private void doTestECDH( string algorithm) { IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator(algorithm); // EllipticCurve curve = new EllipticCurve( // new ECFieldFp(new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839")), // q // new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a // new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECCurve curve = new FpCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECDomainParameters ecSpec = new ECDomainParameters( curve, // ECPointUtil.DecodePoint(curve, Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307"), // n BigInteger.One); //1); // h // g.initialize(ecSpec, new SecureRandom()); g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom())); // // a side // AsymmetricCipherKeyPair aKeyPair = g.GenerateKeyPair(); IBasicAgreement aKeyAgreeBasic = AgreementUtilities.GetBasicAgreement(algorithm); aKeyAgreeBasic.Init(aKeyPair.Private); // // b side // AsymmetricCipherKeyPair bKeyPair = g.GenerateKeyPair(); IBasicAgreement bKeyAgreeBasic = AgreementUtilities.GetBasicAgreement(algorithm); bKeyAgreeBasic.Init(bKeyPair.Private); // // agreement // // aKeyAgreeBasic.doPhase(bKeyPair.Public, true); // bKeyAgreeBasic.doPhase(aKeyPair.Public, true); // // BigInteger k1 = new BigInteger(aKeyAgreeBasic.generateSecret()); // BigInteger k2 = new BigInteger(bKeyAgreeBasic.generateSecret()); BigInteger k1 = aKeyAgreeBasic.CalculateAgreement(bKeyPair.Public); BigInteger k2 = bKeyAgreeBasic.CalculateAgreement(aKeyPair.Public); if (!k1.Equals(k2)) { Fail(algorithm + " 2-way test failed"); } // // public key encoding test // // byte[] pubEnc = aKeyPair.Public.GetEncoded(); byte[] pubEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(aKeyPair.Public).GetDerEncoded(); // KeyFactory keyFac = KeyFactory.getInstance(algorithm); // X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc); // ECPublicKey pubKey = (ECPublicKey)keyFac.generatePublic(pubX509); ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(pubEnc); ECDomainParameters ecDP = pubKey.Parameters; // if (!pubKey.getW().Equals(((ECPublicKeyParameters)aKeyPair.Public).getW())) ECPoint pq1 = pubKey.Q.Normalize(), pq2 = ((ECPublicKeyParameters)aKeyPair.Public).Q.Normalize(); if (!pq1.Equals(pq2)) { // Console.WriteLine(" expected " + pubKey.getW().getAffineX() + " got " + ((ECPublicKey)aKeyPair.Public).getW().getAffineX()); // Console.WriteLine(" expected " + pubKey.getW().getAffineY() + " got " + ((ECPublicKey)aKeyPair.Public).getW().getAffineY()); // Fail(algorithm + " public key encoding (W test) failed"); Console.WriteLine(" expected " + pq1.AffineXCoord.ToBigInteger() + " got " + pq2.AffineXCoord.ToBigInteger()); Console.WriteLine(" expected " + pq1.AffineYCoord.ToBigInteger() + " got " + pq2.AffineYCoord.ToBigInteger()); Fail(algorithm + " public key encoding (Q test) failed"); } // if (!pubKey.Parameters.getGenerator().Equals(((ECPublicKeyParameters)aKeyPair.Public).Parameters.getGenerator())) if (!pubKey.Parameters.G.Equals(((ECPublicKeyParameters)aKeyPair.Public).Parameters.G)) { Fail(algorithm + " public key encoding (G test) failed"); } // // private key encoding test // // byte[] privEnc = aKeyPair.Private.GetEncoded(); byte[] privEnc = PrivateKeyInfoFactory.CreatePrivateKeyInfo(aKeyPair.Private).GetDerEncoded(); // PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc); // ECPrivateKey privKey = (ECPrivateKey)keyFac.generatePrivate(privPKCS8); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privEnc); // if (!privKey.getS().Equals(((ECPrivateKey)aKeyPair.Private).getS())) if (!privKey.D.Equals(((ECPrivateKeyParameters)aKeyPair.Private).D)) { // Fail(algorithm + " private key encoding (S test) failed"); Fail(algorithm + " private key encoding (D test) failed"); } // if (!privKey.Parameters.getGenerator().Equals(((ECPrivateKey)aKeyPair.Private).Parameters.getGenerator())) if (!privKey.Parameters.G.Equals(((ECPrivateKeyParameters)aKeyPair.Private).Parameters.G)) { Fail(algorithm + " private key encoding (G test) failed"); } }
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA1WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate var issuerKeyPair = subjectKeyPair; // selfsign certificate var certificate = certificateGenerator.Generate(issuerPrivKey, random); // correcponding private key PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { //throw new PemException("malformed sequence in RSA private key"); return(null); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); WriteKeytoFile(subjectName.Substring(3), WriteKeyAsPem(subjectKeyPair, 0), 0); WriteKeytoFile(subjectName.Substring(3), WriteKeyAsPem(subjectKeyPair, 1), 1); WriteCertificatetoFile(subjectName.Substring(3), WriteCertificateAsPem(x509)); Console.WriteLine(WriteKeyAsPem(subjectKeyPair, 0)); Console.WriteLine(WriteKeyAsPem(subjectKeyPair, 1)); Console.WriteLine(WriteCertificateAsPem(x509)); return(x509); }
public static AsymmetricKeyParameter DecryptKey( char[] passPhrase, EncryptedPrivateKeyInfo encInfo) { return(CreateKey(PrivateKeyInfoFactory.CreatePrivateKeyInfo(passPhrase, encInfo))); }
private const string alg = "1.2.840.113549.1.12.1.3"; // 3 key triple DES with SHA-1 public override void PerformTest() { IAsymmetricCipherKeyPairGenerator fact = GeneratorUtilities.GetKeyPairGenerator("RSA"); fact.Init(new KeyGenerationParameters(new SecureRandom(), 512)); AsymmetricCipherKeyPair keyPair = fact.GenerateKeyPair(); AsymmetricKeyParameter priKey = keyPair.Private; AsymmetricKeyParameter pubKey = keyPair.Public; // // set up the parameters // byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; int iterationCount = 100; Asn1Encodable defParams = PbeUtilities.GenerateAlgorithmParameters(alg, salt, iterationCount); char[] password1 = { 'h', 'e', 'l', 'l', 'o' }; // AlgorithmParameters parameters = AlgorithmParameters.getInstance(alg); // // parameters.init(defParams); // // set up the key // // PBEKeySpec pbeSpec = new PBEKeySpec(password1); // SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg); // IBufferedCipher cipher = CipherUtilities.GetCipher(alg); IWrapper wrapper = WrapperUtilities.GetWrapper(alg); ICipherParameters parameters = PbeUtilities.GenerateCipherParameters( alg, password1, defParams); // cipher.Init(IBufferedCipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), parameters); wrapper.Init(true, parameters); // byte[] wrappedKey = cipher.Wrap(priKey); byte[] pkb = PrivateKeyInfoFactory.CreatePrivateKeyInfo(priKey).GetDerEncoded(); byte[] wrappedKey = wrapper.Wrap(pkb, 0, pkb.Length); // // create encrypted object // // TODO Figure out what this was supposed to do // EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(parameters, wrappedKey); PrivateKeyInfo plain = PrivateKeyInfoFactory.CreatePrivateKeyInfo(priKey); EncryptedPrivateKeyInfo pInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo( alg, password1, salt, iterationCount, plain); // // decryption step // char[] password2 = { 'h', 'e', 'l', 'l', 'o' }; // pbeSpec = new PBEKeySpec(password2); // // cipher = CipherUtilities.GetCipher(pInfo.EncryptionAlgorithm); // // cipher.Init(false, keyFact.generateSecret(pbeSpec), pInfo.getAlgParameters()); // // PKCS8EncodedKeySpec keySpec = pInfo.getKeySpec(cipher); PrivateKeyInfo decrypted = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password2, pInfo); // if (!MessageDigest.isEqual(priKey.GetEncoded(), keySpec.GetEncoded())) if (!decrypted.Equals(plain)) { Fail("Private key does not match"); } // // using ICipherParameters test // // pbeSpec = new PBEKeySpec(password1); // keyFact = SecretKeyFactory.getInstance(alg); // cipher = CipherUtilities.GetCipher(alg); wrapper = WrapperUtilities.GetWrapper(alg); // cipher.init(IBufferedCipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), parameters); wrapper.Init(true, parameters); // wrappedKey = cipher.wrap(priKey); wrappedKey = wrapper.Wrap(pkb, 0, pkb.Length); // // create encrypted object // // TODO Figure out what this was supposed to do // pInfo = new EncryptedPrivateKeyInfo(cipher.getParameters(), wrappedKey); plain = PrivateKeyInfoFactory.CreatePrivateKeyInfo(priKey); pInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo( alg, password1, salt, iterationCount, plain); // // decryption step // // pbeSpec = new PBEKeySpec(password2); // // cipher = CipherUtilities.GetCipher(pInfo.getAlgName()); // // cipher.init(IBufferedCipher.DECRYPT_MODE, keyFact.generateSecret(pbeSpec), pInfo.getAlgParameters()); // // keySpec = pInfo.getKeySpec(cipher); decrypted = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password2, pInfo); // if (!MessageDigest.isEqual(priKey.GetEncoded(), keySpec.GetEncoded())) if (!decrypted.Equals(plain)) { Fail("Private key does not match"); } }
