/// <summary> /// Decrypts and verifies the data. /// </summary> /// <param name="cipherData">The cipher data.</param> /// <param name="privateKey">The Private key to decrypt.</param> /// <param name="publicKeys"> The list of trusted public keys for verification, /// which can contain signer's public key.</param> /// <returns>The decrypted data</returns> /// <exception cref="Virgil.SDK.Exceptions.SignatureIsNotValidException"></exception> /// <exception cref="Virgil.SDK.Exceptions.CryptoException"></exception> /// <example> /// <code> /// var crypto = new VirgilCrypto(); /// var decryptedData = crypto.DecryptThenVerify(cipherData, bob.PrivateKey, alice.PublicKey); /// </code> /// </example> /// How to get cipherData as well as Alice's and Bob's key pairs. /// <see cref="SignThenEncrypt(byte[] data, IPrivateKey privateKey, params IPublicKey[] recipients)"/> public override byte[] DecryptThenVerify(byte[] cipherData, IPrivateKey privateKey, params IPublicKey[] publicKeys) { try { using (var signer = new VirgilSigner()) using (var cipher = new VirgilCipher()) { var decryptedData = cipher.DecryptWithKey(cipherData, privateKey.Get().ReceiverId, privateKey.Get().Value); var signature = cipher.CustomParams().GetData(this.CustomParamKeySignature); var signerPublicKey = publicKeys.FirstOrDefault(); if (publicKeys.Length > 1) { var signerId = cipher.CustomParams().GetData(this.CustomParamKeySignerId); signerPublicKey = publicKeys.Single(publicKey => publicKey.Get().ReceiverId.SequenceEqual(signerId)); } var isValid = signer.Verify(decryptedData, signature, signerPublicKey.Get().Value); if (!isValid) { throw new SignatureIsNotValidException(); } return(decryptedData); } } catch (Exception ex) { throw new CryptoException(ex.Message); } }
/** * @TODO this should extend file system based tests and resolve tests via autofac container */ public DeltaExecutorTests() { _specProvider = new CatalystSpecProvider(); _stateProvider = new StateProvider(new StateDb(), new StateDb(), LimboLogs.Instance); var storageProvider = new StorageProvider(new StateDb(), _stateProvider, LimboLogs.Instance); IKvm virtualMachine = new KatVirtualMachine(_stateProvider, storageProvider, new StateUpdateHashProvider(), _specProvider, LimboLogs.Instance); var logger = Substitute.For <ILogger>(); logger.IsEnabled(Arg.Any <LogEventLevel>()).Returns(true); _senderPrivateKey = _cryptoContext.GeneratePrivateKey(); _senderPublicKey = _senderPrivateKey.GetPublicKey(); _recipient = _cryptoContext.GeneratePrivateKey().GetPublicKey(); _poorSender = _cryptoContext.GeneratePrivateKey().GetPublicKey(); _stateProvider.CreateAccount(_poorSender.ToKvmAddress(), 0.Kat()); _stateProvider.CreateAccount(_senderPublicKey.ToKvmAddress(), 1000.Kat()); _stateProvider.CreateAccount(Address.Zero, 1000.Kat()); _stateProvider.Commit(_specProvider.GenesisSpec); _executor = new DeltaExecutor(_specProvider, _stateProvider, storageProvider, virtualMachine, new FfiWrapper(), logger); _signingContext = new SigningContext { NetworkType = NetworkType.Devnet, SignatureType = SignatureType.TransactionPublic }; }
