/// <summary>
/// RSA私钥格式转换,.net->java
/// </summary>
/// <param name="privateKey">.net生成的私钥</param>
/// <returns></returns>
public static string RSAPrivateKeyDotNet2Java(string privateKey)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(privateKey);
BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));
BigInteger exp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));
BigInteger d = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("D")[0].InnerText));
BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("P")[0].InnerText));
BigInteger q = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Q")[0].InnerText));
BigInteger dp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DP")[0].InnerText));
BigInteger dq = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DQ")[0].InnerText));
BigInteger qinv = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("InverseQ")[0].InnerText));
RsaPrivateCrtKeyParameters privateKeyParam = new RsaPrivateCrtKeyParameters(m, exp, d, p, q, dp, dq, qinv);
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKeyParam);
byte[] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetEncoded();
return(Convert.ToBase64String(serializedPrivateBytes));
}
public void FillOutAndSign(String keystore, String src, String name, String fname, String value, String dest)
{
Pkcs12Store store = new Pkcs12Store(new FileStream(keystore, FileMode.Open), PASSWORD);
String alias = "";
ICollection <X509Certificate> chain = new List <X509Certificate>();
// searching for private key
foreach (string al in store.Aliases)
{
if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate)
{
alias = al;
break;
}
}
AsymmetricKeyEntry pk = store.GetKey(alias);
foreach (X509CertificateEntry c in store.GetCertificateChain(alias))
{
chain.Add(c.Certificate);
}
RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;
PdfReader reader = new PdfReader(src);
FileStream os = new FileStream(dest, FileMode.Create);
PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true);
AcroFields form = stamper.AcroFields;
form.SetField(fname, value);
form.SetFieldProperty(name, "setfflags", PdfFormField.FF_READ_ONLY, null);
form.SetFieldProperty(fname, "setfflags", PdfFormField.FF_READ_ONLY, null);
// Creating the appearance
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.SetVisibleSignature(name);
// Creating the signature
PrivateKeySignature pks = new PrivateKeySignature(parameters, DigestAlgorithms.SHA256);
MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS);
}
public IBigInteger ProcessBlock(
IBigInteger input)
{
if (key is RsaPrivateCrtKeyParameters)
{
//
// we have the extra factors, use the Chinese Remainder Theorem - the author
// wishes to express his thanks to Dirk Bonekaemper at rtsffm.com for
// advice regarding the expression of this.
//
RsaPrivateCrtKeyParameters crtKey = (RsaPrivateCrtKeyParameters)key;
IBigInteger p = crtKey.P;;
IBigInteger q = crtKey.Q;
IBigInteger dP = crtKey.DP;
IBigInteger dQ = crtKey.DQ;
IBigInteger qInv = crtKey.QInv;
IBigInteger mP, mQ, h, m;
// mP = ((input Mod p) ^ dP)) Mod p
mP = (input.Remainder(p)).ModPow(dP, p);
// mQ = ((input Mod q) ^ dQ)) Mod q
mQ = (input.Remainder(q)).ModPow(dQ, q);
// h = qInv * (mP - mQ) Mod p
h = mP.Subtract(mQ);
h = h.Multiply(qInv);
h = h.Mod(p); // Mod (in Java) returns the positive residual
// m = h * q + mQ
m = h.Multiply(q);
m = m.Add(mQ);
return(m);
}
return(input.ModPow(key.Exponent, key.Modulus));
}
/// <summary>Reads the private key.</summary>
/// <returns>The private key from key pair.</returns>
private RsaKeyParameters ReadKey()
{
AsymmetricCipherKeyPair keyPair;
using (StreamReader reader = File.OpenText(FileUtils.ExpandUserHome(pemFilePath)))
{
try
{
// PemReader uses password only if the private is password encrypted.
