public static RSAParameters GetPrivateParameters(string privateKey) { var key = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey)); return(new RSAParameters { Modulus = key.Modulus.ToByteArrayUnsigned(), Exponent = key.PublicExponent.ToByteArrayUnsigned(), D = key.PrivateExponent.ToByteArrayUnsigned(), P = key.Prime1.ToByteArrayUnsigned(), Q = key.Prime2.ToByteArrayUnsigned(), DP = key.Exponent1.ToByteArrayUnsigned(), DQ = key.Exponent2.ToByteArrayUnsigned(), InverseQ = key.Coefficient.ToByteArrayUnsigned(), }); }
public static void ExportPrivateKey(AsymmetricKeyParameter privKey, TextWriter outputStream) { PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var parameters = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); using (var stream = new MemoryStream()) { var writer = new BinaryWriter(stream); writer.Write((byte)0x30); // SEQUENCE using (var innerStream = new MemoryStream()) { var innerWriter = new BinaryWriter(innerStream); EncodeIntegerBigEndian(innerWriter, new byte[] { 0x00 }); // Version EncodeIntegerBigEndian(innerWriter, parameters.Modulus.ToByteArray()); EncodeIntegerBigEndian(innerWriter, parameters.PublicExponent.ToByteArray()); EncodeIntegerBigEndian(innerWriter, parameters.Exponent.ToByteArray()); EncodeIntegerBigEndian(innerWriter, parameters.P.ToByteArray()); EncodeIntegerBigEndian(innerWriter, parameters.Q.ToByteArray()); EncodeIntegerBigEndian(innerWriter, parameters.DP.ToByteArray()); EncodeIntegerBigEndian(innerWriter, parameters.DQ.ToByteArray()); EncodeIntegerBigEndian(innerWriter, parameters.QInv.ToByteArray()); var length = (int)innerStream.Length; EncodeLength(writer, length); writer.Write(innerStream.GetBuffer(), 0, length); } var base64 = Convert.ToBase64String(stream.GetBuffer(), 0, (int)stream.Length).ToCharArray(); outputStream.WriteLine("-----BEGIN RSA PRIVATE KEY-----"); // Output as Base64 with lines chopped at 64 characters for (var i = 0; i < base64.Length; i += 64) { outputStream.WriteLine(base64, i, Math.Min(64, base64.Length - i)); } outputStream.WriteLine("-----END RSA PRIVATE KEY-----"); } }
private static AsymmetricAlgorithm ConvertToRsaPrivateKey(AsymmetricCipherKeyPair keyPair) { var keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(keyInfo.PrivateKeyAlgorithm.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); return(DotNetUtilities.ToRSA(rsaparams)); }
/// <summary> /// 从Pkcs8私钥中提取公钥 /// </summary> /// <param name="privateKey">Pkcs8私钥</param> /// <returns></returns> public static string GetPublicKeyFromPrivateKeyPkcs8(string privateKey) { var privateKeyInfo = PrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(Base64.Decode(privateKey))); privateKey = Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded()); var instance = RsaPrivateKeyStructure.GetInstance(Base64.Decode(privateKey)); var publicParameter = (AsymmetricKeyParameter) new RsaKeyParameters(false, instance.Modulus, instance.PublicExponent); var privateParameter = (AsymmetricKeyParameter) new RsaPrivateCrtKeyParameters(instance.Modulus, instance.PublicExponent, instance.PrivateExponent, instance.Prime1, instance.Prime2, instance.Exponent1, instance.Exponent2, instance.Coefficient); var keyPair = new AsymmetricCipherKeyPair(publicParameter, privateParameter); var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); return(Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded())); }
internal static AsymmetricKeyParameter LoadPrivateKeyResource(string resource) { PemObject pem = LoadPemResource(resource); if (pem.Type.EndsWith("RSA PRIVATE KEY")) { RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(pem.Content); return(new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient)); } if (pem.Type.EndsWith("PRIVATE KEY")) { return(PrivateKeyFactory.CreateKey(pem.Content)); } throw new ArgumentException("doesn't specify a valid private key", "resource"); }
