public static string GetAuthorizedKeyString(this ISshKey aKey)
{
string result = "";
switch (aKey.Version)
{
case SshVersion.SSH1:
AsymmetricKeyParameter parameters = aKey.GetPublicKeyParameters();
RsaKeyParameters rsaPublicKeyParameters = (RsaKeyParameters)parameters;
result = aKey.Size + " " +
rsaPublicKeyParameters.Exponent.ToString(10) + " " +
rsaPublicKeyParameters.Modulus.ToString(10) + " " +
String.Format(aKey.GetMD5Fingerprint().ToHexString()) + " " +
aKey.Comment;
break;
case SshVersion.SSH2:
result = PublicKeyAlgorithmExt.GetIdentifierString(aKey.Algorithm) + " " +
Convert.ToBase64String(aKey.GetPublicKeyBlob()) + " " +
String.Format(aKey.GetMD5Fingerprint().ToHexString()) + " " +
aKey.Comment;
break;
default:
result = "# unsuported SshVersion: '" + aKey.Version + "'";
break;
}
return(result);
}
public static ISigner GetSigner(this ISshKey key)
{
AsymmetricKeyParameter publicKey = key.GetPublicKeyParameters();
if (publicKey is DsaPublicKeyParameters)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.IdDsaWithSha1));
}
else if (publicKey is RsaKeyParameters)
{
return(SignerUtilities.GetSigner(PkcsObjectIdentifiers.Sha1WithRsaEncryption));
}
else if (publicKey is ECPublicKeyParameters)
{
int ecdsaFieldSize =
((ECPublicKeyParameters)publicKey).Q.Curve.FieldSize;
if (ecdsaFieldSize <= 256)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha256));
}
else if (ecdsaFieldSize > 256 && ecdsaFieldSize <= 384)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha384));
}
else if (ecdsaFieldSize > 384)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha512));
}
}
else if (publicKey is Ed25519PublicKeyParameter)
{
return(new Ed25519Signer());
}
throw new Exception("Unsupported algorithm");
}
public byte[] SignRequest(ISshKey aKey, byte[] aSignData)
{
BlobBuilder builder = new BlobBuilder();
switch (aKey.Version)
{
case SshVersion.SSH1:
builder.AddBytes(aKey.GetPublicKeyBlob());
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true /* encrypt */, aKey.GetPublicKeyParameters());
var encryptedData = engine.ProcessBlock(aSignData, 0, aSignData.Length);
var challenge = new BigInteger(encryptedData);
builder.AddSsh1BigIntBlob(challenge);
builder.AddBytes(SessionId);
builder.AddInt(1); // response type - must be 1
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
break;
case SshVersion.SSH2:
builder.AddBlob(aKey.GetPublicKeyBlob());
builder.AddBlob(aSignData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
BlobParser replyParser = SendMessage(builder);
var header = replyParser.ReadHeader();
switch (aKey.Version)
{
case SshVersion.SSH1:
if (header.Message != Agent.Message.SSH1_AGENT_RSA_RESPONSE)
{
throw new AgentFailureException();
}
byte[] response = new byte[16];
for (int i = 0; i < 16; i++)
{
response[i] = replyParser.ReadUInt8();
}
return(response);
case SshVersion.SSH2:
if (header.Message != Agent.Message.SSH2_AGENT_SIGN_RESPONSE)
{
throw new AgentFailureException();
}
return(replyParser.ReadBlob());
default:
throw new Exception(cUnsupportedSshVersion);
}
}
public static byte[] FormatSignature(this ISshKey key, byte[] signature)
{
AsymmetricKeyParameter publicKey = key.GetPublicKeyParameters();
if (publicKey is DsaPublicKeyParameters ||
publicKey is ECPublicKeyParameters)
{
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(signature);
BigInteger r = ((DerInteger)seq[0]).PositiveValue;
BigInteger s = ((DerInteger)seq[1]).PositiveValue;
BlobBuilder formatedSignature = new BlobBuilder();
if (publicKey is ECPublicKeyParameters)
{
var bytes = r.ToByteArray().ToList();
while (bytes.Count < 20)
{
bytes.Insert(0, 0);
}
formatedSignature.AddBlob(bytes.ToArray());
bytes = s.ToByteArray().ToList();
while (bytes.Count < 20)
{
bytes.Insert(0, 0);
}
formatedSignature.AddBlob(bytes.ToArray());
}
else
{
var bytes = r.ToByteArrayUnsigned().ToList();
while (bytes.Count < 20)
{
bytes.Insert(0, 0);
}
formatedSignature.AddBytes(bytes.ToArray());
bytes = s.ToByteArrayUnsigned().ToList();
while (bytes.Count < 20)
