public void TestRsaDigestSigner()
{
BigInteger rsaPubMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
BigInteger rsaPubExp = new BigInteger(Base64.Decode("EQ=="));
BigInteger rsaPrivMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
BigInteger rsaPrivDP = new BigInteger(Base64.Decode("JXzfzG5v+HtLJIZqYMUefJfFLu8DPuJGaLD6lI3cZ0babWZ/oPGoJa5iHpX4Ul/7l3s1PFsuy1GhzCdOdlfRcQ=="));
BigInteger rsaPrivDQ = new BigInteger(Base64.Decode("YNdJhw3cn0gBoVmMIFRZzflPDNthBiWy/dUMSRfJCxoZjSnr1gysZHK01HteV1YYNGcwPdr3j4FbOfri5c6DUQ=="));
BigInteger rsaPrivExp = new BigInteger(Base64.Decode("DxFAOhDajr00rBjqX+7nyZ/9sHWRCCp9WEN5wCsFiWVRPtdB+NeLcou7mWXwf1Y+8xNgmmh//fPV45G2dsyBeZbXeJwB7bzx9NMEAfedchyOwjR8PYdjK3NpTLKtZlEJ6Jkh4QihrXpZMO4fKZWUm9bid3+lmiq43FwW+Hof8/E="));
BigInteger rsaPrivP = new BigInteger(Base64.Decode("AJ9StyTVW+AL/1s7RBtFwZGFBgd3zctBqzzwKPda6LbtIFDznmwDCqAlIQH9X14X7UPLokCDhuAa76OnDXb1OiE="));
BigInteger rsaPrivQ = new BigInteger(Base64.Decode("AM3JfD79dNJ5A3beScSzPtWxx/tSLi0QHFtkuhtSizeXdkv5FSba7lVzwEOGKHmW829bRoNxThDy4ds1IihW1w0="));
BigInteger rsaPrivQinv = new BigInteger(Base64.Decode("Lt0g7wrsNsQxuDdB8q/rH8fSFeBXMGLtCIqfOec1j7FEIuYA/ACiRDgXkHa0WgN7nLXSjHoy630wC5Toq8vvUg=="));
RsaKeyParameters rsaPublic = new RsaKeyParameters(false, rsaPubMod, rsaPubExp);
RsaPrivateCrtKeyParameters rsaPrivate = new RsaPrivateCrtKeyParameters(rsaPrivMod, rsaPubExp, rsaPrivExp, rsaPrivP, rsaPrivQ, rsaPrivDP, rsaPrivDQ, rsaPrivQinv);
byte[] msg = new byte[] { 1, 6, 3, 32, 7, 43, 2, 5, 7, 78, 4, 23 };
RsaDigestSigner signer = new RsaDigestSigner(new Sha1Digest());
signer.Init(true, rsaPrivate);
signer.BlockUpdate(msg, 0, msg.Length);
byte[] sig = signer.GenerateSignature();
signer.Init(false, rsaPublic);
signer.BlockUpdate(msg, 0, msg.Length);
Assert.IsTrue(signer.VerifySignature(sig), "RSA IDigest Signer failed.");
}
private static bool ReadBody(IOwinContext context, byte[] signature)
{
var ms = new MemoryStream();
RsaDigestSigner eng = new RsaDigestSigner(new Sha256Digest()); //new PssSigner(new RsaEngine(), digest);
eng.Init(false, publicKey.Value);
byte[] buffer = new byte[81920];
int count;
while ((count = context.Request.Body.Read(buffer, 0, buffer.Length)) != 0)
{
ms.Write(buffer, 0, count);
eng.BlockUpdate(buffer, 0, count);
}
var sha256 = new SHA256Managed();
var cs = new CryptoStream(ms, sha256, CryptoStreamMode.Write);
context.Request.Body.CopyTo(cs);
cs.FlushFinalBlock();
ms.Seek(0, SeekOrigin.Begin);
context.Request.Body = ms;
return(eng.VerifySignature(signature));
}
public void Test()
{
//var keys = GenerateKeys(1024);
//Console.WriteLine(DotNetUtilities.ToRSA(((RsaPrivateCrtKeyParameters)keys.Private)).ToXmlString(true));
//Console.WriteLine();
//Console.WriteLine(DotNetUtilities.ToRSA(((RsaPrivateCrtKeyParameters)keys.Private)).ToXmlString(false));
var keys = GetRsaKeyPair();
byte[] msg = Guid.NewGuid().ToByteArray();
ISigner eng = new RsaDigestSigner(new Sha256Digest());
eng.Init(true, keys.Private);
eng.BlockUpdate(msg, 0, msg.Length);
byte[] s = eng.GenerateSignature();
eng = new RsaDigestSigner(new Sha256Digest());
eng.Init(false, keys.Public);
eng.BlockUpdate(msg, 0, msg.Length);
Assert.IsTrue(eng.VerifySignature(s));
}
public bool VerifySignature(byte[] data, byte[] signature, string publicKey)
