// Generates keys for RSA signing public IxianKeyPair generateKeys(int keySize, bool skip_header = false) { KeyPair kp = null; try { KeyPairGenerator kpg = KeyPairGenerator.GetInstance("RSA"); kpg.Initialize(keySize); kp = kpg.GenKeyPair(); IxianKeyPair ixi_kp = new IxianKeyPair(); ixi_kp.privateKeyBytes = rsaKeyToBytes(kp, true, skip_header); ixi_kp.publicKeyBytes = rsaKeyToBytes(kp, false, skip_header); byte[] plain = Encoding.UTF8.GetBytes("Plain text string"); if (!testKeys(plain, ixi_kp)) { return(null); } return(ixi_kp); } catch (Exception e) { Logging.warn(string.Format("Exception while generating signature keys: {0}", e.ToString())); return(null); } }
/// <exception cref="NoSuchAlgorithmException"/> public static KeyPair GenerateKeyPair(string algorithm) { KeyPairGenerator keyGen = KeyPairGenerator.GetInstance(algorithm); keyGen.Initialize(1024); return(keyGen.GenKeyPair()); }
public void CreateKeyPair() { DeleteKey(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME); if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 && Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1) { var calendar = Calendar.GetInstance(_context.Resources.Configuration.Locale); var endDate = Calendar.GetInstance(_context.Resources.Configuration.Locale); endDate.Add(CalendarField.Year, 20); //this API is obsolete after Android M, but I am supporting Android L #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(_context) #pragma warning restore 618 .SetAlias(_keyName).SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal($"CN={_keyName} CA Certificate")) .SetStartDate(calendar.Time) .SetEndDate(endDate.Time).SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } else if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { var builder = new KeyGenParameterSpec.Builder(_keyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false).SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } keyGenerator.GenerateKeyPair(); }
public async Task <byte[]> GenerateKeyPair(CancellationToken ct, string name) { if (this.Log().IsEnabled(LogLevel.Debug)) { this.Log().Debug($"Generating a key pair (name: '{name}')."); } name.Validation().NotNullOrEmpty(nameof(name)); using (await _asyncLock.LockAsync(ct)) { var keygen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmEc, ANDROID_KEYSTORE); keygen.Initialize(new KeyGenParameterSpec.Builder(name, KeyStorePurpose.Sign) .SetAlgorithmParameterSpec(new ECGenParameterSpec(CURVE_NAME)) .SetDigests(KeyProperties.DigestSha256) .SetUserAuthenticationRequired(true) .Build() ); if (this.Log().IsEnabled(LogLevel.Information)) { this.Log().Info($"Return the generated key pair (name: '{name}')."); } return(keygen.GenerateKeyPair().Public.GetEncoded()); } }
KeyPair GetAsymmetricKeyPair() { var asymmetricAlias = $"{alias}.asymmetric"; var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>(); var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey; // Return the existing key if found if (privateKey != null && publicKey != null) { return(new KeyPair(publicKey, privateKey)); } // Otherwise we create a new key var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore); var end = DateTime.UtcNow.AddYears(20); var startDate = new Java.Util.Date(); var endDate = new Java.Util.Date(end.Year, end.Month, end.Day); #pragma warning disable CS0618 var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext) .SetAlias(asymmetricAlias) .SetSerialNumber(Java.Math.BigInteger.One) .SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate")) .SetStartDate(startDate) .SetEndDate(endDate); generator.Initialize(builder.Build()); #pragma warning restore CS0618 return(generator.GenerateKeyPair()); }
//BELOW API 23 public KeyPair GetAsymmetricKey() { var asymmetricAlias = $"{alias}.asymmetric"; var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>(); var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey; if (privateKey != null && publicKey != null) { return(new KeyPair(publicKey, privateKey)); } // var originalLocale = Platform. var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, CONST_ANDROIDKEY); var end = DateTime.UtcNow.AddYears(20); var startDate = new Java.Util.Date(); var endDate = new Java.Util.Date(end.Year, end.Month, end.Day); var builder = new KeyPairGeneratorSpec.Builder(appContext) .SetAlias(asymmetricAlias) .SetSerialNumber(Java.Math.BigInteger.One) .SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate")) .SetStartDate(startDate) .SetEndDate(endDate); generator.Initialize(builder.Build()); return(generator.GenerateKeyPair()); }
