/// <summary> /// Decrypt method implementation /// </summary> public override byte[] Decrypt(byte[] cipherData, string description = "") { if (cipherData == null || cipherData.Length <= 0) { throw new ArgumentNullException("cipherData"); } if (!IsEncrypted(cipherData)) { return(cipherData); } if (!CngKey.Exists(SystemUtilities.SystemKeyName, KeyStorageProvider, CngKeyOpenOptions.MachineKey)) { throw new CryptographicException(string.Format("Error : key {0} doesn't exist...", SystemUtilities.SystemKeyName)); } try { byte[] unencrypted = null; byte[] encrypted = RemoveHeader(cipherData); CngKey cngkey = CngKey.Open(SystemUtilities.SystemKeyName, KeyStorageProvider, CngKeyOpenOptions.MachineKey); using (RSACng aes = new RSACng(cngkey)) { unencrypted = aes.Decrypt(encrypted, RSAEncryptionPadding.OaepSHA256); return(unencrypted); } } catch (Exception Ex) { if (!string.IsNullOrEmpty(description)) { Log.WriteEntry(string.Format("Error decrypting value for {0} : {1}", description, Ex.Message), System.Diagnostics.EventLogEntryType.Error, 666); } return(cipherData); } }
/// <summary> /// Given a KeyProvider and a KeyName, decrypts the data with the given key /// </summary> /// <param name="providerName">Provider where the key is stored</param> /// <param name="keyName">Name of the key to use</param> /// <param name="toDecrypt">Data to decrypt</param> /// <param name="hashAlgorithm">OAEP hash algorithm, Look in PaddingHashAlgorithmNames.cs for values, but supports only SHA1, SHA256, SHA384, SHA512</param> /// <param name="paddingFlags">Padding Type, Look in PaddingFlags.cs for values, but supports only PKCS1 amd OAEP</param> /// <exception cref="CryptographicException">Cryptographic Exception</exception> /// <returns>The decrypted data</returns> public byte[] DecryptWithLocalKey(string providerName, string keyName, byte[] toDecrypt, string hashAlgorithm = PaddingHashAlgorithmNames.SHA512, int paddingFlags = PaddingFlags.OAEPPadding) { CngProvider provider = new CngProvider(providerName); bool keyExists = false; byte[] decrypted; try { keyExists = CngKey.Exists(keyName, provider); } catch (CryptographicException e) { // This happens if the provider isn't a valid one, but we want the exception to have better info throw new CryptographicException(string.Format("The provider {0} does not exist", providerName), e); } if (!keyExists) { throw new CryptographicException(string.Format("They key {0} does not exist and cannot be used for decryption", keyName)); } using (CngKey key = CngKey.Open(keyName, provider)) { using (RSACng rsa = new RSACng(key)) { RSAEncryptionPadding padding = this.GetRSAPadding(hashAlgorithm, paddingFlags); decrypted = rsa.Decrypt(toDecrypt, padding); } } return(decrypted); }
private static byte[] decryptBytesPublicKey(byte[] data, X509Certificate2 certificate) { /* * byte[] chunk = new byte[16]; * byte[] outputBytes = new byte[data.Length]; * int position = 0; * int leftover = 0; * * //rsa needs to decrypt in blocks of data * bool notDecrypted = true; * while (notDecrypted) * { * if (position + 16 < data.Length) * { //if we have not reached the end, copy next 16 bytes in the chunk of data to decrypt * Array.Copy(data, position, chunk, position, 16); * position += 16; * } * else * { * Array.Copy(data, position, chunk, position, data.Length - position); * leftover = data.Length - position; * notDecrypted = false; * }*/ if (data.Length < 256) { var x = new byte[256 - data.Length]; data = combine(x, data); } using (RSACng rsa = (RSACng)certificate.GetRSAPublicKey()) { return(rsa.Decrypt(data, RSAEncryptionPadding.OaepSHA256)); //Array.Copy(x, 0, outputBytes, position, leftover > 0 ? leftover : position); } }