{
var signer = new RsaDigestSigner(new Sha256Digest());
signer.Init(false, GetPublicKeyParameters(publicKey));
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(signature));
}
public byte[] GenerateSignature(byte[] data, string privateKey)
{
var signer = new RsaDigestSigner(new Sha256Digest());
signer.Init(true, GetPrivateKeyParameters(privateKey));
signer.BlockUpdate(data, 0, data.Length);
return(signer.GenerateSignature());
}
public bool VerifySignature(byte[] message, byte[] signature, AsymmetricKeyParameter publicKey)
{
var signer = new RsaDigestSigner(new Sha512Digest());
signer.Init(false, publicKey);
signer.BlockUpdate(message, 0, message.Length);
return(signer.VerifySignature(signature));
}
public byte[] SignMessage(byte[] message)
{
var signer = new RsaDigestSigner(new Sha512Digest());
signer.Init(true, KeyPair.Private);
signer.BlockUpdate(message, 0, message.Length);
return(signer.GenerateSignature());
}
/// <summary>
/// Signs the passed in data with a private key
/// </summary>
/// <param name="privateKey">the private key used to create the signature</param>
/// <param name="data">The data to sign</param>
/// <returns>the signature as a byte array</returns>
public byte[] Sign(byte[] privateKey, byte[] data)
{
var signer = new RsaDigestSigner(new Sha1Digest());
var privKey = (RsaKeyParameters)CreateAsymmetricKeyParameterFromPrivateKeyInfo(privateKey);
signer.Init(true, privKey);
signer.BlockUpdate(data, 0, data.Length);
return(signer.GenerateSignature());
}
/// <summary>
/// Verifies a signature to be authentic
/// </summary>
/// <param name="originalSignature">The signature which is be verified</param>
/// <param name="publicKey">the public key used for the verification</param>
/// <param name="data">the data which is signed</param>
/// <returns>true if signature is authentic, false if not</returns>
public bool Verify(byte[] originalSignature, byte[] publicKey, byte[] data)
{
var signer = new RsaDigestSigner(new Sha1Digest());
var pubKey = (RsaKeyParameters)CreateAsymmetricKeyParameterFromPublicKeyInfo(publicKey);
signer.Init(false, pubKey);
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(originalSignature));
}
private byte[] SignRsa(IDigest digest, byte[] buffer, int length)
{
RsaDigestSigner signer = new RsaDigestSigner(digest);
signer.Init(true, new ParametersWithRandom(PrivateKeyFactory.CreateKey(PrivateKey), _secureRandom));
signer.BlockUpdate(buffer, 0, length);
return(signer.GenerateSignature());
}
public RsaPublicKey(RsaKeyParameters k)
{
_k = k;
_instance = new Lazy <ISigner>(() =>
{
var rsa = new RsaDigestSigner(new Sha256Digest());
rsa.Init(false, _k);
return(rsa);
});
}
public byte[] SignMessageAsBytes(string message, string privateKey)
{
var bytesToEncrypt = Encoding.UTF8.GetBytes(message);
var signer = new RsaDigestSigner(GetShaDigest());
signer.Init(true, GetPrivate(privateKey));
signer.BlockUpdate(bytesToEncrypt, 0, bytesToEncrypt.Length);
return(signer.GenerateSignature());
}
public static string SignContent(AsymmetricKeyParameter privateKey, string content)
{
var rsaDigestSigner = new RsaDigestSigner(new Sha1Digest());
rsaDigestSigner.Init(true, privateKey);
var bytes = Encoding.UTF8.GetBytes(content);
rsaDigestSigner.BlockUpdate(bytes, 0, bytes.Length);
