/// <summary>
/// Export an RSA key to a PEM format string
/// </summary>
/// <param name="cert">The certificate to export key from (must be exportable)</param>
/// <param name="password">An optional password</param>
/// <returns>A PEM string form of the key</returns>
public static string ExportPrivateKeyToPEM(this X509Certificate2 cert, string password)
{
if (!cert.HasPrivateKey)
{
throw new ArgumentException("Must specify certificate with a private key", "cert");
}
StringWriter swriter = new StringWriter();
PemWriter writer = new PemWriter(swriter);
RSAParameters ps = cert.GetRSAPrivateKey().ExportParameters(true);
BigInteger modulus = new BigInteger(1, ps.Modulus);
BigInteger exp = new BigInteger(1, ps.Exponent);
BigInteger d = new BigInteger(1, ps.D);
BigInteger p = new BigInteger(1, ps.P);
BigInteger q = new BigInteger(1, ps.Q);
BigInteger dp = new BigInteger(1, ps.DP);
BigInteger dq = new BigInteger(1, ps.DQ);
BigInteger qinv = new BigInteger(1, ps.InverseQ);
RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(modulus, exp, d, p, q, dp, dq, qinv);
if (password != null)
{
writer.WriteObject(privKey, "DES-EDE3-CBC",
password != null ? password.ToCharArray() : null, new SecureRandom());
}
else
{
writer.WriteObject(privKey);
}
return(swriter.ToString());
}
public static void WriteCertificateAsPem(byte[] rawBytes, string exportPassword, Stream s)
{
var a = new Pkcs12Store();
a.Load(new MemoryStream(rawBytes), Array.Empty <char>());
var entry = a.GetCertificate(a.Aliases.Cast <string>().First());
var key = a.Aliases.Cast <string>().Select(a.GetKey).First(x => x != null);
using (var writer = new StreamWriter(s, Encoding.ASCII, 1024, leaveOpen: true))
{
var pw = new PemWriter(writer);
pw.WriteObject(entry.Certificate);
object privateKey;
if (exportPassword != null)
{
privateKey = new MiscPemGenerator(
key.Key,
"AES-128-CBC",
exportPassword.ToCharArray(),
CertificateUtils.GetSeededSecureRandom())
.Generate();
}
else
{
privateKey = key.Key;
}
pw.WriteObject(privateKey);
writer.Flush();
}
}
private bool WriteKeyAndCertificate(object obj, string dir, string fileName, string extension)
{
// create directory if not exists
Directory.CreateDirectory(dir);
//fileName = PrefixString(fileName);
using (StreamWriter outputFile = new StreamWriter(Path.Combine(dir, fileName + extension), false)) {
PemWriter pw = new PemWriter(outputFile);
try
{
switch (obj)
{
case X509Certificate cert:
pw.WriteObject(cert);
break;
case AsymmetricKeyParameter key:
pw.WriteObject(key);
break;
}
return(true);
}
catch (Exception)
{
return(false);
}
finally
{
pw.Writer.Close();
}
}
}
private void GetRsaWithPem(Int32 strength, Boolean usePkcs8, out string pirvKey, out string pubKey)
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(new KeyGenerationParameters(new SecureRandom(), strength));
var privKeyParam = kpGen.GenerateKeyPair().Private;
var pubKeyParam = kpGen.GenerateKeyPair().Public;
using (StringWriter sw = new StringWriter())
{
PemWriter pWrt = new PemWriter(sw);
if (usePkcs8)
{
var pkcs8 = new Pkcs8Generator(privKeyParam);
pWrt.WriteObject(pkcs8);
}
else
{
pWrt.WriteObject(privKeyParam);
}
pirvKey = sw.ToString();
}
using (StringWriter sw = new StringWriter())
{
PemWriter pWrt = new PemWriter(sw);
pWrt.WriteObject(pubKeyParam);
pubKey = sw.ToString();
}
}
/// <summary>
/// Export an RSA key to a PEM format string
/// </summary>
/// <param name="rsa">The RSA key to export (must be exportable)</param>
/// <param name="password">An optional password</param>
/// <returns>A PEM string form of the key</returns>
public static string ExportToPEM(RSA rsa, SecureString password)
{
StringWriter swriter = new StringWriter();
PemWriter writer = new PemWriter(swriter);
RSAParameters ps = rsa.ExportParameters(true);
BigInteger modulus = new BigInteger(1, ps.Modulus);
BigInteger exp = new BigInteger(1, ps.Exponent);
BigInteger d = new BigInteger(1, ps.D);
BigInteger p = new BigInteger(1, ps.P);
BigInteger q = new BigInteger(1, ps.Q);
BigInteger dp = new BigInteger(1, ps.DP);
BigInteger dq = new BigInteger(1, ps.DQ);
BigInteger qinv = new BigInteger(1, ps.InverseQ);
RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(modulus, exp, d, p, q, dp, dq, qinv);
if (password != null)
{
writer.WriteObject(privKey, "DES-EDE3-CBC",
SecureStringToCharArray(password), new Org.BouncyCastle.Security.SecureRandom());
}
else
{
writer.WriteObject(privKey);
}
return(swriter.ToString());
}
public static string StringBuilder(AsymmetricCipherKeyPair key, KeyType keyType)
{
if (key == null)
{
throw new Exception("String Builder: key is null");
}
try
{
TextWriter textWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(textWriter);
if (keyType == KeyType.PrivateKey)
{
pemWriter.WriteObject(key.Private);
}
else
{
pemWriter.WriteObject(key.Public);
}
pemWriter.Writer.Flush();
return(textWriter.ToString());
}
catch (Exception e)
{
FileHelper.WriteFile(ErrorHelper.FormatError(e), FileHelper.ErrorPath, true);
return(null);
}
}
/// <summary>
/// Write the PEM Key to the file and optionally encrypt it with the requested algorithm or AES-256-CBC.
