/// <summary> /// Create a self signed certificate. /// </summary> public static X509Certificate2 GenerateCertificate( string subjectName, AsymmetricCipherKeyPair keyPair) { if (string.IsNullOrEmpty(subjectName)) { subjectName = "NuGetTest"; } var certGen = new X509V3CertificateGenerator(); certGen.SetSubjectDN(new X509Name($"CN={subjectName}")); certGen.SetIssuerDN(new X509Name($"CN={subjectName}")); certGen.SetNotAfter(DateTime.UtcNow.Add(TimeSpan.FromHours(1))); certGen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromHours(1))); certGen.SetPublicKey(keyPair.Public); var random = new SecureRandom(); var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certGen.SetSerialNumber(serialNumber); var subjectKeyIdentifier = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public)); certGen.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, subjectKeyIdentifier); certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.KeyCertSign)); certGen.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false)); var usages = new[] { KeyPurposeID.IdKPCodeSigning }; certGen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, critical: true, extensionValue: new ExtendedKeyUsage(usages)); var issuerPrivateKey = keyPair.Private; var signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivateKey, random); var certificate = certGen.Generate(signatureFactory); var certResult = new X509Certificate2(certificate.GetEncoded()); #if IS_DESKTOP certResult.PrivateKey = DotNetUtilities.ToRSA(keyPair.Private as RsaPrivateCrtKeyParameters); #endif return(certResult); }
public void TestX509CertificateConversion() { BigInteger DSAParaG = new BigInteger(Base64.Decode("AL0fxOTq10OHFbCf8YldyGembqEu08EDVzxyLL29Zn/t4It661YNol1rnhPIs+cirw+yf9zeCe+KL1IbZ/qIMZM=")); BigInteger DSAParaP = new BigInteger(Base64.Decode("AM2b/UeQA+ovv3dL05wlDHEKJ+qhnJBsRT5OB9WuyRC830G79y0R8wuq8jyIYWCYcTn1TeqVPWqiTv6oAoiEeOs=")); BigInteger DSAParaQ = new BigInteger(Base64.Decode("AIlJT7mcKL6SUBMmvm24zX1EvjNx")); BigInteger DSAPublicY = new BigInteger(Base64.Decode("TtWy2GuT9yGBWOHi1/EpCDa/bWJCk2+yAdr56rAcqP0eHGkMnA9s9GJD2nGU8sFjNHm55swpn6JQb8q0agrCfw==")); BigInteger DsaPrivateX = new BigInteger(Base64.Decode("MMpBAxNlv7eYfxLTZ2BItJeD31A=")); DsaParameters para = new DsaParameters(DSAParaP, DSAParaQ, DSAParaG); DsaPrivateKeyParameters dsaPriv = new DsaPrivateKeyParameters(DsaPrivateX, para); DsaPublicKeyParameters dsaPub = new DsaPublicKeyParameters(DSAPublicY, para); IDictionary attrs = new Hashtable(); attrs[X509Name.C] = "AU"; attrs[X509Name.O] = "The Legion of the Bouncy Castle"; attrs[X509Name.L] = "Melbourne"; attrs[X509Name.ST] = "Victoria"; attrs[X509Name.E] = "*****@*****.**"; IList ord = new ArrayList(attrs.Keys); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1)); certGen.SetNotAfter(DateTime.UtcNow.AddDays(1)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(dsaPub); certGen.SetSignatureAlgorithm("SHA1WITHDSA"); X509Certificate cert = certGen.Generate(dsaPriv); cert.CheckValidity(); cert.Verify(dsaPub); SystemX509.X509Certificate dotNetCert = DotNetUtilities.ToX509Certificate(cert); X509Certificate certCopy = DotNetUtilities.FromX509Certificate(dotNetCert); Assert.AreEqual(cert, certCopy); certCopy.CheckValidity(); certCopy.Verify(dsaPub); }
/// <summary> ///Load a RSA key from a PEM file /// </summary> /// <param name="file">PEM file</param> /// <param name="password">Password</param> public static RSACryptoServiceProvider LoadFromPEM(Stream input, string password = null) { using (StreamReader sr = new StreamReader(input, Encoding.Default)) { PemReader pemReader; if (!string.IsNullOrEmpty(password)) { pemReader = new PemReader(sr, new PasswordFinder(password)); } else { pemReader = new PemReader(sr); } RSAParameters parameters; object obj = pemReader.ReadObject(); if (obj == null) { throw new PemException("PemReader.ReadObject() returned null"); } Type objType = obj.GetType(); if (objType == typeof(AsymmetricCipherKeyPair)) { AsymmetricCipherKeyPair ackp = (AsymmetricCipherKeyPair)obj; parameters = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)ackp.Private); } else if (objType == typeof(RsaPrivateCrtKeyParameters)) { parameters = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)obj); } else if (objType == typeof(RsaKeyParameters)) { parameters = DotNetUtilities.ToRSAParameters((RsaKeyParameters)obj); } else { throw new PemException($"Cannot handle type '{objType}' returned by PemReader.ReadObject()"); } RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(parameters); return(rsa); } }
