// http://blog.endpoint.com/2014/10/openssl-csr-with-alternative-names-one.html
public override PrivateKey GeneratePrivateKey(PrivateKeyParams pkp)
{
var rsaPkp = pkp as RsaPrivateKeyParams;
if (rsaPkp != null)
{
var tempKeyFile = Path.GetTempFileName();
try
{
var args = $"genpkey -algorithm RSA -out {tempKeyFile}";
if (rsaPkp.NumBits > 0)
{
args += $" -pkeyopt rsa_keygen_bits:{rsaPkp.NumBits}";
}
if (!string.IsNullOrEmpty(rsaPkp.PubExp))
{
args += $" -pkeyopt rsa_keygen_pubexp:{rsaPkp.PubExp}";
}
RunCli(args);
var rsaPk = new RsaPrivateKey(rsaPkp.NumBits, rsaPkp.PubExp, File.ReadAllText(tempKeyFile));
return(rsaPk);
}
finally
{
File.Delete(tempKeyFile);
}
}
throw new NotSupportedException("unsupported private key parameters type");
}
public override PrivateKey GeneratePrivateKey(PrivateKeyParams pkp)
{
var rsaPkParams = pkp as RsaPrivateKeyParams;
var ecPkParams = pkp as EcPrivateKeyParams;
if (rsaPkParams != null)
{
int bits;
// Bits less than 1024 are weak Ref: http://openssl.org/docs/manmaster/crypto/RSA_generate_key_ex.html
if (rsaPkParams.NumBits < RSA_BITS_MINIMUM)
{
bits = RSA_BITS_DEFAULT;
}
else
{
bits = rsaPkParams.NumBits;
}
BigInteger e;
if (string.IsNullOrEmpty(rsaPkParams.PubExp))
{
e = RSA_E_F4;
}
else if (rsaPkParams.PubExp.StartsWith("0x", StringComparison.OrdinalIgnoreCase))
{
e = new BigInteger(rsaPkParams.PubExp, 16);
}
else
{
e = new BigInteger(rsaPkParams.PubExp);
}
var rsaKgp = new RsaKeyGenerationParameters(
e, new SecureRandom(), bits, DEFAULT_CERTAINTY);
var rkpg = new RsaKeyPairGenerator();
rkpg.Init(rsaKgp);
AsymmetricCipherKeyPair ackp = rkpg.GenerateKeyPair();
return(new RsaPrivateKey(bits, e.ToString(16), ToPrivatePem(ackp)));
}
else if (ecPkParams != null)
{
throw new NotImplementedException("EC private keys have not yet been implemented");
//var curveName = Asn1Object.FromShortName("P-256");
////var curveName = new Asn1Object("P-256");
//using (var ec =OpenSSL.Crypto.EC.Key.FromCurveName(curveName))
//{
// ec.GenerateKey();
//}
}
else
{
throw new NotSupportedException("unsupported private key parameter type");
}
}
// From:
// http://blogs.interfacett.com/selecting-a-cryptographic-key-provider-in-windows-server-2012-ad-cs
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa386983(v=vs.85).aspx
//
// Microsoft Base Smart Card Crypto Provider
// Microsoft Enhanced Cryptographic Provider v1.0
// ECDA_P256#Microsoft Smart Card Key Storage Provider
// ECDA_P521#Microsoft Smart Card Key Storage Provider
// RSA#Microsoft Software Key Storage Provider
// Microsoft Base Cryptographic Provider v1.0
// ECDA_P256#Microsoft Software Key Storage Provider
// ECDA_P521#Microsoft Software Key Storage Provider
// Microsoft Strong Cryptographic Provider
// ECDA_P384#Microsoft Software Key Storage Provider
// Microsoft Base DSS Cryptographic Provider
// RSA#Microsoft Smart Card Key Storage Provider
// DSA#Microsoft Software Key Storage Provider
// ECDA_P384#Microsoft Smart Card Key Storage Provider
public override PrivateKey GeneratePrivateKey(PrivateKeyParams pkp)
{
var rsaPkp = pkp as RsaPrivateKeyParams;
