// Generates keys for RSA signing
public IxianKeyPair generateKeys(int keySize, bool skip_header = false)
{
KeyPair kp = null;
try
{
KeyPairGenerator kpg = KeyPairGenerator.GetInstance("RSA");
kpg.Initialize(keySize);
kp = kpg.GenKeyPair();
IxianKeyPair ixi_kp = new IxianKeyPair();
ixi_kp.privateKeyBytes = rsaKeyToBytes(kp, true, skip_header);
ixi_kp.publicKeyBytes = rsaKeyToBytes(kp, false, skip_header);
byte[] plain = Encoding.UTF8.GetBytes("Plain text string");
if (!testKeys(plain, ixi_kp))
{
return(null);
}
return(ixi_kp);
}
catch (Exception e)
{
Logging.warn(string.Format("Exception while generating signature keys: {0}", e.ToString()));
return(null);
}
}
/// <exception cref="NoSuchAlgorithmException"/>
public static KeyPair GenerateKeyPair(string algorithm)
{
KeyPairGenerator keyGen = KeyPairGenerator.GetInstance(algorithm);
keyGen.Initialize(1024);
return(keyGen.GenKeyPair());
}
public void CreateKeyPair()
{
DeleteKey();
KeyPairGenerator keyGenerator =
KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME);
if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 &&
Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1)
{
var calendar = Calendar.GetInstance(_context.Resources.Configuration.Locale);
var endDate = Calendar.GetInstance(_context.Resources.Configuration.Locale);
endDate.Add(CalendarField.Year, 20);
//this API is obsolete after Android M, but I am supporting Android L
#pragma warning disable 618
var builder = new KeyPairGeneratorSpec.Builder(_context)
#pragma warning restore 618
.SetAlias(_keyName).SetSerialNumber(BigInteger.One)
.SetSubject(new X500Principal($"CN={_keyName} CA Certificate"))
.SetStartDate(calendar.Time)
.SetEndDate(endDate.Time).SetKeySize(KeySize);
keyGenerator.Initialize(builder.Build());
}
else if (Build.VERSION.SdkInt >= BuildVersionCodes.M)
{
var builder =
new KeyGenParameterSpec.Builder(_keyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetRandomizedEncryptionRequired(false).SetKeySize(KeySize);
keyGenerator.Initialize(builder.Build());
}
keyGenerator.GenerateKeyPair();
}
public async Task <byte[]> GenerateKeyPair(CancellationToken ct, string name)
{
if (this.Log().IsEnabled(LogLevel.Debug))
{
this.Log().Debug($"Generating a key pair (name: '{name}').");
}
name.Validation().NotNullOrEmpty(nameof(name));
using (await _asyncLock.LockAsync(ct))
{
var keygen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmEc, ANDROID_KEYSTORE);
keygen.Initialize(new KeyGenParameterSpec.Builder(name, KeyStorePurpose.Sign)
.SetAlgorithmParameterSpec(new ECGenParameterSpec(CURVE_NAME))
.SetDigests(KeyProperties.DigestSha256)
.SetUserAuthenticationRequired(true)
.Build()
);
if (this.Log().IsEnabled(LogLevel.Information))
{
this.Log().Info($"Return the generated key pair (name: '{name}').");
}
return(keygen.GenerateKeyPair().Public.GetEncoded());
}
}
KeyPair GetAsymmetricKeyPair()
{
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
// Return the existing key if found
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
// Otherwise we create a new key
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
#pragma warning disable CS0618
var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
#pragma warning restore CS0618
return(generator.GenerateKeyPair());
}
//BELOW API 23
public KeyPair GetAsymmetricKey()
{
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
// var originalLocale = Platform.