// Note: Much of this code comes from https://stackoverflow.com/a/22247129 private static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey) { const int keyStrength = 2048; // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerPrivKey); // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyPairGenerator = new RsaKeyPairGenerator(); var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // selfsign certificate var certificate = certificateGenerator.Generate(signatureFactory); // correcponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { // throw new PemException("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = ToDotNetKey(rsaparams); // x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); return(x509); }
public void doTestECDsa( string name) { // ECGenParameterSpec ecSpec = new ECGenParameterSpec(name); ECDomainParameters ecSpec = GetCurveParameters(name); IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); // g.initialize(ecSpec, new SecureRandom()); g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom())); ISigner sgr = SignerUtilities.GetSigner("ECDSA"); AsymmetricCipherKeyPair pair = g.GenerateKeyPair(); AsymmetricKeyParameter sKey = pair.Private; AsymmetricKeyParameter vKey = pair.Public; sgr.Init(true, sKey); byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' }; sgr.BlockUpdate(message, 0, message.Length); byte[] sigBytes = sgr.GenerateSignature(); sgr.Init(false, vKey); sgr.BlockUpdate(message, 0, message.Length); if (!sgr.VerifySignature(sigBytes)) { Fail(name + " verification failed"); } // // public key encoding test // // byte[] pubEnc = vKey.getEncoded(); byte[] pubEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(vKey).GetDerEncoded(); // KeyFactory keyFac = KeyFactory.getInstance("ECDH"); // X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc); // ECPublicKey pubKey = (ECPublicKey)keyFac.generatePublic(pubX509); ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(pubEnc); // if (!pubKey.getW().Equals(((ECPublicKey)vKey).getW())) if (!pubKey.Q.Equals(((ECPublicKeyParameters)vKey).Q)) { Fail("public key encoding (Q test) failed"); } // TODO Put back in? // if (!(pubKey.Parameters is ECNamedCurveSpec)) // { // Fail("public key encoding not named curve"); // } // // private key encoding test // // byte[] privEnc = sKey.getEncoded(); byte[] privEnc = PrivateKeyInfoFactory.CreatePrivateKeyInfo(sKey).GetDerEncoded(); // PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc); // ECPrivateKey privKey = (ECPrivateKey)keyFac.generatePrivate(privPKCS8); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privEnc); // if (!privKey.getS().Equals(((ECPrivateKey)sKey).getS())) if (!privKey.D.Equals(((ECPrivateKeyParameters)sKey).D)) { Fail("private key encoding (D test) failed"); } // TODO Put back in? // if (!(privKey.Parameters is ECNamedCurveSpec)) // { // Fail("private key encoding not named curve"); // } // // ECNamedCurveSpec privSpec = (ECNamedCurveSpec)privKey.getParams(); // if (!privSpec.GetName().EqualsIgnoreCase(name) // && !privSpec.GetName().EqualsIgnoreCase((string) CurveAliases[name])) // { // Fail("private key encoding wrong named curve. Expected: " + name + " got " + privSpec.GetName()); // } }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="subjectName">Name of the subject.</param> /// <param name="issuerName">Name of the issuer.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> /// <param name="keyStrength">The key strength.</param> /// <param name="signatureAlgorithm">The signature algorithm.</param> /// <param name="issuerPrivateKey">The issuer private key.</param> /// <param name="hostName">The host name</param> /// <returns>X509Certificate2 instance.</returns> /// <exception cref="PemException">Malformed sequence in RSA private key</exception> private static X509Certificate2 generateCertificate(string?hostName, string subjectName, string issuerName, DateTime validFrom, DateTime validTo, int keyStrength = 2048, string signatureAlgorithm = "SHA256WithRSA", AsymmetricKeyParameter?issuerPrivateKey = null) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var secureRandom = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), secureRandom); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var subjectDn = new X509Name(subjectName); var issuerDn = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); certificateGenerator.SetNotBefore(validFrom); certificateGenerator.SetNotAfter(validTo); if (hostName != null) { // add subject alternative names var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, hostName) }; var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension); } // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(secureRandom, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Set certificate intended purposes to only Server Authentication certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)); if (issuerPrivateKey == null) { certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(true)); } var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerPrivateKey ?? subjectKeyPair.Private, secureRandom); // Self-sign the certificate var certificate = certificateGenerator.Generate(signatureFactory); // Corresponding private key var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // Set private key onto certificate instance var x509Certificate = withPrivateKey(certificate, rsaparams); if (!doNotSetFriendlyName) { try { x509Certificate.FriendlyName = ProxyConstants.CNRemoverRegex.Replace(subjectName, string.Empty); } catch (PlatformNotSupportedException) { doNotSetFriendlyName = true; } } return(x509Certificate); }
private static void Certificate_Sample() { var algorithm = "RSA"; var keySize = 2048; //颁发者DN var issuer = new X509Name(new ArrayList { X509Name.C, X509Name.O, X509Name.OU, X509Name.L, X509Name.ST }, new Hashtable { [X509Name.C] = "CN", [X509Name.O] = "Fulu Newwork", [X509Name.OU] = "Fulu RSA CA 2020", [X509Name.L] = "Wuhan", [X509Name.ST] = "Hubei", }); //使用者DN var subject = new X509Name(new ArrayList { X509Name.C, X509Name.O, X509Name.CN }, new Hashtable { [X509Name.C] = "CN", [X509Name.O] = "ICH", [X509Name.CN] = "*.fulu.com" }); CertificateGenerator.GenerateCertificate(new GenerateCertificateOptions { Path = "mypfx.pfx", Issuer = issuer, Subject = subject }); var password = "******"; //证书密码 var signatureAlgorithm = "SHA256WITHRSA"; //签名算法 //var keyP = RSAKeyGenerator.Pkcs1(); //var pK = AsymmetricKeyUtilities.GetAsymmetricKeyParameterFormPrivateKey(keyP.PrivateKey); //CertificateGenerator.GenerateCertificate(new GenerateCertificateOptions{ Path = "mypfx.pfx", Issuer = issuer, Subject = subject }); //生成证书 // CertificateGenerator.X509V3(algorithm, keySize, password, signatureAlgorithm, DateTime.Now.AddDays(-1),DateTime.Now.AddDays(2), issuer, subject, "mycert.cert", "mypfx.pfx"); var pfx = new X509Certificate2("mypfx.pfx", password, X509KeyStorageFlags.Exportable); var keyPair2 = DotNetUtilities.GetKeyPair(pfx.PrivateKey); var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair2.Public); var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair2.Private); var privateKey = Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded()); var publicKey = Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded()); //var cert = new X509Certificate2("mycert.cert", string.Empty, X509KeyStorageFlags.Exportable); //var publicKey2 = Base64.ToBase64String(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(DotNetUtilities.FromX509Certificate(cert).GetPublicKey()).GetEncoded()); Console.ForegroundColor = ConsoleColor.DarkYellow; Console.WriteLine("Pfx证书私钥:"); Console.WriteLine(privateKey); Console.WriteLine("Pfx证书公钥:"); Console.WriteLine(publicKey); //Console.WriteLine("Cert证书公钥:"); //Console.WriteLine(publicKey2); var data = "hello rsa"; Console.WriteLine($"加密原文:{data}"); var pkcs1data = RSA.EncryptToBase64(data, AsymmetricKeyUtilities.GetAsymmetricKeyParameterFormPublicKey(publicKey), Algorithms.RSA_ECB_PKCS1Padding); Console.WriteLine("加密结果:"); Console.WriteLine(pkcs1data); //pkcs1data = // "KGbgP3Ns6kFyjJ7tbepdZ3X8zssoHKWyVzVesghWg8fFP0ZMVumf+iXJ93LBu3xqKWE/5JTr1qFc5u0Cm3BUPnusMjBTgMrQk3zopVOELpChFbkeTR2YHsdDZdBzaJVN4SQQwHMkp2w8Pyb9x1NjsFoHHQEskBUNnOEuGkEFZdg="; Console.WriteLine("解密结果:"); var datares = RSA.DecryptFromBase64(pkcs1data, AsymmetricKeyUtilities.GetAsymmetricKeyParameterFormPrivateKey(privateKey), Algorithms.RSA_ECB_PKCS1Padding); Console.WriteLine(datares); }