/// </summary>
/// <param name="keyPath">Path to the key file</param>
/// <param name="key">Asymmetric Key</param>
/// <param name="password">Password to encrypt the key file</param>
/// <param name="algorithm">Encryption algorithm</param>
/// <returns></returns>
public static bool WritePEMKeyToFile(string keyPath, AsymmetricKeyParameter key, string password = null, string algorithm = "AES-256-CBC")
{
if (key == null)
{
throw new ArgumentNullException(PEMKEY_NULL);
}
if (File.Exists(keyPath))
{
throw new ArgumentException($"{KEYFILE_EXISTS} {keyPath}");
}
using (var textWriter = new StreamWriter(keyPath))
{
var pemWriter = new PemWriter(textWriter);
if (password != null)
{
pemWriter.WriteObject(key, algorithm, password.ToCharArray(), new SecureRandom());
}
else
{
pemWriter.WriteObject(key);
}
pemWriter.Writer.Flush();
}
//<TODO> add file permissions; Currently .Net Standard doesn't support ACL Permissions.
return(true);
}
public static void Main(string[] args)
{
var rsa = new RSACryptoServiceProvider(2048);
var rsaKeyPair = DotNetUtilities.GetRsaKeyPair(rsa);
var writer = new StringWriter();
var pemWriter = new PemWriter(writer);
pemWriter.WriteObject(rsaKeyPair.Public);
pemWriter.WriteObject(rsaKeyPair.Private);
Console.WriteLine(writer);
}
/// <summary>
/// Writes PEM encoded data to the given Writer
/// </summary>
/// <param name="wrt">Stream to write the data in</param>
/// <param name="obj">data to write in Stream</param>
/// <param name="algorithm">algorithm to encrypt the data(Generally used for writing PrivateKeys)</param>
/// <param name="password">password to protect the data with(Generally used for writing PrivateKeys)</param>
/// <param name="rand">source of randomness</param>
public static void Encode(TextWriter wrt, Object obj, String algorithm, char[] password, SecureRandom rand)
{
PemWriter pemWriter = new PemWriter(wrt);
if ((password != null))
{
pemWriter.WriteObject(obj, algorithm, password, rand);
}
else
{
pemWriter.WriteObject(obj);
}
}
internal string GetCertComponentsAsPEMString(byte[] pfxData, string pwd, ExportFlags flags)
{
// See also https://www.digicert.com/ssl-support/pem-ssl-creation.htm
var cert = new X509Certificate2(pfxData, pwd);
var chain = new X509Chain();
chain.Build(cert);
using (var writer = new StringWriter())
{
var certParser = new X509CertificateParser();
var pemWriter = new PemWriter(writer);
//output in order of private key, primary cert, intermediates, root
if (flags.HasFlag(ExportFlags.PrivateKey))
{
var key = GetCertKeyPem(pfxData, pwd);
writer.Write(key);
}
var i = 0;
foreach (var c in chain.ChainElements)
{
if (i == 0 && flags.HasFlag(ExportFlags.EndEntityCertificate))
{
// first cert is end entity cert (primary certificate)
var o = c.Certificate.Export(X509ContentType.Cert);
pemWriter.WriteObject(certParser.ReadCertificate(o));
}
else if (i == chain.ChainElements.Count - 1 && flags.HasFlag(ExportFlags.RootCertificate))
{
// last cert is root ca public cert
var o = c.Certificate.Export(X509ContentType.Cert);
pemWriter.WriteObject(certParser.ReadCertificate(o));
}
else if (i != 0 && (i != chain.ChainElements.Count - 1) && flags.HasFlag(ExportFlags.IntermediateCertificates))
{
// intermediate cert(s), if any, not including end entity and root
var o = c.Certificate.Export(X509ContentType.Cert);
pemWriter.WriteObject(certParser.ReadCertificate(o));
}
i++;
}
writer.Flush();
return(writer.ToString());
}
}
/// <summary>
/// Erstellt die für die PKCS#10-Datei notwendigen Daten
/// </summary>
/// <returns>Die für die PKCS#10-Datei notwendigen Daten</returns>
public Pkcs10Data CreateRequest()
{
var sigAlgoName = "SHA256WITHRSA";
var subject = new X509Name(
true,
$"CN={Requester.Surname}, OU={Requester.Number}, OU={Requester.CompanyName}, O={"ITSG TrustCenter fuer Arbeitgeber"}, C={"DE"}",
new Pkcs.X509ItsgEntryConverter()
);
var rng = new SecureRandom();
var rsaKeyPair = RSA;
if (rsaKeyPair == null)
{
var keyPairGen = new RsaKeyPairGenerator();