/// <summary> /// Decrypts and verifies the specified data. /// </summary> /// <param name="cipherData">The cipher data.</param> /// <param name="privateKey">The Private key to decrypt.</param> /// <param name="publicKeys"> The list of trusted public keys for verification, /// which can contain signer's public key.</param> /// <returns>The decrypted and verified data</returns> /// <exception cref="VirgilCryptoException"></exception> /// <example> /// <code> /// var crypto = new VirgilCrypto(); /// var decryptedData = crypto.DecryptThenVerify(cipherData, bob.PrivateKey, alice.PublicKey); /// </code> /// </example> /// <remarks>How to get cipherData as well as Alice's and Bob's key pairs /// <see cref="SignThenEncrypt(byte[], IPrivateKey, IPublicKey[])"/>.</remarks> public byte[] DecryptThenVerify(byte[] cipherData, IPrivateKey privateKey, params IPublicKey[] publicKeys) { try { using (VirgilSigner signer = new VirgilSigner(VirgilHash.Algorithm.SHA512)) using (VirgilCipher cipher = new VirgilCipher()) { byte[] decryptedData = cipher.DecryptWithKey(cipherData, VirgilCryptoExtentions.Get(privateKey).Id, VirgilCryptoExtentions.Get(privateKey).RawKey); byte[] signature = cipher.CustomParams().GetData(this.CustomParamKeySignature); IPublicKey signerPublicKey = (publicKeys.Length > 0) ? publicKeys[0] : null; if (publicKeys.Length > 1) { byte[] signerId = cipher.CustomParams().GetData(this.CustomParamKeySignerId); signerPublicKey = FindPublicKeyBySignerId(publicKeys, signerId); } bool isValid = signer.Verify(decryptedData, signature, VirgilCryptoExtentions.Get(signerPublicKey).RawKey); if (!isValid) { throw new VirgilCryptoException("Signature is not valid."); } return(decryptedData); } } catch (Exception ex) { throw new VirgilCryptoException(ex.Message); } }
/// <summary> /// Signs the specified data using the specified Private key. /// </summary> /// <param name="data">raw data bytes for signing.</param> /// <param name="privateKey">private key for signing.</param> /// <returns>Signature data.</returns> /// <example> /// <code> /// var crypto = new VirgilCrypto(); /// var keyPair = crypto.GenerateKeys(); /// var data = Encoding.UTF8.GetBytes("Hello Bob!"); /// var signature = crypto.GenerateSignature(data, keyPair.PrivateKey); /// </code> /// </example> /// <remarks>How to verify signature <see cref="VerifySignature(byte[], byte[], IPublicKey)"/>.</remarks> public byte[] GenerateSignature(byte[] data, IPrivateKey privateKey) { if (data == null) { throw new ArgumentNullException("data"); } if (privateKey == null) { throw new ArgumentNullException("privateKey"); } try { using (VirgilSigner signer = new VirgilSigner(VirgilHash.Algorithm.SHA512)) { byte[] signature = signer.Sign(data, VirgilCryptoExtentions.Get(privateKey).RawKey); return(signature); } } catch (Exception ex) { throw new VirgilCryptoException(ex.Message); } }
/// <summary> /// Signs and encrypts the specified data. /// </summary> /// <param name="data">The data to encrypt.</param> /// <param name="privateKey">The Private key to sign the data.</param> /// <param name="recipients">The list of Public key recipients to encrypt the data.</param> /// <returns>Signed and encrypted data bytes.</returns> /// <exception cref="Virgil.Crypto.VirgilCryptoException"></exception> /// <example> /// <code> /// var crypto = new VirgilCrypto(); /// var alice = crypto.GenerateKeys(); /// var bob = crypto.GenerateKeys(); /// var originalData = Encoding.UTF8.GetBytes("Hello Bob, How are you?"); /// // The data to be signed with Alice's Private key and then encrypted for Bob. /// var cipherData = crypto.SignThenEncrypt(originalData, alice.PrivateKey, bob.PublicKey); /// </code> /// </example> public byte[] SignThenEncrypt(byte[] data, IPrivateKey privateKey, params IPublicKey[] recipients) { try { using (VirgilSigner signer = new VirgilSigner(VirgilHash.Algorithm.SHA512)) using (VirgilCipher cipher = new VirgilCipher()) { byte[] signature = signer.Sign(data, VirgilCryptoExtentions.Get(privateKey).RawKey); VirgilCustomParams customData = cipher.CustomParams(); customData.SetData(this.CustomParamKeySignature, signature); IPublicKey publicKey = this.ExtractPublicKey(privateKey); customData.SetData(this.CustomParamKeySignerId, VirgilCryptoExtentions.Get(publicKey).Id); foreach (IPublicKey recipientPublicKey in recipients) { cipher.AddKeyRecipient(VirgilCryptoExtentions.Get(recipientPublicKey).Id, VirgilCryptoExtentions.Get(recipientPublicKey).RawKey); } return(cipher.Encrypt(data, true)); } } catch (Exception ex) { throw new VirgilCryptoException(ex.Message); } }
