internal SecretKeyDecryptor(SymmetricKeyAlgorithmTag symAlg, byte[] key, byte[] iv, S2k s2k, IDigestFactory <PgpDigestTypeIdentifier> checksumCalculatorFactory) { FipsTripleDes.ParametersWithIV parameters; parameters = FipsTripleDes.Cfb64.WithIV(iv); this.s2k = s2k; cipherBuilder = CryptoServicesRegistrar.CreateService(new FipsTripleDes.Key(key)).CreateDecryptorBuilder(FipsTripleDes.Cfb64.WithIV(iv)); }
/// <summary> /// Add a set of SafeBags that are to be wrapped in a EncryptedData object. /// </summary> /// <param name="dataEncryptor">The encryptor to use for encoding the data.</param> /// <param name="data">the SafeBags to include.</param> /// <returns>this builder.</returns> public Pkcs12PfxPduBuilder AddEncryptedData(ICipherBuilder <AlgorithmIdentifier> dataEncryptor, Pkcs12SafeBag[] data) { Asn1EncodableVector v = new Asn1EncodableVector(); for (int i = 0; i != data.Length; i++) { v.Add(data[i].ToAsn1Structure()); } return(addEncryptedData(dataEncryptor, new DerSequence(v))); }
private Pkcs12PfxPduBuilder addEncryptedData(ICipherBuilder <AlgorithmIdentifier> dataEncryptor, Asn1Sequence data) { CmsEncryptedDataGenerator envGen = new CmsEncryptedDataGenerator(); try { dataVector.Add(envGen.generate(new CmsProcessableByteArray(data.GetEncoded()), dataEncryptor).ToAsn1Structure()); } catch (CmsException e) { throw new PkcsIOException(e.Message, e.InnerException); } return(this); }
private CmsEncryptedData doGenerate( ICmsTypedData content, ICipherBuilder <AlgorithmIdentifier> contentEncryptor) { AlgorithmIdentifier encAlgId; Asn1OctetString encContent; MemoryOutputStream bOut = new MemoryOutputStream(); try { ICipher cipher = contentEncryptor.BuildCipher(bOut); content.Write(cipher.Stream); cipher.Stream.Close(); } catch (IOException) { throw new CmsException(""); } byte[] encryptedContent = bOut.ToArray(); encAlgId = contentEncryptor.AlgorithmDetails; encContent = new BerOctetString(encryptedContent); EncryptedContentInfo eci = new EncryptedContentInfo( content.ContentType, encAlgId, encContent); Asn1Set unprotectedAttrSet = null; if (unprotectedAttributeGenerator != null) { Asn1.Cms.AttributeTable attrTable = unprotectedAttributeGenerator.GetAttributes(new Dictionary <string, object>()); unprotectedAttrSet = new BerSet(attrTable.ToAsn1EncodableVector()); } ContentInfo contentInfo = new ContentInfo( CmsObjectIdentifiers.EncryptedData, new EncryptedData(eci, unprotectedAttrSet)); return(new CmsEncryptedData(contentInfo)); }
/// <summary> /// Encode and encrypt the passed in object and write it in PEM format. /// </summary> /// <param name="obj">The object to be encoded and encrypted.</param> /// <param name="encryptor">The PEM encryptor to use.</param> public void WriteObject(object obj, ICipherBuilder <DekInfo> encryptor) { try { base.WriteObject(new MiscPemGenerator(obj, encryptor)); } catch (PemGenerationException e) { if (e.InnerException is IOException) { throw e.InnerException; } throw e; } }
public CmsTypedStream GetContentStream(IDecryptorBuilderProvider <AlgorithmIdentifier> inputDecryptorProvider) { try { EncryptedContentInfo encContentInfo = encryptedData.EncryptedContentInfo; ICipherBuilder <AlgorithmIdentifier> decryptorBuilder = inputDecryptorProvider.CreateDecryptorBuilder(encContentInfo.ContentEncryptionAlgorithm); MemoryInputStream encIn = new MemoryInputStream(encContentInfo.EncryptedContent.GetOctets()); ICipher cipher = decryptorBuilder.BuildCipher(encIn); return(new CmsTypedStream(encContentInfo.ContentType, cipher.Stream)); } catch (Exception e) { throw new CmsException("unable to create stream: " + e.Message, e); } }