/// <summary> /// Decrypt method implementation /// </summary> public override string Decrypt(string cipherText, string description = "") { if (string.IsNullOrEmpty(cipherText)) { return(cipherText); } if (!IsEncrypted(cipherText)) { return(cipherText); } try { byte[] encrypted = RemoveHeader(Convert.FromBase64String(cipherText)); byte[] unencrypted = null; CngKey cngkey = CngKey.Open(SystemUtilities.SystemKeyName, KeyStorageProvider, CngKeyOpenOptions.MachineKey); using (RSACng aes = new RSACng(cngkey)) { unencrypted = aes.Decrypt(encrypted, RSAEncryptionPadding.OaepSHA256); return(Encoding.Unicode.GetString(unencrypted)); } } catch (Exception Ex) { if (!string.IsNullOrEmpty(description)) { Log.WriteEntry(string.Format("Error decrypting value for {0} : {1}", description, Ex.Message), System.Diagnostics.EventLogEntryType.Error, 666); } return(cipherText); } }
private static byte[] decryptBytesPrivateKey(byte[] data, X509Certificate2 certificate) { using (RSACng rsa = (RSACng)certificate.GetRSAPrivateKey()) { return(rsa.Decrypt(data, RSAEncryptionPadding.OaepSHA256)); } }
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header) { if (key is CngKey) { var privateKey = new RSACng((CngKey)key); var padding = useRsaOaepPadding ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1; return(privateKey.Decrypt(encryptedCek, padding)); } if (key is RSACryptoServiceProvider) { var privateKey = (RSACryptoServiceProvider)key; return(privateKey.Decrypt(encryptedCek, useRsaOaepPadding)); } if (key is RSA) { var privateKey = (RSA)key; var padding = useRsaOaepPadding ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1; return(privateKey.Decrypt(encryptedCek, padding)); } throw new ArgumentException("RsaKeyManagement algorithm expects key to be of either CngKey, RSACryptoServiceProvider or RSA types."); }
/// <summary> /// Decrypt the text using the specified CNG key. /// </summary> /// <param name="rsaCngProvider">RSA CNG Provider.</param> /// <param name="encryptedColumnEncryptionKey">Encrypted Column Encryption Key.</param> /// <returns>Returns the decrypted plaintext Column Encryption Key or throws an exception if there are any errors.</returns> private byte[] RSADecrypt(RSACng rsaCngProvider, byte[] encryptedColumnEncryptionKey) { Debug.Assert((encryptedColumnEncryptionKey != null) && (encryptedColumnEncryptionKey.Length != 0)); Debug.Assert(rsaCngProvider != null); return(rsaCngProvider.Decrypt(encryptedColumnEncryptionKey, RSAEncryptionPadding.OaepSHA1)); }
public object Decrypt(object value, string keyName = null) { #if NETSTANDARD using (var rsa = new RSACng()) { var privateKey = GetParameters(KeyStore.GetKey(PrivateKey)); rsa.ImportParameters(privateKey); var cypherBytes = Convert.FromBase64String(value.ToString()); var plainBytes = rsa.Decrypt(cypherBytes, Padding); return(Encoding.UTF8.GetString(plainBytes)); } #else using (var rsa = (RSACryptoServiceProvider)RSA.Create()) { var privateKey = GetParameters(KeyStore.GetKey(PrivateKey)); rsa.ImportParameters(privateKey); var cypherBytes = Convert.FromBase64String(value.ToString()); var plainBytes = rsa.Decrypt(cypherBytes, false); return(Encoding.UTF8.GetString(plainBytes)); } #endif }
public static string Decrypt(string B64text, string Key, int Keybits = 2048) { string plainText = ""; byte[] encryptedBytes = null; byte[] plainBytes = null; try { using (RSACng rsa = new RSACng(Keybits)) { rsa.FromXmlString(Key); encryptedBytes = Convert.FromBase64String(B64text); plainBytes = rsa.Decrypt(encryptedBytes, RSAEncryptionPadding.Pkcs1); plainText = Encoding.Unicode.GetString(plainBytes); } return(plainText); } catch (Exception ex) { Console.WriteLine("Exception decrypting file! More info:"); Console.WriteLine(ex.Message); } finally { } return(null); }