/// <summary> /// Sign passed request with authority private key. /// </summary> /// <param name="request">request for signing.</param> /// <param name="appId">authority id.</param> /// <param name="appKey">authority private key to sign with.</param> public void AuthoritySign(ISignableRequest request, string appId, IPrivateKey appKey) { var fingerprint = this.crypto.CalculateFingerprint(request.Snapshot); var signature = this.crypto.Sign(fingerprint.GetValue(), appKey); request.AppendSignature(appId, signature); }
/// <summary> /// Signs the specified data using Private key. /// </summary> public override byte[] Sign(byte[] data, IPrivateKey privateKey) { if (data == null) { throw new ArgumentNullException(nameof(data)); } if (privateKey == null) { throw new ArgumentNullException(nameof(privateKey)); } try { using (var signer = new VirgilSigner()) { var signature = signer.Sign(data, privateKey.Get().Value); return(signature); } } catch (Exception ex) { throw new CryptoException(ex.Message); } }
/// <summary> /// Signs and encrypts the data. /// </summary> /// <param name="data">The data to encrypt.</param> /// <param name="privateKey">The Private key to sign the <param name="data"></param>.</param> /// <param name="recipients">The list of Public key recipients to encrypt the <param name="data"></param>.</param> /// <returns></returns> /// <exception cref="Virgil.SDK.Exceptions.CryptoException"></exception> public override byte[] SignThenEncrypt(byte[] data, IPrivateKey privateKey, params IPublicKey[] recipients) { try { using (var signer = new VirgilSigner()) using (var cipher = new VirgilCipher()) { var signature = signer.Sign(data, privateKey.Get().Value); var customData = cipher.CustomParams(); customData.SetData(this.CustomParamKeySignature, signature); foreach (var publicKey in recipients) { cipher.AddKeyRecipient(publicKey.Get().ReceiverId, publicKey.Get().Value); } return(cipher.Encrypt(data, true)); } } catch (Exception ex) { throw new CryptoException(ex.Message); } }
/// <summary> /// Sign passed request with private key. /// </summary> /// <param name="request">request for signing.</param> /// <param name="privateKey">private key to sign with.</param> public void SelfSign(ISignableRequest request, IPrivateKey privateKey) { var fingerprint = this.crypto.CalculateFingerprint(request.Snapshot); var signature = this.crypto.Sign(fingerprint.GetValue(), privateKey); request.AppendSignature(fingerprint.ToHEX(), signature); }
public void PrivateKey_Can_Be_Created_With_Valid_Input() { var privateKeyBytes = GenerateRandomByteArray(_wrapper.PrivateKeyLength); IPrivateKey privateKey = _wrapper.GetPrivateKeyFromBytes(privateKeyBytes); privateKey.Should().NotBe(null); }