keyPairGen.Init(new KeyGenerationParameters(rng, 2048));
rsaKeyPair = keyPairGen.GenerateKeyPair();
}
var csr = new Pkcs10CertificationRequest(new Asn1SignatureFactory(sigAlgoName, rsaKeyPair.Private), subject, rsaKeyPair.Public, null, rsaKeyPair.Private);
var outputCsrPem = new StringWriter();
{
var pemWriter = new PemWriter(outputCsrPem);
pemWriter.WriteObject(csr);
}
var outputPrivateKeyPem = new StringWriter();
{
var pemWriter = new PemWriter(outputPrivateKeyPem);
if (string.IsNullOrEmpty(Password))
{
pemWriter.WriteObject(rsaKeyPair.Private);
}
else
{
pemWriter.WriteObject(
rsaKeyPair.Private,
"des-ede3-cbc",
Password.ToCharArray(),
rng
);
}
}
var rsaPubKey = (RsaKeyParameters)rsaKeyPair.Public;
var rawPubKeyData = OstcUtils.CalculatePublicKeyHash(rsaPubKey);
return(new Pkcs10Data(csr.GetEncoded(), outputCsrPem.ToString(), outputPrivateKeyPem.ToString(), rawPubKeyData));
}
/// <summary>
/// Encodes the full certificate chain in PEM.
/// </summary>
/// <param name="certificateChain">The certificate chain.</param>
/// <param name="certKey">The certificate key.</param>
/// <returns>The encoded certificate chain.</returns>
public static string ToPem(this CertificateChain certificateChain, IKey certKey = null)
{
var certStore = new CertificateStore();
foreach (var issuer in certificateChain.Issuers)
{
certStore.Add(issuer.ToDer());
}
var issuers = certStore.GetIssuers(certificateChain.Certificate.ToDer());
using (var writer = new StringWriter())
{
if (certKey != null)
{
writer.WriteLine(certKey.ToPem().TrimEnd());
}
writer.WriteLine(certificateChain.Certificate.ToPem().TrimEnd());
var certParser = new X509CertificateParser();
var pemWriter = new PemWriter(writer);
foreach (var issuer in issuers)
{
var cert = certParser.ReadCertificate(issuer);
pemWriter.WriteObject(cert);
}
return(writer.ToString());
}
}
public KeyPair GetKeyPair()
{
var keyGenerationParameters = new KeyGenerationParameters(new SecureRandom(), 4096);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var keys = keyPairGenerator.GenerateKeyPair();
var keyPair = new KeyPair();
var textWriter = new StringWriter();
var pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(keys.Public);
pemWriter.Writer.Flush();
keyPair.pemPublicKey = textWriter.ToString();
var textReader = new StringReader(keyPair.pemPublicKey);
var pemReader = new PemReader(textReader);
keyPair.publicKey = pemReader.ReadPemObject().Content;
textWriter = new StringWriter();
pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(keys.Private);
pemWriter.Writer.Flush();
keyPair.pemPrivateKey = textWriter.ToString();
textReader = new StringReader(keyPair.pemPrivateKey);
pemReader = new PemReader(textReader);
keyPair.privateKey = pemReader.ReadPemObject().Content;
return(keyPair);
}
private void GenerateRSA(int bit)
{
RsaKeyPairGenerator rsaGenerator = new RsaKeyPairGenerator();
rsaGenerator.Init(new KeyGenerationParameters(new SecureRandom(), bit));
var keyPair = rsaGenerator.GenerateKeyPair();
using (TextWriter privateKeyTextWriter = new StringWriter())
{
PemWriter pemWriter = new PemWriter(privateKeyTextWriter);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
RSAKEYserver = privateKeyTextWriter.ToString();
}
Console.WriteLine($">>>>>> OpenSSL RSA PRIVATE KEY {bit} bits <<<<<");
using (TextWriter publicKeyTextWriter = new StringWriter())
{
PemWriter pemWriter = new PemWriter(publicKeyTextWriter);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
RSAKEYpublic = publicKeyTextWriter.ToString();
}
//Console.WriteLine(">>>>>> OpenSSL RSA PUBLIC KEY <<<<<");
Console.WriteLine();
Console.WriteLine(RSAKEYpublic);
}
public override void PerformTest()
{
IAsymmetricCipherKeyPairGenerator dsaKpg = GeneratorUtilities.GetKeyPairGenerator("DSA");
dsaKpg.Init(new DsaKeyGenerationParameters(random, testDsaParams));
AsymmetricCipherKeyPair testDsaKp = dsaKpg.GenerateKeyPair();
AsymmetricKeyParameter testDsaKey = testDsaKp.Private;