/// <summary> /// -----BEGIN PRIVATE KEY----- /// ... /// -----END PRIVATE KEY----- /// </summary> /// <param name="privateKey">Pkcs8格式私钥</param> /// <returns></returns> public static RSAParameters GetRsaParametersFormAsn1PrivateKey(string privateKey) { var keyInfo = PrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(Base64.Decode(privateKey))); var instance = RsaPrivateKeyStructure.GetInstance(keyInfo.ParsePrivateKey()); return(new RSAParameters { D = instance.PrivateExponent.ToByteArrayUnsigned(), DP = instance.Exponent1.ToByteArrayUnsigned(), DQ = instance.Exponent2.ToByteArrayUnsigned(), Exponent = instance.PublicExponent.ToByteArrayUnsigned(), InverseQ = instance.Coefficient.ToByteArrayUnsigned(), Modulus = instance.Modulus.ToByteArrayUnsigned(), P = instance.Prime1.ToByteArrayUnsigned(), Q = instance.Prime2.ToByteArrayUnsigned(), }); }
public static void MergePrivateKey(X509Certificate2 certificate, AsymmetricKeyParameter keyPrivate) { // correcponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPrivate); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); certificate.PrivateKey = ToDotNetKey(rsaparams); //x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); }
public RsaKey(byte[] bytes) { if (bytes == null) { throw new ArgumentNullException(nameof(bytes)); } try { DerSequence seq2 = GetRSASequence(bytes); var s = new RsaPrivateKeyStructure(seq2); _Key = new RsaPrivateCrtKeyParameters(s.Modulus, s.PublicExponent, s.PrivateExponent, s.Prime1, s.Prime2, s.Exponent1, s.Exponent2, s.Coefficient); _PubKey = new RsaPubKey(new RsaKeyParameters(false, s.Modulus, s.PublicExponent)); } catch (Exception) { throw new FormatException("Invalid RSA Key"); } }
public static AsymmetricCipherKeyPair GetRsaKeyPair(CryptographicKey key) { var privateKeyBuffer = key.Export(CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey); byte[] privateKeyBytes; CryptographicBuffer.CopyToByteArray(privateKeyBuffer, out privateKeyBytes); var asn1 = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyBytes); var rsa = new RsaPrivateKeyStructure(asn1); var pubKey = new RsaKeyParameters(false, rsa.Modulus, rsa.PublicExponent); var privKey = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); return(new AsymmetricCipherKeyPair(pubKey, privKey)); }
public static Rsa CreateFromPrivatePEM(string privatePem) { using (var privatePemStream = GetMemoryStream(privatePem)) { using (var streamReaderPriv = new StreamReader(privatePemStream)) { var pemPrivReader = new PemReader(streamReaderPriv); var priv = pemPrivReader.ReadPemObject(); var seq = Asn1Sequence.GetInstance(priv.Content); var rsa = RsaPrivateKeyStructure.GetInstance(seq); var pubSpec = new RsaKeyParameters(false, rsa.Modulus, rsa.PublicExponent); var privSpec = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); return(new Rsa(pubSpec, privSpec)); } } }
private void BaseOaepTest( int id, byte[] pubKeyEnc, byte[] privKeyEnc, byte[] output) { // // extract the public key info. // Asn1Object pubKeyObj = Asn1Object.FromByteArray(pubKeyEnc); RsaPublicKeyStructure pubStruct = RsaPublicKeyStructure.GetInstance( SubjectPublicKeyInfo.GetInstance(pubKeyObj).GetPublicKey()); // // extract the private key info. // Asn1Object privKeyObj = Asn1Object.FromByteArray(privKeyEnc); RsaPrivateKeyStructure privStruct = RsaPrivateKeyStructure.GetInstance( PrivateKeyInfo.GetInstance(privKeyObj).ParsePrivateKey()); RsaKeyParameters pubParameters = new RsaKeyParameters( false, pubStruct.Modulus, pubStruct.PublicExponent); RsaKeyParameters privParameters = new RsaPrivateCrtKeyParameters( privStruct.Modulus, privStruct.PublicExponent, privStruct.PrivateExponent, privStruct.Prime1, privStruct.Prime2, privStruct.Exponent1, privStruct.Exponent2, privStruct.Coefficient); byte[] input = new byte[] { (byte)0x54, (byte)0x85, (byte)0x9b, (byte)0x34, (byte)0x2c, (byte)0x49, (byte)0xea, (byte)0x2a }; EncDec("id(" + id + ")", pubParameters, privParameters, seed, input, output); }