// If password is passed for a plain private key, it would be ignored.
object pemReader = new PemReader(reader, this.passPhrase == null ? null : new PasswordFinder(this.passPhrase)).ReadObject();
if (pemReader is AsymmetricCipherKeyPair)
{
keyPair = (AsymmetricCipherKeyPair)pemReader;
return(key = (RsaKeyParameters)keyPair.Private);
}
else if (pemReader is AsymmetricKeyParameter)
{
RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters = (RsaPrivateCrtKeyParameters)pemReader;
return(key = new RsaKeyParameters(rsaPrivateCrtKeyParameters.IsPrivate, rsaPrivateCrtKeyParameters.Modulus, rsaPrivateCrtKeyParameters.Exponent));
}
else
{
throw new FormatException("The given key does not have the expected type");
}
}
catch (InvalidCipherTextException e)
{
throw new ArgumentException("Incorrect passphrase for private key", e);
}
catch (PasswordException e)
{
throw new ArgumentException("Private key is encrypted with a pass phrase. Please provide passphrase in the config", e);
}
catch (InvalidKeyException e)
{
throw new ArgumentException("Invalid Key has been provided", e);
}
}
}
public RSAStreamDecoder(Stream source, Stream p12, string storePass, string keyPass, bool isBase64)
{
Pkcs12Store pkcs12Store = new Pkcs12StoreBuilder().Build();
pkcs12Store.Load(p12, storePass.ToCharArray());
string alias = null;
foreach (string alias3 in pkcs12Store.Aliases)
{
if (pkcs12Store.IsKeyEntry(alias3))
{
alias = alias3;
break;
}
}
if (isBase64)
{
StreamReader streamReader = new StreamReader(source);
b = new MemoryStream();
Base64.Decode(streamReader.ReadToEnd(), b);
b.Position = 0L;
}
else
{
b = source;
}
c = pkcs12Store.GetCertificate(alias);
d = pkcs12Store.GetKey(alias);
foreach (string alias4 in pkcs12Store.Aliases)
{
if (pkcs12Store.IsKeyEntry(alias4))
{
AsymmetricKeyEntry key = pkcs12Store.GetKey(alias4);
if (key.Key.IsPrivate)
{
e = (key.Key as RsaPrivateCrtKeyParameters);
}
}
}
}
public void TestCreateKeyStore()
{
AsymmetricCipherKeyPair keyPair = KeyStoreUtil.GenerateKeyPair();
RsaPrivateCrtKeyParameters RSAprivKey = (RsaPrivateCrtKeyParameters)keyPair.Private;
RsaKeyParameters RSApubKey = (RsaKeyParameters)keyPair.Public;
Org.BouncyCastle.X509.X509Certificate cert = KeyStoreUtil.CreateCert("Test", RSApubKey, RSAprivKey);
Console.WriteLine(cert.ToString());
string pfxPath = TEST_PFX_PATH;
if (File.Exists(pfxPath))
{
pfxPath += "_old";
if (File.Exists(pfxPath))
{
File.Delete(pfxPath);
}
}
FileStream fs = new FileStream(pfxPath, FileMode.CreateNew);
KeyStoreUtil.WritePkcs12(RSAprivKey, cert, TEST_PFX_PASSWORD, fs);
fs.Close();
string crtPath = TEST_CRT_PATH;
if (File.Exists(crtPath))
{
crtPath += "_old";
if (File.Exists(crtPath))
{
File.Delete(crtPath);
}
}
FileStream certFileStream = new FileStream(crtPath, FileMode.CreateNew);
byte[] encodedCert = cert.GetEncoded();
certFileStream.Write(encodedCert, 0, encodedCert.Length);
certFileStream.Close();
}
public bool GenerarLLavesSoftware(string subject, string challenge, string fileName)
{
try
{
RsaKeyPairGenerator r = new RsaKeyPairGenerator();
var param = new RsaKeyGenerationParameters(new BigInteger("10001", 16), new SecureRandom(), 1024, 80);
r.Init(param);
AsymmetricCipherKeyPair k = r.GenerateKeyPair();
var privada = PrivateKeyInfoFactory.CreatePrivateKeyInfo(k.Private);
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(k.Public);
string priv = Convert.ToBase64String(privada.GetDerEncoded());
string pub = Convert.ToBase64String(pubInfo.GetDerEncoded());
File.WriteAllText("Privada.pem", priv);
File.WriteAllText("Publica.pem", pub);
RsaPrivateCrtKeyParameters privateKey = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(priv));