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, CONST_ANDROIDKEY);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
var builder = new KeyPairGeneratorSpec.Builder(appContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
return(generator.GenerateKeyPair());
}
/// <inheritdoc/>
public ICryptographicKey CreateKeyPair(int keySize)
{
Requires.Range(keySize > 0, "keySize");
var keyGen = KeyPairGenerator.GetInstance("RSA");
keyGen.Initialize(keySize);
var key = keyGen.GenerateKeyPair();
var privateKeyParameters = key.Private.JavaCast <IRSAPrivateCrtKey>();
var parameters = new RSAParameters
{
Modulus = privateKeyParameters.Modulus.ToByteArray(),
Exponent = privateKeyParameters.PublicExponent.ToByteArray(),
P = privateKeyParameters.PrimeP.ToByteArray(),
Q = privateKeyParameters.PrimeQ.ToByteArray(),
DP = privateKeyParameters.PrimeExponentP.ToByteArray(),
DQ = privateKeyParameters.PrimeExponentQ.ToByteArray(),
InverseQ = privateKeyParameters.CrtCoefficient.ToByteArray(),
D = privateKeyParameters.PrivateExponent.ToByteArray(),
};
// Normalize RSAParameters (remove leading zeros, etc.)
parameters = KeyFormatter.Pkcs1.Read(KeyFormatter.Pkcs1.Write(parameters));
return(new RsaCryptographicKey(key.Public, key.Private, parameters, this.algorithm));
}
private void CreateNewKey(string alias)
{
KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt)
.SetBlockModes(KeyProperties.BlockModeCbc)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.Build();
KeyPairGenerator generator = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore");
generator.Initialize(spec);
generator.GenerateKeyPair();
}
KeyPair GetAsymmetricKeyPair()
{
// set that we generated keys on pre-m device.
Preferences.Set(useSymmetricPreferenceKey, false, SecureStorage.Alias);
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
// Return the existing key if found
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
var originalLocale = Platform.GetLocale();
try
{
// Force to english for known bug in date parsing:
// https://issuetracker.google.com/issues/37095309
Platform.SetLocale(Java.Util.Locale.English);
// Otherwise we create a new key
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
#pragma warning disable CS0618 // Type or member is obsolete
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
#pragma warning restore CS0618 // Type or member is obsolete
#pragma warning disable CS0618
var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
#pragma warning restore CS0618
return(generator.GenerateKeyPair());
}
finally
{
Platform.SetLocale(originalLocale);
}
}
private void PrepareKeyStore()
{
_keyStore = KeyStore.GetInstance(AndroidKeyStoreKey);
_keyStore.Load(null);
if (_keyStore.ContainsAlias(ProtectedDataKey))
{
_keyStore.GetKey(ProtectedDataKey, null);
}
else
{
var context = global::Android.App.Application.Context;
// thanks to https://dzone.com/articles/xamarin-android-asymmetric-encryption-without-any
var keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStoreKey);
if (_sdkLessThan23)
{
var calendar = Calendar.GetInstance(context.Resources.Configuration.Locale);
var endDate = Calendar.GetInstance(context.Resources.Configuration.Locale);
endDate.Add(CalendarField.Year, 20);
#pragma warning disable 618
var builder = new KeyPairGeneratorSpec.Builder(context)
#pragma warning restore 618
.SetAlias(ProtectedDataKey)
.SetSerialNumber(BigInteger.One)
.SetSubject(new X500Principal($"CN={ProtectedDataKey} CA Certificate"))
.SetStartDate(calendar.Time)
.SetEndDate(endDate.Time)
.SetKeySize(2048);
keyGenerator.Initialize(builder.Build());
}
else
{
var builder = new KeyGenParameterSpec.Builder(ProtectedDataKey, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetRandomizedEncryptionRequired(false)
.SetKeySize(2048);
keyGenerator.Initialize(builder.Build());
}
keyGenerator.GenerateKeyPair();
}
}
private void GenerateStoreKey(bool withDate)
{
if (_keyStore.ContainsAlias(KeyAlias))
{
return;
}
ClearSettings();
var end = Calendar.Instance;
end.Add(CalendarField.Year, 99);
if (_oldAndroid)
{
var subject = new X500Principal($"CN={KeyAlias}");
var builder = new KeyPairGeneratorSpec.Builder(Application.Context)
.SetAlias(KeyAlias)
.SetSubject(subject)
.SetSerialNumber(BigInteger.Ten);
if (withDate)
{
builder.SetStartDate(new Date(0)).SetEndDate(end.Time);
}
var spec = builder.Build();
var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
gen.Initialize(spec);
gen.GenerateKeyPair();
}
else
{
var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt)
.SetBlockModes(KeyProperties.BlockModeGcm)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone);
if (withDate)
{
builder.SetKeyValidityStart(new Date(0)).SetKeyValidityEnd(end.Time);
}
var spec = builder.Build();
var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore);
gen.Init(spec);
gen.GenerateKey();
}
}
/// <summary>
/// Generates an RSA keypair of the provided length using Java libraries
/// and configures an RSACryptoServiceProvider with them for ease of use with .NET systems.