{
bytes.Insert(0, 0);
}
formatedSignature.AddBytes(bytes.ToArray());
}
return(formatedSignature.GetBlob());
}
else if (publicKey is RsaKeyParameters || publicKey is Ed25519PublicKeyParameter)
{
return(signature);
}
throw new Exception("Unsupported algorithm");
}
public static byte[] GetMD5Fingerprint(this ISshKey key)
{
try {
using (MD5 md5 = MD5.Create()) {
if (key.GetPublicKeyParameters() is RsaKeyParameters && key.Version == SshVersion.SSH1)
{
var rsaKeyParameters = key.GetPublicKeyParameters() as RsaKeyParameters;
int modSize = rsaKeyParameters.Modulus.ToByteArrayUnsigned().Length;
int expSize = rsaKeyParameters.Exponent.ToByteArrayUnsigned().Length;
byte[] md5Buffer = new byte[modSize + expSize];
rsaKeyParameters.Modulus.ToByteArrayUnsigned().CopyTo(md5Buffer, 0);
rsaKeyParameters.Exponent.ToByteArrayUnsigned().CopyTo(md5Buffer, modSize);
return(md5.ComputeHash(md5Buffer));
}
return(md5.ComputeHash(key.GetPublicKeyBlob(false)));
}
} catch (Exception) {
return(null);
}
}
/// <summary>
/// Get a signer for a key. The algorithm is determined by the type of the
/// key and in the case of RSA keys, the optional flags.
/// </summary>
/// <param name="key">A SSH key</param>
/// <param name="flags">Optional flags</param>
/// <returns>A Signer</returns>
public static ISigner GetSigner(this ISshKey key, SignRequestFlags flags = default(SignRequestFlags))
{
var publicKey = key.GetPublicKeyParameters();
if (publicKey is DsaPublicKeyParameters)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.IdDsaWithSha1));
}
else if (publicKey is RsaKeyParameters)
{
// flags can influence hash type for RSA keys
if (flags.HasFlag(SignRequestFlags.SSH_AGENT_RSA_SHA2_512))
{
return(SignerUtilities.GetSigner(PkcsObjectIdentifiers.Sha512WithRsaEncryption));
}
if (flags.HasFlag(SignRequestFlags.SSH_AGENT_RSA_SHA2_256))
{
return(SignerUtilities.GetSigner(PkcsObjectIdentifiers.Sha256WithRsaEncryption));
}
return(SignerUtilities.GetSigner(PkcsObjectIdentifiers.Sha1WithRsaEncryption));
}
else if (publicKey is ECPublicKeyParameters)
{
var ecdsaFieldSize = ((ECPublicKeyParameters)publicKey).Q.Curve.FieldSize;
if (ecdsaFieldSize <= 256)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha256));
}
else if (ecdsaFieldSize > 256 && ecdsaFieldSize <= 384)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha384));
}
else if (ecdsaFieldSize > 384)
{
return(SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha512));
}
}
else if (publicKey is Ed25519PublicKeyParameter)
{
return(new Ed25519Signer());
}
throw new ArgumentException("Unsupported algorithm", "key");
}
public override void Serialize(Stream stream, object obj)
{
/* check for required parameters */
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (obj == null)
{
throw new ArgumentNullException("obj");
}
PinnedArray <char> passphrase = null;
string ciphername;
if (passphrase == null || passphrase.Data.Length == 0)
{
ciphername = KDFNAME_NONE;
}
else
{
ciphername = KDFNAME_BCRYPT;
}
var builder = new BlobBuilder();
ISshKey sshKey = obj as ISshKey;
if (sshKey == null)
{
throw new ArgumentException("Expected ISshKey", "obj");
}
var publicKeyParams = sshKey.GetPublicKeyParameters() as Ed25519PublicKeyParameter;
var privateKeyParams = sshKey.GetPrivateKeyParameters() as Ed25519PrivateKeyParameter;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(AUTH_MAGIC));
builder.AddStringBlob(ciphername);
builder.AddStringBlob(ciphername); //kdfname
builder.AddBlob(new byte[0]); // kdfoptions
/* writing public key */
builder.AddInt(1); // number of keys N
var publicKeyBuilder = new BlobBuilder();
publicKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
publicKeyBuilder.AddBlob(publicKeyParams.Key);
builder.AddBlob(publicKeyBuilder.GetBlob());
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
var checkint = new SecureRandom().NextInt();
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
privateKeyBuilder.AddBlob(publicKeyParams.Key);
privateKeyBuilder.AddBlob(privateKeyParams.Signature);
