public void TestRsaSha1() { using (Configuration cfg = new Configuration(Resources.OpenSslCfgFilePath)) { // Test RSA/SHA1 with other SelfSigned method BigNumber bn = 0x10001; CryptoKey key; using (RSA rsa = new RSA()) { rsa.GenerateKeys(2048, bn, OnGenerator, null); key = new CryptoKey(rsa); // rsa is assigned, we no longer need this instance } using (var root = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), key, MessageDigest.SHA1, "Root1", DateTime.Now, TimeSpan.FromDays(365))) { Console.WriteLine(root.Certificate); } } }
public void LoadCA(String PKCS12Filename) { FileInfo caPkcs12 = new FileInfo(PKCS12Filename); if (caPkcs12.Exists) { try { Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName); // You need to write the CSR string to a BIO object as shown below. BIO pkcs12BIO = BIO.MemoryBuffer(); pkcs12BIO.Write(bPKCS12); X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword); if (RootCA != null) { RootCA.Dispose(); } RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg); } catch (Exception ex) { RootCA = null; } } }
static void Main(string[] args) { Authorities(); return; SimpleSerialNumber seq = new SimpleSerialNumber(); X509CertificateAuthority ca = X509CertificateAuthority.SelfSigned( seq, new X509Name("CN=."), TimeSpan.FromDays(10) ); Console.WriteLine(ca.Certificate); DSA dsa = new DSA(new DSAParameters(512)); CryptoKey key = new CryptoKey(dsa); X509Request req = new X509Request(0, new X509Name("CN=com."), key); req.Sign(key, MessageDigest.DSS1); X509Certificate cert = ca.ProcessRequest(req, TimeSpan.FromDays(10)); Console.WriteLine(cert); Console.WriteLine("CA Verified: " + cert.Verify(ca.Key)); Console.WriteLine("Self Verified: " + cert.Verify(key)); SimpleSerialNumber serial2 = new SimpleSerialNumber(); X509CertificateAuthority caSelf = new X509CertificateAuthority( cert, key, serial2); X509Request req2 = cert.CreateRequest(key, MessageDigest.DSS1); X509Name subject = req2.Subject; Console.WriteLine("Request1: " + req); Console.WriteLine("Request2: " + req2); X509Certificate cert2 = caSelf.ProcessRequest(req2, TimeSpan.FromDays(10)); Console.WriteLine("Cert2: " + cert2); DH dh = new DH(128, 5); MessageDigestContext mdc = new MessageDigestContext(MessageDigest.DSS1); byte[] msg = dh.PublicKey; byte[] sig = mdc.Sign(msg, key); Console.WriteLine(dh); Console.WriteLine("DH P : " + BitConverter.ToString(dh.P)); Console.WriteLine("DH G : " + BitConverter.ToString(dh.G)); Console.WriteLine("DH Secret Key: " + BitConverter.ToString(dh.PrivateKey)); Console.WriteLine("DH Public Key: " + BitConverter.ToString(msg)); Console.WriteLine("DH Signature : " + BitConverter.ToString(sig)); Console.WriteLine(mdc.Verify(msg, sig, key)); }
public void TestDefaultDSA() { using (Configuration cfg = new Configuration("openssl.cnf")) { // Test default DSA method using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Root1", DateTime.Now, TimeSpan.FromDays(365))) { Console.WriteLine(root.Certificate); } } }
public void TestDefaultDSA() { using (var cfg = new Configuration(Resources.OpenSslCfgFilePath)) { // Test default DSA method using (var root = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Root1", DateTime.Now, TimeSpan.FromDays(365))) { Console.WriteLine(root.Certificate); } } }
X509Certificate CreateCertificate(X509CertificateAuthority ca, string name, Configuration cfg, string section) { var now = DateTime.Now; var future = now + TimeSpan.FromDays(365); using (var subject = new X509Name(name)) using (var rsa = new RSA()) { rsa.GenerateKeys(1024, BigNumber.One, null, null); using (var key = new CryptoKey(rsa)) { var request = new X509Request(1, subject, key); var cert = ca.ProcessRequest(request, now, future, cfg, section); cert.PrivateKey = key; return(cert); } } }
public SslTestContext() { using (var cfg = new Configuration(Resources.OpenSslCfgFilePath)) using (var ca = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Root", DateTime.Now, TimeSpan.FromDays(365))) { CAChain.Add(ca.Certificate); ServerCertificate = CreateCertificate(ca, "server", cfg, "tls_server"); ClientCertificate = CreateCertificate(ca, "client", cfg, "tls_client"); } ClientCertificateList.Add(ClientCertificate); }