public async Task UpdateKeyProtectorAsync(IPrivateKey currentKeyProtector, IPublicKey newKeyProtector) { if (currentKeyProtector == null) { throw new ArgumentNullException("currentKeyProtector"); } if (currentKeyProtector.KeyId != _encryptedKey.KeyId) { throw new ArgumentException(string.Format("currentKeyProtector.KeyId '{0}' does not match encryptedKey.KeyId '{1}'.", currentKeyProtector.KeyId, _encryptedKey.KeyId)); } if (newKeyProtector == null) { throw new ArgumentNullException("newKeyProtector"); } // decrypt the key and populate to the x509 var asymEnc = new AsymmetricEncryptor(); var decrypted = await asymEnc.DecryptObjectAsync(_encryptedKey, currentKeyProtector); var pfxBytes = decrypted as byte[]; if (pfxBytes == null || !pfxBytes.Any()) { throw new CryptographicException(string.Format("encryptedKey successfull decrypted but was not a valid PFX byte array. Type was '{0}'.", decrypted.GetType().FullName)); } // re-encrypt the key var newAsymEncObj = await asymEnc.EncryptObjectAsync(pfxBytes, newKeyProtector); _encryptedKey = newAsymEncObj; }
internal ChoicesSign(int cipherSuite, byte[][] chain, int hashAlgo, IPrivateKey skey) : base(cipherSuite, chain) { this.hashAlgo = hashAlgo; this.skey = skey; }
public static Signature GenerateSignature(this PublicEntry publicEntry, ICryptoContext cryptoContext, IPrivateKey privateKey, SigningContext context) { return(GeneratePublicEntrySignature(publicEntry.Clone(), cryptoContext, privateKey, context)); }
public async Task KeyStoreEncryptAsync(IPrivateKey privateKey, NetworkType networkType, KeyRegistryTypes keyIdentifier) { try { var publicKeyHash = _hashProvider.ComputeMultiHash(privateKey.GetPublicKey().Bytes).ToArray() .ToByteString(); var address = new Address { PublicKeyHash = publicKeyHash, AccountType = AccountType.PublicAccount, NetworkType = networkType }; var securePassword = _passwordManager.RetrieveOrPromptPassword(_defaultNodePassword, "Please create a password for this node"); var password = StringFromSecureString(securePassword); var json = EncryptAndGenerateDefaultKeyStoreAsJson( password, _cryptoContext.ExportPrivateKey(privateKey), address.RawBytes.ToBase32()); _passwordManager.AddPasswordToRegistry(_defaultNodePassword, securePassword); await _fileSystem.WriteTextFileToCddSubDirectoryAsync(keyIdentifier.Name, Constants.KeyStoreDataSubDir, json); } catch (Exception e) { _logger.Error(e.Message); } }
public static TransactionBroadcast Sign(this TransactionBroadcast transaction, ICryptoContext cryptoContext, IPrivateKey privateKey, SigningContext context) { var clone = transaction.Clone(); if (transaction.Signature?.RawBytes.Length == cryptoContext.SignatureLength) { Logger.Debug("The transaction was already signed, returning a clone."); return(clone); } clone.Signature = null; var signatureBytes = cryptoContext.Sign(privateKey, clone.ToByteArray(), context.ToByteArray()).SignatureBytes; clone.Signature = new Signature { RawBytes = signatureBytes.ToByteString(), SigningContext = context }; return(clone); }
public void TestGetPublicKeyFromPrivate() { IPrivateKey privateKey = _wrapper.GeneratePrivateKey(); IPublicKey publicKey = _wrapper.GetPublicKeyFromPrivateKey(privateKey); publicKey.Bytes.Length.Should().Be(_wrapper.PublicKeyLength); }
public CatalystNodePoa(IKeySigner keySigner, IPeerService peer, IConsensus consensus, IDfs dfs, ILedger ledger, ILogger logger, IRpcServer rpcServer, IPeerClient peerClient, IPeerSettings peerSettings, IMempool <TransactionBroadcastDao> mempool, IContract contract = null) { _peer = peer; _peerClient = peerClient; _peerSettings = peerSettings; Consensus = consensus; _dfs = dfs; _ledger = ledger; _keySigner = keySigner; _logger = logger; _rpcServer = rpcServer; _mempool = mempool; _contract = contract; _privateKey = keySigner.KeyStore.KeyStoreDecrypt(KeyRegistryTypes.DefaultKey); _publicKey = keySigner.CryptoContext.GetPublicKey(_privateKey); }
public void TestGenerateDifferentKey() { IPrivateKey privateKey1 = _wrapper.GeneratePrivateKey(); IPrivateKey privateKey2 = _wrapper.GeneratePrivateKey(); privateKey1.Bytes.Should().NotEqual(privateKey2.Bytes); }