doWriteReadTest(testDsaKey);
doWriteReadTests(testDsaKey, algorithms);
doWriteReadTest(testRsaKey);
doWriteReadTests(testRsaKey, algorithms);
AsymmetricKeyParameter ecPriv = PrivateKeyFactory.CreateKey(testEcDsaKeyBytes);
doWriteReadTest(ecPriv);
doWriteReadTests(ecPriv, algorithms);
IAsymmetricCipherKeyPairGenerator ecKpg = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
ecKpg.Init(new KeyGenerationParameters(random, 239));
ecPriv = ecKpg.GenerateKeyPair().Private;
doWriteReadTest(ecPriv);
doWriteReadTests(ecPriv, algorithms);
// override test
PemWriter pWrt = new PemWriter(new StringWriter());
object o = new PemObject("FRED", new byte[100]);
pWrt.WriteObject(o);
pWrt.Writer.Close();
}
private (string certificate, string key) TransformPfx(IPasswordFinder passwordFinder)
{
var certOutput = new StringWriter();
var keyOutput = new StringWriter();
using (var input = File.OpenRead(CertificatePath))
{
var certWriter = new PemWriter(certOutput);
var keyWriter = new PemWriter(keyOutput);
var store = new Pkcs12Store(input, passwordFinder.GetPassword());
foreach (string alias in store.Aliases)
{
var cert = store.GetCertificate(alias);
if (cert != null)
{
certWriter.WriteObject(cert.Certificate);
}
var key = store.GetKey(alias);
if (key != null && key.Key.IsPrivate)
{
keyWriter.WriteObject(key.Key);
}
}
}
return(certOutput.ToString(), keyOutput.ToString());
}
/// <summary>
/// 创建密钥对(pem格式 PKCS1)
/// </summary>
/// <param name="keysize"></param>
/// <returns>[公钥 , 私钥]</returns>
public static string[] CreateKeyPair(int keysize = 2048)
{
RsaKeyPairGenerator r = new RsaKeyPairGenerator();
r.Init(new KeyGenerationParameters(new SecureRandom(), keysize));
AsymmetricCipherKeyPair keys = r.GenerateKeyPair();
AsymmetricKeyParameter private_key = keys.Private;
AsymmetricKeyParameter public_key = keys.Public;
TextWriter textWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(keys.Private);
pemWriter.Writer.Flush();
string privateKey = textWriter.ToString();
TextWriter textpubWriter = new StringWriter();
PemWriter pempubWriter = new PemWriter(textpubWriter);
pempubWriter.WriteObject(keys.Public);
pempubWriter.Writer.Flush();
string pubKey = textpubWriter.ToString();
return(new string[] { pubKey, privateKey });
}
/// <summary>
/// Create instance of RSAManager
/// </summary>
public RSAManager RSAGenerateManager()
{
var keyGen = new RsaKeyPairGenerator();
keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
var keyPair = keyGen.GenerateKeyPair();
Func <string, string> decrypt = (string encryptedValue) =>
{
var decryptEngine = new OaepEncoding(new RsaEngine());
var bytesToDecrypt = Convert.FromBase64String(encryptedValue);
decryptEngine.Init(false, keyPair.Private as RsaPrivateCrtKeyParameters);
return(Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length)));
};
var info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
var stringWriter = new StringWriter();
var pemWriter = new PemWriter(stringWriter);
var pemObject = new PemObject("PUBLIC KEY", info.GetEncoded());
pemWriter.WriteObject(pemObject);
return(new RSAManager
{
Decrypt = decrypt,
PublicKey = stringWriter.ToString(),
});
}
/// <inheritdoc />
public async Task <string> ExportAsync(string name, char[] password, CancellationToken cancel = default(CancellationToken))
{
string pem = "";
using (var repo = await ipfs.Repository(cancel))
{
var pk = new string[] { name };
var key = await repo.EncryptedKeys
.Where(k => k.Name == name)
.FirstAsync(cancel);
UseEncryptedKey(key, pkey =>
{
using (var sw = new StringWriter())
{
var pkcs8 = new Pkcs8Generator(pkey, Pkcs8Generator.PbeSha1_3DES)
{
Password = password
};
var pw = new PemWriter(sw);
pw.WriteObject(pkcs8);
pw.Writer.Flush();
pem = sw.ToString();
}
});
}
return(pem);
}
public void GenRSAKeyPair(string name)
{
var generator = new RsaKeyPairGenerator();
var seed = Encoding.UTF8.GetBytes(name);
var secureRandom = new SecureRandom();
secureRandom.SetSeed(seed);
