public void CalculateSignatureShouldSucceed()
{
// The certificate should exist in the certificate store
// on LocalMachine in CA store with appropriate subject CN
// as it is defined in with the given "issuerSubject".
// This certificate should have an associated private key that may not be exportable.
const string issuerSubject = "L2";
var privateKey = new PksEcPrivateKey(
issuerSubject,
"CA",
"LocalMachine");
const string algorithm = "SHA256withECDSA";
ISignatureFactory signatureFactory = new PksAsn1SignatureFactory(algorithm, privateKey);
// example of hash, real hash will be a longer byte array
byte[] hash = { 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8 };
IStreamCalculator calculator = signatureFactory.CreateCalculator();
using (var stream = calculator.Stream)
{
stream.Write(hash, 0, hash.Length);
}
object result = calculator.GetResult();
byte[] signature = ((IBlockResult)result).Collect(); // ASN.1 DER formatted signature
Assert.IsNotNull(signature);
}
private AsymmetricKeyParameter ExtractPrivateKey(X509Certificate2 signingCertificate, X509Certificate publicPartOfSigningCertificate)
{
if (!signingCertificate.HasPrivateKey)
{
throw new CertificateIssuerException(
$"Certificate doesn't have the private key. Certificate DN: {signingCertificate.SubjectName.Name} , Serial number: {signingCertificate.SerialNumber}");
}
string certSubjectCn = publicPartOfSigningCertificate.SubjectDN.GetValueList(X509Name.CN)
.Cast <string>()
.FirstOrDefault();
var privateKey = new PksEcPrivateKey(
certSubjectCn,
"CA",
"LocalMachine");
return(privateKey);
}
public void CreateCertificateShouldSucceed()
{
// some public key in base64 DER encoded, that will be used as public key of the new certificate,
// it should be ECDSA with SHA256 for this example, since the signing Certificate is also ECDSA with SHA256 (OID 1.2.840.10045.4.3.2)
const string publicKey = @"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhpFTpKgGDqfxSwp9WlPJMa2o3XR5x1xKAgC4CR2AFbSzGFAjCIkUKtBCUrA5Te6ydhxVduA3JFE2hzqy/6V6qA==";
// The certificate should exist in the certificate store
// on LocalMachine in CA store with appropriate subject CN
// as it is defined in with the given "issuerSubject".
// This certificate should have an associated private key that may not be exportable.
const string issuerSubject = "L2";
var privateKey = new PksEcPrivateKey(
issuerSubject,
"CA",
"LocalMachine");
const string algorithm = "SHA256withECDSA";
ISignatureFactory signatureFactory = new PksAsn1SignatureFactory(algorithm, privateKey);
// signatureCalculatorFactory can be used for generating a new certificate with BouncyCastle
var certificateGenerator = new X509V3CertificateGenerator();
// ... set all other required fields of the X509V3CertificateGenerator
certificateGenerator.SetSerialNumber(BigInteger.One);
certificateGenerator.SetIssuerDN(ToX509Name(issuerSubject));
certificateGenerator.SetSubjectDN(ToX509Name("My-new-cert", "My-org"));
certificateGenerator.SetPublicKey(
PublicKeyFactory.CreateKey(
SubjectPublicKeyInfo.GetInstance(Convert.FromBase64String(publicKey))));
certificateGenerator.SetNotBefore(DateTime.Now.Subtract(TimeSpan.FromMinutes(10)));
certificateGenerator.SetNotAfter(DateTime.Now.Add(TimeSpan.FromDays(14)));
// finally run the generator for a new certificate:
X509Certificate cert = certificateGenerator.Generate(signatureFactory);
Assert.IsNotNull(cert);
}
public void ValidShouldSucceed()
{
// example of hash, real hash will be a longer byte array
byte[] hash = { 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8 };
ICipherParameters privateKey = new PksEcPrivateKey(
"L2",
"CA",
"LocalMachine");
var dsaSigner = new PksEcdsaSigner();
dsaSigner.Init(true, privateKey); // init forSigning. this is how it is used in BouncyCastle DsaDigestSigner
BigInteger[] signature = dsaSigner.GenerateSignature(hash);
// for ECDSA "signature" contains two values R and S, where R=signature[0], S=signature[1]
var r = signature[0];
var s = signature[1];
Assert.IsFalse(BigInteger.Zero.Equals(r), "r - shouldn't be zero");
Assert.IsFalse(BigInteger.Zero.Equals(s), "s - shouldn't be zero");
}