public PoaTestNode(string name, IPrivateKey privateKey, IPeerSettings nodeSettings, IDfsService dfsService, IEnumerable <PeerId> knownPeerIds, IFileSystem parentTestFileSystem) { Name = name; _nodeSettings = nodeSettings; _nodeDirectory = parentTestFileSystem.GetCatalystDataDir(); _dfsService = dfsService; _rpcSettings = RpcSettingsHelper.GetRpcServerSettings(nodeSettings.Port + 100); _nodePeerId = nodeSettings.PeerId; _memPool = new Mempool(new MempoolService(new InMemoryRepository <PublicEntryDao, string>())); _peerRepository = new PeerRepository(new InMemoryRepository <Peer, string>()); var peersInRepo = knownPeerIds.Select(p => new Peer { PeerId = p, IsPoaNode = true, LastSeen = DateTime.UtcNow }).ToList(); _peerRepository.Add(peersInRepo); _deltaByNumber = new DeltaByNumberRepository(new InMemoryRepository <DeltaByNumber, string>()); _containerProvider = new ContainerProvider(new[] { Constants.NetworkConfigFile(NetworkType.Devnet), Constants.SerilogJsonConfigFile } .Select(f => Path.Combine(Constants.ConfigSubFolder, f)), parentTestFileSystem, TestContext.CurrentContext); RegisterNodeDependencies(_containerProvider.ContainerBuilder, excludedModules: new List <Type> { typeof(ApiModule), typeof(RpcServerModule) } ); _containerProvider.ConfigureContainerBuilder(true, true); OverrideContainerBuilderRegistrations(); _scope = _containerProvider.Container.BeginLifetimeScope(Name); _node = _scope.Resolve <ICatalystNode>(); var keyStore = _scope.Resolve <IKeyStore>(); var keyRegistry = _scope.Resolve <IKeyRegistry>(); keyRegistry.RemoveItemFromRegistry(KeyRegistryTypes.DefaultKey); keyRegistry.AddItemToRegistry(KeyRegistryTypes.DefaultKey, privateKey); keyStore.KeyStoreEncryptAsync(privateKey, nodeSettings.NetworkType, KeyRegistryTypes.DefaultKey) .ConfigureAwait(false).GetAwaiter() .GetResult(); }
public KeyPair(IPrivateKey privateKey, string associatePublicKey = null) { this.privateKey = privateKey; if (!associatePublicKey.IsNull()) { Assert.Equal(associatePublicKey, Public.ToString(), "Associate public key doesn't equal with generated public key"); } }
private Data Sign(IPrivateKey privateKey, bool isProtectedEntry) { IsSigned = true; PrivateKey = privateKey; HasPublicKey = true; IsProtectedEntry = isProtectedEntry; return(this); }
public KeySignerTests() { _keystore = Substitute.For <IKeyStore>(); _keyRegistry = Substitute.For <IKeyRegistry>(); _signature = Substitute.For <ISignature>(); _privateKey = Substitute.For <IPrivateKey>(); _cryptoContext = Substitute.For <ICryptoContext>(); _cryptoContext.Sign(default, default, default).ReturnsForAnyArgs(_signature);
/// <summary> /// Load RSA key pair from KeyStore /// </summary> private static void AccessKeyStore() { if (_keyStore.ContainsAlias(ALIAS)) { IPrivateKey privateKey = (_keyStore.GetEntry(ALIAS, null) as KeyStore.PrivateKeyEntry).PrivateKey; IPublicKey publicKey = _keyStore.GetCertificate(ALIAS).PublicKey; _keyPair = new KeyPair(publicKey, privateKey); } }
/// <summary> /// Initializes a new instance of the <see cref="RsaCryptographicKey" /> class. /// </summary> /// <param name="publicKey">The public key.</param> /// <param name="privateKey">The private key.</param> /// <param name="parameters">The RSA instance, if available.</param> /// <param name="algorithm">The algorithm.</param> internal RsaCryptographicKey(IPublicKey publicKey, IPrivateKey privateKey, RSAParameters parameters, AsymmetricAlgorithm algorithm) { Requires.NotNull(publicKey, "publicKey"); Requires.NotNull(privateKey, "privateKey"); this.publicKey = publicKey.JavaCast<IRSAPublicKey>(); this.privateKey = privateKey.JavaCast<IRSAPrivateKey>(); this.parameters = parameters; this.algorithm = algorithm; }