/// <inheritdoc/> public ICryptographicKey CreateKeyPair(int keySize) { Requires.Range(keySize > 0, "keySize"); var keyGen = KeyPairGenerator.GetInstance("RSA"); keyGen.Initialize(keySize); var key = keyGen.GenerateKeyPair(); var privateKeyParameters = key.Private.JavaCast <IRSAPrivateCrtKey>(); var parameters = new RSAParameters { Modulus = privateKeyParameters.Modulus.ToByteArray(), Exponent = privateKeyParameters.PublicExponent.ToByteArray(), P = privateKeyParameters.PrimeP.ToByteArray(), Q = privateKeyParameters.PrimeQ.ToByteArray(), DP = privateKeyParameters.PrimeExponentP.ToByteArray(), DQ = privateKeyParameters.PrimeExponentQ.ToByteArray(), InverseQ = privateKeyParameters.CrtCoefficient.ToByteArray(), D = privateKeyParameters.PrivateExponent.ToByteArray(), }; // Normalize RSAParameters (remove leading zeros, etc.) parameters = KeyFormatter.Pkcs1.Read(KeyFormatter.Pkcs1.Write(parameters)); return(new RsaCryptographicKey(key.Public, key.Private, parameters, this.algorithm)); }
private void CreateNewKey(string alias) { KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt) .SetBlockModes(KeyProperties.BlockModeCbc) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .Build(); KeyPairGenerator generator = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore"); generator.Initialize(spec); generator.GenerateKeyPair(); }
KeyPair GetAsymmetricKeyPair() { // set that we generated keys on pre-m device. Preferences.Set(useSymmetricPreferenceKey, false, SecureStorage.Alias); var asymmetricAlias = $"{alias}.asymmetric"; var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>(); var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey; // Return the existing key if found if (privateKey != null && publicKey != null) { return(new KeyPair(publicKey, privateKey)); } var originalLocale = Platform.GetLocale(); try { // Force to english for known bug in date parsing: // https://issuetracker.google.com/issues/37095309 Platform.SetLocale(Java.Util.Locale.English); // Otherwise we create a new key var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore); var end = DateTime.UtcNow.AddYears(20); var startDate = new Java.Util.Date(); #pragma warning disable CS0618 // Type or member is obsolete var endDate = new Java.Util.Date(end.Year, end.Month, end.Day); #pragma warning restore CS0618 // Type or member is obsolete #pragma warning disable CS0618 var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext) .SetAlias(asymmetricAlias) .SetSerialNumber(Java.Math.BigInteger.One) .SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate")) .SetStartDate(startDate) .SetEndDate(endDate); generator.Initialize(builder.Build()); #pragma warning restore CS0618 return(generator.GenerateKeyPair()); } finally { Platform.SetLocale(originalLocale); } }
private void PrepareKeyStore() { _keyStore = KeyStore.GetInstance(AndroidKeyStoreKey); _keyStore.Load(null); if (_keyStore.ContainsAlias(ProtectedDataKey)) { _keyStore.GetKey(ProtectedDataKey, null); } else { var context = global::Android.App.Application.Context; // thanks to https://dzone.com/articles/xamarin-android-asymmetric-encryption-without-any var keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStoreKey); if (_sdkLessThan23) { var calendar = Calendar.GetInstance(context.Resources.Configuration.Locale); var endDate = Calendar.GetInstance(context.Resources.Configuration.Locale); endDate.Add(CalendarField.Year, 20); #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(context) #pragma warning restore 618 .SetAlias(ProtectedDataKey) .SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal($"CN={ProtectedDataKey} CA Certificate")) .SetStartDate(calendar.Time) .SetEndDate(endDate.Time) .SetKeySize(2048); keyGenerator.Initialize(builder.Build()); } else { var builder = new KeyGenParameterSpec.Builder(ProtectedDataKey, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false) .SetKeySize(2048); keyGenerator.Initialize(builder.Build()); } keyGenerator.GenerateKeyPair(); } }