/// <summary> /// Given a KeyProvider and a KeyName, decrypts the data with the given key /// </summary> /// <param name="providerName">Provider where the key is stored</param> /// <param name="keyName">Name of the key to use</param> /// <param name="toDecrypt">Data to decrypt</param> /// <param name="hashAlgorithm">OAEP hash algorithm, Look in PaddingHashAlgorithmNames.cs for values, but supports only SHA1, SHA256, SHA384, SHA512</param> /// <param name="paddingFlags">Padding Type, Look in PaddingFlags.cs for values, but supports only PKCS1 amd OAEP</param> /// <exception cref="CryptographicException">Cryptographic Exception</exception> /// <returns>The decrypted data</returns> public byte[] DecryptWithLocalKey(string providerName, string keyName, byte[] toDecrypt, string hashAlgorithm = PaddingHashAlgorithmNames.SHA512, int paddingFlags = PaddingFlags.OAEPPadding) { CngProvider provider = new CngProvider(providerName); byte[] decrypted; CngKeyOpenOptions cngkeyOpenOpts = CngKeyOpenOptions.MachineKey; bool keyExists = doesKeyExists(provider, keyName, cngkeyOpenOpts); if (!keyExists) { if (doesKeyExists(provider, keyName, CngKeyOpenOptions.None)) { cngkeyOpenOpts = CngKeyOpenOptions.None; } else { throw new CryptographicException(string.Format("They key {0} does not exist and cannot be used for decryption", keyName)); } } using (CngKey key = CngKey.Open(keyName, provider, cngkeyOpenOpts)) { using (RSACng rsa = new RSACng(key)) { RSAEncryptionPadding padding = this.GetRSAPadding(hashAlgorithm, paddingFlags); decrypted = rsa.Decrypt(toDecrypt, padding); } } return(decrypted); }
public static byte[] Decrypt(byte[] privateKey, byte[] data) { CngKey key = CngKey.Import(privateKey, CngKeyBlobFormat.GenericPrivateBlob); RSACng crypto = new RSACng(key); var result = crypto.Decrypt(data, RSAEncryptionPadding.OaepSHA512); return(result); }
public static byte[] DecryptRSA(byte[] data, RSACng privateKey, RSAEncryptionPadding padding) { //using (RSACng instance = new RSACng()) { //instance.ImportParameters(privateKey.ExportParameters(true)); //return instance.Encrypt(data, padding); //} return(privateKey.Decrypt(data, padding)); }
internal static void DecryptXml(RSACng asymmetricAlgorithm, XmlDocument xmlDoc, string[] xmlElementsXPaths) { if (asymmetricAlgorithm == null) { throw new ArgumentNullException("asymmetricAlgorithm"); } if (xmlDoc == null) { throw new ArgumentNullException("xmlDoc"); } if (xmlElementsXPaths == null) { throw new ArgumentNullException("xmlElementsXPaths"); } // create the symmetric algorithm which was used for encryption var symmetricAlgorithm = new AesManaged(); symmetricAlgorithm.Padding = PaddingMode.ISO10126; foreach (var xPath in xmlElementsXPaths) { // select all encrypted attribute elements var encryptedElements = xmlDoc.SelectNodes(xPath); Debug.Assert(encryptedElements != null, "encryptedElements != null"); foreach (XmlNode encryptedElement in encryptedElements) { // load the encrypted data element var encryptedDataElement = encryptedElement.SelectSingleNode("//*[local-name() = 'EncryptedData']") as XmlElement; var encryptedData = new EncryptedData(); Debug.Assert(encryptedDataElement != null, "encryptedDataElement != null"); encryptedData.LoadXml(encryptedDataElement); // load the encrypted key element var encryptedKeyElement = encryptedDataElement.SelectSingleNode("//*[local-name() = 'EncryptedKey']") as XmlElement; var encryptedKey = new EncryptedKey(); Debug.Assert(encryptedKeyElement != null, "encryptedKeyElement != null"); encryptedKey.LoadXml(encryptedKeyElement); // decrypt the key using the specifief asymmetric algorithm var symetricKey = asymmetricAlgorithm.Decrypt(encryptedKey.CipherData.CipherValue, RSAEncryptionPadding.OaepSHA1); // use the asymmetric decrypted key to decrypt the encrypted data using the specified symmetric algorithm symmetricAlgorithm.Key = symetricKey; var output = new EncryptedXml { Mode = CipherMode.CBC, Padding = PaddingMode.ISO10126 }; var data = output.DecryptData(encryptedData, symmetricAlgorithm); // replace the encrypted element with its decrypted form output.ReplaceData((XmlElement)encryptedElement, data); } } }