public bool CheckPassword(string password) { using (var file = new FileStream(this.m_key[0], FileMode.Open, FileAccess.Read, FileShare.Read)) { var buff = new byte[file.Length]; file.Read(buff, 0, buff.Length); return(IPrivateKey.CheckPassword(buff, password)); } }
/// <summary> /// Initializes a new instance of the <see cref="RsaCryptographicKey" /> class. /// </summary> /// <param name="publicKey">The public key.</param> /// <param name="privateKey">The private key.</param> /// <param name="parameters">The RSA instance, if available.</param> /// <param name="algorithm">The algorithm.</param> internal RsaCryptographicKey(IPublicKey publicKey, IPrivateKey privateKey, RSAParameters parameters, AsymmetricAlgorithm algorithm) { Requires.NotNull(publicKey, nameof(publicKey)); Requires.NotNull(privateKey, nameof(privateKey)); this.publicKey = publicKey.JavaCast <IRSAPublicKey>() !; this.privateKey = privateKey.JavaCast <IRSAPrivateKey>() !; this.parameters = parameters; this.algorithm = algorithm; }
public KeySignerTests() { _keystore = Substitute.For <IKeyStore>(); _keyRegistry = Substitute.For <IKeyRegistry>(); _signature = Substitute.For <ISignature>(); _privateKey = Substitute.For <IPrivateKey>(); _cryptoContext = new CryptoContext(_signature); _privateKey.Bytes.Returns(ByteUtil.GenerateRandomByteArray(32)); _keystore.KeyStoreDecrypt(default).ReturnsForAnyArgs(_privateKey);
public void Signature_Should_Contain_Public_Key_Corresponding_To_Private_Key() { IPrivateKey privateKey = _wrapper.GeneratePrivateKey(); IPublicKey publicKey = _wrapper.GetPublicKeyFromPrivateKey(privateKey); byte[] message = Encoding.UTF8.GetBytes("fa la la la"); byte[] context = Encoding.UTF8.GetBytes("context"); ISignature signature = _wrapper.Sign(privateKey, message, context); signature.PublicKeyBytes.Should().Equal(publicKey.Bytes); }
public void TestStdSignVerify() { IPrivateKey privateKey = _wrapper.GeneratePrivateKey(); byte[] message = Encoding.UTF8.GetBytes("fa la la la"); byte[] context = Encoding.UTF8.GetBytes("context"); ISignature signature = _wrapper.Sign(privateKey, message, context); bool isVerified = _wrapper.Verify(signature, message, context); isVerified.Should().BeTrue(); }
internal static PrivateKey Get(this IPrivateKey privateKey) { var theKey = privateKey as PrivateKey; if (theKey != null) { return(theKey); } throw new NotSupportedException(); }
/// <summary> /// Stores the private key to the given alias. /// </summary> /// <param name="privateKey">The private key.</param> /// <param name="alias">The alias.</param> /// <param name="meta">Some additional data.</param> /// <exception cref="DuplicateKeyException"></exception> public void Store(IPrivateKey privateKey, string alias, IDictionary <string, string> meta = null) { var keyEntry = new KeyEntry() { Meta = meta, Name = alias, Value = privateKeyExporter.ExportPrivatekey(privateKey) }; this.keyStorage.Store(keyEntry); }
public static async Task<SecureString> DecryptFromBase64StringAsync(string encryptedValueAsBase64String, IPrivateKey privateKey) { return await DecryptFromBase64StringAsync(encryptedValueAsBase64String, privateKey, null); }
public object DecryptObject(AsymmetricallyEncryptedObject input, IPrivateKey privateKey1, IPrivateKey privateKey2) { return AsyncHelper.RunSync(() => this.DecryptObject_PrivateAsync(input, privateKey1, privateKey2)); }
public async Task<object> DecryptObjectAsync(AsymmetricallyEncryptedObject input, IPrivateKey privateKey1, IPrivateKey privateKey2) { return await this.DecryptObject_PrivateAsync(input, privateKey1, privateKey2); }