/// <summary> /// Generate a self signed certificate. /// </summary> /// <param name="subjectName"><see cref="Uri"/> object the subject name</param> /// <param name="issuerName"> The name of the issuer </param> /// <param name="issuerPrivKey"><see cref="AsymmetricKeyParameter"/> object of the issuer private key</param> /// <param name="keyStrength"> /// The strength of thet key. /// Default: 2048 /// </param> /// <returns> /// Returns a <see cref="X509Certificate2"/>instance of the certificate. /// </returns> private static X509Certificate2 GenerateSelfSignedCertificate(Uri subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name var subjectDN = new X509Name($"CN=*.{subjectName.DnsSafeHost}, O={issuerName}, OU=Created by http://httplogger.net"); var issuerDN = new X509Name($"CN={issuerName}, O={issuerName}, OU=Created by http://httplogger.net"); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, $"{subjectName.DnsSafeHost}"), new GeneralName(GeneralName.DnsName, $"*.{subjectName.DnsSafeHost}"), }; var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames); certificateGenerator.AddExtension( X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate var issuerKeyPair = subjectKeyPair; // selfsign certificate var certificate = certificateGenerator.Generate(issuerPrivKey, random); // correcponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); AddCertificateToStore(x509, StoreName.My, StoreLocation.CurrentUser); return(x509); }
public void WriteObject( object obj, string algorithm, char[] password, SecureRandom random) { if (obj == null) { throw new ArgumentNullException("obj"); } if (algorithm == null) { throw new ArgumentNullException("algorithm"); } if (password == null) { throw new ArgumentNullException("password"); } if (random == null) { throw new ArgumentNullException("random"); } byte[] keyData = null; if (obj is RsaPrivateCrtKeyParameters) { RsaPrivateCrtKeyParameters k = (RsaPrivateCrtKeyParameters)obj; keyData = PrivateKeyInfoFactory.CreatePrivateKeyInfo(k).PrivateKey.GetEncoded(); } else { // TODO Support other types? throw new ArgumentException("Object type not supported: " + obj.GetType().FullName, "obj"); } byte[] salt = new byte[8]; random.NextBytes(salt); OpenSslPbeParametersGenerator pGen = new OpenSslPbeParametersGenerator(); pGen.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt); ICipherParameters secretKey = null; if (algorithm.ToUpper(CultureInfo.InvariantCulture).Equals("DESEDE")) { // generate key int keyLength = 24; secretKey = pGen.GenerateDerivedParameters(keyLength * 8); } else { throw new IOException("unknown algorithm in WriteObject"); } byte[] encData = null; // cipher try { IBufferedCipher c = CipherUtilities.GetCipher("DESede/CBC/PKCS5Padding"); c.Init(true, new ParametersWithIV(secretKey, salt)); encData = c.DoFinal(keyData); } catch (Exception e) { throw new IOException("exception using cipher: " + e.ToString()); } // write the data string type = "RSA PRIVATE KEY"; WriteHeader(type); writer.WriteLine("Proc-Type: 4,ENCRYPTED"); writer.Write("DEK-Info: DES-EDE3-CBC,"); WriteHexEncoded(salt); writer.WriteLine(); WriteBase64Encoded(encData); WriteFooter(type); }
public void WriteObject( object obj) { if (obj == null) { throw new ArgumentNullException("obj"); } string type; byte[] encoding; if (obj is X509Certificate) { // TODO Should we prefer "X509 CERTIFICATE" here? type = "CERTIFICATE"; try { encoding = ((X509Certificate)obj).GetEncoded(); } catch (CertificateEncodingException e) { throw new IOException("Cannot Encode object: " + e.ToString()); } } else if (obj is X509Crl) { type = "X509 CRL"; try { encoding = ((X509Crl)obj).GetEncoded(); } catch (CrlException e) { throw new IOException("Cannot Encode object: " + e.ToString()); } } else if (obj is AsymmetricCipherKeyPair) { WriteObject(((AsymmetricCipherKeyPair)obj).Private); return; } else if (obj is AsymmetricKeyParameter) { AsymmetricKeyParameter akp = (AsymmetricKeyParameter)obj; if (akp.IsPrivate) { PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp); if (obj is RsaKeyParameters) { type = "RSA PRIVATE KEY"; encoding = info.PrivateKey.GetEncoded(); } else if (obj is DsaPrivateKeyParameters) { type = "DSA PRIVATE KEY"; DsaParameter p = DsaParameter.GetInstance(info.AlgorithmID.Parameters); BigInteger x = ((DsaPrivateKeyParameters)obj).X; BigInteger y = p.G.ModPow(x, p.P); // TODO Create an ASN1 object somewhere for this? encoding = new DerSequence( new DerInteger(0), new DerInteger(p.P), new DerInteger(p.Q), new DerInteger(p.G), new DerInteger(y), new DerInteger(x)).GetEncoded(); } else { throw new IOException("Cannot identify private key"); } } else { type = "PUBLIC KEY"; encoding = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(akp).GetDerEncoded(); } } else if (obj is IX509AttributeCertificate) { type = "ATTRIBUTE CERTIFICATE"; encoding = ((X509V2AttributeCertificate)obj).GetEncoded(); } else if (obj is Pkcs10CertificationRequest) { type = "CERTIFICATE REQUEST"; encoding = ((Pkcs10CertificationRequest)obj).GetEncoded(); } else if (obj is Asn1.Cms.ContentInfo) { type = "PKCS7"; encoding = ((Asn1.Cms.ContentInfo)obj).GetEncoded(); } else { throw new ArgumentException("Object type not supported: " + obj.GetType().FullName, "obj"); } WriteHeader(type); WriteBase64Encoded(encoding); WriteFooter(type); }
private void generationTest() { byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; ISigner s = SignerUtilities.GetSigner("GOST3410"); IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("GOST3410"); g.Init( new Gost3410KeyGenerationParameters( new SecureRandom(), CryptoProObjectIdentifiers.GostR3410x94CryptoProA)); AsymmetricCipherKeyPair p = g.GenerateKeyPair(); AsymmetricKeyParameter sKey = p.Private; AsymmetricKeyParameter vKey = p.Public; s.Init(true, sKey); s.BlockUpdate(data, 0, data.Length); byte[] sigBytes = s.GenerateSignature(); s = SignerUtilities.GetSigner("GOST3410"); s.Init(false, vKey); s.BlockUpdate(data, 0, data.Length); if (!s.VerifySignature(sigBytes)) { Fail("GOST3410 verification failed"); } // // default initialisation test // s = SignerUtilities.GetSigner("GOST3410"); g = GeneratorUtilities.GetKeyPairGenerator("GOST3410"); // TODO This is supposed to be a 'default initialisation' test, but don't have a factory // These values are defaults from JCE provider g.Init( new Gost3410KeyGenerationParameters( new SecureRandom(), CryptoProObjectIdentifiers.GostR3410x94CryptoProA)); p = g.GenerateKeyPair(); sKey = p.Private; vKey = p.Public; s.Init(true, sKey); s.BlockUpdate(data, 0, data.Length); sigBytes = s.GenerateSignature(); s = SignerUtilities.GetSigner("GOST3410"); s.Init(false, vKey); s.BlockUpdate(data, 0, data.Length); if (!s.VerifySignature(sigBytes)) { Fail("GOST3410 verification failed"); } // // encoded test // //KeyFactory f = KeyFactory.getInstance("GOST3410"); //X509EncodedKeySpec x509s = new X509EncodedKeySpec(vKey.GetEncoded()); //Gost3410PublicKeyParameters k1 = (Gost3410PublicKeyParameters)f.generatePublic(x509s); byte[] vKeyEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(vKey).GetDerEncoded(); Gost3410PublicKeyParameters k1 = (Gost3410PublicKeyParameters) PublicKeyFactory.CreateKey(vKeyEnc); if (!k1.Y.Equals(((Gost3410PublicKeyParameters)vKey).Y)) { Fail("public number not decoded properly"); } //PKCS8EncodedKeySpec pkcs8 = new PKCS8EncodedKeySpec(sKey.GetEncoded()); //Gost3410PrivateKeyParameters k2 = (Gost3410PrivateKeyParameters)f.generatePrivate(pkcs8); byte[] sKeyEnc = PrivateKeyInfoFactory.CreatePrivateKeyInfo(sKey).GetDerEncoded(); Gost3410PrivateKeyParameters k2 = (Gost3410PrivateKeyParameters) PrivateKeyFactory.CreateKey(sKeyEnc); if (!k2.X.Equals(((Gost3410PrivateKeyParameters)sKey).X)) { Fail("private number not decoded properly"); } // // ECGOST3410 generation test // s = SignerUtilities.GetSigner("ECGOST3410"); g = GeneratorUtilities.GetKeyPairGenerator("ECGOST3410"); BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564821041"); BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927082934583725450622380973592137631069619"); ECCurve curve = new FpCurve( mod_p, new BigInteger("7"), // a new BigInteger("43308876546767276905765904595650931995942111794451039583252968842033849580414"), // b mod_q, BigInteger.One); ECDomainParameters ecSpec = new ECDomainParameters( curve, curve.CreatePoint( new BigInteger("2"), new BigInteger("4018974056539037503335449422937059775635739389905545080690979365213431566280")), mod_q, BigInteger.One); g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom())); p = g.GenerateKeyPair(); sKey = p.Private; vKey = p.Public; s.Init(true, sKey); s.BlockUpdate(data, 0, data.Length); sigBytes = s.GenerateSignature(); s = SignerUtilities.GetSigner("ECGOST3410"); s.Init(false, vKey); s.BlockUpdate(data, 0, data.Length); if (!s.VerifySignature(sigBytes)) { Fail("ECGOST3410 verification failed"); } }