public string Decrypt(string encryptedData, string keyName) { var key = CngKey.Open(keyName); var decodedData = Convert.FromBase64String(encryptedData); var cng = new RSACng(key); var decryptedData = cng.Decrypt(decodedData, RSAEncryptionPadding.Pkcs1); var decodedString = Encoding.UTF8.GetString(decryptedData); return(decodedString); }
public string RSADecrypt(string cipherText) { var keyData = Convert.FromBase64String(_privateKey); using var cngKey = CngKey.Import(keyData, CngKeyBlobFormat.Pkcs8PrivateBlob); using var rsa = new RSACng(cngKey); var data = Convert.FromBase64String(cipherText); var decryptData = rsa.Decrypt(data, RSAEncryptionPadding.OaepSHA256); return(Encoding.UTF8.GetString(decryptData)); }
/// <summary> /// Decrypts the message using an exchange private key that has a pin. /// </summary> /// <param name="encryptedMessage">Encrypted message as base64 string to be decrypted</param> /// <param name="privateKey">Private exchange key to decrypt the message</param> /// <param name="padding">Padding mode to be used with the decryption</param> /// <param name="pin">The private key pin</param> /// <returns>Decrypted message as byte array</returns> /// <exception cref="ArgumentException">There is null in the parameters or one of the parameters empty</exception> /// <exception cref="CryptographicException">The cryptographic service provider (CSP) cannot be acquired.-or- The parameters parameter has missing fields. -or- The padding mode is not supported. -or- The certificate context is invalid. -or- wrong pin has been inputed.</exception> /// <exception cref="FormatException">The length of string, ignoring white-space characters, is not zero or a multiple of 4. -or-The format of s is invalid. string contains a non-base-64 character, more than two padding characters, or a non-white space-character among the padding characters.</exception> public static byte[] Decrypt(string encryptedMessage, X509Certificate2 privateKey, RSAEncryptionPadding padding, string pin) { try { byte[] decodedEncryptedBytes = Convert.FromBase64String(encryptedMessage); RSA rsa = privateKey.GetRSAPrivateKey(); RSACng rsaCng = rsa as RSACng; if (rsaCng != null) { // Set the PIN, an explicit null terminator is required to this Unicode/UCS-2 string. byte[] propertyBytes; if (pin[pin.Length - 1] == '\0') { propertyBytes = Encoding.Unicode.GetBytes(pin); } else { propertyBytes = new byte[Encoding.Unicode.GetByteCount(pin) + 2]; Encoding.Unicode.GetBytes(pin, 0, pin.Length, propertyBytes, 0); } const string NCRYPT_PIN_PROPERTY = "SmartCardPin"; CngProperty pinProperty = new CngProperty( NCRYPT_PIN_PROPERTY, propertyBytes, CngPropertyOptions.None); rsaCng.Key.SetProperty(pinProperty); return(rsaCng.Decrypt(decodedEncryptedBytes, padding)); } throw new CryptographicException("The key is not compatible with Cryptography Next Generation (CNG)"); } catch (CryptographicException ex) { throw ex; } catch (ArgumentNullException ex) { throw ex; } catch (FormatException ex) { throw ex; } }
private UserConnection ProcessClient(Socket s) { var ss = Encoding.ASCII.GetBytes("aaaa can you see this??"); s.Send(ss); UserConnection conn = new UserConnection(); conn.Sock = s; conn.Aes = new AesCryptoServiceProvider(); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { using (RSACng rsa = new RSACng(3072)) { conn.Sock.Send(rsa.ExportRSAPublicKey()); var aesKey = new byte[384]; conn.Sock.Receive(aesKey); conn.Aes.Key = rsa.Decrypt(aesKey, RSAEncryptionPadding.Pkcs1); } } else { using (RSAOpenSsl rsa = new RSAOpenSsl(3072)) { conn.Sock.Send(rsa.ExportRSAPublicKey()); var