static void Main(string[] args) { //Fetch certificates in the currently connected card List <X509Certificate2> cardCertificates = new List <X509Certificate2>(); try { cardCertificates.AddRange(BaseSmartCardCryptoProvider.GetCertificates()); } catch (Win32Exception ex) { Console.WriteLine(ex.Message); } X509Certificate2 digitalSignatureCertificate = null; //Get the certificate that has non repudiation key usage as it is the digital signature key for the Kuwaiti civil id foreach (X509Certificate2 x509 in cardCertificates) { foreach (X509Extension extension in x509.Extensions) { //OID 2.5.29.15 is for key usage if (extension.Oid.Value.Equals("2.5.29.15")) { X509KeyUsageExtension ext = (X509KeyUsageExtension)extension; if (((ext.KeyUsages & X509KeyUsageFlags.NonRepudiation) | (ext.KeyUsages & X509KeyUsageFlags.DigitalSignature)) == (X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature)) { digitalSignatureCertificate = x509; } } } } //See if digital signature certificate was found if (digitalSignatureCertificate != null) { //Export the public key which will be used in validation X509Certificate2 publicKeySigning = new X509Certificate2(digitalSignatureCertificate.Export(X509ContentType.Cert)); //Read the pin Console.Write("Please enter your pin: "); string pin = Console.ReadLine(); //Load XML document to be signed string xmlData = File.ReadAllText(@"XMLDocuments\cd_catalog.xml"); //Sign the XML document string signedXMLData = Crypto.SignXml(xmlData, digitalSignatureCertificate, true, pin); //Output the signed XML to file File.WriteAllText(@"XMLDocuments\cd_catalog_SIGNED.xml", signedXMLData); //Read a signed XML document signedXMLData = File.ReadAllText(@"XMLDocuments\cd_catalog_SIGNED.xml"); //Validate the signed XML document using the embedded key in it Console.WriteLine("Verifying XML using internal signature STATUS = " + Crypto.VerifyXml(signedXMLData)); //Validate the signed XML document using external certificate Console.WriteLine("Verifying XML using publicKey STATUS = " + Crypto.VerifyXml(signedXMLData, publicKeySigning)); } Console.ReadKey(); }
private static void Main(string[] args) { Crypto crypto = new Crypto(); //Fetch certificates in the currently connected card List <X509Certificate2> cardCertificates = BaseSmartCardCryptoProvider.GetCertificates(); X509Certificate2 digitalSignatureCertificate = null; //Get the certificate that has non repudiation key usage as it is the digital signature key for the Kuwaiti civil id foreach (X509Certificate2 x509 in cardCertificates) { foreach (X509Extension extension in x509.Extensions) { //OID 2.5.29.15 is for key usage if (extension.Oid.Value.Equals("2.5.29.15")) { X509KeyUsageExtension ext = (X509KeyUsageExtension)extension; if (((ext.KeyUsages & X509KeyUsageFlags.NonRepudiation) | (ext.KeyUsages & X509KeyUsageFlags.DigitalSignature)) == (X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature)) { digitalSignatureCertificate = x509; } } } } //See if digital signature certificate was found if (digitalSignatureCertificate != null) { //Export the public key which will be used in encrypting X509Certificate2 publicKeyExchange = new X509Certificate2(digitalSignatureCertificate.Export(X509ContentType.Cert)); //Read the pin Console.Write("Please enter your pin: "); string pin = Console.ReadLine(); //This is the message that will be used in the encryption and decryption process string message = "There is nothing that my blade cannot cut!"; //Encrypt the message as a Base64 encoded string string encryptedMessage = Crypto.Encrypt ( Encoding.UTF8.GetBytes(message), publicKeyExchange, RSAEncryptionPadding.OaepSHA1 ); //Decrypt the Base64 encoded encrypted message string decryptedMessage = Encoding.UTF8.GetString ( Crypto.Decrypt ( encryptedMessage, digitalSignatureCertificate, RSAEncryptionPadding.OaepSHA1, pin ) ); //Encrypt the message as raw data byte[] encryptedMessage2 = Crypto.EncryptToByteArray ( Encoding.UTF8.GetBytes(message), publicKeyExchange, RSAEncryptionPadding.OaepSHA1 ); //Decrypt the raw data string decryptedMessage2 = Encoding.UTF8.GetString(Crypto.Decrypt ( encryptedMessage2, digitalSignatureCertificate, RSAEncryptionPadding.OaepSHA1, pin )); //Output the results Console.WriteLine ( "Message: " + message + "\n" + "Encrypted: " + encryptedMessage + "\n" + "Decrypted: " + decryptedMessage ); Console.WriteLine("\n*********************************\n"); Console.WriteLine ( "Message: " + message + "\n" + "Encrypted: " + ToHex(encryptedMessage2) + "\n" + "Decrypted: " + decryptedMessage2 ); } Console.ReadKey(); }
static void Main(string[] args) { //Fetch certificates in the currently connected card List <X509Certificate2> cardCertificates = BaseSmartCardCryptoProvider.GetCertificates(); X509Certificate2 digitalSignatureCertificate = null; //Get the certificate that has non repudiation key usage as it is the digital signature key for the Kuwaiti civil id foreach (X509Certificate2 x509 in cardCertificates) { foreach (X509Extension extension in x509.Extensions) { //OID 2.5.29.15 is for key usage if (extension.Oid.Value.Equals("2.5.29.15")) { X509KeyUsageExtension ext = (X509KeyUsageExtension)extension; if (((ext.KeyUsages & X509KeyUsageFlags.NonRepudiation) | (ext.KeyUsages & X509KeyUsageFlags.DigitalSignature)) == (X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature)) { digitalSignatureCertificate = x509; } } } } //See if digital signature certificate was found if (digitalSignatureCertificate != null) { //Export the public key which will be used in validation X509Certificate2 publicKeySigning = new X509Certificate2(digitalSignatureCertificate.Export(X509ContentType.Cert)); //Create the message that will be signed string message = "There is nothing that my blade cannot cut!"; //Read the pin Console.Write("Please enter your pin: "); string pin = Console.ReadLine(); //Sign the data string signedMessage = Crypto.SignData ( Encoding.UTF8.GetBytes(message), digitalSignatureCertificate, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1, pin ); //Verify the signed data bool validationStatus = Crypto.VerifyData ( Encoding.UTF8.GetBytes(message), signedMessage, publicKeySigning, HashAlgorithmName.SHA256 ); //Create the hash byte[] hash = SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(message)); //Sign the data string signedHash = Crypto.SignHash ( hash, digitalSignatureCertificate, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1, pin ); //Verify the signed data bool validationStatus2 = Crypto.VerifyHash ( hash, signedHash, publicKeySigning, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1 ); //Output the results Console.WriteLine ( "Message: " + message + "\n" + "Signature: " + signedMessage + "\n" + "Validation Status: " + validationStatus.ToString() ); Console.WriteLine("\n*********************************\n"); Console.WriteLine ( "Hash: " + ToHex(hash) + "\n" + "Signature: " + signedHash + "\n" + "Validation Status: " + validationStatus2.ToString() ); } Console.ReadKey(); }