generator.Init(new KeyGenerationParameters(secureRandom, 2048));
var pair = generator.GenerateKeyPair();
var twPrivate = new StringWriter();
PemWriter pwPrivate = new PemWriter(twPrivate);
pwPrivate.WriteObject(pair.Private);
pwPrivate.Writer.Flush();
var privateKey = twPrivate.ToString().Replace("-----BEGIN RSA PRIVATE KEY-----", "").Replace("-----END RSA PRIVATE KEY-----", "").Trim();
Console.WriteLine(privateKey);
var twPublic = new StringWriter();
PemWriter pwPublic = new PemWriter(twPublic);
pwPublic.WriteObject(pair.Public);
pwPublic.Writer.Flush();
var publicKey = twPublic.ToString().Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "").Trim();
Console.WriteLine(publicKey);
}
public void TestPkcs8Plain()
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
AsymmetricKeyParameter privKey = kpGen.GenerateKeyPair().Private;
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
Pkcs8Generator pkcs8 = new Pkcs8Generator(privKey);
pWrt.WriteObject(pkcs8);
pWrt.Writer.Close();
string result = sw.ToString();
PemReader pRd = new PemReader(new StringReader(result), new Password("hello".ToCharArray()));
AsymmetricKeyParameter rdKey = (AsymmetricKeyParameter)pRd.ReadObject();
pRd.Reader.Close();
Assert.AreEqual(privKey, rdKey);
}
private static string EncodeAsPem(
object item)
{
if (item == null)
{
throw new ArgumentNullException(nameof(item));
}
string result;
var stringBuilder = new StringBuilder();
using (var stringWriter = new StringWriter(stringBuilder, CultureInfo.InvariantCulture))
{
var pemWriter = new PemWriter(stringWriter);
pemWriter.WriteObject(item);
pemWriter.Writer.Flush();
result = stringBuilder.ToString();
}
return(result);
}
async Task <IKey> AddPrivateKeyAsync(string name, AsymmetricCipherKeyPair keyPair, CancellationToken cancel)
{
// Create the key ID
var keyId = CreateKeyId(keyPair.Public);
// Create the PKCS #8 container for the key
string pem;
using (var sw = new StringWriter())
{
var pkcs8 = new Pkcs8Generator(keyPair.Private, Pkcs8Generator.PbeSha1_3DES)
{
Password = dek
};
var pw = new PemWriter(sw);
pw.WriteObject(pkcs8);
pw.Writer.Flush();
pem = sw.ToString();
}
// Store the key in the repository.
var key = new EncryptedKey
{
Id = keyId.ToBase58(),
Name = name,
Pem = pem
};
await Store.PutAsync(name, key);
log.DebugFormat("Added key '{0}' with ID {1}", name, keyId);
return(new KeyInfo {
Id = key.Id, Name = key.Name
});
}
public static (string publicKey, string privateKey) GenerateRsaKeyPair()
{
RsaKeyPairGenerator rsaGenerator = new RsaKeyPairGenerator();
rsaGenerator.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
var keyPair = rsaGenerator.GenerateKeyPair();
string publicKey;
using (TextWriter publicKeyTextWriter = new StringWriter())
{
PemWriter pemWriter = new PemWriter(publicKeyTextWriter);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
publicKey = publicKeyTextWriter.ToString();
}
string privateKey;
using (TextWriter privateKeyTextWriter = new StringWriter())
{
PemWriter pemWriter = new PemWriter(privateKeyTextWriter);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
privateKey = privateKeyTextWriter.ToString();
}
return(publicKey : publicKey, privateKey : privateKey);
}
/// <summary>
/// RSA: öffentlicher und privaten Schlüssel erzeugen
/// </summary>
/// <param name="privatekey">Privater Schlüssel</param>
/// <param name="publickey">Öffentlicher Schlüssel</param>
public static void createRSAKeyPair(out string privatekey, out string publickey)
{
//RSA-Schlüssel-Paar erzeugen
var r = new RsaKeyPairGenerator();
r.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
var keys = r.GenerateKeyPair();
//Private Key im PEM-Format
TextWriter textWriter = new StringWriter();
var pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(keys.Private);
pemWriter.Writer.Flush();
textWriter.Close();
privatekey = textWriter.ToString();
//Public Key im PEM-Formart
TextWriter textWriter1 = new StringWriter();