public void CreateCA(X509Name Name) { FileInfo caPkcs12 = new FileInfo(Path.Combine(certDir.FullName, Name.Common + ".pfx")); if (caPkcs12.Exists) { caPkcs12.Delete(); } if (RootCA != null) { RootCA.Dispose(); } // Create a root certificate authority which will have a self signed certificate. RootCA = X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA256, Name, DateTime.Now, (DateTime.Now.AddYears(10) - DateTime.Now)); BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate); }
public void TestWithoutCfg() { BigNumber bn = 0x10001; CryptoKey key; using (RSA rsa = new RSA()) { rsa.GenerateKeys(2048, bn, OnGenerator, null); key = new CryptoKey(rsa); // rsa is assigned, we no longer need this instance } var extList = new List <X509V3ExtensionValue> { new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"), new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"), new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"), new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"), }; using (var root = X509CertificateAuthority.SelfSigned( new SimpleSerialNumber(), key, MessageDigest.SHA1, "Root1", DateTime.Now, TimeSpan.FromDays(365), extList)) { Console.WriteLine(root.Certificate); // Iterate the extensions Console.WriteLine("X509v3 Extensions:"); foreach (var ext in root.Certificate.Extensions) { Console.WriteLine("Name:{0}, IsCritical:{1}, Value:{2}", ext.Name, ext.IsCritical, ext); } } }
/// <summary> /// Creates a new Certificate Authority using a list of extensions for the CA certificate. /// </summary> public void CreateCertificateAuthorityWithExtensions() { var extensions = GetCertificateAuthorityExtensions(); this.CA = X509CertificateAuthority.SelfSigned(this.SerialNumberSequencer, this.Key, MessageDigest.SHA512, this.Subject, DateTime.UtcNow, TimeSpan.FromDays(365), extensions); }
public void Promote(X509Certificate cert) { cert.Verify(this.key); this.ca = new X509CertificateAuthority(cert, this.key, this.serial); }
public void LoadOrCreateCA(String PKCS12Filename, X509Name Name, subjectAltName altNames) { FileInfo caPkcs12 = new FileInfo(PKCS12Filename); if (caPkcs12.Exists) { try { Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName); // You need to write the CSR string to a BIO object as shown below. BIO pkcs12BIO = BIO.MemoryBuffer(); pkcs12BIO.Write(bPKCS12); X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword); if (RootCA != null) { RootCA.Dispose(); } RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg); } catch { RootCA = null; } } if (RootCA == null) { X509V3ExtensionList ext = new X509V3ExtensionList(); ext.Add(new X509V3ExtensionValue("nsComment", true, "SafeID - IAM Generated Certificate")); ext.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:true")); //ext.Add(new X509V3ExtensionValue("keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature")); ext.Add(new X509V3ExtensionValue("subjectKeyIdentifier", true, "hash")); ext.Add(new X509V3ExtensionValue("authorityKeyIdentifier", true, "keyid,issuer:always")); if (altNames != null) { foreach (Uri u in altNames.Uri) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower())); } foreach (String m in altNames.Mail) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "email:" + m)); } foreach (String s in altNames.Dns) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "DNS:" + s)); } foreach (String s in altNames.Text) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s)); } } RootCA = X509CertificateAuthority.SelfSigned(new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA1, Name, DateTime.Now.AddHours(-24), (DateTime.Now.AddYears(10) - DateTime.Now), ext); BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate); } }