RsaKeyParameters publicKey = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(pub));
DerSet derset = null;
if (challenge != null)
{
ChallengePassword chpass = new ChallengePassword(challenge);
derset = new DerSet(chpass);
}
else
{
derset = new DerSet();
}
X509Name sub = new X509Name(subject, new ConverterSidetec());
Pkcs10CertificationRequest ds = new Pkcs10CertificationRequest("SHA1WITHRSA", sub, publicKey, derset, privateKey);
File.WriteAllBytes(fileName, ds.GetDerEncoded());
return(true);
}
catch (Exception ee)
{
Log.Error(ee.Message);
return(false);
}
}
/// <summary>
/// Base64 RSA private key string -> xml private key
/// </summary>
/// <param name="privateKey">normal RSA private key</param>
/// <returns>RSA private key has format of xml</returns>
public static string ToXmlPrivateKey(string privateKey)
{
RsaPrivateCrtKeyParameters privateKeyParams =
PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey)) as RsaPrivateCrtKeyParameters;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
RSAParameters rsaParams = new RSAParameters()
{
Modulus = privateKeyParams.Modulus.ToByteArrayUnsigned(),
Exponent = privateKeyParams.PublicExponent.ToByteArrayUnsigned(),
D = privateKeyParams.Exponent.ToByteArrayUnsigned(),
DP = privateKeyParams.DP.ToByteArrayUnsigned(),
DQ = privateKeyParams.DQ.ToByteArrayUnsigned(),
P = privateKeyParams.P.ToByteArrayUnsigned(),
Q = privateKeyParams.Q.ToByteArrayUnsigned(),
InverseQ = privateKeyParams.QInv.ToByteArrayUnsigned()
};
rsa.ImportParameters(rsaParams);
return(rsa.ToXmlString(true));
}
}
/// <summary>
/// RSA私钥格式转换 java->.net
/// </summary>
/// <param name="strPrivateKey">Java生成的RSA私钥</param>
/// <returns>C#使用的私钥</returns>
public static string ConvertRSAPrivateKey_Java2DotNet(string strPrivateJavaRSAKey)
{
try
{
RsaPrivateCrtKeyParameters privateKeyParam =
(RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(strPrivateJavaRSAKey));
return(string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",
Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned())));
}
catch (Exception e)
{
Console.WriteLine($"[Error] Convert RSA private key (Java to DotNet) failed. Error = {e.ToString()}");
return(string.Empty);
}
}
/// <summary>
/// 把pem私钥转xml格式
/// </summary>
/// <param name="privateKey">直接从private pem文件中读取的字符串</param>
/// <returns></returns>
public static string ConvertPemToXmlPrivateKey(string privateKey)
{
object pemObject = null;
using (StringReader sReader = new StringReader(privateKey))
{
var pemReader = new Org.BouncyCastle.OpenSsl.PemReader(sReader);
pemObject = pemReader.ReadObject();
}
RsaPrivateCrtKeyParameters key = (RsaPrivateCrtKeyParameters)((AsymmetricCipherKeyPair)pemObject).Private;
string xmlPrivateKey = string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",
Convert.ToBase64String(key.Modulus.ToByteArrayUnsigned()),
Convert.ToBase64String(key.PublicExponent.ToByteArrayUnsigned()),
Convert.ToBase64String(key.P.ToByteArrayUnsigned()),
Convert.ToBase64String(key.Q.ToByteArrayUnsigned()),
Convert.ToBase64String(key.DP.ToByteArrayUnsigned()),
Convert.ToBase64String(key.DQ.ToByteArrayUnsigned()),
Convert.ToBase64String(key.QInv.ToByteArrayUnsigned()),
Convert.ToBase64String(key.Exponent.ToByteArrayUnsigned()));
return(xmlPrivateKey);
}
private byte[] get_plain_session_key(byte[] cipherTextBytes)
{
RsaPrivateCrtKeyParameters keys = settings.get_private_key();
// Pure mathematical RSA implementation
// RsaEngine eng = new RsaEngine();
// PKCS1 v1.5 paddings
// Pkcs1Encoding eng = new Pkcs1Encoding(new RsaEngine());
// PKCS1 OAEP paddings
OaepEncoding eng = new OaepEncoding(new RsaEngine());
eng.Init(false, keys);
int length = cipherTextBytes.Length;
int blockSize = eng.GetInputBlockSize();