/// This is much more performant than generating keys directly from an RSACryptoServiceProvider
/// when running on an Android system.
/// </summary>
/// <returns></returns>
public static RSACryptoServiceProvider GenerateRsaKeyPair(int keySize = 2048)
{
//Generate an RSA key-pair of the provided size. This approach is as fast as anything I have found for Android devices.
//On a Nexus 6P, this code consistently creates a 2048-bit key-pair in less than 10 seconds while standard .NET libraries
//and BouncyCastle all took anywhere from 10 - 30 seconds.
var keyPairGenerator = KeyPairGenerator.GetInstance("RSA");
keyPairGenerator.Initialize(keySize);
var keys = keyPairGenerator.GenerateKeyPair();
KeyFactory kf = KeyFactory.GetInstance("RSA");
var spec = (RSAPrivateCrtKeySpec)kf.GetKeySpec(keys.Private, Class.FromType(typeof(RSAPrivateCrtKeySpec)));
//Create an Xml node for the provided element name using the provided number in Base64-string format as its value
string FormatElement(string name, BigInteger value)
{
var bytes = value.ToByteArray();
int length = bytes.Length;
if (length % 2 != 0 && bytes[0] == 0) //BigInteger is signed, so remove the extra byte
{
bytes = Arrays.CopyOfRange(bytes, 1, length);
}
var content = Base64.EncodeToString(bytes, Base64Flags.Default);
return($"<{name}>{content}</{name}>");
}
//Create an XML version of the private key
var stb = new System.Text.StringBuilder();
stb.Append("<RSAKeyValue>");
stb.Append(FormatElement("Modulus", spec.Modulus));
stb.Append(FormatElement("Exponent", spec.PublicExponent));
stb.Append(FormatElement("P", spec.PrimeP));
stb.Append(FormatElement("Q", spec.PrimeQ));
stb.Append(FormatElement("DP", spec.PrimeExponentP));
stb.Append(FormatElement("DQ", spec.PrimeExponentQ));
stb.Append(FormatElement("InverseQ", spec.CrtCoefficient));
stb.Append(FormatElement("D", spec.PrivateExponent));
stb.Append("</RSAKeyValue>");
var privateKeyXml = stb.ToString();
//Configure an RSACryptoServiceProvider using the generated key XML
var rsaCryptoServiceProvider = new RSACryptoServiceProvider(keySize);
rsaCryptoServiceProvider.FromXmlString(privateKeyXml);
return(rsaCryptoServiceProvider);
}
private KeyPair GenerateKeyPair(string keyName, bool invalidatedByBiometricEnrollment)
{
var keyPairGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmEc, KEY_STORE_NAME);
var builder = new KeyGenParameterSpec.Builder(keyName, KeyStorePurpose.Sign)
.SetAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
.SetDigests(KeyProperties.DigestSha256, KeyProperties.DigestSha384, KeyProperties.DigestSha512)