var pemWriter1 = new PemWriter(textWriter1);
pemWriter1.WriteObject(keys.Public);
pemWriter1.Writer.Flush();
textWriter1.Close();
publickey = textWriter1.ToString();
}
public static PemKeyPair GenerateKeyPair()
{
String privateKey = String.Empty;
String publicKey = String.Empty;
RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
keyGenerator.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
AsymmetricCipherKeyPair keyPair = keyGenerator.GenerateKeyPair();
using (TextWriter writer = new StringWriter())
{
PemWriter pemWriter = new PemWriter(writer);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
privateKey = writer.ToString();
}
using (TextWriter writer = new StringWriter())
{
PemWriter pemWriter = new PemWriter(writer);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
publicKey = writer.ToString();
}
return(new PemKeyPair(publicKey, privateKey));
}
public CsrResult GenerateCsr(AsymmetricCipherKeyPair keypair, string certificateSubjectText)
{
//PKCS #10 Certificate Signing Request
var signatureFactory = new Asn1SignatureFactory("SHA1WITHRSA", keypair.Private, _random);
var csr = new Pkcs10CertificationRequest(signatureFactory, new X509Name(certificateSubjectText), keypair.Public, null, keypair.Private);
//Convert BouncyCastle CSR to PEM file
var csrAsPem = new StringBuilder();
var csrAsPemWriter = new PemWriter(new StringWriter(csrAsPem));
csrAsPemWriter.WriteObject(csr);
csrAsPemWriter.Writer.Flush();
//Push the CSR text
var csrText = csrAsPem.ToString();
//Convert BouncyCastle Private Key to PEM file
var privateKeyPem = new StringBuilder();
var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem));
privateKeyPemWriter.WriteObject(keypair.Private);
csrAsPemWriter.Writer.Flush();
//Push the private key text
var privateKeyText = privateKeyPem.ToString();
return(new CsrResult()
{
PrivateKeyAsPem = privateKeyText, CsrAsPem = csrText
});
}
public static PemKeyPair GenerateKeyPair()
{
String privateKey = String.Empty;
String publicKey = String.Empty;
X9ECParameters ecParameters = ECNamedCurveTable.GetByName("secp256k1");
ECKeyPairGenerator keyGenerator = new ECKeyPairGenerator();
keyGenerator.Init(new ECKeyGenerationParameters(new ECDomainParameters(ecParameters.Curve, ecParameters.G, ecParameters.N, ecParameters.H), new SecureRandom()));
AsymmetricCipherKeyPair keyPair = keyGenerator.GenerateKeyPair();
using (TextWriter writer = new StringWriter())
{
PemWriter pemWriter = new PemWriter(writer);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
privateKey = writer.ToString();
}
using (TextWriter writer = new StringWriter())
{
PemWriter pemWriter = new PemWriter(writer);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
publicKey = writer.ToString();
}
return(new PemKeyPair(publicKey, privateKey));
}
public static string PrivateKeyXmlToPkcs8(string privateKey)
{
var root = XElement.Parse(privateKey);
var modulus = root.Element("Modulus");
var exponent = root.Element("Exponent");
var p = root.Element("P");
var q = root.Element("Q");
var dp = root.Element("DP");
var dq = root.Element("DQ");
var inverseQ = root.Element("InverseQ");
var d = root.Element("D");
var rsaPrivateCrtKeyParameters = new RsaPrivateCrtKeyParameters(
new BigInteger(1, Convert.FromBase64String(modulus.Value)),
new BigInteger(1, Convert.FromBase64String(exponent.Value)),
new BigInteger(1, Convert.FromBase64String(d.Value)),
new BigInteger(1, Convert.FromBase64String(p.Value)),
new BigInteger(1, Convert.FromBase64String(q.Value)),
new BigInteger(1, Convert.FromBase64String(dp.Value)),
new BigInteger(1, Convert.FromBase64String(dq.Value)),
new BigInteger(1, Convert.FromBase64String(inverseQ.Value)));
using var writer = new StringWriter();
var pemWriter = new PemWriter(writer);
var pkcs8 = new Pkcs8Generator(rsaPrivateCrtKeyParameters);
pemWriter.WriteObject(pkcs8);
pemWriter.Writer.Close();
return(writer.ToString());
}
/// <summary>
/// Create a new private/public key pair as PEM formatted strings.