aesKey = new byte[384]; conn.Sock.Receive(aesKey); conn.Aes.Key = rsa.Decrypt(aesKey, RSAEncryptionPadding.Pkcs1); } } byte[] encryptedMsg; var header = new byte[20]; conn.Aes.IV.CopyTo(header, 0); using (MemoryStream mem = new MemoryStream()) { using (CryptoStream cs = new CryptoStream(mem, conn.Aes.CreateEncryptor(), CryptoStreamMode.Write)) { using (StreamWriter sw = new StreamWriter(cs)) sw.Write("OK!"); encryptedMsg = mem.ToArray(); } } BitConverter.GetBytes(encryptedMsg.Length).CopyTo(header, 16); conn.Sock.Send(header); conn.Sock.Send(encryptedMsg); return(conn); }
public T104 GetSymmetricKeyAndSignature() { Request request = new Request(appConfig); request.GlobalInfo.InterfaceCode = "T104"; T104 response = (T104)SendRequest(request); byte[] privateKey = Convert.FromBase64String(File.ReadAllText(appConfig.PrivateKey)); using (CngKey signingKey = CngKey.Import(privateKey, CngKeyBlobFormat.Pkcs8PrivateBlob)) using (RSACng rsaCng = new RSACng(signingKey)) { byte[] decryptedAESKey = rsaCng.Decrypt(Convert.FromBase64String(response.PasswordAes), RSAEncryptionPadding.Pkcs1); string AESKey = Encoding.UTF8.GetString(decryptedAESKey); File.WriteAllText(appConfig.SessionAESKey, AESKey); } return(response); }
protected override bool HandshakeActive(SendCall Send, ReceiveCall Receive) { Send(Encoding.ASCII.GetBytes(KEXCrypto.ToXmlString(false))); if (!Receive(out byte[] data, out EndPoint source)) { return(false); } DataCrypto.Key = KEXCrypto.Decrypt(data, RSAEncryptionPadding.OaepSHA256); Send(DataCrypto.IV); if (!Receive(out data, out source)) { return(false); } return(DecryptSecret(data)); }
public void RSACngTest() { byte[] keyData; var rsaKeyParameters = new CngKeyCreationParameters { ExportPolicy = CngExportPolicies.AllowPlaintextExport, KeyUsage = CngKeyUsages.AllUsages, Parameters = { new CngProperty("Length", BitConverter.GetBytes(2048), CngPropertyOptions.None) } }; using (var key = CngKey.Create(CngAlgorithm.Rsa, null, rsaKeyParameters)) { keyData = key.Export(CngKeyBlobFormat.Pkcs8PrivateBlob); } Console.WriteLine("-----BEGIN PRIVATE KEY-----"); Console.WriteLine(Convert.ToBase64String(keyData, Base64FormattingOptions.InsertLineBreaks)); Console.WriteLine("-----END PRIVATE KEY-----"); string original = "Hello world!"; Console.WriteLine(original); byte[] encrypted; using (var key = CngKey.Import(keyData, CngKeyBlobFormat.Pkcs8PrivateBlob)) using (var rsa = new RSACng(key)) { encrypted = rsa.Encrypt(Encoding.UTF8.GetBytes(original), RSAEncryptionPadding.Pkcs1); } Console.WriteLine(Convert.ToBase64String(encrypted)); string decrypted; using (var key = CngKey.Import(keyData, CngKeyBlobFormat.Pkcs8PrivateBlob)) using (var rsa = new RSACng(key)) { decrypted = Encoding.UTF8.GetString(rsa.Decrypt(encrypted, RSAEncryptionPadding.Pkcs1)); } }
public override byte[] Decrypt(byte[] cipherBytes, byte[] iv = null, string keyName = null) { #if NETSTANDARD using (var rsa = new RSACng()) { var privateKey = GetParameters(KeyStore.GetKey(PrivateKey)); rsa.ImportParameters(privateKey); return(rsa.Decrypt(cipherBytes, Padding)); } #else using (var rsa = (RSACryptoServiceProvider)RSA.Create()) { var privateKey = GetParameters(KeyStore.GetKey(PrivateKey)); rsa.ImportParameters(privateKey); return(rsa.Decrypt(cipherBytes, false)); } #endif }
public byte[] Decrypt(byte[] encryptedData) { CngProvider provider = new CngProvider(kspName); CngKey key; // If you get an error here, make sure you register the KSP and the project run in 64bits if (!CngKey.Exists(keyId, provider)) { throw new System.ArgumentException("Key " + keyId + " not found in " + kspName); } key = CngKey.Open(keyId, provider); RSACng cryptoEngine = new RSACng(key); var decryptedData = cryptoEngine.Decrypt(encryptedData, System.Security.Cryptography.RSAEncryptionPadding.OaepSHA256); cryptoEngine.Dispose(); key.Dispose(); return(decryptedData); }