static void Main(string[] args) { Configuration cfg = new Configuration("openssl.cnf"); X509CertificateAuthority root = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Root1", DateTime.Now, TimeSpan.FromDays(365)); X509CertificateAuthority rogue = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Rogue", DateTime.Now, TimeSpan.FromDays(365)); Identity comId = new Identity(new CryptoKey(new DSA(true))); X509Request comReq = comId.CreateRequest("com"); X509Certificate comCert = root.ProcessRequest(comReq, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365)); if (!comCert.Verify(root.Key)) Console.WriteLine("Invalid com cert"); X509CertificateAuthority com = new X509CertificateAuthority( comCert, comId.PrivateKey, new SimpleSerialNumber(), cfg); Identity id1 = new Identity(new CryptoKey(new DSA(true))); X509Request req1 = id1.CreateRequest("1"); X509Certificate cert1 = com.ProcessRequest( req1, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365)); Identity id2 = new Identity(new CryptoKey(new DSA(true))); X509Request req2 = id2.CreateRequest("2"); X509Certificate cert2 = rogue.ProcessRequest( req2, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365)); X509Store store = new X509Store(); store.AddTrusted(root.Certificate); store.AddUntrusted(root.Certificate); store.AddUntrusted(com.Certificate); string error; if (store.Verify(cert1, out error)) Console.WriteLine("cert1 OK"); else Console.WriteLine("cert1: " + error); store.AddUntrusted(rogue.Certificate); if (store.Verify(cert2, out error)) Console.WriteLine("cert2 OK"); else Console.WriteLine("cert2: " + error); //Console.WriteLine("root:"); Console.WriteLine(root.Certificate); //Console.WriteLine("com:"); Console.WriteLine(com.Certificate); //Console.WriteLine("rogue:"); Console.WriteLine(rogue.Certificate); //Console.WriteLine("id1:"); Console.WriteLine(cert1); //Console.WriteLine("id2:"); Console.WriteLine(cert2); }
public Authority(X509Certificate cert, CryptoKey key) { this.key = key; this.ca = new X509CertificateAuthority(cert, key, this.serial); this.name = cert.Subject.Common; }
void DoWork() { try { // Step 1 if (nameFrm1.GetNames()) { X509Name subject = new X509Name(); // TODO FIX NAME FRM int progress = 0; int cur = 0; foreach (KeyValuePair <string, string> keyp in nameFrm1.bind.Vals) { progress = (int)((double)((cur / nameFrm1.bind.Vals.Count) * 100)); backgroundWorker1.ReportProgress(progress, 1); subject.AddEntryByName(keyp.Key.ToUpper(), keyp.Value); cur++; } backgroundWorker1.ReportProgress(100, 1); // Step 2 progress = 0; cur = 0; if (keyGenerationFrm1.GenerateKey()) { Al.Security.CA.KeyGenerationBind keyb = keyGenerationFrm1.bind; CryptoKey KeyPair = keyb.KeyPair; // var serialNumber = //BigIntegers.CreateRandomInRange( // BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), keyb.SRandom); // CUTOM SERIAL SimpleSerialNumber serial = null; int serialn = 0; if (keyGenerationFrm1.serialnumber.Value != null && keyGenerationFrm1.serialnumber.Value != 0) { serial = new SimpleSerialNumber(keyGenerationFrm1.serialnumber.Value); } backgroundWorker1.ReportProgress(100, 2); // STEP 3 if (!configbox.Checked) { ExtensionsWork(); } Configuration config = new Configuration(Application.StartupPath + @"\ext.cfg"); backgroundWorker1.ReportProgress(100, 3); DateTime notbe = nameFrm1.notbefore.Value; TimeSpan vali = nameFrm1.notafter.Value.Subtract(notbe); // STEP 4 SAVE X509CertificateAuthority ca = null; if (serial != null) { ca = X509CertificateAuthority.SelfSigned(config, serial, KeyPair, keyb.SignatureAlgorithm, subject, notbe, vali); } else { ca = X509CertificateAuthority.SelfSigned(config, new SimpleSerialNumber(), KeyPair, keyb.SignatureAlgorithm, subject, notbe, vali); } // cfrm = new CertExportFrm(); cfrm.certificate = ca.Certificate; cfrm.Key = KeyPair; backgroundWorker1.ReportProgress(100, 4); } else { SelectTab(superTabItem5); } } else { SelectTab(superTabItem4); } } catch (Exception ex) { MessageBoxEx.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Warning); } }