// Require the user to authenticate with a biometric to authorize every use of the key
.SetUserAuthenticationRequired(true)
// Generated keys will be invalidated if the biometric templates are added more to user device
.SetInvalidatedByBiometricEnrollment(invalidatedByBiometricEnrollment);
keyPairGenerator.Initialize(builder.Build());
return(keyPairGenerator.GenerateKeyPair());
}
// private
// public
/// <exception cref="System.Exception"></exception>
public virtual void Init(int key_size)
{
KeyPairGenerator keyGen = KeyPairGenerator.GetInstance("DSA");
keyGen.Initialize(key_size, new SecureRandom());
Sharpen.KeyPair pair = keyGen.GenerateKeyPair();
PublicKey pubKey = pair.GetPublic();
PrivateKey prvKey = pair.GetPrivate();
x = ((DSAPrivateKey)prvKey).GetX().GetBytes();
y = ((DSAPublicKey)pubKey).GetY().GetBytes();
DSAParams @params = ((DSAKey)prvKey).GetParams();
p = @params.GetP().GetBytes();
q = @params.GetQ().GetBytes();
g = @params.GetG().GetBytes();
}
// private
// public
// coefficient
// exponent p
// exponent q
// prime p
// prime q
/// <exception cref="System.Exception"></exception>
public virtual void Init(int key_size)
{
KeyPairGenerator keyGen = KeyPairGenerator.GetInstance("RSA");
keyGen.Initialize(key_size, new SecureRandom());
Sharpen.KeyPair pair = keyGen.GenerateKeyPair();
PublicKey pubKey = pair.GetPublic();
PrivateKey prvKey = pair.GetPrivate();
d = ((RSAPrivateKey)prvKey).GetPrivateExponent().GetBytes();
e = ((RSAPublicKey)pubKey).GetPublicExponent().GetBytes();
n = ((RSAPrivateKey)prvKey).GetModulus().GetBytes();
c = ((RSAPrivateCrtKey)prvKey).GetCrtCoefficient().GetBytes();
ep = ((RSAPrivateCrtKey)prvKey).GetPrimeExponentP().GetBytes();
eq = ((RSAPrivateCrtKey)prvKey).GetPrimeExponentQ().GetBytes();
p = ((RSAPrivateCrtKey)prvKey).GetPrimeP().GetBytes();
q = ((RSAPrivateCrtKey)prvKey).GetPrimeQ().GetBytes();
}
private static void GenerateKeyPair(Context context, String alias)
{
Calendar start = new GregorianCalendar();
Calendar end = new GregorianCalendar();
end.Add(CalendarField.Year, 100);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.SetAlias(alias)
.SetSubject(new X500Principal("CN=" + alias))
.SetSerialNumber(BigInteger.One)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
KeyPairGenerator gen = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore");
gen.Initialize(spec);
gen.GenerateKeyPair();
}
/// <summary>
/// Creates a new public-private key pair. An already existing key will be deleted, so
/// make sure to call <see cref="KeysExistInKeyStore"/> before.