return(Convert.ToBase64String(rsaDigestSigner.GenerateSignature()));
}
public RsaPrivateKey(RsaPrivateCrtKeyParameters sk, RsaKeyParameters pk = null)
{
_sk = sk;
_pk = pk ?? new RsaKeyParameters(false, _sk.Modulus, _sk.PublicExponent);
_instance = new Lazy <ISigner>(() =>
{
var rsa = new RsaDigestSigner(new Sha256Digest());
rsa.Init(true, _sk);
return(rsa);
});
}
private static byte[] GetSignature(MetaInfCertSfBuilder signature, ICipherParameters privateKey)
{
var signer = new RsaDigestSigner(new Sha1Digest());
//var signer = new RSADigestSigner(new MD5Digest());
signer.Init(true, privateKey);
var raw = signature.ToArray();
signer.BlockUpdate(raw, 0, raw.Length);
return(signer.GenerateSignature());
}
public bool VerifyMessage(string message, byte[] signature, AsymmetricKeyParameter publicKey)
{
var bytesToEncrypt = Encoding.UTF8.GetBytes(message);
var signer = new RsaDigestSigner(GetShaDigest());
signer.Init(false, publicKey);
signer.BlockUpdate(bytesToEncrypt, 0, bytesToEncrypt.Length);
return(signer.VerifySignature(signature));
}
public string GenerateSignature(string privateKey, string password, string documentId)
{
var keyPair = ReadPrivateKey(privateKey, password);
var sha1Digest = new Sha1Digest();
var rsaDigestSigner = new RsaDigestSigner(sha1Digest);
rsaDigestSigner.Init(true, keyPair);
var documentIdToSign = Encoding.ASCII.GetBytes(documentId);
rsaDigestSigner.BlockUpdate(documentIdToSign, 0, documentIdToSign.Length);
return(Convert.ToBase64String(rsaDigestSigner.GenerateSignature()));
}
public bool VerifyMessage(string message, string signature, string publicKey)
{
var bytesToEncrypt = Encoding.UTF8.GetBytes(message);
var signer = new RsaDigestSigner(GetShaDigest());
signer.Init(false, GetPublic(publicKey));
signer.BlockUpdate(bytesToEncrypt, 0, bytesToEncrypt.Length);
return(signer.VerifySignature(Convert.FromBase64String(signature)));
}
/// <summary>
/// Creates an instance of a 'SoftToken'.
/// </summary>
/// <param name="name">The token's name.</param>
/// <param name="certPath">Path to OCSP signer certificate.</param>
/// <param name="keyPath">Path to OCSP signer certificate key.</param>
public override byte[] SignData(byte[] data, IDigest digestAlgorithm)
{
byte[] signature;
RsaDigestSigner rsaSigner = new RsaDigestSigner(digestAlgorithm);
rsaSigner.Init(true, _privateKey);
rsaSigner.BlockUpdate(data, 0, data.Length);
signature = rsaSigner.GenerateSignature();
rsaSigner.Reset();
return(signature);
}
internal override void Evaluate()
{
RsaDigestSigner signer = new RsaDigestSigner(provider.CreateEngine(EngineUsage.GENERAL), FipsShs.CreateDigest(FipsShs.Sha256));
signer.Init(false, new RsaKeyParameters(false, katM, katE));
signer.BlockUpdate(msg, 0, msg.Length);
if (!signer.VerifySignature(FipsKats.Values[FipsKats.Vec.RsaStartupVerifySig]))
{
Fail("self test signature verify failed.");
}
signer.Init(true, new ParametersWithRandom(testPrivKey, Utils.testRandom));
signer.BlockUpdate(msg, 0, msg.Length);
byte[] sig = signer.GenerateSignature();
if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.RsaStartupResultSig], sig))
{
Fail("self test signature generate failed.");
}
}
private bool VerifyRsa(IDigest digest, byte[] buffer, int length, byte[] signature)
{