byte[] decipheredBytes = eng.ProcessBlock(cipherTextBytes, 0, length);
return(decipheredBytes);
}
public IHttpActionResult Decrypt([FromBody] Cryptographymodel item)
{
try
{
RsaPrivateCrtKeyParameters privateKey = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(item.PrivateKey));
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
RSAParameters rsaParameters2 = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)privateKey);
rsa.ImportParameters(rsaParameters2);
byte[] dec = rsa.Decrypt(Convert.FromBase64String(item.Chipertext), false);
string decStr = Encoding.UTF8.GetString(dec);
return(Ok(decStr));
}
catch (Exception ex)
{
return(InternalServerError(ex));
}
}
private byte[] ConvertToPfx(X509Certificate2 x509, RsaPrivateCrtKeyParameters rsaParams, string pfxPassword)
{
var store = new Pkcs12Store();
SecureRandom random = randomService.GenerateRandom();
X509Certificate cert = DotNetUtilities.FromX509Certificate(x509);
string friendlyName = cert.SubjectDN.ToString();
var certificateEntry = new X509CertificateEntry(cert);
store.SetCertificateEntry(friendlyName, certificateEntry);
store.SetKeyEntry(friendlyName,
new AsymmetricKeyEntry(rsaParams),
new[]
{
certificateEntry
});
using (var stream = new MemoryStream())
{
store.Save(stream, pfxPassword.ToCharArray(), random);
return(stream.ToArray());
}
}
public static RSACryptoServiceProvider ConvertAsymmetricKeyParameterToRSACryptoServiceProvider(AsymmetricKeyParameter key)
{
RSAParameters rsaParameters = new RSAParameters();
if (!key.IsPrivate)
{
RsaKeyParameters rsaKeyParameters = (RsaKeyParameters)key;
rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArrayUnsigned();
rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArrayUnsigned();
}
else
{
RsaPrivateCrtKeyParameters keyParams = (RsaPrivateCrtKeyParameters)key;
rsaParameters = DotNetUtilities.ToRSAParameters(keyParams);
CspParameters cspParameters = new CspParameters();
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParameters);
}
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParameters);
return(rsa);
}
public static AsymmetricCipherKeyPair GetRsaKeyPair(RSAParameters rp)
{
BigInteger modulus = new BigInteger(1, rp.Modulus);
BigInteger pubExp = new BigInteger(1, rp.Exponent);
RsaKeyParameters pubKey = new RsaKeyParameters(
false,
modulus,
pubExp);
RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(
modulus,
pubExp,
new BigInteger(1, rp.D),
new BigInteger(1, rp.P),
new BigInteger(1, rp.Q),
new BigInteger(1, rp.DP),
new BigInteger(1, rp.DQ),
new BigInteger(1, rp.InverseQ));
return(new AsymmetricCipherKeyPair(pubKey, privKey));
}
public static string CreateToken(Dictionary <string, object> payload, string privateRsaKeyPath)
{
RSAParameters rsaParams;
using (var tr = new StreamReader(privateRsaKeyPath))
{
var pemReader = new PemReader(tr);
RsaPrivateCrtKeyParameters privkey = null;
Object obj = pemReader.ReadObject();
if (obj != null)
{
privkey = (RsaPrivateCrtKeyParameters)obj;
}
rsaParams = DotNetUtilities.ToRSAParameters(privkey);
}
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
return(Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS512));
}
}
/// <summary>
/// C#格式秘钥转成BouncyCastle格式秘钥
/// </summary>
/// <param name="privateKey"></param>
/// <returns></returns>
public static RsaKeyParameters RSAPrivateKeyDotNetTransfer(string privateKey)
{
/*加载私钥xml字符串*/
XmlDocument doc = new XmlDocument();
doc.LoadXml(privateKey);
/*初始化私钥参数*/
BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));
BigInteger exp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));
BigInteger d = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("D")[0].InnerText));
BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("P")[0].InnerText));
BigInteger q = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Q")[0].InnerText));
BigInteger dp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DP")[0].InnerText));
BigInteger dq = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DQ")[0].InnerText));
BigInteger qinv = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("InverseQ")[0].InnerText));
/*生成私钥 */
RsaPrivateCrtKeyParameters pri = new RsaPrivateCrtKeyParameters(m, exp, d, p, q, dp, dq, qinv);
return(pri);
}
internal override void Evaluate(RsaBlindedEngine rsaEngine)
{
RsaKeyParameters pubParameters = new RsaKeyParameters(false, mod, pubExp);
RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef);
byte[] data = edgeInput;
rsaEngine.Init(true, new ParametersWithRandom(pubParameters, Utils.testRandom));
try
{
data = rsaEngine.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("Self test failed: exception " + e.Message);
}
if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.RsaStartupRawEnc], data))
{
Fail("Self test failed: input does not match decrypted output");
}
rsaEngine.Init(false, new ParametersWithRandom(privParameters, Utils.testRandom));
try
{
data = rsaEngine.ProcessBlock(data, 0, data.Length);
}
catch (Exception e)
{
Fail("Self test failed: exception " + e.Message);
}
if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.RsaStartupRawDec], data))
{
Fail("Self test failed: input does not match decrypted output");
}
}
/// <summary>
/// RSA私钥格式转换,java->.net
/// </summary>
/// <param name="privateKey">java生成的RSA私钥</param>
/// <returns></returns>
public static string RSAPrivateKeyJava2DotNet(this string privateKey)
{
RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey));
return(string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",
Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()),
Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned())));
}
/// <summary>
/// C#xml密钥转base64密钥
/// </summary>
/// <param name="RSAKey"></param>
/// <param name="isPrivateKey"></param>
/// <returns></returns>
public static string ConvertXmlKeyToPem(string xmlKey, bool isPrivateKey)
{
if (string.IsNullOrEmpty(xmlKey))
{
return(null);
}
string pemKey = string.Empty;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlKey);
RSAParameters rsaPara = new RSAParameters();
RsaKeyParameters key = null;
if (isPrivateKey)
{
rsaPara = rsa.ExportParameters(true);
key = new RsaPrivateCrtKeyParameters(
new BigInteger(1, rsaPara.Modulus), new BigInteger(1, rsaPara.Exponent), new BigInteger(1, rsaPara.D),
new BigInteger(1, rsaPara.P), new BigInteger(1, rsaPara.Q), new BigInteger(1, rsaPara.DP), new BigInteger(1, rsaPara.DQ),
new BigInteger(1, rsaPara.InverseQ));
}
else
{
rsaPara = rsa.ExportParameters(false);
key = new RsaKeyParameters(false,
new BigInteger(1, rsaPara.Modulus),
new BigInteger(1, rsaPara.Exponent));
}
using (TextWriter sw = new StringWriter())
{
var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(sw);
pemWriter.WriteObject(key);
pemWriter.Writer.Flush();
pemKey = sw.ToString();
}
return(pemKey);
}
/// <summary>
/// Convert RSA Private Key from PKCS8 to PKCS1 format
/// </summary>
/// <param name="privateKey">Private Key</param>
/// <returns></returns>
public static string PrivateKeyPkcs8ToPkcs1(string privateKey)
{
privateKey = RsaPemFormatHelper.Pkcs8PrivateKeyFormat(privateKey);
PemReader pr = new PemReader(new StringReader(privateKey));
RsaPrivateCrtKeyParameters kp = pr.ReadObject() as RsaPrivateCrtKeyParameters;
AsymmetricKeyParameter keyParameter = PrivateKeyFactory.CreateKey(PrivateKeyInfoFactory.CreatePrivateKeyInfo(kp));
