public SshKey(SshVersion version, AsymmetricKeyParameter publicKeyParameter, AsymmetricKeyParameter privateKeyParameter = null, string comment = "", OpensshCertificate certificate = null) { if (publicKeyParameter == null) { throw new ArgumentNullException("publicKeyParameter"); } IsPublicOnly = (privateKeyParameter == null); Version = version; this.publicKeyParameter = publicKeyParameter; this.privateKeyParameter = privateKeyParameter; Certificate = certificate; Comment = comment; keyConstraints = new List <Agent.KeyConstraint>(); }
public SshKey(SshVersion version, AsymmetricCipherKeyPair cipherKeyPair, string comment = "", OpensshCertificate certificate = null) : this(version, cipherKeyPair.Public, cipherKeyPair.Private, comment, certificate) { }
/// <summary> /// reads OpenSSH formatted public key blob and creates /// an AsymmetricKeyParameter object /// </summary> /// <returns>AsymmetricKeyParameter containing the public key</returns> public AsymmetricKeyParameter ReadSsh2PublicKeyData(out OpensshCertificate cert) { cert = null; var algorithm = Encoding.UTF8.GetString(ReadBlob()); var certBuilder = new BlobBuilder(); certBuilder.AddStringBlob(algorithm); switch (algorithm) { case PublicKeyAlgorithmExt.ALGORITHM_RSA_KEY: { var n = new BigInteger(1, ReadBlob()); // modulus var e = new BigInteger(1, ReadBlob()); // exponent if (n.BitLength < e.BitLength) { // In some cases, the modulus is first. We can always tell because // it is significantly larget than the exponent. return(new RsaKeyParameters(false, e, n)); } return(new RsaKeyParameters(false, n, e)); } case PublicKeyAlgorithmExt.ALGORITHM_RSA_CERT_V1: { var nonce = ReadBlob(); if (nonce.Length != 32) { // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob // is the whole certificate, not the nonce var certParser = new BlobParser(nonce); return(certParser.ReadSsh2PublicKeyData(out cert)); } else { certBuilder.AddBlob(nonce); var e = new BigInteger(1, ReadBlob()); certBuilder.AddBigIntBlob(e); var n = new BigInteger(1, ReadBlob()); certBuilder.AddBigIntBlob(n); cert = ReadCertificate(certBuilder); return(new RsaKeyParameters(false, n, e)); } } case PublicKeyAlgorithmExt.ALGORITHM_DSA_KEY: { var p = new BigInteger(1, ReadBlob()); var q = new BigInteger(1, ReadBlob()); var g = new BigInteger(1, ReadBlob()); var y = new BigInteger(1, ReadBlob()); var dsaParams = new DsaParameters(p, q, g); return(new DsaPublicKeyParameters(y, dsaParams)); } case PublicKeyAlgorithmExt.ALGORITHM_DSA_CERT_V1: { var nonce = ReadBlob(); if (nonce.Length != 32) { // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob // is the whole certificate, not the nonce var certParser = new BlobParser(nonce); return(certParser.ReadSsh2PublicKeyData(out cert)); } else { certBuilder.AddBlob(nonce); var p = new BigInteger(1, ReadBlob()); certBuilder.AddBigIntBlob(p); var q = new BigInteger(1, ReadBlob()); certBuilder.AddBigIntBlob(q); var g = new BigInteger(1, ReadBlob()); certBuilder.AddBigIntBlob(g); var y = new BigInteger(1, ReadBlob()); certBuilder.AddBigIntBlob(y); cert = ReadCertificate(certBuilder); var dsaParams = new DsaParameters(p, q, g); return(new DsaPublicKeyParameters(y, dsaParams)); } } case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP256_KEY: case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP384_KEY: case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP521_KEY: { var curveName = ReadString(); var publicKey = ReadBlob(); var x9Params = SecNamedCurves.GetByName(EcCurveToAlgorithm(curveName)); var domainParams = new ECDomainParameters(x9Params.Curve, x9Params.G, x9Params.N, x9Params.H); var point = x9Params.Curve.DecodePoint(publicKey); return(new ECPublicKeyParameters(point, domainParams)); } case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP256_CERT_V1: case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP384_CERT_V1: case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP521_CERT_V1: { var nonce = ReadBlob(); if (nonce.Length != 32) { // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob // is the whole certificate, not the nonce var certParser = new BlobParser(nonce); return(certParser.ReadSsh2PublicKeyData(out cert)); } else { certBuilder.AddBlob(nonce); var curveName = ReadString(); certBuilder.AddStringBlob(curveName); var publicKey = ReadBlob(); certBuilder.AddBlob(publicKey); cert = ReadCertificate(certBuilder); var x9Params = SecNamedCurves.GetByName(EcCurveToAlgorithm(curveName)); var domainParams = new ECDomainParameters(x9Params.Curve, x9Params.G, x9Params.N, x9Params.H); var point = x9Params.Curve.DecodePoint(publicKey); return(new ECPublicKeyParameters(point, domainParams)); } } case PublicKeyAlgorithmExt.ALGORITHM_ED25519: { var publicKey = ReadBlob(); return(new Ed25519PublicKeyParameter(publicKey)); } case PublicKeyAlgorithmExt.ALGORITHM_ED25519_CERT_V1: { var nonce = ReadBlob(); if (nonce.Length != 32) { // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob // is the whole certificate, not the nonce var certParser = new BlobParser(nonce); certParser.ReadSsh2PublicKeyData(out cert); var publicKey = ReadBlob(); return(new Ed25519PublicKeyParameter(publicKey)); } else { certBuilder.AddBlob(nonce); var publicKey = ReadBlob(); certBuilder.AddBlob(publicKey); cert = ReadCertificate(certBuilder); return(new Ed25519PublicKeyParameter(publicKey)); } } default: // unsupported encryption algorithm throw new Exception("Unsupported algorithm"); } }