/// <summary> /// Base on certificate and key pairs generate pfx file /// </summary> /// <param name="issuerKeyPair"></param> /// <param name="certificate"></param> /// <param name="x509"></param> /// <returns></returns> private X509Certificate2 SaveToPFX(AsymmetricCipherKeyPair issuerKeyPair, X509Certificate2 x509, string fileName) { // add private key to x509 PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(issuerKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); File.WriteAllBytes(PathWithName(fileName + ".pfx"), x509.Export(X509ContentType.Pkcs12, GetCertPassword())); return(x509); }
public static string PrintPrivateKey(AsymmetricCipherKeyPair keys) { StringBuilder sb = new StringBuilder(); PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keys.Private); RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(privateKeyInfo.ParsePrivateKey()); byte[] serializedBytes = privateKeyInfo.ToAsn1Object().GetDerEncoded(); string serialized = Convert.ToBase64String(serializedBytes); sb.AppendLine("Key==>" + serialized); sb.AppendLine("Prime 1 ==>" + rsa.Prime1.ToString()); sb.AppendLine("Prime 2 ==>" + rsa.Prime2.ToString()); sb.AppendLine("Modulus ==>" + rsa.Modulus.ToString()); sb.AppendLine("Coefficient ==>" + rsa.Coefficient.ToString()); sb.AppendLine("Exponent1 ==>" + rsa.Exponent1.ToString()); sb.AppendLine("Exponent2 ==>" + rsa.Exponent2.ToString()); sb.AppendLine("PrivateExponent ==>" + rsa.PrivateExponent.ToString()); sb.AppendLine("PublicExponent ==>" + rsa.PublicExponent.ToString()); return(sb.ToString()); }
private static AsymmetricKeyParameter ExtractPrivateKey(byte[] pemPrivateKey) { var pemObject = ReadPem(pemPrivateKey); if (!pemObject.Type.EndsWith("RSA PRIVATE KEY", StringComparison.CurrentCulture)) { return(PrivateKeyFactory.CreateKey(pemObject.Content)); } var rsaPrivateKeyStructure = RsaPrivateKeyStructure.GetInstance(pemObject.Content); return(new RsaPrivateCrtKeyParameters( rsaPrivateKeyStructure.Modulus, rsaPrivateKeyStructure.PublicExponent, rsaPrivateKeyStructure.PrivateExponent, rsaPrivateKeyStructure.Prime1, rsaPrivateKeyStructure.Prime2, rsaPrivateKeyStructure.Exponent1, rsaPrivateKeyStructure.Exponent2, rsaPrivateKeyStructure.Coefficient)); }
/// <summary> /// -----BEGIN RSA PRIVATE KEY----- /// ... /// -----END RSA PRIVATE KEY----- /// </summary> /// <param name="privateKey"></param> /// <returns></returns> public static RSAParameters GetRSAParametersFormRsaPrivateKey(string privateKey) { if (string.IsNullOrEmpty(privateKey)) { throw new ArgumentNullException(nameof(privateKey)); } var key = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey)); return(new RSAParameters { D = key.PrivateExponent.ToByteArrayUnsigned(), DP = key.Exponent1.ToByteArrayUnsigned(), DQ = key.Exponent2.ToByteArrayUnsigned(), Exponent = key.PublicExponent.ToByteArrayUnsigned(), InverseQ = key.Coefficient.ToByteArrayUnsigned(), Modulus = key.Modulus.ToByteArrayUnsigned(), P = key.Prime1.ToByteArrayUnsigned(), Q = key.Prime2.ToByteArrayUnsigned(), }); }
private string GenerateSignature(string privateKeyPem, byte[] data) { byte[] keyBytes; using (var reader = new StringReader(privateKeyPem)) { var pemReader = new PemReader(reader); var pemObject = pemReader.ReadPemObject(); keyBytes = pemObject.Content; } var seq = (Asn1Sequence)Asn1Object.FromByteArray(keyBytes); var rsa = RsaPrivateKeyStructure.GetInstance(seq); var signer = new PssSigner(new RsaEngine(), new Sha256Digest(), 222); signer.Init(true, new RsaKeyParameters(true, rsa.Modulus, rsa.PrivateExponent)); signer.BlockUpdate(data, 0, data.Length); var signature = signer.GenerateSignature(); return($"v1:{Convert.ToBase64String(signature)}"); }