RsaDigestSigner signer = new RsaDigestSigner(digest);
int exponentOffset = 1;
int exponentLength = PublicKey[0] == 0 ? DnsMessageBase.ParseUShort(PublicKey, ref exponentOffset) : PublicKey[0];
int moduloOffset = exponentOffset + exponentLength;
int moduloLength = PublicKey.Length - moduloOffset;
RsaKeyParameters parameters = new RsaKeyParameters(false, new BigInteger(1, PublicKey, moduloOffset, moduloLength), new BigInteger(1, PublicKey, exponentOffset, exponentLength));
signer.Init(false, new ParametersWithRandom(parameters, _secureRandom));
signer.BlockUpdate(buffer, 0, length);
return(signer.VerifySignature(signature));
}
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hashAlgorithm != HashAlgorithmName.SHA256)
{
throw new ArgumentException(
$"Unsupported HashAlgorithmName '{hashAlgorithm}', only SHA256 supported.", nameof(hashAlgorithm));
}
if (padding != RSASignaturePadding.Pkcs1)
{
throw new ArgumentException(
$"Unsupported RSASignaturePadding '{padding}', only Pkcs1 supported.", nameof(padding));
}
var signer = new RsaDigestSigner(new NullDigest(), NistObjectIdentifiers.IdSha256);
signer.Init(true, _parameters);
signer.BlockUpdate(hash, 0, hash.Length);
return(signer.GenerateSignature());
}
public static byte[] Sign(byte[] data)
{
//RSAParameters p = new RSAParameters();
//var publicKey = DotNetUtilities.GetRsaPublicKey(p);
//var cs = new RSACryptoServiceProvider(1024);
//var publicKey = DotNetUtilities.GetRsaPublicKey(cs);
var publicKey = GetRsaKeyPair();
ISigner eng = new RsaDigestSigner(new Sha256Digest()); //new PssSigner(new RsaEngine(), digest);
eng.Init(true, publicKey.Private);
eng.BlockUpdate(data, 0, data.Length);
return(eng.GenerateSignature());
}
/*
* SIGNING IMPLEMENTATION
*/
private void sign(RestRequest request)
{
byte[] bodyBytes = request.Body();
var sha256 = new Sha256Digest();
var signer = new RsaDigestSigner(sha256);
signer.Init(true, (ICipherParameters)rsaKeyPair.Private);
signer.BlockUpdate(bodyBytes, 0, bodyBytes.Length);
byte[] signature = signer.GenerateSignature();
string hexEncoded = Hex.ToHexString(signature);
var header = string.Format("{0} RS256-hex {1}", signingAPIKey, hexEncoded);
request.AddHeader("Signature", header);
}
public static bool VerifySignature(byte[] data, byte[] modulus, byte[] exponent, byte[] signature)
{
//RSAParameters p = new RSAParameters();
//var publicKey = DotNetUtilities.GetRsaPublicKey(p);
//var cs = new RSACryptoServiceProvider(1024);
//var publicKey = DotNetUtilities.GetRsaPublicKey(cs);
var publicKey = new RsaKeyParameters(false, new BigInteger(1, modulus), new BigInteger(1, exponent));
ISigner eng = new RsaDigestSigner(new Sha256Digest()); //new PssSigner(new RsaEngine(), digest);
eng.Init(false, publicKey);
eng.BlockUpdate(data, 0, data.Length);
return(eng.VerifySignature(signature));
}
/// <summary>
/// Creates a signature verificator (signature (created on tpm) -> message digest) with the current public key and
/// for the current algorithm (RSA)
/// </summary>
/// <returns></returns>
public ISigner CreateSignatureVerificator()
{
if (_keyParams.AlgorithmId == TPMAlgorithmId.TPM_ALG_RSA && _keyParams.SigScheme == TPMSigScheme.TPM_SS_RSASSAPKCS1v15_SHA1)
{
ISigner signer = new RsaDigestSigner(new Sha1Digest());
/*RsaKeyParameters parameters =