/// </summary>
/// <returns>An <see cref="RsaKeyPair"/>.</returns>
public static RsaKeyPair GenerateRsaKeyPair()
{
var rsaGenerator = new RsaKeyPairGenerator();
rsaGenerator.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
var keyPair = rsaGenerator.GenerateKeyPair();
var rsaKeyPair = new RsaKeyPair();
using (var privateKeyTextWriter = new StringWriter())
{
var pemWriter = new PemWriter(privateKeyTextWriter);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
rsaKeyPair.PrivateKey = privateKeyTextWriter.ToString();
}
using (var publicKeyTextWriter = new StringWriter())
{
var pemWriter = new PemWriter(publicKeyTextWriter);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
rsaKeyPair.PublicKey = publicKeyTextWriter.ToString();
}
return(rsaKeyPair);
}
private void lengthTest(string type, IList headers, byte[] data)
{
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
PemObject pemObj = new PemObject(type, headers, data);
pWrt.WriteObject(pemObj);
pWrt.Writer.Close();
Assert.AreEqual(sw.ToString().Length, pWrt.GetOutputSize(pemObj));
}
public override void PerformTest()
{
IPasswordFinder pGet = new Password("secret".ToCharArray());
PemReader pemRd = OpenPemResource("test.pem", pGet);
IAsymmetricCipherKeyPair pair;
object o;
while ((o = pemRd.ReadObject()) != null)
{
// if (o is AsymmetricCipherKeyPair)
// {
// ackp = (AsymmetricCipherKeyPair)o;
//
// Console.WriteLine(ackp.Public);
// Console.WriteLine(ackp.Private);
// }
// else
// {
// Console.WriteLine(o.ToString());
// }
}
//
// pkcs 7 data
//
pemRd = OpenPemResource("pkcs7.pem", null);
ContentInfo d = (ContentInfo)pemRd.ReadObject();
if (!d.ContentType.Equals(CmsObjectIdentifiers.EnvelopedData))
{
Fail("failed envelopedData check");
}
/*
{
//
// ECKey
//
pemRd = OpenPemResource("eckey.pem", null);
// TODO Resolve return type issue with EC keys and fix PemReader to return parameters
// ECNamedCurveParameterSpec spec = (ECNamedCurveParameterSpec)pemRd.ReadObject();
pair = (AsymmetricCipherKeyPair)pemRd.ReadObject();
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
sgr.Init(true, pair.Private);
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, pair.Public);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("EC verification failed");
}
// TODO Resolve this issue with the algorithm name, study Java version
// if (!((ECPublicKeyParameters) pair.Public).AlgorithmName.Equals("ECDSA"))
// {
// Fail("wrong algorithm name on public got: " + ((ECPublicKeyParameters) pair.Public).AlgorithmName);
// }
//
// if (!((ECPrivateKeyParameters) pair.Private).AlgorithmName.Equals("ECDSA"))
// {
// Fail("wrong algorithm name on private got: " + ((ECPrivateKeyParameters) pair.Private).AlgorithmName);
// }
}
*/
//
// writer/parser test
//
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(
new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001),
new SecureRandom(),
768,
25));
pair = kpGen.GenerateKeyPair();
keyPairTest("RSA", pair);
// kpGen = KeyPairGenerator.getInstance("DSA");
// kpGen.initialize(512, new SecureRandom());
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, new SecureRandom());
kpGen = GeneratorUtilities.GetKeyPairGenerator("DSA");
kpGen.Init(
new DsaKeyGenerationParameters(
new SecureRandom(),
pGen.GenerateParameters()));
pair = kpGen.GenerateKeyPair();
keyPairTest("DSA", pair);
//
// PKCS7
//
MemoryStream bOut = new MemoryStream();
PemWriter pWrt = new PemWriter(new StreamWriter(bOut));
pWrt.WriteObject(d);
pWrt.Writer.Close();
pemRd = new PemReader(new StreamReader(new MemoryStream(bOut.ToArray(), false)));
d = (ContentInfo)pemRd.ReadObject();
if (!d.ContentType.Equals(CmsObjectIdentifiers.EnvelopedData))
{
Fail("failed envelopedData recode check");
}
// OpenSSL test cases (as embedded resources)
doOpenSslDsaTest("unencrypted");
doOpenSslRsaTest("unencrypted");
doOpenSslTests("aes128");
doOpenSslTests("aes192");
doOpenSslTests("aes256");
doOpenSslTests("blowfish");
doOpenSslTests("des1");
doOpenSslTests("des2");
doOpenSslTests("des3");
doOpenSslTests("rc2_128");
doOpenSslDsaTest("rc2_40_cbc");
doOpenSslRsaTest("rc2_40_cbc");