/// <summary> /// Encrypt an EC private key with a symmetric key. /// </summary> /// <param name="privateKey">The EC private key to encrypt</param> /// <param name="symmetricKey">The symmetric key with which to encrypt the EC key. Must be at least /// 16 bytes. Any additional bytes will be ignored.</param> /// <returns></returns> public static byte[] EncryptPrivateKeyWithAesCbc(IPrivateKey privateKey, byte[] symmetricKey) // EcDiffieHelmanCng { //byte[] ecAccountLogKeyAsBytes = privateKey.Key.Export(CngKeyBlobFormat.EccPrivateBlob); //return EncryptAesCbc(ecAccountLogKeyAsBytes, symmetricKey.Take(16).ToArray(), addHmac: true); return new byte[0]; }
private async Task<object> DecryptObject_PrivateAsync(AsymmetricallyEncryptedObject input, IPrivateKey privateKey1, IPrivateKey privateKey2) { // Variables byte[] encryptedPassphraseAsBytes = null; encryptedPassphraseAsBytes = input.Reference; byte[] passphraseAsBytes = null; string passPhrase = null; // used for the legacy if (privateKey2 == null) { passphraseAsBytes = await privateKey1.UnwrapKeyAsync(encryptedPassphraseAsBytes); if (input.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2) { passPhrase = (string)Serializer.DeserializeFromByteArray(passphraseAsBytes); } } else { var dualPwJson = Encoding.UTF8.GetString(encryptedPassphraseAsBytes); var dualPw = Serializer.DeserializeFromJson<DualKeyProtectedPassword>(dualPwJson); var passPhrase1Bytes = await privateKey1.UnwrapKeyAsync(dualPw.EncryptedPassphrase1); var passPhrase2Bytes = await privateKey2.UnwrapKeyAsync(dualPw.EncryptedPassphrase2); if (input.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2) { var passPhrase1 = (string)Serializer.DeserializeFromByteArray(passPhrase1Bytes); var passPhrase2 = (string)Serializer.DeserializeFromByteArray(passPhrase2Bytes); passPhrase = passPhrase1 + passPhrase2; } else { // generate the full passphrase passphraseAsBytes = passPhrase1Bytes.Concat(passPhrase2Bytes).ToArray(); } //passPhrase1Bytes.ClearByteArray(); //passPhrase2Bytes.ClearByteArray(); } object output = null; // handle the different strategies if (input.AsymmetricStrategy == AsymmetricStrategyOption.Undefined || input.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2) { // deserialize the object using the legacy serialization to a string // unavoidable to preserve #pragma warning disable 0618 output = BasicEncryptor.DecryptObject(input.Data, input.CipherText, passPhrase); #pragma warning restore 0618 } else if (input.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5) { // decryption knows the iterations var decryptedObjectAsBytes = AesEncryptor.Decrypt(input.Data, passphraseAsBytes); output = Serializer.DeserializeFromByteArray(decryptedObjectAsBytes); } else if (input.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000 || input.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5 || input.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_200000) { // decryption knows the iterations var decryptedObjectAsBytes = AesEncryptor.Decrypt(input.Data, passphraseAsBytes); output = Serializer.DeserializeFromByteArray(decryptedObjectAsBytes); } else { throw new NotImplementedException(string.Format("AsymmetricStrategyOption '{0}' not implemented.", input.AsymmetricStrategy.ToString())); } passphraseAsBytes.ClearByteArray(); return output; }
public KeyPair(IPublicKey publicKey, IPrivateKey privateKey) { PublicKey = publicKey; PrivateKey = privateKey; }
public ISignatureCodec Sign(IPrivateKey privateKey, ByteBuf buffer) { throw new NotImplementedException(); }