public static X509Certificate2 GenerateSelfSignedCertificate(string domain, DateTime?dateFrom = null, DateTime?dateTo = null) { // configure generators var random = new SecureRandom(new CryptoApiRandomGenerator()); var keyGenerationParameters = new KeyGenerationParameters(random, 2048); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); // create self-signed certificate var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); var certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.SetSubjectDN(new X509Name($"CN={domain}")); certificateGenerator.SetIssuerDN(new X509Name($"CN={domain}")); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.SetNotBefore(dateFrom ?? DateTime.UtcNow); certificateGenerator.SetNotAfter(dateTo ?? DateTime.UtcNow.AddMinutes(5)); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, new DerSequence(new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, domain) })); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth })); certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.KeyEncipherment | KeyUsage.DigitalSignature)); var keyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(keyPair.Public); var bouncy_cert = certificateGenerator.Generate(new Asn1SignatureFactory("SHA256WithRSA", keyPair.Private, random)); // get private key into machine key store var csp = new RSACryptoServiceProvider( new CspParameters { KeyContainerName = Guid.NewGuid().ToString(), KeyNumber = 1, Flags = CspProviderFlags.UseMachineKeyStore }); var rp = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private); csp.ImportParameters(rp); // convert from bouncy cert to X509Certificate2 return(new X509Certificate2(bouncy_cert.GetEncoded(), (string)null, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet) { FriendlyName = domain + " [Certify] Self Signed - " + bouncy_cert.NotBefore + " to " + bouncy_cert.NotAfter, PrivateKey = csp }); }
public async Task Install_TamperedAndRevokedCertificateSignaturePackage_FailsAsync() { // Arrange var nupkg = new SimpleTestPackageContext("A", "1.0.0"); var testServer = await _testFixture.GetSigningTestServerAsync(); var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync(); var issueOptions = IssueCertificateOptions.CreateDefaultForEndCertificate(); var bcCertificate = certificateAuthority.IssueCertificate(issueOptions); using (var context = new SimpleTestPathContext()) using (var testCertificate = new X509Certificate2(bcCertificate.GetEncoded())) { testCertificate.PrivateKey = DotNetUtilities.ToRSA(issueOptions.KeyPair.Private as RsaPrivateCrtKeyParameters); var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory); SignedArchiveTestUtility.TamperWithPackage(signedPackagePath); certificateAuthority.Revoke( bcCertificate, RevocationReason.KeyCompromise, DateTimeOffset.UtcNow); var args = new string[] { nupkg.Id, "-Version", nupkg.Version, "-DirectDownload", "-NoCache", "-Source", context.WorkingDirectory, "-OutputDirectory", Path.Combine(context.WorkingDirectory, "packages") }; // Act var result = RunInstall(_nugetExePath, context, expectedExitCode: 1, additionalArgs: args); // Assert result.ExitCode.Should().Be(1); result.Errors.Should().Contain(_NU3008); result.Errors.Should().Contain(_NU3012); result.AllOutput.Should().Contain($"WARNING: {_NU3027}"); } }
private PdfPKCS7 GetPublicKeyManager(IPdfPreSigningSession sessionData) { var chain = new X509Chain(); var certificates = new List <Org.BouncyCastle.X509.X509Certificate>(); chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EndCertificateOnly; chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; chain.Build(sessionData.UserCertificate); foreach (var chainElement in chain.ChainElements) { certificates.Add(DotNetUtilities.FromX509Certificate(chainElement.Certificate)); } return(new PdfPKCS7(null, certificates, sessionData.HashAlgorithm, false)); }