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
pWrt.WriteObject(keyParameter);
pWrt.Writer.Close();
string result = sw.ToString();
return(result);
}
public virtual byte[] ProcessBlock(byte[] inBuf, int inOff, int inLen)
{
//IL_000d: Unknown result type (might be due to invalid IL or missing references)
//IL_00cb: Unknown result type (might be due to invalid IL or missing references)
if (key == null)
{
throw new InvalidOperationException("RSA engine not initialised");
}
BigInteger bigInteger = core.ConvertInput(inBuf, inOff, inLen);
BigInteger bigInteger4;
if (key is RsaPrivateCrtKeyParameters)
{
RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters = (RsaPrivateCrtKeyParameters)key;
BigInteger publicExponent = rsaPrivateCrtKeyParameters.PublicExponent;
if (publicExponent != null)
{
BigInteger modulus = rsaPrivateCrtKeyParameters.Modulus;
BigInteger bigInteger2 = BigIntegers.CreateRandomInRange(BigInteger.One, modulus.Subtract(BigInteger.One), random);
BigInteger input = bigInteger2.ModPow(publicExponent, modulus).Multiply(bigInteger).Mod(modulus);
BigInteger bigInteger3 = core.ProcessBlock(input);
BigInteger val = bigInteger2.ModInverse(modulus);
bigInteger4 = bigInteger3.Multiply(val).Mod(modulus);
if (!bigInteger.Equals(bigInteger4.ModPow(publicExponent, modulus)))
{
throw new InvalidOperationException("RSA engine faulty decryption/signing detected");
}
}
else
{
bigInteger4 = core.ProcessBlock(bigInteger);
}
}
else
{
bigInteger4 = core.ProcessBlock(bigInteger);
}
return(core.ConvertOutput(bigInteger4));
}
/// <summary>
/// Save certificate as pfx file with private key
/// </summary>
/// <param name="issuerKeyPair"></param>
/// <param name="x509"></param>
/// <param name="fileName"></param>
/// <returns></returns>
private X509Certificate2 SaveToPFX(AsymmetricCipherKeyPair issuerKeyPair, X509Certificate2 x509, string fileName)
{
// add private key to x509
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(issuerKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
// It should thow if seq.c**t != 9 because folowing info should be stored in RSA key.
// following page has more info: https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem
// version Version,
// modulus INTEGER, --n
// publicExponent INTEGER, --e
// privateExponent INTEGER, --d
// prime1 INTEGER, --p
// prime2 INTEGER, --q
// exponent1 INTEGER, --d mod(p - 1)
// exponent2 INTEGER, --d mod(q - 1)
// coefficient INTEGER, --(inverse of q) mod p
// otherPrimeInfos OtherPrimeInfos OPTIONAL
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
var utils = new GeneralUtils();
if (!fileName.EndsWith(".pfx"))
{
fileName += ".pfx";
}
File.WriteAllBytes(utils.PathWithName(fileName), x509.Export(X509ContentType.Pkcs12, GetCertPassword()));
return(x509);
}
public string GenerateToken(string uid, IEnumerable <Claim> claims)
{
// Get the RsaPrivateCrtKeyParameters if we haven't already determined them
if (_rsaParams == null)
{
lock (_rsaParamsLocker)
{
if (_rsaParams == null)
{
using (var streamWriter = WriteToStreamWithString(_firebasePrivateKey.Replace(@"\n", "\n")))
{
using (var sr = new StreamReader(streamWriter.BaseStream))
{
var pr = new Org.BouncyCastle.OpenSsl.PemReader(sr);
_rsaParams = (RsaPrivateCrtKeyParameters)pr.ReadObject();
}
}
}
}
}
var payload = new Dictionary <string, object> {
{ "uid", uid }
, { "iat", SecondsSinceEpoch(DateTime.UtcNow) }
, { "exp", SecondsSinceEpoch(DateTime.UtcNow.AddSeconds(FirebaseTokenExpirySecs)) }
, { "aud", FirebasePayloadAud }
, { "iss", _firebasePayloadIss }
, { "sub", _firebasePayloadSub }
};
if (claims != null && claims.Any())
{
var customClaims = claims.ToDictionary((x) => x.Type, (y) => (object)y.Value);