DecryptAsync(byte[] ciphertext, byte[] iv, byte[] authenticationData, byte[] authenticationTag, string algorithm, System.Threading.CancellationToken token) { byte[] plaintext = rsaPrivateKey.Decrypt(ciphertext, RSAEncryptionPadding.OaepSHA1); return(Task.FromResult(plaintext)); }
/// <summary> /// Decrypts a string using the <see cref="RSA"/> algorithm. /// </summary> /// <param name="s">The encrypted string.</param> /// <param name="params">The <see cref="RSAParameters"/> that should be used.</param> /// <returns>Returns the decrypted string.</returns> public string RSADecrypt(string s, RSAParameters @params) { rsa.ImportParameters(@params); return(Encoding.UTF8.GetString(rsa.Decrypt(Convert.FromBase64String(s), RSAEncryptionPadding.Pkcs1))); }
public byte[] Decrypt(byte[] encryptedBytes) { return(rsa.Decrypt(encryptedBytes, RSAEncryptionPadding.Pkcs1)); }
private void Connecting(string userName, string password) { #if NETCOREAPP using (var clientRSA = RSA.Create()) #else using (var clientRSA = new RSACng()) #endif { var clientPK = clientRSA.Export(); using (DataPackage request = new DataPackage("UserName.String.32", "PublicKey.String.256")) { request.Headers.Add("ActionID", "Sys.LoginRequest"); request.Headers.Add("UserName", userName); request.UpdateHeaders(); request.AddNew(); request["UserName"] = userName; request["PublicKey"] = clientPK; request.Update(); using (var response = SendAndRecieve(request)) { if (response.Headers.ContainsKey("Status") && (string)response.Headers["Status"] == "ERROR") { throw new TCPConnectorException(response); } response.GoDataTop(); response.Read(); _loginInfo = new LoginInfo(); _loginInfo.Import(clientRSA.Decrypt(((string)response["LoginInfo"]).ToByteArray(), _padding)); _clientAes = Aes.Create() .ImportBin(_loginInfo.CryptoKey); } } using (var request = new DataPackage("UserName.String.32", "SessionID.String.34", "EncryptedKey.String.256")) { request.Headers.Add("ActionID", "Sys.Logon"); request.Headers.Add("UserName", userName); request.UpdateHeaders(); request.AddNew(); request["UserName"] = userName; request["SessionID"] = _loginInfo.SessionID.ToString(); request["EncryptedKey"] = _clientAes .EncryptBin(Encoding.UTF8.GetBytes(password)) .ToBASE64String(); request.Update(); using (var response = SendAndRecieve(request)) { if (response.Headers.ContainsKey("Status") && (string)response.Headers["Status"] == "ERROR") { throw new TCPConnectorException(response); } response.GoDataTop(); response.Read(); var token = (string)response["Ticket"]; _ticket = new Guid(_clientAes.DecryptBin(token.ToByteArray()).Take(16).ToArray()); //_ticket = new Guid(((BinaryDataBuffer)_clientAes.DecryptBin(token.ToByteArray())).Slice(0, 16)); //_userName = userName; Connected = true; } } } }
public override X509Certificate2 LoadApplicationCertificate(string thumbprint, string subjectName, string applicationURI, string password) { try { // Create a handle based on the hash of the keys ushort slotIndex = ushort.Parse(thumbprint); TpmHandle nvHandle = TpmHandle.NV(slotIndex); ushort offset = 0; // Read the serial number byte[] serialNumber = m_tpm[m_ownerAuth].NvRead(nvHandle, nvHandle, sizeof(long), offset); offset += sizeof(long); // Read the "valid from" date (today) in FileTime format byte[] validFrom = m_tpm[m_ownerAuth].NvRead(nvHandle, nvHandle, sizeof(long), offset); offset += sizeof(long); // Read size of keys from NV storage (located in the first 4 bytes) byte[] certSizeBlob = m_tpm[m_ownerAuth].NvRead(nvHandle, nvHandle, sizeof(int), offset); offset += sizeof(int); // Read keys from NV storage in 64-byte chunks int certSize = BitConverter.ToInt32(certSizeBlob, 0); byte[] rawData = new byte[certSize]; ushort index = 0; ushort