private void GenerateStoreKey(bool withDate) { if (_keyStore.ContainsAlias(KeyAlias)) { return; } ClearSettings(); var end = Calendar.Instance; end.Add(CalendarField.Year, 99); if (_oldAndroid) { var subject = new X500Principal($"CN={KeyAlias}"); var builder = new KeyPairGeneratorSpec.Builder(Application.Context) .SetAlias(KeyAlias) .SetSubject(subject) .SetSerialNumber(BigInteger.Ten); if (withDate) { builder.SetStartDate(new Date(0)).SetEndDate(end.Time); } var spec = builder.Build(); var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore); gen.Initialize(spec); gen.GenerateKeyPair(); } else { var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt) .SetBlockModes(KeyProperties.BlockModeGcm) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone); if (withDate) { builder.SetKeyValidityStart(new Date(0)).SetKeyValidityEnd(end.Time); } var spec = builder.Build(); var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore); gen.Init(spec); gen.GenerateKey(); } }
/// <summary> /// Generates an RSA keypair of the provided length using Java libraries /// and configures an RSACryptoServiceProvider with them for ease of use with .NET systems. /// This is much more performant than generating keys directly from an RSACryptoServiceProvider /// when running on an Android system. /// </summary> /// <returns></returns> public static RSACryptoServiceProvider GenerateRsaKeyPair(int keySize = 2048) { //Generate an RSA key-pair of the provided size. This approach is as fast as anything I have found for Android devices. //On a Nexus 6P, this code consistently creates a 2048-bit key-pair in less than 10 seconds while standard .NET libraries //and BouncyCastle all took anywhere from 10 - 30 seconds. var keyPairGenerator = KeyPairGenerator.GetInstance("RSA"); keyPairGenerator.Initialize(keySize); var keys = keyPairGenerator.GenerateKeyPair(); KeyFactory kf = KeyFactory.GetInstance("RSA"); var spec = (RSAPrivateCrtKeySpec)kf.GetKeySpec(keys.Private, Class.FromType(typeof(RSAPrivateCrtKeySpec))); //Create an Xml node for the provided element name using the provided number in Base64-string format as its value string FormatElement(string name, BigInteger value) { var bytes = value.ToByteArray(); int length = bytes.Length; if (length % 2 != 0 && bytes[0] == 0) //BigInteger is signed, so remove the extra byte { bytes = Arrays.CopyOfRange(bytes, 1, length); } var content = Base64.EncodeToString(bytes, Base64Flags.Default); return($"<{name}>{content}</{name}>"); } //Create an XML version of the private key var stb = new System.Text.StringBuilder(); stb.Append("<RSAKeyValue>"); stb.Append(FormatElement("Modulus", spec.Modulus)); stb.Append(FormatElement("Exponent", spec.PublicExponent)); stb.Append(FormatElement("P", spec.PrimeP)); stb.Append(FormatElement("Q", spec.PrimeQ)); stb.Append(FormatElement("DP", spec.PrimeExponentP)); stb.Append(FormatElement("DQ", spec.PrimeExponentQ)); stb.Append(FormatElement("InverseQ", spec.CrtCoefficient)); stb.Append(FormatElement("D", spec.PrivateExponent)); stb.Append("</RSAKeyValue>"); var privateKeyXml = stb.ToString(); //Configure an RSACryptoServiceProvider using the generated key XML var rsaCryptoServiceProvider = new RSACryptoServiceProvider(keySize); rsaCryptoServiceProvider.FromXmlString(privateKeyXml); return(rsaCryptoServiceProvider); }
private KeyPair GenerateKeyPair(string keyName, bool invalidatedByBiometricEnrollment) { var keyPairGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmEc, KEY_STORE_NAME); var builder = new KeyGenParameterSpec.Builder(keyName, KeyStorePurpose.Sign) .SetAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")) .SetDigests(KeyProperties.DigestSha256, KeyProperties.DigestSha384, KeyProperties.DigestSha512) // Require the user to authenticate with a biometric to authorize every use of the key .SetUserAuthenticationRequired(true) // Generated keys will be invalidated if the biometric templates are added more to user device .SetInvalidatedByBiometricEnrollment(invalidatedByBiometricEnrollment); keyPairGenerator.Initialize(builder.Build()); return(keyPairGenerator.GenerateKeyPair()); }