payload.Add("claims", customClaims);
}
return(JWT.Encode(payload, Org.BouncyCastle.Security.DotNetUtilities.ToRSA(_rsaParams), JwsAlgorithm.RS256));
}
public IActionResult Index(string docid)
{
var id = _userManager.GetUserId(User);
var user = _aadeDbIntegration.GetUser(id);
var doc = _messageDbIntegration.GetMessage(docid);
if (doc == null)
{
Response.StatusCode = 400;
return(Content("Document was not found"));
}
// Grab the AADE user's private key for the decryption of the symmetric key
// that was used to encrypt the document
RsaPrivateCrtKeyParameters privateKeyRecovered = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(user.PrivateKey));
IAsymmetricBlockCipher engine = new RsaEngine();
engine.Init(false, privateKeyRecovered);
// the message is saved as a byte array so convert back to Document object
var message = Document.Deserialize(doc.Message);
// recover symmetric key
var derivedKeyBytesToReceive = engine.ProcessBlock(message.EncryptedSymmetricKey, 0, message.EncryptedSymmetricKeyLength);
// use this now to Decrypt the message
var decryptedDocument = AesOperation.DecryptString(Document.ByteArrayToString(derivedKeyBytesToReceive), message.EncryptedDocument);
var decryptedDocumentAsBytes = Convert.FromBase64String(decryptedDocument);
// verify signature to ensure message was not tampered with
//var isvalid = VerifySignature(decryptedDocument, doc.UsersPublicKey, doc.Signature);
doc.Status = 1;
_messageDbIntegration.UpdateMessage(doc);
return(File(decryptedDocumentAsBytes, doc.ContentType, doc.FileName));
}
public static string GetSign(string jsonContent, RsaPrivateCrtKeyParameters pr)
{
// MD5计算
string SignMD5 = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(jsonContent, "MD5").ToUpper();
// SHA1计算
string SignSHA1 = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(SignMD5, "SHA1");
// Rsa计算
//Org.BouncyCastle.Math.BigInteger mod = new Org.BouncyCastle.Math.BigInteger(sMod, 16);
//Org.BouncyCastle.Math.BigInteger pubExp = new Org.BouncyCastle.Math.BigInteger(sPubExp, 16);
//Org.BouncyCastle.Math.BigInteger privExp = new Org.BouncyCastle.Math.BigInteger(sPrivExp, 16);
//Org.BouncyCastle.Math.BigInteger p = new Org.BouncyCastle.Math.BigInteger(sP, 16);
//Org.BouncyCastle.Math.BigInteger q = new Org.BouncyCastle.Math.BigInteger(sQ, 16);
//Org.BouncyCastle.Math.BigInteger pExp = new Org.BouncyCastle.Math.BigInteger(sPExp, 16);
//Org.BouncyCastle.Math.BigInteger qExp = new Org.BouncyCastle.Math.BigInteger(sQExp, 16);
//Org.BouncyCastle.Math.BigInteger crtCoef = new Org.BouncyCastle.Math.BigInteger(sCrtCoef, 16);
//RsaKeyParameters pubParameters = new RsaKeyParameters(false, mod, pubExp);
//RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef);
RsaKeyParameters pubParameters = new RsaKeyParameters(false, pr.Modulus, pr.PublicExponent);
RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters(pr.Modulus, pr.PublicExponent, pr.Exponent, pr.P, pr.Q, pr.DP, pr.DQ, pr.QInv);
byte[] digInfo = System.Text.Encoding.Default.GetBytes(SignSHA1);
ISigner rawSig = SignerUtilities.GetSigner("RSA");
rawSig.Init(true, privParameters);
rawSig.BlockUpdate(digInfo, 0, digInfo.Length);
// Sign签名
byte[] rawResult = rawSig.GenerateSignature();
// 十六进制计算
string SignRSA = byteToHexStr(rawResult).ToUpper();
return(SignRSA);
}
/// <summary>
/// Private Key Convert xml->Pkcs8
/// </summary>
/// <param name="privateKey"></param>
/// <returns></returns>
public static string PrivateKeyXmlToPkcs8(string privateKey)
{
XElement root = XElement.Parse(privateKey);
//Modulus
var modulus = root.Element("Modulus");
//Exponent
var exponent = root.Element("Exponent");
//P
var p = root.Element("P");
//Q
var q = root.Element("Q");