public CertEncryptedKeySet(IKeySet keySet, string thumbPrint) { var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadOnly); var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbPrint, false); var cert = certCollection.OfType <X509Certificate2>().FirstOrDefault(); var privKey = cert?.GetRSAPrivateKey(); var keyParam = DotNetUtilities.GetRsaKeyPair(privKey).Private as RsaPrivateCrtKeyParameters; var key = KeyFromBouncyCastle(keyParam); _certKeySet = new ImportedKeySet(key, KeyPurpose.DecryptAndEncrypt, "imported from X509Store"); _keySet = keySet; _crypter = new Crypter(_certKeySet); _sessionPacker = new BsonSessionKeyPacker(); }
private bool verifyLicense(byte[] data, byte[] sig) { var kparam = key as RsaKeyParameters; var p1 = DotNetUtilities.ToRSAParameters(kparam); var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(p1); // compute sha256 hash of the data var sha = new SHA256Managed(); var hash = sha.ComputeHash(data); var hashName = CryptoConfig.MapNameToOID("SHA256"); // This always returns false return(rsa.VerifyHash(hash, hashName, sig)); }
public void RevokeUserCertificate(string uid, string cid) { //get root cert X509Certificate rootCert = DotNetUtilities.FromX509Certificate(getRootCert()); //get user cert to be revoked UserCertificate userCert = GetUserCertificate(uid, cid); X509Certificate certToRevoke = new X509CertificateParser().ReadCertificate(userCert.RawCertBody); //parse the last CRL X509CrlParser crlParser = new X509CrlParser(); FileStream fileStream = File.Open(_configuration["CrlPath"], FileMode.Open); X509Crl rootCrl = crlParser.ReadCrl(fileStream); fileStream.Close(); //extract the CRL number Asn1OctetString prevCrlNum = rootCrl.GetExtensionValue(X509Extensions.CrlNumber); Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(prevCrlNum); BigInteger prevCrlNumVal = DerInteger.GetInstance(obj).PositiveValue; //generate new CRL X509V2CrlGenerator crlGenerator = new X509V2CrlGenerator(); crlGenerator.SetIssuerDN(rootCert.SubjectDN); crlGenerator.SetThisUpdate(DateTime.UtcNow); crlGenerator.SetNextUpdate(DateTime.UtcNow.AddDays(10)); crlGenerator.AddCrl(rootCrl); //add the old CRL entries //add the newly revoked certificates crlGenerator.AddCrlEntry(certToRevoke.SerialNumber, DateTime.UtcNow, CrlReason.PrivilegeWithdrawn); //increment CRL Number by 1 crlGenerator.AddExtension("2.5.29.20", false, new CrlNumber(prevCrlNumVal.Add(BigInteger.One))); AsymmetricKeyParameter bouncyCastlePrivateKey = PrivateKeyFactory.CreateKey(getRootPrivateKey().ExportPkcs8PrivateKey()); var sigFactory = new Asn1SignatureFactory("SHA256WITHECDSA", bouncyCastlePrivateKey); X509Crl nextCrl = crlGenerator.Generate(sigFactory); // writePem(_configuration["CrlOldPath"], rootCrl); // write old CRL as backup writePem(_configuration["CrlPath"], nextCrl); //write new CRL // sanity check nextCrl.Verify(rootCert.GetPublicKey()); userCert.Revoked = true; _context.UserCertificates.Update(userCert); }
/// <summary> /// Checks if certificate has been revoked. /// </summary> /// <param name="certificateToValidate">Certificate that is checked.</param> /// <param name="crlListPath">Path on FS to CRL directory.</param> /// <param name="caTrustListPath">Path on FS to CA trust list.</param> /// <returns>true if certificate has been revoked, otherwise false.</returns> public static bool VerifyCertificateRevocationStatus(X509Certificate2 certificateToValidate, string crlListPath, string caTrustListPath) { var dir = new DirectoryInfo(crlListPath); FileInfo[] crlList = null; try { crlList = dir.GetFiles("*.crl"); } catch (Exception ex) { if (ex is DirectoryNotFoundException || ex is ArgumentNullException) { throw new Exception("User certificate validation failed. CRL file is missing."); } } foreach (var crlRaw in crlList) { var buffer = File.ReadAllBytes(crlListPath + "\\" + crlRaw.Name); var crlParser = new X509CrlParser(); var crl = crlParser.ReadCrl(buffer); try { var rootCa = new X509Certificate2(caTrustListPath); var publicKey = ((RSACryptoServiceProvider)rootCa.PublicKey.Key).ExportParameters(false); // Check if the crl is issued by a proper root CA. crl.Verify(DotNetUtilities.GetRsaPublicKey(publicKey)); } catch (Exception) { throw new Exception("User certificate validation failed. CRL isn't issued by a proper root CA."); } var revokeStatus = crl.IsRevoked(DotNetUtilities.FromX509Certificate(certificateToValidate)); if (revokeStatus == false) { return(false); } } return(true); }