// private // public /// <exception cref="System.Exception"></exception> public virtual void Init(int key_size) { KeyPairGenerator keyGen = KeyPairGenerator.GetInstance("DSA"); keyGen.Initialize(key_size, new SecureRandom()); Sharpen.KeyPair pair = keyGen.GenerateKeyPair(); PublicKey pubKey = pair.GetPublic(); PrivateKey prvKey = pair.GetPrivate(); x = ((DSAPrivateKey)prvKey).GetX().GetBytes(); y = ((DSAPublicKey)pubKey).GetY().GetBytes(); DSAParams @params = ((DSAKey)prvKey).GetParams(); p = @params.GetP().GetBytes(); q = @params.GetQ().GetBytes(); g = @params.GetG().GetBytes(); }
// private // public // coefficient // exponent p // exponent q // prime p // prime q /// <exception cref="System.Exception"></exception> public virtual void Init(int key_size) { KeyPairGenerator keyGen = KeyPairGenerator.GetInstance("RSA"); keyGen.Initialize(key_size, new SecureRandom()); Sharpen.KeyPair pair = keyGen.GenerateKeyPair(); PublicKey pubKey = pair.GetPublic(); PrivateKey prvKey = pair.GetPrivate(); d = ((RSAPrivateKey)prvKey).GetPrivateExponent().GetBytes(); e = ((RSAPublicKey)pubKey).GetPublicExponent().GetBytes(); n = ((RSAPrivateKey)prvKey).GetModulus().GetBytes(); c = ((RSAPrivateCrtKey)prvKey).GetCrtCoefficient().GetBytes(); ep = ((RSAPrivateCrtKey)prvKey).GetPrimeExponentP().GetBytes(); eq = ((RSAPrivateCrtKey)prvKey).GetPrimeExponentQ().GetBytes(); p = ((RSAPrivateCrtKey)prvKey).GetPrimeP().GetBytes(); q = ((RSAPrivateCrtKey)prvKey).GetPrimeQ().GetBytes(); }
private static void GenerateKeyPair(Context context, String alias) { Calendar start = new GregorianCalendar(); Calendar end = new GregorianCalendar(); end.Add(CalendarField.Year, 100); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context) .SetAlias(alias) .SetSubject(new X500Principal("CN=" + alias)) .SetSerialNumber(BigInteger.One) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); KeyPairGenerator gen = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore"); gen.Initialize(spec); gen.GenerateKeyPair(); }
/// <summary> /// Creates a new public-private key pair. An already existing key will be deleted, so /// make sure to call <see cref="KeysExistInKeyStore"/> before. /// </summary> private void CreateKeyPairInKeyStore() { RemoveKeyFromKeyStore(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName); if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 && Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1) { Calendar startDateCalendar = Calendar.GetInstance(Locale.Default); startDateCalendar.Add(CalendarField.Year, -1); Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); string certificateName = string.Format("CN={0} CA Certificate", KeyAlias); // this API is obsolete after Android M, but we are supporting Android L #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(_applicationContext) .SetAlias(KeyAlias) .SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal(certificateName)) .SetStartDate(startDateCalendar.Time) .SetEndDate(endDateCalendar.Time) .SetKeySize(KeySize); #pragma warning restore 618 keyGenerator.Initialize(builder.Build()); } else if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetCertificateNotAfter(endDateCalendar.Time) .SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } // Key generator is initialized, generate the key keyGenerator.GenerateKeyPair(); }
public void CreateKey() { // Removes key if it already exists, no change otherwise DeleteKey(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME); // Parameters affiliated with the Transformation settings used when making Cipher var builder = new KeyGenParameterSpec.Builder(_keyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false).SetKeySize(KEY_SIZE); keyGenerator.Initialize(builder.Build()); builder.Dispose(); // Keys automattically added to KeyStore keyGenerator.GenerateKeyPair(); keyGenerator.Dispose(); }
private void GenerateRSAKeyPairs(string alias) { // Generate the RSA key pairs if (!_keyStore.ContainsAlias(alias)) { // Generate a key pair for encryption var start = Calendar.GetInstance(Locale.English); var end = Calendar.GetInstance(Locale.English); end.Add(CalendarField.Year, 30); var spec = new KeyPairGeneratorSpec.Builder(_context) .SetAlias(alias) .SetSubject(new X500Principal("CN=" + alias)) .SetSerialNumber(BigInteger.Ten) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); var kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore); kpg.Initialize(spec); kpg.GenerateKeyPair(); } }