/// <summary> /// This may be used to decrypte a password used for symmetric encryption. /// </summary> /// <param name="encryptedValueAsBase64String"></param> /// <param name="privateKey"></param> /// <returns></returns> public static async Task<SecureString> DecryptFromBase64StringAsync(string encryptedValueAsBase64String, IPrivateKey privateKey1, IPrivateKey privateKey2) { if (string.IsNullOrEmpty(encryptedValueAsBase64String)) { throw new ArgumentException("encryptedValueAsBase64String"); } byte[] plainBytes = null; // Read encrypted data var bytes = Convert.FromBase64String(encryptedValueAsBase64String); var json = Encoding.UTF8.GetString(bytes); var asymEncObj = Serializer.DeserializeFromJson<AsymmetricallyEncryptedObject>(json); // deserialize the object var asymEnc = new AsymmetricEncryptor(); plainBytes = (byte[])await asymEnc.DecryptObjectAsync(asymEncObj, privateKey1, privateKey2); var secureString = new SecureString(); var chars = System.Text.Encoding.UTF8.GetChars(plainBytes); foreach (var c in chars) { secureString.AppendChar(c); } for (int i = 0; i < chars.Length; i++) { // clear chars array chars[i] = 'X'; } chars = null; return secureString; }
public async Task<IPrivateKey> ToKeyEncyrptionKeyAsync(IPrivateKey keyProtector) { if (keyProtector == null) { throw new ArgumentNullException("keyProtector"); } if (keyProtector.KeyId != _encryptedKey.KeyId) { throw new ArgumentException(string.Format("keyProtector.KeyId '{0}' does not match encryptedKey.KeyId '{1}'.", keyProtector.KeyId, _encryptedKey.KeyId)); } // decrypt the key and populate to the x509 var asymEnc = new AsymmetricEncryptor(); var decrypted = await asymEnc.DecryptObjectAsync(_encryptedKey, keyProtector); var pfxBytes = (byte[])decrypted; if (decrypted == null || !pfxBytes.Any()) { throw new CryptographicException(string.Format("encryptedKey successfull decrypted but was not a valid PFX byte array. Type was '{0}'.", decrypted.GetType().FullName)); } IPrivateKey protectedKeyAsKeyEncryptionKey; try { var x509 = new X509Certificate2(pfxBytes); if (x509.Thumbprint.ToLower() != this.KeyId.ToLower()) { throw new System.Security.SecurityException(string.Format("The original KeyId '{0}' does not match the certificate thumbprint '{1}'.", this.KeyId, x509.Thumbprint)); } if (x509.HasPrivateKey && x509.PrivateKey == null) { var csp = x509.PrivateKey as RSACryptoServiceProvider; if (csp == null) { throw new NotImplementedException(string.Format("encryptedKey does not have a valid RSACryptoServiceProvider private key. Type was '{0}'.", x509.PrivateKey.GetType().FullName)); } if (csp.CspKeyContainerInfo.Exportable) { throw new System.Security.SecurityException("The decrypted X509Certificate2 was marked as exportable in the CspKeyContainerInfo. This is not permitted on a protected key."); } } protectedKeyAsKeyEncryptionKey = Utilities.X509CertificateHelper.GetKeyEncryptionKey(x509); } catch (Exception ex) { throw new InvalidOperationException(string.Format("X509Certificate2 could not be validated. Thumbprint '{0}'. See inner exception for details.", ex)); } return protectedKeyAsKeyEncryptionKey; }
public static SecureString DecryptFromBase64String(string encryptedValueAsBase64String, IPrivateKey privateKey) { return DecryptFromBase64String(encryptedValueAsBase64String, privateKey, null); }
public static SecureString DecryptFromBase64String(string encryptedValueAsBase64String, IPrivateKey privateKey1, IPrivateKey privateKey2) { return AsyncHelper.RunSync(() => DecryptFromBase64StringAsync(encryptedValueAsBase64String, privateKey1, privateKey2)); }