private void doTestGP( string algName, int size, int privateValueSize, BigInteger g, BigInteger p) { IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator(algName); DHParameters dhParams = new DHParameters(p, g, null, privateValueSize); KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), dhParams); keyGen.Init(kgp); // // a side // AsymmetricCipherKeyPair aKeyPair = keyGen.GenerateKeyPair(); IBasicAgreement aKeyAgreeBasic = AgreementUtilities.GetBasicAgreement(algName); checkKeySize(privateValueSize, aKeyPair); aKeyAgreeBasic.Init(aKeyPair.Private); // // b side // AsymmetricCipherKeyPair bKeyPair = keyGen.GenerateKeyPair(); IBasicAgreement bKeyAgreeBasic = AgreementUtilities.GetBasicAgreement(algName); checkKeySize(privateValueSize, bKeyPair); bKeyAgreeBasic.Init(bKeyPair.Private); // // agreement // // aKeyAgreeBasic.doPhase(bKeyPair.Public, true); // bKeyAgreeBasic.doPhase(aKeyPair.Public, true); // // BigInteger k1 = new BigInteger(aKeyAgreeBasic.generateSecret()); // BigInteger k2 = new BigInteger(bKeyAgreeBasic.generateSecret()); BigInteger k1 = aKeyAgreeBasic.CalculateAgreement(bKeyPair.Public); BigInteger k2 = bKeyAgreeBasic.CalculateAgreement(aKeyPair.Public); if (!k1.Equals(k2)) { Fail(size + " bit 2-way test failed"); } // // public key encoding test // // byte[] pubEnc = aKeyPair.Public.GetEncoded(); byte[] pubEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(aKeyPair.Public).GetDerEncoded(); // KeyFactory keyFac = KeyFactory.getInstance(algName); // X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc); // DHPublicKey pubKey = (DHPublicKey)keyFac.generatePublic(pubX509); DHPublicKeyParameters pubKey = (DHPublicKeyParameters)PublicKeyFactory.CreateKey(pubEnc); // DHParameterSpec spec = pubKey.Parameters; DHParameters spec = pubKey.Parameters; if (!spec.G.Equals(dhParams.G) || !spec.P.Equals(dhParams.P)) { Fail(size + " bit public key encoding/decoding test failed on parameters"); } if (!((DHPublicKeyParameters)aKeyPair.Public).Y.Equals(pubKey.Y)) { Fail(size + " bit public key encoding/decoding test failed on y value"); } // // public key serialisation test // // TODO Put back in // MemoryStream bOut = new MemoryStream(); // ObjectOutputStream oOut = new ObjectOutputStream(bOut); // // oOut.WriteObject(aKeyPair.Public); // // MemoryStream bIn = new MemoryStream(bOut.ToArray(), false); // ObjectInputStream oIn = new ObjectInputStream(bIn); // // pubKey = (DHPublicKeyParameters)oIn.ReadObject(); spec = pubKey.Parameters; if (!spec.G.Equals(dhParams.G) || !spec.P.Equals(dhParams.P)) { Fail(size + " bit public key serialisation test failed on parameters"); } if (!((DHPublicKeyParameters)aKeyPair.Public).Y.Equals(pubKey.Y)) { Fail(size + " bit public key serialisation test failed on y value"); } // // private key encoding test // // byte[] privEnc = aKeyPair.Private.GetEncoded(); byte[] privEnc = PrivateKeyInfoFactory.CreatePrivateKeyInfo(aKeyPair.Private).GetDerEncoded(); // PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc); // DHPrivateKeyParameters privKey = (DHPrivateKey)keyFac.generatePrivate(privPKCS8); DHPrivateKeyParameters privKey = (DHPrivateKeyParameters)PrivateKeyFactory.CreateKey(privEnc); spec = privKey.Parameters; if (!spec.G.Equals(dhParams.G) || !spec.P.Equals(dhParams.P)) { Fail(size + " bit private key encoding/decoding test failed on parameters"); } if (!((DHPrivateKeyParameters)aKeyPair.Private).X.Equals(privKey.X)) { Fail(size + " bit private key encoding/decoding test failed on y value"); } // // private key serialisation test // // TODO Put back in // bOut = new MemoryStream(); // oOut = new ObjectOutputStream(bOut); // // oOut.WriteObject(aKeyPair.Private); // // bIn = new MemoryStream(bOut.ToArray(), false); // oIn = new ObjectInputStream(bIn); // // privKey = (DHPrivateKeyParameters)oIn.ReadObject(); spec = privKey.Parameters; if (!spec.G.Equals(dhParams.G) || !spec.P.Equals(dhParams.P)) { Fail(size + " bit private key serialisation test failed on parameters"); } if (!((DHPrivateKeyParameters)aKeyPair.Private).X.Equals(privKey.X)) { Fail(size + " bit private key serialisation test failed on y value"); } // // three party test // IAsymmetricCipherKeyPairGenerator aPairGen = GeneratorUtilities.GetKeyPairGenerator(algName); aPairGen.Init(new DHKeyGenerationParameters(new SecureRandom(), spec)); AsymmetricCipherKeyPair aPair = aPairGen.GenerateKeyPair(); IAsymmetricCipherKeyPairGenerator bPairGen = GeneratorUtilities.GetKeyPairGenerator(algName); bPairGen.Init(new DHKeyGenerationParameters(new SecureRandom(), spec)); AsymmetricCipherKeyPair bPair = bPairGen.GenerateKeyPair(); IAsymmetricCipherKeyPairGenerator cPairGen = GeneratorUtilities.GetKeyPairGenerator(algName); cPairGen.Init(new DHKeyGenerationParameters(new SecureRandom(), spec)); AsymmetricCipherKeyPair cPair = cPairGen.GenerateKeyPair(); IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement(algName); aKeyAgree.Init(aPair.Private); IBasicAgreement bKeyAgree = AgreementUtilities.GetBasicAgreement(algName); bKeyAgree.Init(bPair.Private); IBasicAgreement cKeyAgree = AgreementUtilities.GetBasicAgreement(algName); cKeyAgree.Init(cPair.Private); // Key ac = aKeyAgree.doPhase(cPair.Public, false); // Key ba = bKeyAgree.doPhase(aPair.Public, false); // Key cb = cKeyAgree.doPhase(bPair.Public, false); // // aKeyAgree.doPhase(cb, true); // bKeyAgree.doPhase(ac, true); // cKeyAgree.doPhase(ba, true); // // BigInteger aShared = new BigInteger(aKeyAgree.generateSecret()); // BigInteger bShared = new BigInteger(bKeyAgree.generateSecret()); // BigInteger cShared = new BigInteger(cKeyAgree.generateSecret()); DHPublicKeyParameters ac = new DHPublicKeyParameters(aKeyAgree.CalculateAgreement(cPair.Public), spec); DHPublicKeyParameters ba = new DHPublicKeyParameters(bKeyAgree.CalculateAgreement(aPair.Public), spec); DHPublicKeyParameters cb = new DHPublicKeyParameters(cKeyAgree.CalculateAgreement(bPair.Public), spec); BigInteger aShared = aKeyAgree.CalculateAgreement(cb); BigInteger bShared = bKeyAgree.CalculateAgreement(ac); BigInteger cShared = cKeyAgree.CalculateAgreement(ba); if (!aShared.Equals(bShared)) { Fail(size + " bit 3-way test failed (a and b differ)"); } if (!cShared.Equals(bShared)) { Fail(size + " bit 3-way test failed (c and b differ)"); } }
private void DoTestECDH(string algorithm) { IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator(algorithm); X9ECParameters x9 = ECNamedCurveTable.GetByName("prime239v1"); ECDomainParameters ecSpec = new ECDomainParameters(x9.Curve, x9.G, x9.N, x9.H); g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom())); // // a side // AsymmetricCipherKeyPair aKeyPair = g.GenerateKeyPair(); IBasicAgreement aKeyAgreeBasic = AgreementUtilities.GetBasicAgreement(algorithm); aKeyAgreeBasic.Init(aKeyPair.Private); // // b side // AsymmetricCipherKeyPair bKeyPair = g.GenerateKeyPair(); IBasicAgreement bKeyAgreeBasic = AgreementUtilities.GetBasicAgreement(algorithm); bKeyAgreeBasic.Init(bKeyPair.Private); // // agreement // BigInteger k1 = aKeyAgreeBasic.CalculateAgreement(bKeyPair.Public); BigInteger k2 = bKeyAgreeBasic.CalculateAgreement(aKeyPair.Public); if (!k1.Equals(k2)) { Fail(algorithm + " 2-way test failed"); } // // public key encoding test // // byte[] pubEnc = aKeyPair.Public.GetEncoded(); byte[] pubEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(aKeyPair.Public).GetDerEncoded(); // KeyFactory keyFac = KeyFactory.getInstance(algorithm); // X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc); // ECPublicKey pubKey = (ECPublicKey)keyFac.generatePublic(pubX509); ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(pubEnc); ECDomainParameters ecDP = pubKey.Parameters; // if (!pubKey.getW().Equals(((ECPublicKeyParameters)aKeyPair.Public).getW())) ECPoint pq1 = pubKey.Q.Normalize(), pq2 = ((ECPublicKeyParameters)aKeyPair.Public).Q.Normalize(); if (!pq1.Equals(pq2)) { // Console.WriteLine(" expected " + pubKey.getW().getAffineX() + " got " + ((ECPublicKey)aKeyPair.Public).getW().getAffineX()); // Console.WriteLine(" expected " + pubKey.getW().getAffineY() + " got " + ((ECPublicKey)aKeyPair.Public).getW().getAffineY()); // Fail(algorithm + " public key encoding (W test) failed"); Console.WriteLine(" expected " + pq1.AffineXCoord.ToBigInteger() + " got " + pq2.AffineXCoord.ToBigInteger()); Console.WriteLine(" expected " + pq1.AffineYCoord.ToBigInteger() + " got " + pq2.AffineYCoord.ToBigInteger()); Fail(algorithm + " public key encoding (Q test) failed"); } // if (!pubKey.Parameters.getGenerator().Equals(((ECPublicKeyParameters)aKeyPair.Public).Parameters.getGenerator())) if (!pubKey.Parameters.G.Equals(((ECPublicKeyParameters)aKeyPair.Public).Parameters.G)) { Fail(algorithm + " public key encoding (G test) failed"); } // // private key encoding test // // byte[] privEnc = aKeyPair.Private.GetEncoded(); byte[] privEnc = PrivateKeyInfoFactory.CreatePrivateKeyInfo(aKeyPair.Private).GetDerEncoded(); // PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc); // ECPrivateKey privKey = (ECPrivateKey)keyFac.generatePrivate(privPKCS8); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privEnc); // if (!privKey.getS().Equals(((ECPrivateKey)aKeyPair.Private).getS())) if (!privKey.D.Equals(((ECPrivateKeyParameters)aKeyPair.Private).D)) { // Fail(algorithm + " private key encoding (S test) failed"); Fail(algorithm + " private key encoding (D test) failed"); } // if (!privKey.Parameters.getGenerator().Equals(((ECPrivateKey)aKeyPair.Private).Parameters.getGenerator())) if (!privKey.Parameters.G.Equals(((ECPrivateKeyParameters)aKeyPair.Private).Parameters.G)) { Fail(algorithm + " private key encoding (G test) failed"); } }
/// <summary> /// Creates a new signing key pair /// </summary> /// <param name="name">The name of the key or zone</param> /// <param name="recordClass">The record class of the DnsKeyRecord</param> /// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param> /// <param name="flags">The Flags of the DnsKeyRecord</param> /// <param name="protocol">The protocol version</param> /// <param name="algorithm">The key algorithm</param> /// <param name="keyStrength">The key strength or 0 for default strength</param> /// <returns></returns> public static DnsKeyRecord CreateSigningKey(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, int keyStrength = 0) { byte[] privateKey; byte[] publicKey; switch (algorithm) { case DnsSecAlgorithm.RsaSha1: case DnsSecAlgorithm.RsaSha1Nsec3Sha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: if (keyStrength == 0) { keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024; } RsaKeyPairGenerator rsaKeyGen = new RsaKeyPairGenerator(); rsaKeyGen.Init(new KeyGenerationParameters(_secureRandom, keyStrength)); var rsaKey = rsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded(); var rsaPublicKey = (RsaKeyParameters)rsaKey.Public; var rsaExponent = rsaPublicKey.Exponent.ToByteArrayUnsigned(); var rsaModulus = rsaPublicKey.Modulus.ToByteArrayUnsigned(); int offset = 1; if (rsaExponent.Length > 255) { publicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length]; DnsMessageBase.EncodeUShort(publicKey, ref offset, (ushort)publicKey.Length); } else { publicKey = new byte[1 + rsaExponent.Length + rsaModulus.Length]; publicKey[0] = (byte)rsaExponent.Length; } DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaExponent); DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaModulus); break; case DnsSecAlgorithm.Dsa: case DnsSecAlgorithm.DsaNsec3Sha1: if (keyStrength == 0) { keyStrength = 1024; } DsaParametersGenerator dsaParamsGen = new DsaParametersGenerator(); dsaParamsGen.Init(keyStrength, 12, _secureRandom); DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator(); dsaKeyGen.Init(new DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters())); var dsaKey = dsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded(); var dsaPublicKey = (DsaPublicKeyParameters)dsaKey.Public; var dsaY = dsaPublicKey.Y.ToByteArrayUnsigned(); var dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned(); var dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned(); var dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned(); var dsaT = (byte)((dsaY.Length - 64) / 8); publicKey = new byte[21 + 3 * dsaY.Length]; publicKey[0] = dsaT; dsaQ.CopyTo(publicKey, 1); dsaP.CopyTo(publicKey, 21); dsaG.CopyTo(publicKey, 21 + dsaY.Length); dsaY.CopyTo(publicKey, 21 + 2 * dsaY.Length); break; case DnsSecAlgorithm.EccGost: ECDomainParameters gostEcDomainParameters = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); var gostKeyGen = new ECKeyPairGenerator(); gostKeyGen.Init(new ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom)); var gostKey = gostKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded(); var gostPublicKey = (ECPublicKeyParameters)gostKey.Public; publicKey = new byte[64]; gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32); gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); publicKey = publicKey.Reverse().ToArray(); break; case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: int ecDsaDigestSize; X9ECParameters ecDsaCurveParameter; if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256) { ecDsaDigestSize = new Sha256Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP256r1); } else { ecDsaDigestSize = new Sha384Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP384r1); } ECDomainParameters ecDsaP384EcDomainParameters = new ECDomainParameters( ecDsaCurveParameter.Curve, ecDsaCurveParameter.G, ecDsaCurveParameter.N, ecDsaCurveParameter.H, ecDsaCurveParameter.GetSeed()); var ecDsaKeyGen = new ECKeyPairGenerator(); ecDsaKeyGen.Init(new ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom)); var ecDsaKey = ecDsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded(); var ecDsaPublicKey = (ECPublicKeyParameters)ecDsaKey.Public; publicKey = new byte[ecDsaDigestSize * 2]; ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize); break; default: throw new NotSupportedException(); } return(new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, privateKey)); }
public static string SerializedPrivate(this AsymmetricCipherKeyPair pair) => PrivateKeyInfoFactory .CreatePrivateKeyInfo(pair.Private) .Encoded() .ToBase64String();
//[Obsolete("Use CreateSelfSignedTlsCert instead.")] public static X509Certificate2 CreateSelfSignedCert(string subjectName, string issuerName, AsymmetricKeyParameter privateKey) { const int keyStrength = DEFAULT_KEY_SIZE; if (privateKey == null) { privateKey = CreatePrivateKeyResource(issuerName); } var issuerPrivKey = privateKey; // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivKey, random); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.DnsName, "localhost"), new GeneralName(GeneralName.DnsName, "127.0.0.1") })); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(new List <DerObjectIdentifier>() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1") })); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var subjectDn = new X509Name(subjectName); var issuerDn = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(70); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // self sign certificate var certificate = certificateGenerator.Generate(signatureFactory); // Originally pre-processor defines were used to try and pick the supported way to get from a Bouncy Castle // certificate and private key to a .NET certificate. The problem is that setting the private key on a .NET // X509 certificate is possible in .NET Framework but NOT in .NET Core. To complicate matters even further // the workaround in the CovertBouncyCert method of saving a cert + pvt key to a .pfx stream and then // reloading does not work on macOS or Unity (and possibly elsewhere) due to .pfx serialisation not being // compatible. This is the exception from Unity: // // Mono.Security.ASN1..ctor (System.Byte[] data) (at <6a66fe237d4242c9924192d3c28dd540>:0) // Mono.Security.X509.X509Certificate.Parse(System.Byte[] data)(at < 6a66fe237d4242c9924192d3c28dd540 >:0) // // Summary: // .NET Framework (including Mono on Linux, macOS and WSL) // - Set x509.PrivateKey works. // .NET Standard: // - Set x509.PrivateKey for a .NET Framework application. // - Set x509.PrivateKey for a .NET Core application FAILS. // .NET Core: // - Set x509.PrivateKey for a .NET Core application FAILS. // - PFX serialisation works on Windows. // - PFX serialisation works on WSL and Linux. // - PFX serialisation FAILS on macOS. // // For same issue see https://github.com/dotnet/runtime/issues/23635. // For fix in net5 see https://github.com/dotnet/corefx/pull/42226. try { // corresponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); //new RsaPrivateKeyStructure(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // TODO: When .NET Standard and Framework support are deprecated this pragma can be removed. #pragma warning disable SYSLIB0028 x509.PrivateKey = ToRSA(rsaparams); #pragma warning restore SYSLIB0028 return(x509); } catch { return(ConvertBouncyCert(certificate, subjectKeyPair)); } }