private void GenerateRSAKey() { // Generate a key pair for encryption Calendar start = Calendar.GetInstance(Locale.Default); Calendar end = Calendar.GetInstance(Locale.Default); #pragma warning disable CS0618 // Type or member is obsolete end.Add(Calendar.Year, 30); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(Android.App.Application.Context) #pragma warning restore CS0618 // Type or member is obsolete .SetAlias(_secureStoredKeyAlias) .SetSubject(new X500Principal("CN=" + _secureStoredKeyAlias)) .SetSerialNumber(BigInteger.Ten) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); KeyPairGenerator kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, _droidKeyStore); kpg.Initialize(spec); kpg.GenerateKeyPair(); }
/// <summary> /// Create new RSA key pair for KeyStore instance /// </summary> /// <param name="alias">KeyStore instance alias</param> /// <param name="context">Root context</param> /// <returns>True/False = Created or not</returns> private static bool CreateNewRSAKeyPair(string alias, Context context) { try { Calendar start = Calendar.GetInstance(Java.Util.TimeZone.Default); Calendar end = Calendar.GetInstance(Java.Util.TimeZone.Default); end.Add(CalendarField.Year, 100); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context) .SetAlias(alias) .SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=CryptoTouch, O=Android Authority")) .SetSerialNumber(Java.Math.BigInteger.One) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); KeyPairGenerator generator = KeyPairGenerator.GetInstance("RSA", STORE_NAME); generator.Initialize(spec); _keyPair = generator.GenerateKeyPair(); return(true); } catch (Exception ex) { Toast.MakeText(context, ex.Message, ToastLength.Long).Show(); return(false); } }
/// <summary> /// Creates a new public-private key pair. An already existing key will be deleted, so /// make sure to call <see cref="KeysExistInKeyStore"/> before. /// </summary> private void CreateKeyPairInKeyStore() { RemoveKeyFromKeyStore(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName); // With Build.VERSION.SdkInt < BuildVersionCodes.M we would have to use an alternative // way, but Android 6 is our min version. Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetCertificateNotAfter(endDateCalendar.Time) .SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); // Key generator is initialized, generate the key keyGenerator.GenerateKeyPair(); }
/// <inheritdoc/> public ICryptographicKey CreateKeyPair(int keySize) { Requires.Range(keySize > 0, "keySize"); var keyGen = KeyPairGenerator.GetInstance("RSA"); if (keyGen is null) { throw new InvalidOperationException(Strings.UnsupportedAlgorithm); } keyGen.Initialize(keySize); var key = keyGen.GenerateKeyPair(); if (key?.Private is null || key.Public is null) { throw new InvalidOperationException("GenerateKeyPair returned null or a null components."); } var privateKeyParameters = key.Private.JavaCast <IRSAPrivateCrtKey>() !; var parameters = new RSAParameters { Modulus = privateKeyParameters.Modulus?.ToByteArray(), Exponent = privateKeyParameters.PublicExponent?.ToByteArray(), P = privateKeyParameters.PrimeP?.ToByteArray(), Q = privateKeyParameters.PrimeQ?.ToByteArray(), DP = privateKeyParameters.PrimeExponentP?.ToByteArray(), DQ = privateKeyParameters.PrimeExponentQ?.ToByteArray(), InverseQ = privateKeyParameters.CrtCoefficient?.ToByteArray(), D = privateKeyParameters.PrivateExponent?.ToByteArray(), }; // Normalize RSAParameters (remove leading zeros, etc.) parameters = KeyFormatter.Pkcs1.Read(KeyFormatter.Pkcs1.Write(parameters)); return(new RsaCryptographicKey(key.Public, key.Private, parameters, this.algorithm)); }
private void InitializePrivateKey() { if (!_HasKeyStore) { return; } try { var keystore = KeyStore.GetInstance("AndroidKeyStore"); keystore.Load(null); if (keystore.ContainsAlias(Alias)) { return; } } catch (Exception e) { Log.To.NoDomain.E(Tag, "Unable to open Android keystore", e); return; } try { var start = Calendar.GetInstance(Locale.Default); var end = Calendar.GetInstance(Locale.Default); end.Add(CalendarField.Year, 1); var spec = new KeyPairGeneratorSpec.Builder(Application.Context) .SetAlias(Alias) .SetSubject(new X500Principal($"CN={Alias}")) .SetSerialNumber(BigInteger.ValueOf(1337)) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); var generator = KeyPairGenerator.GetInstance(KeyPairGenAlgorithm, "AndroidKeyStore"); generator.Initialize(spec); var keyPair = generator.GenerateKeyPair(); } catch (Exception e) { Log.To.NoDomain.E(Tag, "Unable to create new key", e); } }