var ecPkp = pkp as EcPrivateKeyParams;
var algId = new CERTENROLLLib.CObjectId();
if (rsaPkp != null)
{
var oid = new System.Security.Cryptography.Oid("RSA");
algId.InitializeFromValue(oid.Value);
}
else if (ecPkp != null)
{
throw new NotImplementedException("EC keys not implemented YET!");
}
else
{
throw new NotSupportedException("unsupported private key parameters type");
}
var cePk = new CERTENROLLLib.CX509PrivateKey();
// MS_DEF_PROV
//cePk.ProviderName = "Microsoft Base Cryptographic Provider";
cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
//cePk.ProviderType = CERTENROLLLib.X509ProviderType.XCN_PROV_RSA_FULL;
cePk.Algorithm = algId;
cePk.KeySpec = CERTENROLLLib.X509KeySpec.XCN_AT_KEYEXCHANGE;
cePk.Length = rsaPkp.NumBits;
// Don't store in the machine's local cert store and allow exporting of private key
cePk.MachineContext = false;
cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
cePk.Create();
var pk = new CeRsaPrivateKey(rsaPkp.NumBits, null, null)
{
Exported = cePk.Export(BCRYPT_PRIVATE_KEY_BLOB),
};
return(pk);
}
public override PrivateKey GeneratePrivateKey(PrivateKeyParams pkp)
{
return(_cp.GeneratePrivateKey(pkp));
}
public override PrivateKey GeneratePrivateKey(PrivateKeyParams pkp)
{
var rsaPkParams = pkp as RsaPrivateKeyParams;
var ecPkParams = pkp as EcPrivateKeyParams;
if (rsaPkParams != null)
{
int bits = RSA_BITS_DEFAULT;
BigNumber e;
if (string.IsNullOrEmpty(rsaPkParams.PubExp))
{
e = RSA_E_F4;
}
else if (rsaPkParams.PubExp.StartsWith("0x", StringComparison.OrdinalIgnoreCase))
{
e = BigNumber.FromHexString(rsaPkParams.PubExp);
}
else
{
e = BigNumber.FromDecimalString(rsaPkParams.PubExp);
}
using (var rsa = new RSA())
{
BigNumber.GeneratorHandler cbWrapper = null;
if (rsaPkParams.Callback != null)
{
cbWrapper = (x, y, z) => rsaPkParams.Callback(x, y, z);
}
Cipher enc = null;
string pwd = null;
PasswordHandler pwdCb = null;
// If we choose to encrypt:
// Cipher.DES_CBC;
// Cipher.DES_EDE3_CBC;
// Cipher.Idea_CBC;
// Cipher.AES_128_CBC;
// Cipher.AES_192_CBC;
// Cipher.AES_256_CBC;
// and pwd != null || pwdCb != null
// We can use a pwdCb to get a password interactively or we can
// simply pass in a fixed password string (no cbPwd, just pwd)
if (pwd != null)
{
pwdCb = DefaultPasswordHandler;
}
// Ref: http://openssl.org/docs/manmaster/crypto/RSA_generate_key_ex.html
rsa.GenerateKeys(bits, e, cbWrapper, rsaPkParams.CallbackArg);
using (var bio = BIO.MemoryBuffer())
{
// Ref: http://openssl.org/docs/manmaster/crypto/PEM_write_bio_RSAPrivateKey.html
rsa.WritePrivateKey(bio, enc, pwdCb, pwd);
return(new RsaPrivateKey(bits, e.ToHexString(), bio.ReadString()));
}
}
}
else if (ecPkParams != null)
{
throw new NotImplementedException("EC private keys have not yet been implemented");
//var curveName = Asn1Object.FromShortName("P-256");
////var curveName = new Asn1Object("P-256");
//using (var ec =OpenSSL.Crypto.EC.Key.FromCurveName(curveName))
//{
// ec.GenerateKey();
//}
}
else
{
throw new NotSupportedException("unsupported private key parameter type");
}
}
public abstract PrivateKey GeneratePrivateKey(PrivateKeyParams pkp);