/// <summary> /// -----BEGIN RSA PRIVATE KEY----- /// ... /// -----END RSA PRIVATE KEY----- /// </summary> /// <param name="privateKey">Pkcs1格式私钥</param> /// <returns></returns> public static RSAParameters GetRsaParametersFormPrivateKey(string privateKey) { if (string.IsNullOrEmpty(privateKey)) { throw new ArgumentNullException(nameof(privateKey)); } var instance = RsaPrivateKeyStructure.GetInstance(Base64.Decode(privateKey)); return(new RSAParameters { D = instance.PrivateExponent.ToByteArrayUnsigned(), DP = instance.Exponent1.ToByteArrayUnsigned(), DQ = instance.Exponent2.ToByteArrayUnsigned(), Exponent = instance.PublicExponent.ToByteArrayUnsigned(), InverseQ = instance.Coefficient.ToByteArrayUnsigned(), Modulus = instance.Modulus.ToByteArrayUnsigned(), P = instance.Prime1.ToByteArrayUnsigned(), Q = instance.Prime2.ToByteArrayUnsigned(), }); }
public static RSAParameters GetRSAParametersFormPrivateKey(string privateKey) { try { var keyStructure = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey)); return(new RSAParameters { Modulus = keyStructure.Modulus.ToByteArrayUnsigned(), Exponent = keyStructure.PublicExponent.ToByteArrayUnsigned(), D = keyStructure.PrivateExponent.ToByteArrayUnsigned(), P = keyStructure.Prime1.ToByteArrayUnsigned(), Q = keyStructure.Prime2.ToByteArrayUnsigned(), DP = keyStructure.Exponent1.ToByteArrayUnsigned(), DQ = keyStructure.Exponent2.ToByteArrayUnsigned(), InverseQ = keyStructure.Coefficient.ToByteArrayUnsigned(), }); } catch (Exception ex) { return(default(RSAParameters)); } }
/// <summary> /// Save certificate as pfx file with private key /// </summary> /// <param name="issuerKeyPair"></param> /// <param name="x509"></param> /// <param name="fileName"></param> /// <returns></returns> private X509Certificate2 SaveToPFX(AsymmetricCipherKeyPair issuerKeyPair, X509Certificate2 x509, string fileName) { // add private key to x509 PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(issuerKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); // It should thow if seq.c**t != 9 because folowing info should be stored in RSA key. // following page has more info: https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem // version Version, // modulus INTEGER, --n // publicExponent INTEGER, --e // privateExponent INTEGER, --d // prime1 INTEGER, --p // prime2 INTEGER, --q // exponent1 INTEGER, --d mod(p - 1) // exponent2 INTEGER, --d mod(q - 1) // coefficient INTEGER, --(inverse of q) mod p // otherPrimeInfos OtherPrimeInfos OPTIONAL if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); var utils = new GeneralUtils(); if (!fileName.EndsWith(".pfx")) { fileName += ".pfx"; } File.WriteAllBytes(utils.PathWithName(fileName), x509.Export(X509ContentType.Pkcs12, GetCertPassword())); return(x509); }
static void Main(string[] args) { const string pubkey = @"..."; const string prikey = @"..."; var publickey = Convert.FromBase64String(pubkey); var privatekey = Convert.FromBase64String(prikey); var asnprivate = Asn1Object.FromStream(new MemoryStream(privatekey)); var privStruct = new RsaPrivateKeyStructure((Asn1Sequence)asnprivate); RsaKeyParameters privateAsymmetricKey = new RsaKeyParameters(true, privStruct.Modulus, privStruct.PrivateExponent); RsaKeyParameters publicAsymmetricKey = (RsaKeyParameters)PublicKeyFactory.CreateKey(publickey); var inputBytes = Encoding.UTF8.GetBytes("the message"); Console.WriteLine("--- Message: ----"); Console.WriteLine(Encoding.UTF8.GetString(inputBytes)); IAsymmetricBlockCipher cipher = new RsaEngine(); cipher.Init(true, publicAsymmetricKey); var cipheredBytes = cipher.ProcessBlock(inputBytes, 0, inputBytes.Length); Console.WriteLine("--- Enc utf8: ----"); Console.WriteLine(Encoding.UTF8.GetString(cipheredBytes)); Console.WriteLine("--- Enc Base64: ----"); Console.WriteLine(Convert.ToBase64String(cipheredBytes)); cipher.Init(false, privateAsymmetricKey); var deciphered = cipher.ProcessBlock(cipheredBytes, 0, cipheredBytes.Length); Console.WriteLine("--- Dec: ----"); Console.WriteLine(Encoding.UTF8.GetString(deciphered)); Console.ReadLine(); }