private void CreateKey_Credentials() { var generator = KeyPairGenerator.GetInstance("RSA", AndroidKeyStore); if (Build.VERSION.SdkInt < BuildVersionCodes.M) { Java.Util.Calendar calendar = Java.Util.Calendar.Instance; calendar.Add(Java.Util.CalendarField.Year, 20); Date startDate = Java.Util.Calendar.Instance.Time; Date endDate = calendar.Time; #pragma warning disable 0618 var builder = new KeyPairGeneratorSpec.Builder(_context); #pragma warning restore 0618 builder.SetAlias(KEYALIAS_CREDENTIALS); builder.SetSerialNumber(Java.Math.BigInteger.One); builder.SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=${alias} CA Certificate")); builder.SetStartDate(startDate); builder.SetEndDate(endDate); generator.Initialize(builder.Build()); } else { var builder = new KeyGenParameterSpec.Builder(KEYALIAS_CREDENTIALS, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt); builder.SetBlockModes(KeyProperties.BlockModeEcb); builder.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1); generator.Initialize(builder.Build()); } generator.GenerateKeyPair(); }
// my public key // your public key // shared secret key /// <exception cref="System.Exception"></exception> public virtual void Init() { myKpairGen = KeyPairGenerator.GetInstance("DH"); // myKpairGen=KeyPairGenerator.getInstance("DiffieHellman"); myKeyAgree = KeyAgreement.GetInstance("DH"); }
private ISecretKey GetDataEncryptionKeyAPI22orLower() { KeyPair GetKeyEncryptionKeyPair() { var ks = KeyStore.GetInstance("AndroidKeyStore"); ks.Load(null); if (ks.IsKeyEntry(KEY_ENC_KEY_ALIAS)) { var ke = ks.GetEntry(KEY_ENC_KEY_ALIAS, null) as KeyStore.PrivateKeyEntry; return(new KeyPair(ke.Certificate.PublicKey, ke.PrivateKey)); } else { var kpg = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore"); var startDate = Java.Util.Calendar.GetInstance(Java.Util.TimeZone.Default); var endDate = Java.Util.Calendar.GetInstance(Java.Util.TimeZone.Default); endDate.Add(Java.Util.CalendarField.Year, KEY_ENC_KEY_VALIDITY_YEARS); #pragma warning disable CS0618 kpg.Initialize(new KeyPairGeneratorSpec.Builder(Android.App.Application.Context) #pragma warning restore CS0618 .SetAlias(KEY_ENC_KEY_ALIAS) .SetKeySize(2048) .SetSubject(new X500Principal(KEY_ENC_KEY_SUBJECT)) .SetSerialNumber(new BigInteger(BitConverter.GetBytes(KEY_ENC_KEY_SERIAL_NUMBER))) .SetStartDate(startDate.Time) .SetEndDate(endDate.Time) .Build()); var kp = kpg.GenerateKeyPair(); System.Diagnostics.Debug.WriteLine("CryptoImpl.cs: A new key encryption key pair was generated."); return(kp); } } string EncryptAesKey(byte[] k) { try { var kp = GetKeyEncryptionKeyPair(); var c = Cipher.GetInstance("RSA/ECB/PKCS1Padding"); c.Init(CipherMode.EncryptMode, kp.Public); return(Base64.EncodeToString(c.DoFinal(k), BASE64_FLAGS)); } catch { return(null); } } byte[] DecryptAesKey(string k) { try { var kp = GetKeyEncryptionKeyPair(); var c = Cipher.GetInstance("RSA/ECB/PKCS1Padding"); c.Init(CipherMode.DecryptMode, kp.Private); return(c.DoFinal(Base64.Decode(k, BASE64_FLAGS))); } catch { return(null); } } void SaveAesKey(string k) { var file = IsolatedStorageFile.GetUserStoreForApplication(); using (var stream = file.CreateFile("aeskey.txt")) { using (var writer = new StreamWriter(stream)) { writer.Write(k); } } } string LoadAesKey() { var file = IsolatedStorageFile.GetUserStoreForApplication(); try { using (var stream = file.OpenFile("aeskey.txt", FileMode.Open)) { using (var reader = new StreamReader(stream)) { return(reader.ReadToEnd()); } } } catch (FileNotFoundException) { } return(null); } var key = DecryptAesKey(LoadAesKey()); if (key == null) { key = new byte[16]; SecureRandom.GetInstance("SHA1PRNG").NextBytes(key); SaveAesKey(EncryptAesKey(key)); System.Diagnostics.Debug.WriteLine("CryptoImpl.cs: A new data encryption key was generated."); } return(new SecretKeySpec(key, "AES")); }