//DP
var dp = root.Element("DP");
//DQ
var dq = root.Element("DQ");
//InverseQ
var inverseQ = root.Element("InverseQ");
//D
var d = root.Element("D");
RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters = new RsaPrivateCrtKeyParameters(
new BigInteger(1, Convert.FromBase64String(modulus.Value)),
new BigInteger(1, Convert.FromBase64String(exponent.Value)),
new BigInteger(1, Convert.FromBase64String(d.Value)),
new BigInteger(1, Convert.FromBase64String(p.Value)),
new BigInteger(1, Convert.FromBase64String(q.Value)),
new BigInteger(1, Convert.FromBase64String(dp.Value)),
new BigInteger(1, Convert.FromBase64String(dq.Value)),
new BigInteger(1, Convert.FromBase64String(inverseQ.Value)));
StringWriter swpri = new StringWriter();
PemWriter pWrtpri = new PemWriter(swpri);
Pkcs8Generator pkcs8 = new Pkcs8Generator(rsaPrivateCrtKeyParameters);
pWrtpri.WriteObject(pkcs8);
pWrtpri.Writer.Close();
return(swpri.ToString());
}
public virtual byte[] ProcessBlock(byte[] inBuf, int inOff, int inLen)
{
BigInteger integer2;
if (this.key == null)
{
throw new InvalidOperationException("RSA engine not initialised");
}
BigInteger val = this.core.ConvertInput(inBuf, inOff, inLen);
if (this.key is RsaPrivateCrtKeyParameters)
{
RsaPrivateCrtKeyParameters key = (RsaPrivateCrtKeyParameters)this.key;
BigInteger publicExponent = key.PublicExponent;
if (publicExponent != null)
{
BigInteger modulus = key.Modulus;
BigInteger integer5 = BigIntegers.CreateRandomInRange(BigInteger.One, modulus.Subtract(BigInteger.One), this.random);
BigInteger input = integer5.ModPow(publicExponent, modulus).Multiply(val).Mod(modulus);
BigInteger integer7 = this.core.ProcessBlock(input);
BigInteger integer8 = integer5.ModInverse(modulus);
integer2 = integer7.Multiply(integer8).Mod(modulus);
if (!val.Equals(integer2.ModPow(publicExponent, modulus)))
{
throw new InvalidOperationException("RSA engine faulty decryption/signing detected");
}
}
else
{
integer2 = this.core.ProcessBlock(val);
}
}
else
{
integer2 = this.core.ProcessBlock(val);
}
return(this.core.ConvertOutput(integer2));
}
public AsymmetricCipherKeyPair ComposeKeyPair(BigInteger p, BigInteger q, BigInteger publicExponent)
{
if (p.Max(q).Equals(q))
{
var tmp = p;
p = q;
q = tmp;
}
var modulus = p.Multiply(q);
var p1 = p.Subtract(BigInteger.One);
var q1 = q.Subtract(BigInteger.One);
var phi = p1.Multiply(q1);
var privateExponent = publicExponent.ModInverse(phi);
var dP = privateExponent.Remainder(p1);
var dQ = privateExponent.Remainder(q1);
var qInv = q.ModInverse(p);
var priv = new RsaPrivateCrtKeyParameters(modulus, publicExponent, privateExponent, p, q, dP, dQ, qInv);
return(new AsymmetricCipherKeyPair(new RsaKeyParameters(false, priv.Modulus, publicExponent), priv));
}
/// <summary>
/// 获取私钥
/// </summary>
/// <param name="cert"></param>
/// <returns></returns>
public static string GetPrivateKeyPem(X509Certificate2 cert)
{
try
{
var p = cert.GetRSAPrivateKey().ExportParameters(true);
var key = new RsaPrivateCrtKeyParameters(
new Org.BouncyCastle.Math.BigInteger(1, p.Modulus), new Org.BouncyCastle.Math.BigInteger(1, p.Exponent), new Org.BouncyCastle.Math.BigInteger(1, p.D),
new Org.BouncyCastle.Math.BigInteger(1, p.P), new Org.BouncyCastle.Math.BigInteger(1, p.Q), new Org.BouncyCastle.Math.BigInteger(1, p.DP), new Org.BouncyCastle.Math.BigInteger(1, p.DQ),
new Org.BouncyCastle.Math.BigInteger(1, p.InverseQ));
using (var stringWriter = new StringWriter())
{
var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(stringWriter);
pemWriter.WriteObject(key);
return(stringWriter.GetStringBuilder().ToString());
}
}
catch
{
throw new Exception("cert必须具有 X509KeyStorageFlags.Exportable 标识,才能导出私钥。");
}
}