privateKeyBuilder.AddStringBlob(sshKey.Comment);
if (ciphername == KDFNAME_NONE)
{
/* plain-text */
builder.AddBlob(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
}
else
{
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
using (var writer = new StreamWriter(stream)) {
writer.NewLine = "\n";
writer.WriteLine(MARK_BEGIN);
var base64Data = Util.ToBase64(builderOutput.Data);
var base64String = Encoding.UTF8.GetString(base64Data);
var offset = 0;
while (offset < base64String.Length)
{
const int maxLineLength = 70;
if (offset + maxLineLength > base64String.Length)
{
writer.WriteLine(base64String.Substring(offset));
}
else
{
writer.WriteLine(base64String.Substring(offset, maxLineLength));
}
offset += maxLineLength;
}
writer.WriteLine(MARK_END);
}
}
/// <summary>
/// Gets OpenSsh formatted bytes from public key
/// </summary>
/// <param name="key">The key.</param>
/// <param name="cert">When set to <c>true</c> and the key has a certificate, the certificate blob will be used.</param>
/// <returns>byte array containing key information</returns>
public static byte[] GetPublicKeyBlob(this ISshKey key, bool cert = true)
{
if (cert && key.Certificate != null)
{
return(key.Certificate.Blob);
}
AsymmetricKeyParameter parameters = key.GetPublicKeyParameters();
BlobBuilder builder = new BlobBuilder();
if (parameters is RsaKeyParameters)
{
RsaKeyParameters rsaPublicKeyParameters = (RsaKeyParameters)parameters;
if (key.Version == SshVersion.SSH1)
{
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Modulus);
}
else
{
builder.AddStringBlob(PublicKeyAlgorithm.SSH_RSA.GetIdentifierString());
builder.AddBigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPublicKeyParameters.Modulus);
}
}
else if (parameters is DsaPublicKeyParameters)
{
DsaPublicKeyParameters dsaParameters =
(DsaPublicKeyParameters)parameters;
builder.AddStringBlob(PublicKeyAlgorithm.SSH_DSS.GetIdentifierString());
builder.AddBigIntBlob(dsaParameters.Parameters.P);
builder.AddBigIntBlob(dsaParameters.Parameters.Q);
builder.AddBigIntBlob(dsaParameters.Parameters.G);
builder.AddBigIntBlob(dsaParameters.Y);
}
else if (parameters is ECPublicKeyParameters)
{
ECPublicKeyParameters ecdsaParameters =
(ECPublicKeyParameters)parameters;
string algorithm;
switch (ecdsaParameters.Parameters.Curve.FieldSize)
{
case 256:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP256.GetIdentifierString();
break;
case 384:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP384.GetIdentifierString();
break;
case 521:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP521.GetIdentifierString();
break;
default:
throw new ArgumentException("Unsupported EC size: " +
ecdsaParameters.Parameters.Curve.FieldSize);
}
builder.AddStringBlob(algorithm);
algorithm =
algorithm.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty);
builder.AddStringBlob(algorithm);
builder.AddBlob(ecdsaParameters.Q.GetEncoded());
}
else if (parameters is Ed25519PublicKeyParameter)
{
builder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
builder.AddBlob(((Ed25519PublicKeyParameter)parameters).Key);
}
else
{
throw new ArgumentException(parameters.GetType() + " is not supported");
}
byte[] result = builder.GetBlob();
builder.Clear();
return(result);
}
BlobBuilder CreatePrivateKeyBlob(ISshKey key)
{
var builder = new BlobBuilder();
switch (key.Version)
{
case SshVersion.SSH1:
var privateKeyParams =
key.GetPrivateKeyParameters() as RsaPrivateCrtKeyParameters;
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(privateKeyParams.Modulus);
builder.AddSsh1BigIntBlob(privateKeyParams.PublicExponent);
builder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
builder.AddSsh1BigIntBlob(privateKeyParams.QInv);
builder.AddSsh1BigIntBlob(privateKeyParams.Q);
builder.AddSsh1BigIntBlob(privateKeyParams.P);
break;
case SshVersion.SSH2:
builder.AddStringBlob(key.Algorithm.GetIdentifierString());
switch (key.Algorithm)
{
case PublicKeyAlgorithm.SSH_DSS:
