public static void GenerateKeyPair(PkiAlgorithm algorithm, int bits, out PrivKey privateKey, out PubKey publicKey)
{
switch (algorithm)
{
case PkiAlgorithm.RSA:
GenerateRsaKeyPair(bits, out privateKey, out publicKey);
break;
case PkiAlgorithm.ECDSA:
GenerateEcdsaKeyPair(bits, out privateKey, out publicKey);
break;
default:
throw new ArgumentException("algorithm");
}
}
public CertificateOptions(PkiAlgorithm algorithm, string?cn = null, string?o = null, string?ou = null, string?c = null,
string?st = null, string?l = null, string?e = null,
Memory <byte> serial = default, DateTimeOffset?expires = null, string[]?subjectAltNames = null, PkiShaSize shaSize = PkiShaSize.SHA256,
int keyUsages = 0, KeyPurposeID[]?extendedKeyUsages = null)
{
this.Algorithm = algorithm;
this.CN = cn._NonNullTrim();
this.O = o._NonNullTrim();
this.OU = ou._NonNullTrim();
this.C = c._NonNullTrim();
this.ST = st._NonNullTrim();
this.L = l._NonNullTrim();
this.E = e._NonNullTrim();
this.Serial = serial._CloneMemory();
this.ShaSize = shaSize;
if (this.Serial.IsEmpty)
{
this.Serial = Secure.Rand(16);
this.Serial.Span[0] = (byte)(this.Serial.Span[0] & 0x7f);
}
this.Expires = expires ?? Util.MaxDateTimeOffsetValue;
this.SubjectAlternativeNames.Add(this.CN);
if (keyUsages == 0)
{
keyUsages = KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyEncipherment | KeyUsage.DataEncipherment | KeyUsage.KeyCertSign | KeyUsage.CrlSign;
}
this.KeyUsages = keyUsages;
if (extendedKeyUsages == null)
{
extendedKeyUsages = new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPCodeSigning, KeyPurposeID.IdKPEmailProtection,
KeyPurposeID.IdKPIpsecEndSystem, KeyPurposeID.IdKPIpsecTunnel, KeyPurposeID.IdKPIpsecUser, KeyPurposeID.IdKPTimeStamping, KeyPurposeID.IdKPOcspSigning };
}
this.ExtendedKeyUsages = extendedKeyUsages;
if (subjectAltNames != null)
{
subjectAltNames.Where(x => x._IsEmpty() == false)._DoForEach(x => this.SubjectAlternativeNames.Add(x.Trim()));
}
}
public static string GetSignatureAlgorithmOid(PkiAlgorithm algorithm, PkiShaSize?shaSize = null, int size = 0)
{
string alg;
if (shaSize == null)
{
if (size >= 512)
{
shaSize = PkiShaSize.SHA512;
}
else if (size >= 384)
{
shaSize = PkiShaSize.SHA384;
}
else
{
shaSize = PkiShaSize.SHA256;
}
}
switch (algorithm)
{
case PkiAlgorithm.RSA:
switch (shaSize)
{
default:
alg = PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id;
break;
case PkiShaSize.SHA384:
alg = PkcsObjectIdentifiers.Sha384WithRsaEncryption.Id;
break;
case PkiShaSize.SHA512:
alg = PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id;
break;
}
break;
case PkiAlgorithm.ECDSA:
switch (shaSize)
{
default:
alg = X9ObjectIdentifiers.ECDsaWithSha256.Id;
break;
case PkiShaSize.SHA384:
alg = X9ObjectIdentifiers.ECDsaWithSha384.Id;
break;
case PkiShaSize.SHA512:
alg = X9ObjectIdentifiers.ECDsaWithSha512.Id;
break;
}
break;
default:
throw new ArgumentException("selfSignKey: Unknown key algorithm");
}
return(alg);
}