/// </summary>
private void CreateKeyPairInKeyStore()
{
RemoveKeyFromKeyStore();
KeyPairGenerator keyGenerator =
KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName);
if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 &&
Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1)
{
Calendar startDateCalendar = Calendar.GetInstance(Locale.Default);
startDateCalendar.Add(CalendarField.Year, -1);
Calendar endDateCalendar = Calendar.GetInstance(Locale.Default);
endDateCalendar.Add(CalendarField.Year, 100);
string certificateName = string.Format("CN={0} CA Certificate", KeyAlias);
// this API is obsolete after Android M, but we are supporting Android L
#pragma warning disable 618
var builder = new KeyPairGeneratorSpec.Builder(_applicationContext)
.SetAlias(KeyAlias)
.SetSerialNumber(BigInteger.One)
.SetSubject(new X500Principal(certificateName))
.SetStartDate(startDateCalendar.Time)
.SetEndDate(endDateCalendar.Time)
.SetKeySize(KeySize);
#pragma warning restore 618
keyGenerator.Initialize(builder.Build());
}
else if (Build.VERSION.SdkInt >= BuildVersionCodes.M)
{
Calendar endDateCalendar = Calendar.GetInstance(Locale.Default);
endDateCalendar.Add(CalendarField.Year, 100);
var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetCertificateNotAfter(endDateCalendar.Time)
.SetKeySize(KeySize);
keyGenerator.Initialize(builder.Build());
}
// Key generator is initialized, generate the key
keyGenerator.GenerateKeyPair();
}
public void CreateKey()
{
// Removes key if it already exists, no change otherwise
DeleteKey();
KeyPairGenerator keyGenerator =
KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME);
// Parameters affiliated with the Transformation settings used when making Cipher
var builder = new KeyGenParameterSpec.Builder(_keyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetRandomizedEncryptionRequired(false).SetKeySize(KEY_SIZE);
keyGenerator.Initialize(builder.Build());
builder.Dispose();
// Keys automattically added to KeyStore
keyGenerator.GenerateKeyPair();
keyGenerator.Dispose();
}
private void GenerateRSAKeyPairs(string alias)
{
// Generate the RSA key pairs
if (!_keyStore.ContainsAlias(alias))
{
// Generate a key pair for encryption
var start = Calendar.GetInstance(Locale.English);
var end = Calendar.GetInstance(Locale.English);
end.Add(CalendarField.Year, 30);
var spec = new KeyPairGeneratorSpec.Builder(_context)
.SetAlias(alias)
.SetSubject(new X500Principal("CN=" + alias))
.SetSerialNumber(BigInteger.Ten)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
var kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
kpg.Initialize(spec);
kpg.GenerateKeyPair();
}
}
private void GenerateRSAKey()
{
// Generate a key pair for encryption
Calendar start = Calendar.GetInstance(Locale.Default);
Calendar end = Calendar.GetInstance(Locale.Default);
#pragma warning disable CS0618 // Type or member is obsolete
end.Add(Calendar.Year, 30);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(Android.App.Application.Context)
#pragma warning restore CS0618 // Type or member is obsolete
.SetAlias(_secureStoredKeyAlias)
.SetSubject(new X500Principal("CN=" + _secureStoredKeyAlias))
.SetSerialNumber(BigInteger.Ten)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
KeyPairGenerator kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, _droidKeyStore);
kpg.Initialize(spec);
kpg.GenerateKeyPair();
}
/// <summary>
/// Create new RSA key pair for KeyStore instance
/// </summary>
/// <param name="alias">KeyStore instance alias</param>
/// <param name="context">Root context</param>
/// <returns>True/False = Created or not</returns>
private static bool CreateNewRSAKeyPair(string alias, Context context)
{
try
{
Calendar start = Calendar.GetInstance(Java.Util.TimeZone.Default);
Calendar end = Calendar.GetInstance(Java.Util.TimeZone.Default);
end.Add(CalendarField.Year, 100);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.SetAlias(alias)
.SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=CryptoTouch, O=Android Authority"))
.SetSerialNumber(Java.Math.BigInteger.One)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
KeyPairGenerator generator = KeyPairGenerator.GetInstance("RSA", STORE_NAME);
generator.Initialize(spec);
_keyPair = generator.GenerateKeyPair();
return(true);
}
catch (Exception ex) { Toast.MakeText(context, ex.Message, ToastLength.Long).Show(); return(false); }
}
/// <summary>
/// Creates a new public-private key pair. An already existing key will be deleted, so
/// make sure to call <see cref="KeysExistInKeyStore"/> before.
/// </summary>
private void CreateKeyPairInKeyStore()
{
RemoveKeyFromKeyStore();
KeyPairGenerator keyGenerator =
KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName);
// With Build.VERSION.SdkInt < BuildVersionCodes.M we would have to use an alternative
// way, but Android 6 is our min version.