protected virtual X509Certificate2 CreateCertificate(string subjectName, bool isCertificateAuthority, string altName) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); if (!isCertificateAuthority) { certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)); } else { certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(true)); } // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var subjectDN = new X509Name(true, subjectName); certificateGenerator.SetSubjectDN(subjectDN); certificateGenerator.SetIssuerDN(isCertificateAuthority ? subjectDN : new X509Name(true, $"CN={RootCertificateName}, O={Issuer}")); if (!isCertificateAuthority) { var subjectAltName = new GeneralNames(new GeneralName(GeneralName.DnsName, altName)); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); } // Valid For DateTime notBefore = DateTime.UtcNow.Date; certificateGenerator.SetNotBefore(notBefore); DateTime notAfter = notBefore.AddYears(1); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, 1024); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); AsymmetricKeyParameter issuerPrivateKey; if (isCertificateAuthority) { issuerPrivateKey = subjectKeyPair.Private; _privateKey = issuerPrivateKey; } else { if (_privateKey == null) { X509Certificate2 rootCA = InstallCertificate(RootStore, RootCertificateName); _privateKey = TransformRSAPrivateKey(rootCA.GetRSAPrivateKey().ExportParameters(true)); } issuerPrivateKey = _privateKey; } var privateKey = (RsaPrivateCrtKeyParameters)issuerPrivateKey; if (!isCertificateAuthority) { PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); var rsa = RsaPrivateKeyStructure.GetInstance(seq); privateKey = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); } // Self-Sign Certificate ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivateKey, random); X509Certificate2 certificate = GetSignedCertificate(certificateGenerator.Generate(signatureFactory), privateKey); certificate.FriendlyName = subjectName; return(certificate); }
public void doTestCurve( string name) { // ECGenParameterSpec ecSpec = new ECGenParameterSpec(name); ECDomainParameters ecSpec = GetCurveParameters(name); IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("ECDH"); // g.initialize(ecSpec, new SecureRandom()); g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom())); // // a side // AsymmetricCipherKeyPair aKeyPair = g.GenerateKeyPair(); // KeyAgreement aKeyAgree = KeyAgreement.getInstance("ECDHC"); IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement("ECDHC"); aKeyAgree.Init(aKeyPair.Private); // // b side // AsymmetricCipherKeyPair bKeyPair = g.GenerateKeyPair(); // KeyAgreement bKeyAgree = KeyAgreement.getInstance("ECDHC"); IBasicAgreement bKeyAgree = AgreementUtilities.GetBasicAgreement("ECDHC"); bKeyAgree.Init(bKeyPair.Private); // // agreement // // aKeyAgree.doPhase(bKeyPair.Public, true); // bKeyAgree.doPhase(aKeyPair.Public, true); // // BigInteger k1 = new BigInteger(aKeyAgree.generateSecret()); // BigInteger k2 = new BigInteger(bKeyAgree.generateSecret()); BigInteger k1 = aKeyAgree.CalculateAgreement(bKeyPair.Public); BigInteger k2 = bKeyAgree.CalculateAgreement(aKeyPair.Public); if (!k1.Equals(k2)) { Fail("2-way test failed"); } // // public key encoding test // // byte[] pubEnc = aKeyPair.Public.getEncoded(); byte[] pubEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(aKeyPair.Public).GetDerEncoded(); // KeyFactory keyFac = KeyFactory.getInstance("ECDH"); // X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc); // ECPublicKey pubKey = (ECPublicKey)keyFac.generatePublic(pubX509); ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(pubEnc); // if (!pubKey.getW().Equals(((ECPublicKey)aKeyPair.Public).getW())) if (!pubKey.Q.Equals(((ECPublicKeyParameters)aKeyPair.Public).Q)) { Fail("public key encoding (Q test) failed"); } // TODO Put back in? // if (!(pubKey.getParams() is ECNamedCurveSpec)) // { // Fail("public key encoding not named curve"); // } // // private key encoding test // // byte[] privEnc = aKeyPair.Private.getEncoded(); byte[] privEnc = PrivateKeyInfoFactory.CreatePrivateKeyInfo(aKeyPair.Private).GetDerEncoded(); // PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc); // ECPrivateKey privKey = (ECPrivateKey)keyFac.generatePrivate(privPKCS8); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privEnc); // if (!privKey.getS().Equals(((ECPrivateKey)aKeyPair.Private).getS())) if (!privKey.D.Equals(((ECPrivateKeyParameters)aKeyPair.Private).D)) { Fail("private key encoding (S test) failed"); } // TODO Put back in? // if (!(privKey.getParams() is ECNamedCurveSpec)) // { // Fail("private key encoding not named curve"); // } // // ECNamedCurveSpec privSpec = (ECNamedCurveSpec)privKey.getParams(); // if (!(privSpec.GetName().Equals(name) || privSpec.GetName().Equals(CurveNames.get(name)))) // { // Fail("private key encoding wrong named curve. Expected: " // + CurveNames[name] + " got " + privSpec.GetName()); // } }
public override void PerformTest() { IAsymmetricCipherKeyPairGenerator pGen = GeneratorUtilities.GetKeyPairGenerator("RSA"); RsaKeyGenerationParameters genParam = new RsaKeyGenerationParameters( BigInteger.ValueOf(0x10001), new SecureRandom(), 512, 25); pGen.Init(genParam); AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair(); // // set up the parameters // byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; int iterationCount = 100; // // set up the key // char[] password1 = { 'h', 'e', 'l', 'l', 'o' }; EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(alg, password1, salt, iterationCount, PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private)); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password1, encInfo); AsymmetricKeyParameter key = PrivateKeyFactory.CreateKey(info); if (!key.Equals(pair.Private)) { Fail("Key corrupted"); } doOpensslTestKeys(); }
/** * decrypt the content and return an input stream. */ public override CmsTypedStream GetContentStream( // Key key) ICipherParameters key) { if (!(key is AsymmetricKeyParameter)) { throw new ArgumentException("KeyAgreement requires asymmetric key", "key"); } AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)key; if (!privKey.IsPrivate) { throw new ArgumentException("Expected private key", "key"); } try { OriginatorPublicKey origK = _info.Originator.OriginatorKey; PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey); SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(privInfo.AlgorithmID, origK.PublicKey.GetBytes()); AsymmetricKeyParameter pubKey = PublicKeyFactory.CreateKey(pubInfo); string wrapAlg = DerObjectIdentifier.GetInstance( Asn1Sequence.GetInstance(_keyEncAlg.Parameters)[0]).Id; IBasicAgreement agreement = AgreementUtilities.GetBasicAgreementWithKdf( _keyEncAlg.ObjectID, wrapAlg); agreement.Init(privKey); BigInteger wKeyNum = agreement.CalculateAgreement(pubKey); // TODO Fix the way bytes are derived from the secret byte[] wKeyBytes = wKeyNum.ToByteArrayUnsigned(); KeyParameter wKey = ParameterUtilities.CreateKeyParameter(wrapAlg, wKeyBytes); IWrapper keyCipher = WrapperUtilities.GetWrapper(wrapAlg); keyCipher.Init(false, wKey); AlgorithmIdentifier aid = _encAlg; string alg = aid.ObjectID.Id; byte[] encryptedKey = _encryptedKey.GetOctets(); byte[] sKeyBytes = keyCipher.Unwrap(encryptedKey, 0, encryptedKey.Length); KeyParameter sKey = ParameterUtilities.CreateKeyParameter(alg, sKeyBytes); return(GetContentFromSessionKey(sKey)); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (Exception e) { throw new CmsException("originator key invalid.", e); } }