public static void ExportPEMPrivateKey(X509Certificate2 certificate, string filePath) { if (certificate.PrivateKey == null) { return; } var keyPair = DotNetUtilities.GetKeyPair(certificate.PrivateKey); using (TextWriter tw = new StreamWriter(filePath)) { PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(tw); pemWriter.WriteObject(keyPair.Private); tw.Flush(); tw.Close(); } }
public static bool VerifyCertificateSAN(System.Security.Cryptography.X509Certificates.X509Certificate certificate, string sni) { // check subject alternate name (must have exactly 1, equal to sni) var x509 = DotNetUtilities.FromX509Certificate(certificate); var sans = X509ExtensionUtilities.GetSubjectAlternativeNames(x509); if (sans.Count != 1) { return(false); } var san = (System.Collections.IList)((System.Collections.IList)sans)[0]; var sniOK = san[0].Equals(GeneralName.DnsName) && san[1].Equals(sni); // if subject matches sni and SAN is ok, return true return(x509.SubjectDN.ToString() == $"CN={sni}" && sniOK); }
public static bool SignData(byte[] key, string keyType, byte[] data, out byte[] signature) // keyType = RSAFULLPRIVATEBLOB, RSAPRIVATEBLOB, RSAPUBLICBLOB { if (keyType != "RSAFULLPRIVATEBLOB") { throw new CryptographicException("Only RSAFULLPRIVATEBLOB can be used for signing"); } var rsaParams = BCryptRsaImport.BlobToParameters(key, out int bitLength, out bool isPrivate); var rsaKey = DotNetUtilities.GetRsaKeyPair(rsaParams).Private; ISigner s = SignerUtilities.GetSigner("SHA256withRSA/PSS"); s.Init(true, new ParametersWithRandom(rsaKey)); s.BlockUpdate(data, 0, data.Length); signature = s.GenerateSignature(); return(true); }
/// <summary> /// Converts a string in PEM format to XML format /// </summary> /// <param name="pem">a string in PEM format</param> /// <returns>a string in XML format</returns> private string PemToXml(string pem) { return(GetXmlRsaKey(pem, obj => { var publicKey = (RsaKeyParameters)obj; // CspParameters requires Windows. Details: https://github.com/bcgit/bc-csharp/issues/160 if (System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(System.Runtime.InteropServices.OSPlatform.Windows)) { return DotNetUtilities.ToRSA(publicKey, new CspParameters { Flags = CspProviderFlags.UseMachineKeyStore }); } var parms = DotNetUtilities.ToRSAParameters(publicKey); var rsa = RSA.Create(); rsa.ImportParameters(parms); return rsa; }, rsa => rsa.ToXmlString(false))); }
static string Sign(string stringToSign) { var privateKey = File.ReadAllText("private.key"); byte[] bytesToSign = Encoding.UTF8.GetBytes(stringToSign); var pemReader = new PemReader(new StringReader(privateKey)); var keyPair = (AsymmetricCipherKeyPair)pemReader.ReadObject(); var rsaParameters = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private); using (var rsa = new RSACryptoServiceProvider()) { rsa.ImportParameters(rsaParameters); var encryptedData = rsa.SignData(bytesToSign, CryptoConfig.MapNameToOID("SHA256")); var base64Encrypted = Convert.ToBase64String(encryptedData); return(base64Encrypted); } }
public static bool CheckValidation(User user) { bool value; string CrlPath = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().GetName().CodeBase) + "\\Certs\\" + crlName; CrlPath = new Uri(CrlPath).LocalPath; X509CrlParser parser = new X509CrlParser(); using (BinaryReader reader = new BinaryReader(File.Open(CrlPath, FileMode.Open))) { X509Crl crlData = parser.ReadCrl(reader.ReadBytes((int)new FileInfo(CrlPath).Length)); X509Certificate2 certificate = new X509Certificate2(user.CertPath, PASSWORD); var bouncyCert = DotNetUtilities.FromX509Certificate(certificate); value = crlData.IsRevoked(bouncyCert); } return(value); }
