rsaKey.PrimeP.ToBouncyBigInteger(), rsaKey.PrimeQ.ToBouncyBigInteger(), rsaKey.PrimeExponentP.ToBouncyBigInteger(), rsaKey.PrimeExponentQ.ToBouncyBigInteger(), rsaKey.CrtCoefficient.ToBouncyBigInteger()); } else { throw new InvalidKeyTypeException("Non exportable key type."); } pemWriter.WriteObject(new Pkcs8Generator(writeKey, Pkcs8Generator.PbeSha1_RC2_128) { Password = (passwordPrompt() ?? String.Empty).ToCharArray(), SecureRandom = Secure.Random, IterationCount = 4096 }); } } } return(true); }
public static bool ExportAsPkcs12(this IKeySet keySet, Stream saveStream, Func <string> passwordPrompt) { var issuerGenerator = new RsaKeyPairGenerator(); issuerGenerator.Init(new KeyGenerationParameters(Secure.Random, 2048)); var issuerKp = issuerGenerator.GenerateKeyPair(); var issuercn = new X509Name($"CN=Keyczar|{keySet.Metadata.Name}|TEMPCA"); var issuerGenertor = new X509V3CertificateGenerator(); BigInteger issueSerialNumber = BigInteger.ProbablePrime(128, Secure.Random); issuerGenertor.SetSerialNumber(issueSerialNumber); issuerGenertor.SetSubjectDN(issuercn); issuerGenertor.SetIssuerDN(issuercn); issuerGenertor.SetNotAfter(DateTime.Now.AddYears(100)); issuerGenertor.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); issuerGenertor.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.AnyExtendedKeyUsage)); issuerGenertor.SetPublicKey(issuerKp.Public); ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKp.Private, Secure.Random); var issuerCert = issuerGenertor.Generate(signatureFactory); var builder = new Pkcs12StoreBuilder(); var store = builder.Build(); var issueEntryCert = new X509CertificateEntry(issuerCert); var hasPrivateKeys = false; foreach (var version in keySet.Metadata.Versions) { using (var key = keySet.GetKey(version.VersionNumber)) { var cn = new X509Name($"CN=Keyczar|{keySet.Metadata.Name}|{version.VersionNumber}"); var certificateGenerator = new X509V3CertificateGenerator(); BigInteger serialNo = BigInteger.ProbablePrime(128, Secure.Random); certificateGenerator.SetSerialNumber(serialNo); certificateGenerator.SetSubjectDN(cn); certificateGenerator.SetIssuerDN(issuercn); certificateGenerator.SetNotAfter(DateTime.Now.AddYears(100)); certificateGenerator.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.AnyExtendedKeyUsage)); switch (key) { case IRsaPrivateKey k: { hasPrivateKeys = true; var publicKey = BouncyCastleFromKey(k.PublicKey); var privateKey = BouncyCastleFromKey(k); certificateGenerator.SetPublicKey(publicKey); var certificate = certificateGenerator.Generate(signatureFactory); var entryCert = new X509CertificateEntry(certificate); store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert); var keyEntry = new AsymmetricKeyEntry(privateKey); store.SetKeyEntry(certificate.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { entryCert, issueEntryCert }); } break; case IRsaPublicKey rsaPub: { var publicKey = BouncyCastleFromKey(rsaPub); certificateGenerator.SetPublicKey(publicKey); var certificate = certificateGenerator.Generate(signatureFactory); var entryCert = new X509CertificateEntry(certificate); store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert); } break; case DsaPrivateKey dsaKey: { hasPrivateKeys = true; var publicKey = BouncyCastleFromKey(dsaKey.PublicKey); var privateKey = BouncyCastleFromKey(dsaKey); certificateGenerator.SetPublicKey(publicKey); var certificate = certificateGenerator.Generate(signatureFactory); var entryCert = new X509CertificateEntry(certificate); store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert); var keyEntry = new AsymmetricKeyEntry(privateKey); store.SetKeyEntry(certificate.SubjectDN.ToString() + "|key", keyEntry, new X509CertificateEntry[] { entryCert, issueEntryCert }); } break; case DsaPublicKey dsaKey: { var publicKey = BouncyCastleFromKey(dsaKey); certificateGenerator.SetPublicKey(publicKey); var certificate = certificateGenerator.Generate(signatureFactory); var entryCert = new X509CertificateEntry(certificate); store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert); } break; } } } if (!hasPrivateKeys) { passwordPrompt = null; } var password = passwordPrompt?.Invoke(); if (String.IsNullOrEmpty(password)) { password = null; } store.Save(saveStream, password?.ToCharArray(), new SecureRandom()); return(true); }
/// <summary> /// Initializes a new instance of the <see cref="Keyczar"/> class. /// </summary> /// <param name="keySet">The key set.</param> protected Keyczar(IKeySet keySet) { var metadata = keySet.Metadata; var versions = metadata .Versions .Select(v => { var key = keySet.GetKey(v.VersionNumber); return Tuple.Create(key.GetKeyHash(), v, key); }) .ToList(); _primaryVersion = metadata.Versions.SingleOrDefault(it => it.Status == KeyStatus.Primary); _versions = versions.ToDictionary(k => k.Item2.VersionNumber, v => v.Item3); _hashedKeys = HashKeys(versions); _hashedFallbackKeys = HashedFallbackKeys(versions); }