doOpenSslDsaTest("rc2_64_cbc");
doOpenSslRsaTest("rc2_64_cbc");
// TODO Figure out why exceptions differ for commented out cases
doDudPasswordTest("7fd98", 0, "Corrupted stream - out of bounds length found");
doDudPasswordTest("ef677", 1, "Corrupted stream - out of bounds length found");
// doDudPasswordTest("800ce", 2, "cannot recognise object in stream");
doDudPasswordTest("b6cd8", 3, "DEF length 81 object truncated by 56");
doDudPasswordTest("28ce09", 4, "DEF length 110 object truncated by 28");
doDudPasswordTest("2ac3b9", 5, "DER length more than 4 bytes: 11");
doDudPasswordTest("2cba96", 6, "DEF length 100 object truncated by 35");
doDudPasswordTest("2e3354", 7, "DEF length 42 object truncated by 9");
doDudPasswordTest("2f4142", 8, "DER length more than 4 bytes: 14");
doDudPasswordTest("2fe9bb", 9, "DER length more than 4 bytes: 65");
doDudPasswordTest("3ee7a8", 10, "DER length more than 4 bytes: 57");
doDudPasswordTest("41af75", 11, "malformed sequence in DSA private key");
doDudPasswordTest("1704a5", 12, "corrupted stream detected");
// doDudPasswordTest("1c5822", 13, "corrupted stream detected");
// doDudPasswordTest("5a3d16", 14, "corrupted stream detected");
doDudPasswordTest("8d0c97", 15, "corrupted stream detected");
doDudPasswordTest("bc0daf", 16, "corrupted stream detected");
doDudPasswordTest("aaf9c4d",17, "Corrupted stream - out of bounds length found");
// encrypted private key test
pGet = new Password("password".ToCharArray());
pemRd = OpenPemResource("enckey.pem", pGet);
RsaPrivateCrtKeyParameters privKey = (RsaPrivateCrtKeyParameters)pemRd.ReadObject();
if (!privKey.PublicExponent.Equals(new BigInteger("10001", 16)))
{
Fail("decryption of private key data check failed");
}
// general PKCS8 test
pGet = new Password("password".ToCharArray());
pemRd = OpenPemResource("pkcs8test.pem", pGet);
while ((privKey = (RsaPrivateCrtKeyParameters)pemRd.ReadObject()) != null)
{
if (!privKey.PublicExponent.Equals(new BigInteger("10001", 16)))
{
Fail("decryption of private key data check failed");
}
}
}
private void keyPairTest(
string name,
IAsymmetricCipherKeyPair pair)
{
MemoryStream bOut = new MemoryStream();
PemWriter pWrt = new PemWriter(new StreamWriter(bOut));
pWrt.WriteObject(pair.Public);
pWrt.Writer.Close();
PemReader pemRd = new PemReader(new StreamReader(new MemoryStream(bOut.ToArray(), false)));
IAsymmetricKeyParameter pubK = (AsymmetricKeyParameter) pemRd.ReadObject();
if (!pubK.Equals(pair.Public))
{
Fail("Failed public key read: " + name);
}
bOut = new MemoryStream();
pWrt = new PemWriter(new StreamWriter(bOut));
pWrt.WriteObject(pair.Private);
pWrt.Writer.Close();
pemRd = new PemReader(new StreamReader(new MemoryStream(bOut.ToArray(), false)));
IAsymmetricCipherKeyPair kPair = (AsymmetricCipherKeyPair) pemRd.ReadObject();
if (!kPair.Private.Equals(pair.Private))
{
Fail("Failed private key read: " + name);
}
if (!kPair.Public.Equals(pair.Public))
{
Fail("Failed private key public read: " + name);
}
}
private void EncryptedTest(IAsymmetricKeyParameter privKey, string algorithm)
{
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
Pkcs8Generator pkcs8 = new Pkcs8Generator(privKey, algorithm);
pkcs8.Password = "******".ToCharArray();
pWrt.WriteObject(pkcs8);
pWrt.Writer.Close();
String result = sw.ToString();
PemReader pRd = new PemReader(new StringReader(result), new Password("hello".ToCharArray()));
IAsymmetricKeyParameter rdKey = (AsymmetricKeyParameter)pRd.ReadObject();
pRd.Reader.Close();
Assert.AreEqual(privKey, rdKey);
}
public void TestPkcs8Plain()
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
IAsymmetricKeyParameter privKey = kpGen.GenerateKeyPair().Private;
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
Pkcs8Generator pkcs8 = new Pkcs8Generator(privKey);
pWrt.WriteObject(pkcs8);
pWrt.Writer.Close();
string result = sw.ToString();
PemReader pRd = new PemReader(new StringReader(result), new Password("hello".ToCharArray()));
IAsymmetricKeyParameter rdKey = (AsymmetricKeyParameter)pRd.ReadObject();
pRd.Reader.Close();
Assert.AreEqual(privKey, rdKey);
}