/// <summary> /// This method is used for integrity update. /// Integrity update implies data copy from hot to backup server. /// </summary> /// <param name="param">Data from hot server</param> /// <returns></returns> public bool SetModel(CAModelDto param) { bool retVal = true; // Copy and install valid CA certificate to backup server if (File.Exists(PFX_PATH)) { System.IO.File.Delete(PFX_PATH); } CertificateHandler.ReplaceCACertificateInStore(caCertificate, param.CaCertificate.GetCert()); caCertificate = param.CaCertificate.GetCert(); caPrivateKey = DotNetUtilities.GetKeyPair(caCertificate.PrivateKey).Private; CertificateHandler.ExportToFileSystem(X509ContentType.Pfx, caCertificate, caCertificate.SubjectName.Name); // Export and install active client certificates on backup server activeCertificates.Clear(); foreach(var cerDto in param.ActiveCertificates) { X509Certificate2 cert = cerDto.GetCert(); activeCertificates.Add(cert); CertificateHandler.ExportToFileSystem(X509ContentType.Pfx, cert, cert.SubjectName.Name); string fileName = cert.SubjectName.Name.Contains("=") ? cert.SubjectName.Name.Split('=')[1] : cert.SubjectName.Name; if (!File.Exists(CERT_FOLDER_PATH + cert.SubjectName.Name + fileName + ".pfx")) { CertificateHandler.AddCertificateToStore(cert, StoreName.TrustedPeople, StoreLocation.LocalMachine); } } // Set active revocation list on backup server revocationList.Clear(); foreach (var cerDto in param.RevocationList) { X509Certificate2 cert = cerDto.GetCert(); revocationList.Add(cert); } clientDict.Clear(); foreach (var pair in param.ClientDict) { clientDict.Add(pair.Key, pair.Value); } return retVal; }
static X509Certificate2 AttemptToGenerate(string fullName) { var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(Random, 2048)); var cerKp = kpgen.GenerateKeyPair(); IDictionary attrs = new Hashtable(); attrs[X509Name.E] = ""; attrs[X509Name.CN] = fullName; attrs[X509Name.O] = fullName; attrs[X509Name.C] = fullName; IList ord = new ArrayList(); ord.Add(X509Name.E); ord.Add(X509Name.CN); ord.Add(X509Name.O); ord.Add(X509Name.C); var certGen = new X509V3CertificateGenerator(); var serial = new byte[32]; Random.NextBytes(serial); certGen.SetSerialNumber(new BigInteger(serial).Abs()); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0))); certGen.SetNotAfter(DateTime.Today.AddYears(100)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(cerKp.Public); certGen.SetSignatureAlgorithm("SHA1WithRSA"); certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cerKp.Public))); var x509 = certGen.Generate(cerKp.Private); var x509Certificate = DotNetUtilities.ToX509Certificate(x509); return(new X509Certificate2(x509Certificate) { PrivateKey = AddPrivateKey(cerKp) }); }
private static byte[] AsymmetricallyDecrypt(byte[] privateKey, string toDecrypt) { try { var key = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(privateKey); var rsaParameters2 = DotNetUtilities.ToRSAParameters(key); using var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(rsaParameters2); var decrypted = rsa.Decrypt(Convert.FromBase64String(toDecrypt), false); return(decrypted); } catch (Exception ex) { throw new CryptographicException("An error occurred while decrypting the value. This is most likely due to an incorrect private key. See InnerException for more details.", ex); } }
private static AsymmetricAlgorithm ConvertToRsaPrivateKey(AsymmetricCipherKeyPair keyPair) { var keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(keyInfo.PrivateKeyAlgorithm.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); return(DotNetUtilities.ToRSA(rsaparams)); }