/// <summary> /// Generate, install and export to file system new certificate /// </summary> /// <param name="subjectName">Subject name for new certificate</param> /// <param name="issuerName">CA(Certificate authority) name</param> /// <param name="issuerPrivKey">Issuer private key</param> /// <returns></returns> public static X509Certificate2 GenerateAuthorizeSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey) { const int keyStrength = 2048; // Generating random numbers CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); // The Certificate Generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name X509Name subjectDN = new X509Name("CN=" + subjectName); X509Name issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For DateTime notBefore = DateTime.UtcNow.Date; DateTime notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // selfsign certificate Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerPrivKey, random); // correcponding private key PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // Set Private Key x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); // Install certificate AddCertificateToStore(x509, StoreName.TrustedPeople, StoreLocation.LocalMachine); //Export ExportToFileSystem(X509ContentType.Pfx, x509, subjectName); return(x509); }
static string RSAPrivateKeyCSharpToJava(RsaKeyParameters rkp) { PrivateKeyInfo pki = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rkp); return(pki.ToAsn1Object().GetEncoded().ToBase64String()); }
private void doTestGP( int size, int privateValueSize, BigInteger g, BigInteger p) { IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("ElGamal"); // DHParameterSpec elParams = new DHParameterSpec(p, g); // keyGen.initialize(elParams); ElGamalParameters elParams = new ElGamalParameters(p, g, privateValueSize); ElGamalKeyGenerationParameters elKgp = new ElGamalKeyGenerationParameters( new SecureRandom(), elParams); keyGen.Init(elKgp); AsymmetricCipherKeyPair keyPair = keyGen.GenerateKeyPair(); SecureRandom rand = new SecureRandom(); checkKeySize(privateValueSize, keyPair); IBufferedCipher cipher = CipherUtilities.GetCipher("ElGamal"); cipher.Init(true, new ParametersWithRandom(keyPair.Public, rand)); byte[] inBytes = Encoding.ASCII.GetBytes("This is a test"); if (cipher.GetOutputSize(inBytes.Length) != (size / 8) * 2) { Fail("getOutputSize wrong on encryption"); } byte[] outBytes = cipher.DoFinal(inBytes); cipher.Init(false, keyPair.Private); if (cipher.GetOutputSize(outBytes.Length) != (size / 8) - 1) { Fail("GetOutputSize wrong on decryption"); } // // No Padding - maximum length // byte[] modBytes = ((ElGamalPublicKeyParameters)keyPair.Public).Parameters.P.ToByteArray(); byte[] maxInput = new byte[modBytes.Length - 1]; maxInput[0] |= 0x7f; cipher.Init(true, new ParametersWithRandom(keyPair.Public, rand)); outBytes = cipher.DoFinal(maxInput); cipher.Init(false, keyPair.Private); outBytes = cipher.DoFinal(outBytes); if (!AreEqual(outBytes, maxInput)) { Fail("NoPadding test failed on decrypt expected " + Hex.ToHexString(maxInput) + " got " + Hex.ToHexString(outBytes)); } // // encrypt/decrypt // IBufferedCipher c1 = CipherUtilities.GetCipher("ElGamal"); IBufferedCipher c2 = CipherUtilities.GetCipher("ElGamal"); c1.Init(true, new ParametersWithRandom(keyPair.Public, rand)); byte[] out1 = c1.DoFinal(inBytes); c2.Init(false, keyPair.Private); byte[] out2 = c2.DoFinal(out1); if (!AreEqual(inBytes, out2)) { Fail(size + " encrypt test failed"); } // // encrypt/decrypt with update // int outLen = c1.ProcessBytes(inBytes, 0, 2, out1, 0); outLen += c1.DoFinal(inBytes, 2, inBytes.Length - 2, out1, outLen); outLen = c2.ProcessBytes(out1, 0, 2, out2, 0); outLen += c2.DoFinal(out1, 2, out1.Length - 2, out2, outLen); if (!AreEqual(inBytes, out2)) { Fail(size + " encrypt with update test failed"); } // // public key encoding test // // byte[] pubEnc = keyPair.Public.GetEncoded(); byte[] pubEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public).GetDerEncoded(); // KeyFactory keyFac = KeyFactory.GetInstance("ElGamal"); // X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc); // DHPublicKeyParameters pubKey = (DHPublicKeyParameters)keyFac.generatePublic(pubX509); ElGamalPublicKeyParameters pubKey = (ElGamalPublicKeyParameters) PublicKeyFactory.CreateKey(pubEnc); ElGamalParameters spec = pubKey.Parameters; if (!spec.G.Equals(elParams.G) || !spec.P.Equals(elParams.P)) { Fail(size + " bit public key encoding/decoding test failed on parameters"); } if (!((ElGamalPublicKeyParameters)keyPair.Public).Y.Equals(pubKey.Y)) { Fail(size + " bit public key encoding/decoding test failed on y value"); } /* * // * // public key serialisation test * // * // TODO Is there some standard this serialization must conform to? * BinaryFormatter formatter = new BinaryFormatter(); * * MemoryStream bOut = new MemoryStream(); * // ObjectOutputStream oOut = new ObjectOutputStream(bOut); * // oOut.writeObject(keyPair.Public); * formatter.Serialize(bOut, keyPair.Public); * * MemoryStream bIn = new MemoryStream(bOut.ToArray(), false); * // ObjectInputStream oIn = new ObjectInputStream(bIn); * // pubKey = (DHPublicKeyParameters)oIn.readObject(); * pubKey = (ElGamalPublicKeyParameters) formatter.Deserialize(bIn); * spec = pubKey.Parameters; * * if (!spec.G.Equals(elParams.G) || !spec.P.Equals(elParams.P)) * { * Fail(size + " bit public key serialisation test failed on parameters"); * } * * if (!((ElGamalPublicKeyParameters )keyPair.Public).Y.Equals(pubKey.Y)) * { * Fail(size + " bit public key serialisation test failed on y value"); * } */ // // private key encoding test // // TODO Keys don't support GetEncoded // byte[] privEnc = keyPair.Private.GetEncoded(); byte[] privEnc = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private).GetDerEncoded(); // PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc); // DHPrivateKeyParameters privKey = (DHPrivateKeyParameters)keyFac.generatePrivate(privPKCS8); ElGamalPrivateKeyParameters privKey = (ElGamalPrivateKeyParameters) PrivateKeyFactory.CreateKey(privEnc); spec = privKey.Parameters; if (!spec.G.Equals(elParams.G) || !spec.P.Equals(elParams.P)) { Fail(size + " bit private key encoding/decoding test failed on parameters"); } if (!((ElGamalPrivateKeyParameters)keyPair.Private).X.Equals(privKey.X)) { Fail(size + " bit private key encoding/decoding test failed on y value"); } /* * // * // private key serialisation test * // * bOut = new MemoryStream(); * // oOut = new ObjectOutputStream(bOut); * // oOut.writeObject(keyPair.Private); * formatter.Serialize(bOut, keyPair.Private); * * bIn = new MemoryStream(bOut.ToArray(), false); * // oIn = new ObjectInputStream(bIn); * // privKey = (DHPrivateKeyParameters)oIn.readObject(); * privKey = (ElGamalPrivateKeyParameters) formatter.Deserialize(bIn); * spec = privKey.Parameters; * * if (!spec.G.Equals(elParams.G) || !spec.P.Equals(elParams.P)) * { * Fail(size + " bit private key serialisation test failed on parameters"); * } * * if (!((ElGamalPrivateKeyParameters) keyPair.Private).X.Equals(privKey.X)) * { * Fail(size + " bit private key serialisation test failed on y value"); * } */ }
static void Main(string[] args) { var privateKey = "pX/BvdXXUdpC79mW/jWi10Z6PJb5SBY2+aqkR/qYOjqgakKsqZFKnl0kz10Ve+BP"; var token = "BDiRKNnPiPUb5oala31nkmCaXMB0iyWy3Q93p6fN7vPxEQSUlFVsInkJzPBBqmW1FUIY1KBA3BQb3W3Qv4akZ8kblqbmvupE/EJzPKbROZFBNvxpvVOHHgO2qadmHAjHSmnxUuxrpKxopWnOgyhzUx+mBUTao0pcEgqZFw0Y/qZIJPf1KusCMlz5TAhpjsw="; // ##### // ##### Step 1 // ##### var decodedToken = Convert.FromBase64String(token); var decodedEphemeralPublicKey = decodedToken.Take(97).ToArray(); var encodedEphemeralPublicKeyCheck = Convert.ToBase64String(decodedEphemeralPublicKey); if (encodedEphemeralPublicKeyCheck != "BDiRKNnPiPUb5oala31nkmCaXMB0iyWy3Q93p6fN7vPxEQSUlFVsInkJzPBBqmW1FUIY1KBA3BQb3W3Qv4akZ8kblqbmvupE/EJzPKbROZFBNvxpvVOHHgO2qadmHAjHSg==") { throw new Exception("Public key check failed"); } X9ECParameters curveParams = ECNamedCurveTable.GetByName("secp384r1"); ECPoint decodePoint = curveParams.Curve.DecodePoint(decodedEphemeralPublicKey); ECDomainParameters domainParams = new ECDomainParameters(curveParams.Curve, curveParams.G, curveParams.N, curveParams.H, curveParams.GetSeed()); ECPublicKeyParameters ecPublicKeyParameters = new ECPublicKeyParameters(decodePoint, domainParams); var x = ecPublicKeyParameters.Q.AffineXCoord.ToBigInteger(); var y = ecPublicKeyParameters.Q.AffineYCoord.ToBigInteger(); if (!x.Equals(new BigInteger("8706462696031173094919866327685737145866436939551712382591956952075131891462487598200779332295613073905587629438229"))) { throw new Exception("X coord check failed"); } if (!y.Equals(new BigInteger("10173258529327482491525749925661342501140613951412040971418641469645769857676705559747557238888921287857458976966474"))) { throw