* new RsaKeyParameters(false,
* new BigInteger(1, _publicKey.Pubkey),
* new BigInteger(1, ((TPMRSAKeyParams)_keyParams.Params).GetExponent()));
*/
signer.Init(false, RsaKeyParameters);
return(signer);
}
else
{
throw new NotSupportedException(string.Format("SignatureVerificator: Algorithm '{0}' with '{1}' is not supported", _keyParams.AlgorithmId, _keyParams.SigScheme));
}
}
public static string GetSignature(string message)
{
byte[] messageBytes = message.ToByteArray();
RsaDigestSigner signer = new RsaDigestSigner(new Sha256Digest());
signer.Init(true, TransformKey(KeyType.PrivateKey));
signer.BlockUpdate(messageBytes, 0, messageBytes.Length);
try
{
byte[] signature = signer.GenerateSignature();
return(signature.ToBase64());
}
catch (Exception e)
{
FileHelper.WriteFile(ErrorHelper.FormatError(e), FileHelper.ErrorPath, true);
return(null);
}
}
public static bool VerifySignature(string message, string signature)
{
try
{
byte[] messageBytes = message.ToByteArray();
byte[] signatureBytes = signature.FromBase64();
RsaDigestSigner signer = new RsaDigestSigner(new Sha256Digest());
signer.Init(false, TransformKey(KeyType.PublicKey));
signer.BlockUpdate(messageBytes, 0, messageBytes.Length);
bool isValidSignature = signer.VerifySignature(signatureBytes);
return(isValidSignature);
}
catch (Exception ex)
{
FileHelper.WriteFile(ErrorHelper.FormatError(ex), FileHelper.ErrorPath, true);
return(false);
}
}
public void Sign(string privateKey)
{
string canonicalHeader =
String.Format(
"Method:{0}\nHashed Path:{1}\nX-Ops-Content-Hash:{4}\nX-Ops-Timestamp:{3}\nX-Ops-UserId:{2}",
method,
requestUri.AbsolutePath.ToBase64EncodedSha1String(),
client,
timestamp,
body.ToBase64EncodedSha1String());
byte[] input = Encoding.UTF8.GetBytes(canonicalHeader);
var pemReader = new PemReader(new StringReader(privateKey));
AsymmetricKeyParameter key = ((AsymmetricCipherKeyPair)pemReader.ReadObject()).Private;
ISigner signer = new RsaDigestSigner(new NullDigest());
signer.Init(true, key);
signer.BlockUpdate(input, 0, input.Length);
signature = Convert.ToBase64String(signer.GenerateSignature());
}
public void SignMessage(string privateKey)
{
string canonicalHeader =
String.Format(
"Method:{0}\nHashed Path:{1}\nX-Ops-Content-Hash:{4}\nX-Ops-Timestamp:{3}\nX-Ops-UserId:{2}",
_httpMethod,
_chefUri.AbsolutePath.ToBase64EncodedSha1String(),
_chefClient,
_timestamp,
_body.ToBase64EncodedSha1String());
byte[] input = Encoding.UTF8.GetBytes(canonicalHeader);
TextReader pemStream;
if (privateKey.Contains("UNSET") && ChefConfig.ValidationKey != "UNSET")
{
ChefConfig.ValidationKey = ChefConfig.ValidationKey.Replace("-----BEGIN RSA PRIVATE KEY-----", "-----BEGIN RSA PRIVATE KEY-----\n");
ChefConfig.ValidationKey = ChefConfig.ValidationKey.Replace("-----END RSA PRIVATE KEY-----", "\n-----END RSA PRIVATE KEY-----");
pemStream = new StringReader(ChefConfig.ValidationKey);
}
else
{
pemStream = File.OpenText(privateKey);
}
var pemReader = new PemReader(pemStream);
AsymmetricKeyParameter key = ((AsymmetricCipherKeyPair)pemReader.ReadObject()).Private;
ISigner signer = new RsaDigestSigner(new NullDigest());
signer.Init(true, key);
signer.BlockUpdate(input, 0, input.Length);
_signature = Convert.ToBase64String(signer.GenerateSignature());
}