internal static X509Certificate2 BuildRootCertificate() { var name = "!!! PassiveX Root CA !!!"; var random = new SecureRandom(); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(new KeyGenerationParameters(random, KeyStrength)); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); var certificateGenerator = new X509V3CertificateGenerator(); var serialNumber = BigInteger.ProbablePrime(120, random); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.KeyCertSign | KeyUsage.CrlSign)); certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public))); certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public))); certificateGenerator.SetIssuerDN(new X509Name($"CN={name}")); certificateGenerator.SetSubjectDN(new X509Name($"CN={name}")); var notBefore = new DateTime(2000, 01, 01); var notAfter = new DateTime(2039, 12, 31); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); certificateGenerator.SetPublicKey(subjectKeyPair.Public); var signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", subjectKeyPair.Private, random); var x509 = certificateGenerator.Generate(signatureFactory); var certificate = new X509Certificate2(x509.GetEncoded()); certificate.PrivateKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)subjectKeyPair.Private); certificate.FriendlyName = name; return(certificate); }
/// <summary> /// 私钥加密 .Net平台默认是使用公钥进行加密,私钥进行解密。私钥加密需要自己实现或者使用第三方dll /// </summary> /// <param name="data"></param> /// <param name="key"></param> /// <returns></returns> public static byte[] encryptByPrivateKey(String data, String key) { String priKey = key.Trim(); String xmlPrivateKey = RSAPrivateKeyJava2DotNet(priKey); //加载私钥 RSACryptoServiceProvider privateRsa = new RSACryptoServiceProvider(); privateRsa.FromXmlString(xmlPrivateKey); //转换密钥 AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(privateRsa); IBufferedCipher c = CipherUtilities.GetCipher("RSA/ECB/PKCS1Padding"); // 参数与Java中加密解密的参数一致 c.Init(true, keyPair.Private); //第一个参数为true表示加密,为false表示解密;第二个参数表示密钥 byte[] DataToEncrypt = Encoding.UTF8.GetBytes(data); byte[] outBytes = c.DoFinal(DataToEncrypt); //加密 return(outBytes); }
internal static RSAParameters PemToRsaParameters(string pem, out bool isPrivate) { var obj = new PemReader(new StringReader(pem)).ReadObject(); if (obj is AsymmetricCipherKeyPair keyPair) { isPrivate = true; return(DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private)); } if (obj is RsaKeyParameters keyParams) { isPrivate = false; return(DotNetUtilities.ToRSAParameters(keyParams)); } throw new GoodIdException("Unsupported PEM key."); }
public BoxJWTHelper(string enterpriseId, string clientId, string clientSecret, string privateKey, string privateKeyPassword) { this.enterpriseId = enterpriseId; this.clientId = clientId; this.clientSecret = clientSecret; var pwf = new PEMPasswordFinder(privateKeyPassword); AsymmetricCipherKeyPair key; using (var reader = new StringReader(privateKey)) { key = (AsymmetricCipherKeyPair) new PemReader(reader, pwf).ReadObject(); } var rsa = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)key.Private); this.credentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); }
static string SignChallange(string challange) { var pem = $"-----BEGIN PRIVATE KEY-----\n{ PRIVATE_KEY}\n-----END PRIVATE KEY-----"; var pr = new PemReader(new StringReader(pem)); var privateKeyParam = (AsymmetricKeyParameter)pr.ReadObject(); var rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)privateKeyParam); var csp = new RSACryptoServiceProvider(); csp.ImportParameters(rsaParams); return(Convert.ToBase64String( csp.SignData( Convert.FromBase64String(challange), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1))); }
virtual public void LoadKey() { string import = ""; using (StreamReader streamReader = new StreamReader(KeyStore)) import = streamReader.ReadToEnd(); publicKey = new RSACryptoServiceProvider(); publicKey.FromXmlString(import); AsymmetricCipherKeyPair cipherKeyPair = DotNetUtilities.GetRsaKeyPair(publicKey.ExportParameters(true)); privateKey = cipherKeyPair.Private; publicKey.ImportParameters(publicKey.ExportParameters(false)); Directory.CreateDirectory(DestDir); }
