public static PBKeyPair GenerateKeyPair()
{
var pbKeyPair = new PBKeyPair();
if (CngKey.Exists(KEYNAME))
{
CngKey.Open(KEYNAME).Delete();
}
var keyPair = CngKey.Create(CngAlgorithm.ECDsaP256, KEYNAME, new CngKeyCreationParameters
{
ExportPolicy = CngExportPolicies.AllowPlaintextExport,
KeyUsage = CngKeyUsages.AllUsages,
});
var pub = keyPair.Export(CngKeyBlobFormat.GenericPublicBlob);
var prv = keyPair.Export(CngKeyBlobFormat.GenericPrivateBlob);
pbKeyPair.PublicKey =
new PBPublicKey {
PublicKey = ByteString.CopyFrom(pub, HEADER_SIZE, pub.Length - HEADER_SIZE)
};
pbKeyPair.PrivateKey = ByteString.CopyFrom(prv, HEADER_SIZE + PUBLIC_KEY_SIZE, prv.Length - HEADER_SIZE - PUBLIC_KEY_SIZE);
pbKeyPair.IssuedCerts = 0;
return(pbKeyPair);
}
public static PBCertificate SignCertificate(string name, PBKeyPair masterKeyPair, PBKeyPair keyPair)
{
var dsa = new CryptoEngine().ECLoad(masterKeyPair.PublicKey.PublicKey, masterKeyPair.PrivateKey);
var cert = new PBCertificate
{
Name = name,
PublicKey = keyPair.PublicKey.PublicKey
};
/* Issue certificate Id */
cert.Id = masterKeyPair.IssuedCerts++;
if (cert.Id > masterKeyPair.IssuedCerts)
{
throw new OverflowException("Ran out of issueable certificates");
}
/* Prepare sign buffer */
var pubKey = keyPair.PublicKey.PublicKey.ToByteArray();
byte[] signBuff = new byte[pubKey.Length + sizeof(int)];
pubKey.CopyTo(signBuff, 0);
for (int i = 0; i < sizeof(int); ++i)
{
signBuff[pubKey.Length + i] = (byte)((cert.Id >> (8 * i)) & 0xff);
}
var byteCert = dsa.SignData(signBuff, HashAlgorithmName.SHA256);
cert.Signature = ByteString.CopyFrom(byteCert, 0, byteCert.Length);
return(cert);
}
private static void Main(string[] args)
{
var options = new Dictionary <string, string>();
var opt = new OptionSet
{
{
"o|output=", "Output filename",
name => options["name"] = name
},
{
"t|type=", "<" + GEN + "|" + CERT + "> Generate a new key pair or generate a certificate",
type => options["type"] = type
},
{
"m|master=", "Master key file used to generate certificate",
m => options["master"] = m
}
};
opt.Parse(args);
if (!options.ContainsKey("type") || !options.ContainsKey("name") || (options["type"] == CERT && !options.ContainsKey("master")))
{
Console.WriteLine("CertGen - Certificate Generator");
opt.WriteOptionDescriptions(Console.Out);
return;
}
var pbKeyPair = GenerateKeyPair();
if (options["type"] == GEN)
{
using (var fs = File.Create(options["name"] + ".key"))
{
pbKeyPair.WriteTo(fs);
fs.Close();
}
}
else
{
var pbMasterKeyPair = new PBKeyPair();
using (var fs = File.Open(options["master"] + ".key", FileMode.Open))
{
pbMasterKeyPair.MergeFrom(fs);
}
var pbCertFile = new PBCertFile();
/* Copy public master key */
pbCertFile.MasterPublic = new PBPublicKey();
pbCertFile.MasterPublic.PublicKey = pbMasterKeyPair.PublicKey.PublicKey;
pbCertFile.Cert = SignCertificate(options["name"], pbMasterKeyPair, pbKeyPair);
pbCertFile.Keys = pbKeyPair;
using (var fs = File.Open(options["name"] + ".cert", FileMode.Create))
{
pbCertFile.WriteTo(fs);
}
/* Update CA with number of certificates issued */
using (var fs = File.Open(options["master"] + ".key", FileMode.OpenOrCreate))
{
pbMasterKeyPair.WriteTo(fs);
fs.Close();
}
}
Console.WriteLine("Done");
}