var dsaPublicKeyParameters = key.GetPublicKeyParameters() as
DsaPublicKeyParameters;
var dsaPrivateKeyParamters = key.GetPrivateKeyParameters() as
DsaPrivateKeyParameters;
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.P);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.Q);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.G);
builder.AddBigIntBlob(dsaPublicKeyParameters.Y);
builder.AddBigIntBlob(dsaPrivateKeyParamters.X);
break;
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521:
var ecdsaPublicKeyParameters = key.GetPublicKeyParameters() as
ECPublicKeyParameters;
var ecdsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
ECPrivateKeyParameters;
builder.AddStringBlob(key.Algorithm.GetIdentifierString()
.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty));
builder.AddBlob(ecdsaPublicKeyParameters.Q.GetEncoded());
builder.AddBigIntBlob(ecdsaPrivateKeyParameters.D);
break;
case PublicKeyAlgorithm.SSH_RSA:
var rsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
RsaPrivateCrtKeyParameters;
builder.AddBigIntBlob(rsaPrivateKeyParameters.Modulus);
builder.AddBigIntBlob(rsaPrivateKeyParameters.PublicExponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.QInv);
builder.AddBigIntBlob(rsaPrivateKeyParameters.P);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Q);
break;
case PublicKeyAlgorithm.ED25519:
var ed25519PublicKeyParameters = key.GetPublicKeyParameters() as
Ed25519PublicKeyParameter;
var ed25519PrivateKeyParameters = key.GetPrivateKeyParameters() as
Ed25519PrivateKeyParameter;
builder.AddBlob(ed25519PublicKeyParameters.Key);
builder.AddBlob(ed25519PrivateKeyParameters.Signature);
break;
default:
throw new Exception("Unsupported algorithm");
}
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
builder.AddStringBlob(key.Comment);
return(builder);
}
public override void Serialize(Stream aStream, object aObject)
{
/* check for required parameters */
if (aStream == null)
{
throw new ArgumentNullException("aStream");
}
if (aObject == null)
{
throw new ArgumentNullException("aObject");
}
PasswordFinder pwFinder = null;
if (GetPassphraseCallbackMethod != null)
{
pwFinder = new PasswordFinder(GetPassphraseCallbackMethod);
}
PinnedArray <char> passphrase = null;
if (pwFinder != null)
{
passphrase = new PinnedArray <char>(0);
passphrase.Data = pwFinder.GetPassword();
}
byte cipherType;
if (passphrase == null || passphrase.Data.Length == 0)
{
cipherType = SSH_CIPHER_NONE;
}
else
{
cipherType = SSH_CIPHER_3DES;
}
BlobBuilder builder = new BlobBuilder();
ISshKey sshKey = aObject as ISshKey;
RsaKeyParameters publicKeyParams = sshKey.GetPublicKeyParameters()
as RsaKeyParameters;
RsaPrivateCrtKeyParameters privateKeyParams = sshKey.GetPrivateKeyParameters()
as RsaPrivateCrtKeyParameters;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(FILE_HEADER_LINE + "\n"));
builder.AddUInt8(0); //end of string
builder.AddUInt8(cipherType); //cipher
builder.AddInt(0); //reserved
/* writing public key */
builder.AddInt(sshKey.Size);
builder.AddSsh1BigIntBlob(publicKeyParams.Modulus);
builder.AddSsh1BigIntBlob(publicKeyParams.Exponent);
builder.AddStringBlob(sshKey.Comment);
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
/* adding some control values */
Random random = new Random();
byte[] resultCheck = new byte[2];
random.NextBytes(resultCheck);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.DQ);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.P);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Q);
if (cipherType == SSH_CIPHER_NONE)
{
/* plain-text */
builder.AddBytes(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
}
else
{
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
/* encryption */
DesSsh1Engine desEngine = new DesSsh1Engine();
desEngine.Init(true, new KeyParameter(keydata));
BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(desEngine);
byte[] ouputBuffer = bufferedBlockCipher.ProcessBytes(
privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
