Exemple #1
0
        private string CreateJwk(RSAParameters rsaKeyInfo, out string keyId)
        {
            string modulus = Base64UrlHelper.Encode(rsaKeyInfo.Modulus);
            string exp     = Base64UrlHelper.Encode(rsaKeyInfo.Exponent);

            SHA256 sha256 = SHA256.Create();

            byte[]        hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(modulus + exp));
            StringBuilder hex  = new StringBuilder(hash.Length * 2);

            for (int i = 0; i < hash.Length; ++i)
            {
                hex.AppendFormat("{0:x2}", hash[i]);
            }
            keyId = hex.ToString();
            Dictionary <string, object> jwk = new Dictionary <string, object>
            {
                { "kty", "RSA" },
                { "kid", keyId },
                { "n", modulus },
                { "e", exp }
            };

            return(JsonConvert.SerializeObject(jwk));
        }
Exemple #2
0
        public string EncodeCompact()
        {
            string ret = encoded_header + ".";

            if (encrypted_key != null)
            {
                ret += Base64UrlHelper.Encode(encrypted_key);
            }

            ret += ".";
            if (init_vector != null)
            {
                ret += Base64UrlHelper.Encode(init_vector);
            }

            ret += ".";
            if (ciphertext != null)
            {
                ret += Base64UrlHelper.Encode(ciphertext);
            }

            ret += ".";
            if (auth_tag != null)
            {
                ret += Base64UrlHelper.Encode(auth_tag);
            }

            return(ret);
        }
Exemple #3
0
        /// <summary>
        /// Encrypt SD data with exchange key.
        /// </summary>
        /// <param name="plaintextList"></param>
        /// <param name="cert">Exchange key</param>
        /// <returns></returns>
        public SecurityDomainRestoreData EncryptForRestore(PlaintextList plaintextList, X509Certificate2 cert)
        {
            try
            {
                SecurityDomainRestoreData securityDomainRestoreData = new SecurityDomainRestoreData();
                securityDomainRestoreData.EncData.kdf = "sp108_kdf";

                byte[] master_key = Utils.GetRandom(32);

                foreach (Plaintext p in plaintextList.list)
                {
                    Datum      datum   = new Datum();
                    HMACSHA512 hmac    = new HMACSHA512();
                    byte[]     enc_key = KDF.sp800_108(master_key, p.tag, "", hmac, 512);

                    datum.tag = p.tag;
                    JWE jwe = new JWE();
                    jwe.Encrypt(enc_key, p.plaintext, "A256CBC-HS512", p.tag);
                    datum.compact_jwe = jwe.EncodeCompact();
                    securityDomainRestoreData.EncData.data.Add(datum);
                }

                // Now go make the wrapped key
                JWE jwe_wrapped = new JWE();
                jwe_wrapped.Encrypt(cert, master_key);
                securityDomainRestoreData.WrappedKey.enc_key = jwe_wrapped.EncodeCompact();
                securityDomainRestoreData.WrappedKey.x5t_256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert));
                return(securityDomainRestoreData);
            }
            catch (Exception ex)
            {
                throw new Exception("Failed to encrypt security domain data for restoring.", ex);
            }
        }
Exemple #4
0
        public void LoadKey(KeyPath path)
        {
            CertKey certKey = new CertKey();

            certKey.Load(path);
            string encodedThumbprint = Base64UrlHelper.Encode(certKey.GetThumbprint());

            _keys.Add(encodedThumbprint, certKey);
        }
Exemple #5
0
        public void EncodeHeader()
        {
            string header_json = JsonConvert.SerializeObject(
                protected_header,
                Formatting.None,
                new JsonSerializerSettings {
                NullValueHandling = NullValueHandling.Ignore
            });

            encoded_header = Base64UrlHelper.Encode(header_json);
        }
Exemple #6
0
 void SetX5t256(X509Certificate2 cert)
 {
     x5t_S256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert));
 }
Exemple #7
0
 void SetX5t(X509Certificate2 cert)
 {
     x5t = Base64UrlHelper.Encode(ToByteArray(cert.Thumbprint));
 }
Exemple #8
0
 void SetModulus(byte[] modulus)
 {
     n = Base64UrlHelper.Encode(modulus);
 }
Exemple #9
0
 void SetExponent(byte[] exp)
 {
     e = Base64UrlHelper.Encode(exp);
 }