private static X509Certificate2 SetPrivateKey( X509Certificate2 x509, AsymmetricKeyParameter privateKey ) { var rsaPrivateKey = DotNetUtilities.ToRSA(privateKey as RsaPrivateCrtKeyParameters); // Setup RSACryptoServiceProvider with "KeyContainerName" set var csp = new CspParameters(); csp.KeyContainerName = "KeyContainer"; var rsaPrivate = new RSACryptoServiceProvider(csp); // Import private key from BouncyCastle's rsa rsaPrivate.ImportParameters(rsaPrivateKey.ExportParameters(true)); x509.PrivateKey = rsaPrivateKey; //PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey); //Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); //if (seq.Count != 9) // throw new PemException("malformed sequence in RSA private key"); //var rsa = RsaPrivateKeyStructure.GetInstance(seq); //RsaPrivateCrtKeyParameters rsaparams = // new RsaPrivateCrtKeyParameters( // rsa.Modulus, // rsa.PublicExponent, // rsa.PrivateExponent, // rsa.Prime1, // rsa.Prime2, // rsa.Exponent1, // rsa.Exponent2, // rsa.Coefficient); //CspParameters cspParams = new CspParameters(); //cspParams.Flags = CspProviderFlags.UseMachineKeyStore; //RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParams); //x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); return(x509); }
// [START iot_mqtt_jwt] public static string CreateJwtRsa(string projectId, string privateKeyFile) { string privateKey = File.ReadAllText(privateKeyFile); RSAParameters rsaParams; // Read the private key file. using (var tr = new StringReader(privateKey)) { var pemReader = new PemReader(tr); var KeyParameter = (AsymmetricKeyParameter) pemReader.ReadObject(); var privateRsaParams = KeyParameter as RsaPrivateCrtKeyParameters; rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams); pemReader.Reader.Close(); tr.Close(); } using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { rsa.ImportParameters(rsaParams); var jwtIatTime = SystemClock.Instance.GetCurrentInstant(); // Create a duration Duration durationExp = Duration.FromMinutes(120); var jwtExpTime = SystemClock.Instance. GetCurrentInstant().Plus(durationExp); Dictionary <string, object> payload = new Dictionary <string, object> { { "iat", jwtIatTime.ToUnixTimeSeconds() }, // The time that the token was issued at { "aud", projectId }, // The audience field should always // be set to the GCP project id. { "exp", jwtExpTime.ToUnixTimeSeconds() } // The time the token expires. }; Console.WriteLine("iat time {0}", jwtIatTime); Console.WriteLine("exp time {0}", jwtExpTime); Console.WriteLine("Creating JWT using RSA from private key " + "file {0}", privateKeyFile); return(Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256)); } }
/// <summary> /// Prepare certification authority service for use. /// Load information about CA. /// </summary> private void PrepareCAService() { bool isPfxCreated = true; bool isCertFound = false; X509Certificate2Collection collection = new X509Certificate2Collection(); if(!IsUserAccessGranted(WindowsIdentity.GetCurrent().Name)) { Audit.WriteEvent("Access to SecurityStore is denied to user '" + WindowsIdentity.GetCurrent().Name + "' based on ACL content.", EventLogEntryType.Warning); return; } try { // Try to import pfx file for the CA(Certification authority) collection.Import(PFX_PATH, PFX_PASSWORD, X509KeyStorageFlags.Exportable); } catch { isPfxCreated = false; } if(isPfxCreated) { foreach (X509Certificate2 cert in collection) { if (cert.SubjectName.Name.Equals(CA_SUBJECT_NAME)) { isCertFound = true; caCertificate = cert; caPrivateKey = DotNetUtilities.GetKeyPair(cert.PrivateKey).Private; break; } } } if (!isCertFound) { // if PFX for the CA isn't created generate certificate and PFX for the CA caCertificate = CertificateHandler.GenerateCACertificate(CA_SUBJECT_NAME, ref caPrivateKey); } Audit.WriteEvent("Certificate for the CA is successfully loaded.", EventLogEntryType.Information); }
public static string Encrypt(string stringToBeEncrypted, string stringPublicKey) { var publicKeySequence = (DerSequence)Asn1Object.FromByteArray(Convert.FromBase64String(stringPublicKey)); var encodedPublicKey1 = new DerBitString(publicKeySequence[0]); var encodedPublicKey2 = new DerBitString(publicKeySequence[1]); var modulus = (DerInteger)Asn1Object.FromByteArray(encodedPublicKey1.GetBytes()); var exponent = (DerInteger)Asn1Object.FromByteArray(encodedPublicKey2.GetBytes()); var y = new RsaKeyParameters(false, modulus.PositiveValue, exponent.PositiveValue); var x = DotNetUtilities.ToRSAParameters(y); using (var provider = new RSACryptoServiceProvider()) { provider.ImportParameters(x); var dataToBeEncrypted = Encoding.UTF8.GetBytes(stringToBeEncrypted); var bytes = provider.Encrypt(dataToBeEncrypted, true); return(Convert.ToBase64String(bytes)); } }