/// <summary> /// Get a decryptor from the passed in provider and decrypt the encrypted private key info, returning the result. /// </summary> /// <param name="inputDecryptorProvider">A provider to query for decryptors for the object.</param> /// <returns>The decrypted private key info structure.</returns> public PrivateKeyInfo DecryptPrivateKeyInfo(IDecryptorBuilderProvider inputDecryptorProvider) { try { ICipherBuilder decryptorBuilder = inputDecryptorProvider.CreateDecryptorBuilder(encryptedPrivateKeyInfo.EncryptionAlgorithm); ICipher encIn = decryptorBuilder.BuildCipher(new MemoryInputStream(encryptedPrivateKeyInfo.GetEncryptedData())); Stream strm = encIn.Stream; byte[] data = Streams.ReadAll(encIn.Stream); Platform.Dispose(strm); return(PrivateKeyInfo.GetInstance(data)); } catch (Exception e) { throw new PkcsException("unable to read encrypted data: " + e.Message, e); } }
/// <summary> /// Create the encrypted private key info using the passed in encryptor. /// </summary> /// <param name="encryptor">The encryptor to use.</param> /// <returns>An encrypted private key info containing the original private key info.</returns> public Pkcs8EncryptedPrivateKeyInfo Build( ICipherBuilder encryptor) { try { MemoryStream bOut = new MemoryOutputStream(); ICipher cOut = encryptor.BuildCipher(bOut); byte[] keyData = privateKeyInfo.GetEncoded(); Stream str = cOut.Stream; str.Write(keyData, 0, keyData.Length); BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(str); return(new Pkcs8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo((AlgorithmIdentifier)encryptor.AlgorithmDetails, bOut.ToArray()))); } catch (IOException) { throw new InvalidOperationException("cannot encode privateKeyInfo"); } }
/// <summary> /// Create the encrypted private key info using the passed in encryptor. /// </summary> /// <param name="encryptor">The encryptor to use.</param> /// <returns>An encrypted private key info containing the original private key info.</returns> public Pkcs8EncryptedPrivateKeyInfo Build( ICipherBuilder encryptor) { try { MemoryStream bOut = new MemoryOutputStream(); ICipher cOut = encryptor.BuildCipher(bOut); byte[] keyData = privateKeyInfo.GetEncoded(); using (var str = cOut.Stream) { str.Write(keyData, 0, keyData.Length); } return(new Pkcs8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo((AlgorithmIdentifier)encryptor.AlgorithmDetails, bOut.ToArray()))); } catch (IOException) { throw new InvalidOperationException("cannot encode privateKeyInfo"); } }
public PkixContentEncryptor(DerObjectIdentifier encAlgorithm, SecureRandom random) { key = keyGenerators[encAlgorithm](random); algId = Utils.GetEncryptionSchemeIdentifier(encAlgorithm, random); IParameters <Algorithm> cipherParams = Utils.GetCipherParameters(algId); if (Utils.IsBlockMode(cipherParams.Algorithm)) { cipherBuilder = new PkixBlockCipherBuilder(algId, Utils.CreateBlockEncryptorBuilder(encAlgorithm, key.GetKeyBytes(), cipherParams)); } else if (Utils.IsAeadMode(cipherParams.Algorithm)) { cipherBuilder = new PkixAeadCipherBuilder(algId, Utils.CreateAeadEncryptorBuilder(encAlgorithm, key.GetKeyBytes(), cipherParams)); } else { cipherBuilder = new PkixCipherBuilder(algId, Utils.CreateEncryptorBuilder(encAlgorithm, key.GetKeyBytes(), cipherParams)); } }
public object Decrypt(IDecryptorBuilderProvider <DekInfo> keyDecryptorProvider) { try { ICipherBuilder <DekInfo> decryptorBuilder = keyDecryptorProvider.CreateDecryptorBuilder(new DekInfo(dekInfo)); MemoryInputStream bOut = new MemoryInputStream(keyBytes); ICipher decryptor = decryptorBuilder.BuildCipher(bOut); using (var stream = decryptor.Stream) { return(parser.Parse(Streams.ReadAll(stream))); } } catch (IOException e) { throw e; } catch (Exception e) { throw new OpenSslPemParsingException("exception processing key pair: " + e.Message, e); } }