builder.AddBytes(ouputBuffer);
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
aStream.Write(builderOutput.Data, 0, builderOutput.Data.Length);
aStream.Close();
}
BlobBuilder CreatePrivateKeyBlob(ISshKey key)
{
var builder = new BlobBuilder();
switch (key.Version) {
case SshVersion.SSH1:
var privateKeyParams =
key.GetPrivateKeyParameters() as RsaPrivateCrtKeyParameters;
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(privateKeyParams.Modulus);
builder.AddSsh1BigIntBlob(privateKeyParams.PublicExponent);
builder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
builder.AddSsh1BigIntBlob(privateKeyParams.QInv);
builder.AddSsh1BigIntBlob(privateKeyParams.Q);
builder.AddSsh1BigIntBlob(privateKeyParams.P);
break;
case SshVersion.SSH2:
builder.AddStringBlob(key.Algorithm.GetIdentifierString());
switch (key.Algorithm) {
case PublicKeyAlgorithm.SSH_DSS:
var dsaPublicKeyParameters = key.GetPublicKeyParameters() as
DsaPublicKeyParameters;
var dsaPrivateKeyParamters = key.GetPrivateKeyParameters() as
DsaPrivateKeyParameters;
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.P);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.Q);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.G);
builder.AddBigIntBlob(dsaPublicKeyParameters.Y);
builder.AddBigIntBlob(dsaPrivateKeyParamters.X);
break;
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521:
var ecdsaPublicKeyParameters = key.GetPublicKeyParameters() as
ECPublicKeyParameters;
var ecdsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
ECPrivateKeyParameters;
builder.AddStringBlob(key.Algorithm.GetIdentifierString()
.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty));
builder.AddBlob(ecdsaPublicKeyParameters.Q.GetEncoded());
builder.AddBigIntBlob(ecdsaPrivateKeyParameters.D);
break;
case PublicKeyAlgorithm.SSH_RSA:
var rsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
RsaPrivateCrtKeyParameters;
builder.AddBigIntBlob(rsaPrivateKeyParameters.Modulus);
builder.AddBigIntBlob(rsaPrivateKeyParameters.PublicExponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.QInv);
builder.AddBigIntBlob(rsaPrivateKeyParameters.P);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Q);
break;
case PublicKeyAlgorithm.ED25519:
var ed25519PublicKeyParameters = key.GetPublicKeyParameters() as
Ed25519PublicKeyParameter;
var ed25519PrivateKeyParameters = key.GetPrivateKeyParameters() as
Ed25519PrivateKeyParameter;
builder.AddBlob(ed25519PublicKeyParameters.Key);
builder.AddBlob(ed25519PrivateKeyParameters.Signature);
break;
default:
throw new Exception("Unsupported algorithm");
}
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
builder.AddStringBlob(key.Comment);
return builder;
}
public byte[] SignRequest(ISshKey aKey, byte[] aSignData)
{
BlobBuilder builder = new BlobBuilder();
switch (aKey.Version) {
case SshVersion.SSH1:
builder.AddBytes(aKey.GetPublicKeyBlob());
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true /* encrypt */, aKey.GetPublicKeyParameters());
var encryptedData = engine.ProcessBlock(aSignData, 0, aSignData.Length);
var challenge = new BigInteger(encryptedData);
builder.AddSsh1BigIntBlob(challenge);
builder.AddBytes(SessionId);
builder.AddInt(1); // response type - must be 1
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
break;
case SshVersion.SSH2:
builder.AddBlob(aKey.GetPublicKeyBlob());
builder.AddBlob(aSignData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
BlobParser replyParser = SendMessage(builder);
var header = replyParser.ReadHeader();
switch (aKey.Version) {
case SshVersion.SSH1:
if (header.Message != Agent.Message.SSH1_AGENT_RSA_RESPONSE) {
throw new AgentFailureException();
}
byte[] response = new byte[16];
for (int i = 0; i < 16; i++) {
response[i] = replyParser.ReadByte();
}
return response;
case SshVersion.SSH2:
if (header.Message != Agent.Message.SSH2_AGENT_SIGN_RESPONSE) {
throw new AgentFailureException();
}
return replyParser.ReadBlob();
default:
throw new Exception(cUnsupportedSshVersion);
}
}