void DoWork() { try { //var certificateGenerator = new X509V3CertificateGenerator(); // Step 1 if (nameFrm1.GetNames()) { X509Name subject = new X509Name(); // TODO FIX NAME FRM int progress = 0; int cur = 0; foreach (KeyValuePair <string, string> keyp in nameFrm1.bind.Vals) { progress = (int)((double)((cur / nameFrm1.bind.Vals.Count) * 100)); backgroundWorker1.ReportProgress(progress, 1); subject.AddEntryByName(keyp.Key.ToUpper(), keyp.Value); cur++; } backgroundWorker1.ReportProgress(100, 1); // Step 2 progress = 0; cur = 0; if (keyGenerationFrm1.GenerateKey()) { Al.Security.CA.KeyGenerationBind keyb = keyGenerationFrm1.bind; CryptoKey KeyPair = keyb.KeyPair; CSReq = new X509Request(2, subject, KeyPair); // CUSTOM SERIAL NUMBER SimpleSerialNumber serial = null; if (keyGenerationFrm1.serialnumber.Value != null && keyGenerationFrm1.serialnumber.Value != 0) { serial = new SimpleSerialNumber(keyGenerationFrm1.serialnumber.Value); } backgroundWorker1.ReportProgress(100, 2); // STEP 3 if (!configbox.Checked) { ExtensionsWork(); } Configuration config = new Configuration(Application.StartupPath + @"\ext.cfg"); backgroundWorker1.ReportProgress(100, 3); DateTime notbe = nameFrm1.notbefore.Value; DateTime vali = nameFrm1.notafter.Value; // STEP 4 SAVE //generate SimpleSerialNumber caserial = new SimpleSerialNumber(PFX.Certificate.SerialNumber); X509CertificateAuthority ca = new X509CertificateAuthority(PFX.Certificate, PFX.PrivateKey, caserial, config); X509Certificate signedCert = null; if (serial != null) { signedCert = ca.ProcessRequest(serial, config, CSReq, DateTime.UtcNow, vali, keyb.SignatureAlgorithm); } else { signedCert = ca.ProcessRequest(config, CSReq, DateTime.UtcNow, vali, keyb.SignatureAlgorithm); } // CertExportFrm cfrm = new CertExportFrm(); cfrm.certificate = signedCert; cfrm.Key = KeyPair; // cfrm.ShowDialog(); backgroundWorker1.ReportProgress(100, 4); } else { SelectTab(superTabItem5); } } else { SelectTab(superTabItem4); } } catch (Exception ex) { MessageBoxEx.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Warning); } }
static void Main(string[] args) { Configuration cfg = new Configuration("openssl.cnf"); X509CertificateAuthority root = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Root1", DateTime.Now, TimeSpan.FromDays(365)); X509CertificateAuthority rogue = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Rogue", DateTime.Now, TimeSpan.FromDays(365)); Identity comId = new Identity(new CryptoKey(new DSA(true))); X509Request comReq = comId.CreateRequest("com"); X509Certificate comCert = root.ProcessRequest(comReq, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365)); if (!comCert.Verify(root.Key)) { Console.WriteLine("Invalid com cert"); } X509CertificateAuthority com = new X509CertificateAuthority( comCert, comId.PrivateKey, new SimpleSerialNumber(), cfg); Identity id1 = new Identity(new CryptoKey(new DSA(true))); X509Request req1 = id1.CreateRequest("1"); X509Certificate cert1 = com.ProcessRequest( req1, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365)); Identity id2 = new Identity(new CryptoKey(new DSA(true))); X509Request req2 = id2.CreateRequest("2"); X509Certificate cert2 = rogue.ProcessRequest( req2, DateTime.Now, DateTime.Now + TimeSpan.FromDays(365)); X509Store store = new X509Store(); store.AddTrusted(root.Certificate); store.AddUntrusted(root.Certificate); store.AddUntrusted(com.Certificate); string error; if (store.Verify(cert1, out error)) { Console.WriteLine("cert1 OK"); } else { Console.WriteLine("cert1: " + error); } store.AddUntrusted(rogue.Certificate); if (store.Verify(cert2, out error)) { Console.WriteLine("cert2 OK"); } else { Console.WriteLine("cert2: " + error); } //Console.WriteLine("root:"); Console.WriteLine(root.Certificate); //Console.WriteLine("com:"); Console.WriteLine(com.Certificate); //Console.WriteLine("rogue:"); Console.WriteLine(rogue.Certificate); //Console.WriteLine("id1:"); Console.WriteLine(cert1); //Console.WriteLine("id2:"); Console.WriteLine(cert2); }
/// <summary> /// Creates a new Certificate Authority instance that uses the configuration file when /// to apply extensions when the CA signs a new certificate. The CA /// is created with the extensions in the [ V3_CA ] section in the configuration file. /// </summary> public void CreateCertificateAuthorityWithConfigurationFile() { this.Config = LoadConfigurationFile(Path.Combine(Environment.CurrentDirectory, Settings.Default.OpenSslConfigurationFileName)); this.CA = X509CertificateAuthority.SelfSigned(this.Config, this.SerialNumberSequencer, this.Key, MessageDigest.SHA512, this.Subject, DateTime.UtcNow, TimeSpan.FromDays(365)); }