new Exception("Y coord check failed"); } Console.WriteLine("Step 1 complete"); // ##### // ##### Step 2 // ##### var privateKeyBytes = Convert.FromBase64String(privateKey); var ecPrivateKeyParameters = new ECPrivateKeyParameters("ECDHC", new BigInteger(1, privateKeyBytes), domainParams); var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecPrivateKeyParameters); var ecPrivateKey = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privateKeyInfo); IBasicAgreement agree = AgreementUtilities.GetBasicAgreement("ECDHC"); agree.Init(ecPrivateKey); BigInteger sharedKey = agree.CalculateAgreement(ecPublicKeyParameters); var sharedKeyBytes = sharedKey.ToByteArrayUnsigned(); var sharedKeyBase64 = Convert.ToBase64String(sharedKeyBytes); if (sharedKeyBase64 != "2lvSJsBO2keUHRfvPG6C1RMUmGpuDbdgNrZ9YD7RYnvAcfgq/fjeYr1p0hWABeif") { throw new Exception("Shared key check failed"); } Console.WriteLine("Step 2 complete"); // ##### // ##### Step 3 // ##### var kdf2Bytes = Kdf2(sharedKeyBytes, decodedEphemeralPublicKey); var kdf2Base64 = Convert.ToBase64String(kdf2Bytes); if (kdf2Base64 != "mAzkYatDlz4SzrCyM23NhgL/+mE3eGgfUz9h1CFPhZOtXequzN3Q8w+B5GE2eU5g") { throw new Exception("Kdf2 failed"); } Console.WriteLine("Step 3 complete"); // ##### // ##### Step 4 // ##### var decryptionKeyBytes = kdf2Bytes.Take(32).ToArray(); var decryptionIvBytes = kdf2Bytes.Skip(32).ToArray(); var decryptionKeyBase64 = Convert.ToBase64String(decryptionKeyBytes); var decryptionIvBase64 = Convert.ToBase64String(decryptionIvBytes); if (decryptionKeyBase64 != "mAzkYatDlz4SzrCyM23NhgL/+mE3eGgfUz9h1CFPhZM=") { throw new Exception("Decryption key check failed"); } if (decryptionIvBase64 != "rV3qrszd0PMPgeRhNnlOYA==") { throw new Exception("Decryption iv check failed"); } var encryptedDataBytes = decodedToken.Skip(97).Take(decodedToken.Length - 113).ToArray(); var tagBytes = decodedToken.Skip(decodedToken.Length - 16).ToArray(); var encryptedDataBase64 = Convert.ToBase64String(encryptedDataBytes); var tagBase64 = Convert.ToBase64String(tagBytes); if (encryptedDataBase64 != "afFS7GukrGilac6DKHNTH6YFRNqjSlwSCpkXDRj+") { throw new Exception("Encrypted data check failed"); } if (tagBase64 != "pkgk9/Uq6wIyXPlMCGmOzA==") { throw new Exception("Tag check failed"); } KeyParameter keyParam = ParameterUtilities.CreateKeyParameter("AES", decryptionKeyBytes); ParametersWithIV parameters = new ParametersWithIV(keyParam, decryptionIvBytes); IBufferedCipher cipher = CipherUtilities.GetCipher("AES/GCM/NoPadding"); cipher.Init(false, parameters); var resultBytes = cipher.DoFinal(encryptedDataBytes.Concat(tagBytes).ToArray()); var resultBase64 = Convert.ToBase64String(resultBytes); var resultString = Strings.FromByteArray(resultBytes); if (resultString != "xXTi32iZwrQ6O8Sy6r1isKwF6Ff1Py") { throw new Exception("Decryption failed"); } Console.WriteLine("Step 4 complete"); Console.WriteLine(resultString); Console.WriteLine(); Console.WriteLine("Done... press any key to finish"); Console.ReadLine(); }
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey) { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and SN var subjectDN = new X509Name(subjectName); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // SAN var subjectAltName = new GeneralNames(new GeneralName(GeneralName.DnsName, "localhost")); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); // Validity var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Public Key var keyGenerationParameters = new KeyGenerationParameters(random, KeyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Sign certificate var signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", issuerPrivKey, random); var certificate = certificateGenerator.Generate(signatureFactory); var x509 = new X509Certificate2(certificate.GetEncoded(), (string)null, X509KeyStorageFlags.Exportable); // Private key var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Invalid RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); var parms = DotNetUtilities.ToRSAParameters(rsaparams); var rsa1 = RSA.Create(); rsa1.ImportParameters(parms); // https://github.com/dotnet/runtime/issues/23749 var cert = x509.CopyWithPrivateKey(rsa1); return(new X509Certificate2(cert.Export(X509ContentType.Pkcs12))); }
/// <summary> /// Private Key Convert Pkcs1->xml /// </summary> /// <param name="privateKey"></param> /// <returns></returns> public static string PrivateKeyPkcs1ToXml(string privateKey) { privateKey = RSAPemFormatHelper.Pkcs1PrivateKeyFormat(privateKey); var pr = new PemReader(new StringReader(privateKey)); if (!(pr.ReadObject() is AsymmetricCipherKeyPair asymmetricCipherKeyPair)) { throw new Exception("Private key format is incorrect"); } var rsaPrivateCrtKeyParameters = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(PrivateKeyInfoFactory.CreatePrivateKeyInfo(asymmetricCipherKeyPair.Private)); var element = new XElement("RSAKeyValue"); var privateModulus = new XElement("Modulus", Convert.ToBase64String(rsaPrivateCrtKeyParameters.Modulus.ToByteArrayUnsigned())); var privateExponent = new XElement("Exponent", Convert.ToBase64String(rsaPrivateCrtKeyParameters.PublicExponent.ToByteArrayUnsigned())); var privateP = new XElement("P", Convert.ToBase64String(rsaPrivateCrtKeyParameters.P.ToByteArrayUnsigned())); var privateQ = new XElement("Q", Convert.ToBase64String(rsaPrivateCrtKeyParameters.Q.ToByteArrayUnsigned())); var privateDp = new XElement("DP", Convert.ToBase64String(rsaPrivateCrtKeyParameters.DP.ToByteArrayUnsigned())); var privateDq = new XElement("DQ", Convert.ToBase64String(rsaPrivateCrtKeyParameters.DQ.ToByteArrayUnsigned())); var privateInverseQ = new XElement("InverseQ", Convert.ToBase64String(rsaPrivateCrtKeyParameters.QInv.ToByteArrayUnsigned())); var privateD = new XElement("D", Convert.ToBase64String(rsaPrivateCrtKeyParameters.Exponent.ToByteArrayUnsigned())); element.Add(privateModulus); element.Add(privateExponent); element.Add(privateP); element.Add(privateQ); element.Add(privateDp); element.Add(privateDq); element.Add(privateInverseQ); element.Add(privateD); return(element.ToString()); }
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey) { const int keyStrength = 2048; // Generating Random Numbers CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random); // The Certificate Generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)); // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm //const string signatureAlgorithm = "SHA512WITHRSA"; //certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name X509Name subjectDN = new X509Name(subjectName); X509Name issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For DateTime notBefore = DateTime.UtcNow.Date; DateTime notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair; // selfsign certificate var certificate = certificateGenerator.Generate(signatureFactory); // correcponding private key PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded()); Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { //throw new PemException("malformed sequence in RSA private key"); } RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq); //new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); return(x509.CopyWithPrivateKey(DotNetUtilities.ToRSA(rsaparams))); }
private static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var x500DistinguishedName = new X509Name("CN=" + subjectName); certificateGenerator.SetIssuerDN(x500DistinguishedName); certificateGenerator.SetSubjectDN(x500DistinguishedName); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate var issuerKeyPair = subjectKeyPair; ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKeyPair.Private, random); certificateGenerator.AddExtension( X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certificateGenerator.AddExtension( X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment)); certificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage, false, ExtendedKeyUsage.GetInstance(new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth))); // selfsign certificate var certificate = certificateGenerator.Generate(signatureFactory); // correcponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()) { FriendlyName = $"{subjectName} self-signed" }; var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); return(x509); }
public byte[] ToDer() { var privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(KeyPair.Private); return(privateKey.GetDerEncoded()); }