Calendar endDateCalendar = Calendar.GetInstance(Locale.Default);
endDateCalendar.Add(CalendarField.Year, 100);
var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetCertificateNotAfter(endDateCalendar.Time)
.SetKeySize(KeySize);
keyGenerator.Initialize(builder.Build());
// Key generator is initialized, generate the key
keyGenerator.GenerateKeyPair();
}
/// <inheritdoc/>
public ICryptographicKey CreateKeyPair(int keySize)
{
Requires.Range(keySize > 0, "keySize");
var keyGen = KeyPairGenerator.GetInstance("RSA");
if (keyGen is null)
{
throw new InvalidOperationException(Strings.UnsupportedAlgorithm);
}
keyGen.Initialize(keySize);
var key = keyGen.GenerateKeyPair();
if (key?.Private is null || key.Public is null)
{
throw new InvalidOperationException("GenerateKeyPair returned null or a null components.");
}
var privateKeyParameters = key.Private.JavaCast <IRSAPrivateCrtKey>() !;
var parameters = new RSAParameters
{
Modulus = privateKeyParameters.Modulus?.ToByteArray(),
Exponent = privateKeyParameters.PublicExponent?.ToByteArray(),
P = privateKeyParameters.PrimeP?.ToByteArray(),
Q = privateKeyParameters.PrimeQ?.ToByteArray(),
DP = privateKeyParameters.PrimeExponentP?.ToByteArray(),
DQ = privateKeyParameters.PrimeExponentQ?.ToByteArray(),
InverseQ = privateKeyParameters.CrtCoefficient?.ToByteArray(),
D = privateKeyParameters.PrivateExponent?.ToByteArray(),
};
// Normalize RSAParameters (remove leading zeros, etc.)
parameters = KeyFormatter.Pkcs1.Read(KeyFormatter.Pkcs1.Write(parameters));
return(new RsaCryptographicKey(key.Public, key.Private, parameters, this.algorithm));
}
private void InitializePrivateKey()
{
if (!_HasKeyStore)
{
return;
}
try {
var keystore = KeyStore.GetInstance("AndroidKeyStore");
keystore.Load(null);
if (keystore.ContainsAlias(Alias))
{
return;
}
} catch (Exception e) {
Log.To.NoDomain.E(Tag, "Unable to open Android keystore", e);
return;
}
try {
var start = Calendar.GetInstance(Locale.Default);
var end = Calendar.GetInstance(Locale.Default);
end.Add(CalendarField.Year, 1);
var spec = new KeyPairGeneratorSpec.Builder(Application.Context)
.SetAlias(Alias)
.SetSubject(new X500Principal($"CN={Alias}"))
.SetSerialNumber(BigInteger.ValueOf(1337))
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
var generator = KeyPairGenerator.GetInstance(KeyPairGenAlgorithm, "AndroidKeyStore");
generator.Initialize(spec);
var keyPair = generator.GenerateKeyPair();
} catch (Exception e) {
Log.To.NoDomain.E(Tag, "Unable to create new key", e);
}
}
private void CreateKey_Credentials()
{
var generator = KeyPairGenerator.GetInstance("RSA", AndroidKeyStore);
if (Build.VERSION.SdkInt < BuildVersionCodes.M)
{
Java.Util.Calendar calendar = Java.Util.Calendar.Instance;
calendar.Add(Java.Util.CalendarField.Year, 20);
Date startDate = Java.Util.Calendar.Instance.Time;
Date endDate = calendar.Time;
#pragma warning disable 0618
var builder = new KeyPairGeneratorSpec.Builder(_context);
#pragma warning restore 0618
builder.SetAlias(KEYALIAS_CREDENTIALS);
builder.SetSerialNumber(Java.Math.BigInteger.One);
builder.SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=${alias} CA Certificate"));
builder.SetStartDate(startDate);