internal SecretKeyEncryptor(SymmetricKeyAlgorithmTag symAlg, byte[] key, byte[] iv, S2k s2k, IDigestFactory <PgpDigestTypeIdentifier> checksumCalculatorFactory) { FipsTripleDes.ParametersWithIV parameters; if (iv != null) { parameters = FipsTripleDes.Cfb64.WithIV(iv); this.iv = iv; } else { if (this.random == null) { this.random = new SecureRandom(); } parameters = FipsTripleDes.Cfb64.WithIV(random); this.iv = parameters.GetIV(); } this.s2k = s2k; cipherBuilder = CryptoServicesRegistrar.CreateService(new FipsTripleDes.Key(key)).CreateEncryptorBuilder(FipsTripleDes.Cfb64.WithIV(iv)); }
internal static ICipherBuilder <DekInfo> Crypt( bool encrypt, char[] password, String dekAlgName, byte[] iv) { byte[] ivValue = iv; String blockMode = "CBC"; byte[] sKey; IBlockCipherService cipherService = null; IBlockCipherBuilder <IParameters <Algorithm> > blockCipherBuilder = null; ICipherBuilder <IParameters <Algorithm> > cipherBuilder = null; DekInfo dekInfo; if (iv != null && iv.Length != 0) { dekInfo = new DekInfo(dekAlgName + "," + Hex.ToHexString(iv)); } else { dekInfo = new DekInfo(dekAlgName); } // Figure out block mode and padding. if (dekAlgName.EndsWith("-CFB")) { blockMode = "CFB"; } if (dekAlgName.EndsWith("-ECB") || "DES-EDE".Equals(dekAlgName) || "DES-EDE3".Equals(dekAlgName)) { // ECB is actually the default (though seldom used) when OpenSSL // uses DES-EDE (des2) or DES-EDE3 (des3). blockMode = "ECB"; } if (dekAlgName.EndsWith("-OFB")) { blockMode = "OFB"; } // Figure out algorithm and key size. if (dekAlgName.StartsWith("DES-EDE")) { // "DES-EDE" is actually des2 in OpenSSL-speak! // "DES-EDE3" is des3. bool des2 = !dekAlgName.StartsWith("DES-EDE3"); FipsTripleDes.Key tdesKey = new FipsTripleDes.Key(getKey(password, 24, iv, des2)); cipherService = CryptoServicesRegistrar.CreateService(tdesKey); if (blockMode.Equals("CBC")) { if (encrypt) { blockCipherBuilder = cipherService.CreateBlockEncryptorBuilder(FipsTripleDes.Cbc.WithIV(ivValue)); } else { blockCipherBuilder = cipherService.CreateBlockDecryptorBuilder(FipsTripleDes.Cbc.WithIV(ivValue)); } } else if (blockMode.Equals("CFB")) { if (encrypt) { cipherBuilder = cipherService.CreateEncryptorBuilder(FipsTripleDes.Cfb64.WithIV(ivValue)); } else { cipherBuilder = cipherService.CreateDecryptorBuilder(FipsTripleDes.Cfb64.WithIV(ivValue)); } } else if (blockMode.Equals("OFB")) { if (encrypt) { cipherBuilder = cipherService.CreateEncryptorBuilder(FipsTripleDes.Ofb.WithIV(ivValue)); } else { cipherBuilder = cipherService.CreateDecryptorBuilder(FipsTripleDes.Ofb.WithIV(ivValue)); } } else { if (encrypt) { blockCipherBuilder = cipherService.CreateBlockEncryptorBuilder(FipsTripleDes.Ecb); } else { blockCipherBuilder = cipherService.CreateBlockDecryptorBuilder(FipsTripleDes.Ecb); } } } else if (dekAlgName.StartsWith("DES-")) { sKey = getKey(password, 8, iv); throw new InvalidOperationException("no support for DES"); } else if (dekAlgName.StartsWith("BF-")) { sKey = getKey(password, 16, iv); throw new InvalidOperationException("no support for Blowfish"); } else if (dekAlgName.StartsWith("RC2-")) { int keyBits = 128; if (dekAlgName.StartsWith("RC2-40-")) { keyBits = 40; } else if (dekAlgName.StartsWith("RC2-64-")) { keyBits = 64; } //sKey = new RC2Parameters(getKey(password, keyBits / 8, iv).getKey(), keyBits); throw new InvalidOperationException("no support for RC2"); } else if (dekAlgName.StartsWith("AES-")) { byte[] salt = iv; if (salt.Length > 8) { salt = new byte[8]; Array.Copy(iv, 0, salt, 0, 8); } int keyBits; if (dekAlgName.StartsWith("AES-128-")) { keyBits = 128; } else if (dekAlgName.StartsWith("AES-192-")) { keyBits = 192; } else if (dekAlgName.StartsWith("AES-256-")) { keyBits = 256; } else { throw new InvalidOperationException("unknown AES encryption with private key: " + dekAlgName); } FipsAes.Key aesKey = new FipsAes.Key(getKey(password, keyBits / 8, salt)); cipherService = CryptoServicesRegistrar.CreateService(aesKey); if (blockMode.Equals("CBC")) { if (encrypt) { blockCipherBuilder = cipherService.CreateBlockEncryptorBuilder(FipsAes.Cbc.WithIV(ivValue)); } else { blockCipherBuilder = cipherService.CreateBlockDecryptorBuilder(FipsAes.Cbc.WithIV(ivValue)); } } else if (blockMode.Equals("CFB")) { if (encrypt) { cipherBuilder = cipherService.CreateEncryptorBuilder(FipsAes.Cfb128.WithIV(ivValue)); } else { cipherBuilder = cipherService.CreateDecryptorBuilder(FipsAes.Cfb128.WithIV(ivValue)); } } else if (blockMode.Equals("OFB")) { if (encrypt) { cipherBuilder = cipherService.CreateEncryptorBuilder(FipsAes.Ofb.WithIV(ivValue)); } else { cipherBuilder = cipherService.CreateDecryptorBuilder(FipsAes.Ofb.WithIV(ivValue)); } } else { if (encrypt) { blockCipherBuilder = cipherService.CreateBlockEncryptorBuilder(FipsAes.Ecb); } else { blockCipherBuilder = cipherService.CreateBlockDecryptorBuilder(FipsAes.Ecb); } } } else { throw new InvalidOperationException("unknown encryption with private key: " + dekAlgName); } if (blockMode.Equals("CBC") || blockMode.Equals("ECB")) { if (encrypt) { return(new PemBlockCipherImpl(encrypt, dekInfo, blockCipherBuilder)); } else { return(new PemBlockCipherImpl(encrypt, dekInfo, blockCipherBuilder)); } } else { if (encrypt) { return(new PemCipherImpl(dekInfo, cipherBuilder)); } else { return(new PemCipherImpl(dekInfo, cipherBuilder)); } } }
internal PemCipherImpl(DekInfo dekInfo, ICipherBuilder <IParameters <Algorithm> > baseCipher) { this.dekInfo = dekInfo; this.baseCipher = baseCipher; }
public RecipientOperator(ICipherBuilder <AlgorithmIdentifier> decryptor) { this.algorithmIdentifier = decryptor.AlgorithmDetails; this.op = decryptor; }
public MiscPemGenerator(Object o) { this.obj = o; this.encryptorBuilder = null; }
public MiscPemGenerator(Object o, ICipherBuilder <DekInfo> encryptorBuilder) { this.obj = o; this.encryptorBuilder = encryptorBuilder; }
/** * generate an encrypted object that contains an Cms Encrypted Data structure. * * @param content the content to be encrypted * @param contentEncryptor the symmetric key based encryptor to encrypt the content with. */ public CmsEncryptedData generate( ICmsTypedData content, ICipherBuilder <AlgorithmIdentifier> contentEncryptor) { return(doGenerate(content, contentEncryptor)); }
/// <summary> /// Add a SafeBag that is to be wrapped in a EncryptedData object. /// </summary> /// <param name="dataEncryptor">the encryptor to use for encoding the data.</param> /// <param name="data">the SafeBag to include.</param> /// <returns>this builder.</returns> public Pkcs12PfxPduBuilder AddEncryptedData(ICipherBuilder <AlgorithmIdentifier> dataEncryptor, Pkcs12SafeBag data) { return(addEncryptedData(dataEncryptor, new DerSequence(data.ToAsn1Structure()))); }
public Pkcs12SafeBagBuilder(IAsymmetricPrivateKey privateKey, ICipherBuilder <AlgorithmIdentifier> encryptor) : this(PrivateKeyInfo.GetInstance(privateKey.GetEncoded()), encryptor) { }
internal PkixCipherBuilder(AlgorithmIdentifier algDetails, ICipherBuilder <IParameters <Algorithm> > baseCipherBuilder) { this.algDetails = algDetails; this.baseBlockCipherBuilder = baseCipherBuilder; }
public Pkcs12SafeBagBuilder(PrivateKeyInfo privateKeyInfo, ICipherBuilder <AlgorithmIdentifier> encryptor) { this.bagType = PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag; this.bagValue = new Pkcs8EncryptedPrivateKeyInfoBuilder(privateKeyInfo).Build(encryptor).ToAsn1Structure(); }