sizeToRead = 0; while (index < certSize) { if ((certSize - index) < 64) { sizeToRead = (ushort)(certSize - index); } else { sizeToRead = 64; } byte[] dataToRead = m_tpm[m_ownerAuth].NvRead(nvHandle, nvHandle, sizeToRead, offset); offset += sizeToRead; for (int i = 0; i < sizeToRead; i++) { rawData[index + i] = dataToRead[i]; } index += sizeToRead; } // Import TextReader textReader = new StringReader(new string(Encoding.ASCII.GetChars(rawData))); PemReader pemReader = new PemReader(textReader); AsymmetricCipherKeyPair keys = (AsymmetricCipherKeyPair)pemReader.ReadObject(); X509Name CN = new X509Name("CN=" + subjectName + ",DC=" + Utils.GetHostName()); BigInteger SN = new BigInteger(serialNumber).Abs(); DateTime validFromDate = DateTime.FromFileTime(BitConverter.ToInt64(validFrom, 0)); // Certificate Generator X509V3CertificateGenerator cGenerator = new X509V3CertificateGenerator(); cGenerator.SetSerialNumber(SN); cGenerator.SetSubjectDN(CN); cGenerator.SetIssuerDN(CN); cGenerator.SetNotBefore(validFromDate); cGenerator.SetNotAfter(validFromDate.AddYears(1)); cGenerator.SetPublicKey(keys.Public); cGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(new List <DerObjectIdentifier>() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1") })); cGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keys.Public), new GeneralNames(new GeneralName(CN)), SN)); cGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.UniformResourceIdentifier, applicationURI))); ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA1withRSA", keys.Private, new SecureRandom()); Org.BouncyCastle.X509.X509Certificate cert = cGenerator.Generate(signatureFactory); X509Certificate2 certificate = new X509Certificate2(cert.GetEncoded()); RSACng rsa = new RSACng(); RsaPrivateCrtKeyParameters keyParams = (RsaPrivateCrtKeyParameters)keys.Private; m_RSAParams = new RSAParameters(); m_RSAParams.Modulus = new byte[keyParams.Modulus.ToByteArrayUnsigned().Length]; keyParams.Modulus.ToByteArrayUnsigned().CopyTo(m_RSAParams.Modulus, 0); m_RSAParams.P = new byte[keyParams.P.ToByteArrayUnsigned().Length]; keyParams.P.ToByteArrayUnsigned().CopyTo(m_RSAParams.P, 0); m_RSAParams.Q = new byte[keyParams.Q.ToByteArrayUnsigned().Length]; keyParams.Q.ToByteArrayUnsigned().CopyTo(m_RSAParams.Q, 0); m_RSAParams.DP = new byte[keyParams.DP.ToByteArrayUnsigned().Length]; keyParams.DP.ToByteArrayUnsigned().CopyTo(m_RSAParams.DP, 0); m_RSAParams.DQ = new byte[keyParams.DQ.ToByteArrayUnsigned().Length]; keyParams.DQ.ToByteArrayUnsigned().CopyTo(m_RSAParams.DQ, 0); m_RSAParams.InverseQ = new byte[keyParams.QInv.ToByteArrayUnsigned().Length]; keyParams.QInv.ToByteArrayUnsigned().CopyTo(m_RSAParams.InverseQ, 0); m_RSAParams.D = new byte[keyParams.Exponent.ToByteArrayUnsigned().Length]; keyParams.Exponent.ToByteArrayUnsigned().CopyTo(m_RSAParams.D, 0); m_RSAParams.Exponent = new byte[keyParams.PublicExponent.ToByteArrayUnsigned().Length]; keyParams.PublicExponent.ToByteArrayUnsigned().CopyTo(m_RSAParams.Exponent, 0); rsa.ImportParameters(m_RSAParams); if (rsa != null) { int inputBlockSize = rsa.KeySize / 8 - 42; byte[] bytes1 = rsa.Encrypt(new byte[inputBlockSize], RSAEncryptionPadding.OaepSHA1); byte[] bytes2 = rsa.Decrypt(bytes1, RSAEncryptionPadding.OaepSHA1); if (bytes2 != null) { return(certificate); } } } catch (Exception e) { Utils.Trace(e, "Could not load application certificate " + subjectName); } return(null); }
private static byte[] DecryptRsa(byte[] Input, RSACng RSA) => RSA.Decrypt(Input, RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA256));
public virtual byte[] Decrypt(byte[] dataForDecryption) { return(Rsa.Decrypt(dataForDecryption, RSAEncryptionPadding.Pkcs1)); }
public byte[] Decrypt(byte[] bytes) { return(algorithm.Decrypt(bytes, RSAEncryptionPadding.OaepSHA256)); }