builder.SetEndDate(endDate);
generator.Initialize(builder.Build());
}
else
{
var builder = new KeyGenParameterSpec.Builder(KEYALIAS_CREDENTIALS, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt);
builder.SetBlockModes(KeyProperties.BlockModeEcb);
builder.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1);
generator.Initialize(builder.Build());
}
generator.GenerateKeyPair();
}
// my public key
// your public key
// shared secret key
/// <exception cref="System.Exception"></exception>
public virtual void Init()
{
myKpairGen = KeyPairGenerator.GetInstance("DH");
// myKpairGen=KeyPairGenerator.getInstance("DiffieHellman");
myKeyAgree = KeyAgreement.GetInstance("DH");
}
private ISecretKey GetDataEncryptionKeyAPI22orLower()
{
KeyPair GetKeyEncryptionKeyPair()
{
var ks = KeyStore.GetInstance("AndroidKeyStore");
ks.Load(null);
if (ks.IsKeyEntry(KEY_ENC_KEY_ALIAS))
{
var ke = ks.GetEntry(KEY_ENC_KEY_ALIAS, null) as KeyStore.PrivateKeyEntry;
return(new KeyPair(ke.Certificate.PublicKey, ke.PrivateKey));
}
else
{
var kpg = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore");
var startDate = Java.Util.Calendar.GetInstance(Java.Util.TimeZone.Default);
var endDate = Java.Util.Calendar.GetInstance(Java.Util.TimeZone.Default);
endDate.Add(Java.Util.CalendarField.Year, KEY_ENC_KEY_VALIDITY_YEARS);
#pragma warning disable CS0618
kpg.Initialize(new KeyPairGeneratorSpec.Builder(Android.App.Application.Context)
#pragma warning restore CS0618
.SetAlias(KEY_ENC_KEY_ALIAS)
.SetKeySize(2048)
.SetSubject(new X500Principal(KEY_ENC_KEY_SUBJECT))
.SetSerialNumber(new BigInteger(BitConverter.GetBytes(KEY_ENC_KEY_SERIAL_NUMBER)))
.SetStartDate(startDate.Time)
.SetEndDate(endDate.Time)
.Build());
var kp = kpg.GenerateKeyPair();
System.Diagnostics.Debug.WriteLine("CryptoImpl.cs: A new key encryption key pair was generated.");
return(kp);
}
}
string EncryptAesKey(byte[] k)
{
try {
var kp = GetKeyEncryptionKeyPair();
var c = Cipher.GetInstance("RSA/ECB/PKCS1Padding");
c.Init(CipherMode.EncryptMode, kp.Public);
return(Base64.EncodeToString(c.DoFinal(k), BASE64_FLAGS));
} catch {
return(null);
}
}
byte[] DecryptAesKey(string k)
{
try {
var kp = GetKeyEncryptionKeyPair();
var c = Cipher.GetInstance("RSA/ECB/PKCS1Padding");
c.Init(CipherMode.DecryptMode, kp.Private);
return(c.DoFinal(Base64.Decode(k, BASE64_FLAGS)));
} catch {
return(null);
}
}
void SaveAesKey(string k)
{
var file = IsolatedStorageFile.GetUserStoreForApplication();
using (var stream = file.CreateFile("aeskey.txt")) {
using (var writer = new StreamWriter(stream)) {
writer.Write(k);
}
}
}
string LoadAesKey()
{
var file = IsolatedStorageFile.GetUserStoreForApplication();
try {
using (var stream = file.OpenFile("aeskey.txt", FileMode.Open)) {
using (var reader = new StreamReader(stream)) {
return(reader.ReadToEnd());
}
}
} catch (FileNotFoundException) { }
return(null);
}
var key = DecryptAesKey(LoadAesKey());
if (key == null)
{
key = new byte[16];
SecureRandom.GetInstance("SHA1PRNG").NextBytes(key);
SaveAesKey(EncryptAesKey(key));
System.Diagnostics.Debug.WriteLine("CryptoImpl.cs: A new data encryption key was generated.");
}
return(new SecretKeySpec(key, "AES"));
}