public static string Sign(dynamic payload) { List <string> segments = new List <string>(); //JwtHeader header = Header; string header = @"{ ""alg"":""RS256"", ""typ"":""JWT"" }"; DateTime issued = DateTime.Now; DateTime expire = DateTime.Now.AddHours(10); byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None)); byte[] payloadBytes = Encoding.UTF8.GetBytes(payload); segments.Add(UrlEncode(headerBytes)); segments.Add(UrlEncode(payloadBytes)); string stringToSign = string.Join(".", segments.ToArray()); byte[] bytesToSign = Encoding.UTF8.GetBytes(stringToSign); byte[] keyBytes = Convert.FromBase64String(strSecret); var privKeyObj = Asn1Object.FromByteArray(keyBytes); var privStruct = RsaPrivateKeyStructure.GetInstance((Asn1Sequence)privKeyObj); ISigner sig = SignerUtilities.GetSigner(SignerName); sig.Init(true, new RsaKeyParameters(true, privStruct.Modulus, privStruct.PrivateExponent)); sig.BlockUpdate(bytesToSign, 0, bytesToSign.Length); byte[] signature = sig.GenerateSignature(); segments.Add(UrlEncode(signature)); return(string.Join(".", segments.ToArray())); }
public (string PrivateKey, string PublicKey) GenerateRsaKeys(string companyName) { var rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); var pair = rsaKeyPairGenerator.GenerateKeyPair(); var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private); byte[] privateKeyPkcs8DerEncodedBytes = privateKeyInfo.ToAsn1Object().GetDerEncoded(); // privateKeyPkcs8DerEncodedBytes contains PKCS#8 DER-encoded private key as a byte[] var pkcs8PrivateKeyInfo = PrivateKeyInfo.GetInstance(privateKeyPkcs8DerEncodedBytes); var pkcs1Key = RsaPrivateKeyStructure.GetInstance(pkcs8PrivateKeyInfo.ParsePrivateKey()); byte[] privateKeyPkcs1EncodedBytes = pkcs1Key.GetEncoded(); var sb = new StringBuilder(); sb.AppendLine("-----BEGIN RSA PRIVATE KEY-----"); sb.AppendLine(Convert.ToBase64String(privateKeyPkcs1EncodedBytes, Base64FormattingOptions.InsertLineBreaks)); sb.AppendLine("-----END RSA PRIVATE KEY-----"); var serializedPrivate = sb.ToString(); var caName = new X509Name($"CN={companyName}"); var caCert = GenerateCertificate(caName, caName, pair.Private, pair.Public); var certEncoded = caCert.GetEncoded(); sb = new StringBuilder(); sb.AppendLine("-----BEGIN CERTIFICATE-----"); sb.AppendLine(Convert.ToBase64String(certEncoded, Base64FormattingOptions.InsertLineBreaks)); sb.AppendLine("-----END CERTIFICATE-----"); var serializedPublic = sb.ToString(); return(serializedPrivate, serializedPublic); }
public static PrivateKeyInfo CreatePrivateKeyInfo( AsymmetricKeyParameter key) { if (key == null) { throw new ArgumentNullException("key"); } if (!key.IsPrivate) { throw new ArgumentException("Public key passed - private key expected", "key"); } if (key is ElGamalPrivateKeyParameters) { ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)key; return(new PrivateKeyInfo( new AlgorithmIdentifier( OiwObjectIdentifiers.ElGamalAlgorithm, new ElGamalParameter( _key.Parameters.P, _key.Parameters.G).ToAsn1Object()), new DerInteger(_key.X))); } if (key is DsaPrivateKeyParameters) { DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)key; return(new PrivateKeyInfo( new AlgorithmIdentifier( X9ObjectIdentifiers.IdDsa, new DsaParameter( _key.Parameters.P, _key.Parameters.Q, _key.Parameters.G).ToAsn1Object()), new DerInteger(_key.X))); } if (key is DHPrivateKeyParameters) { DHPrivateKeyParameters _key = (DHPrivateKeyParameters)key; DHParameter p = new DHParameter( _key.Parameters.P, _key.Parameters.G, _key.Parameters.L); return(new PrivateKeyInfo( new AlgorithmIdentifier(_key.AlgorithmOid, p.ToAsn1Object()), new DerInteger(_key.X))); } if (key is RsaKeyParameters) { AlgorithmIdentifier algID = new AlgorithmIdentifier( PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance); RsaPrivateKeyStructure keyStruct; if (key is RsaPrivateCrtKeyParameters) { RsaPrivateCrtKeyParameters _key = (RsaPrivateCrtKeyParameters)key; keyStruct = new RsaPrivateKeyStructure( _key.Modulus, _key.PublicExponent, _key.Exponent, _key.P, _key.Q, _key.DP, _key.DQ, _key.QInv); } else { RsaKeyParameters _key = (RsaKeyParameters)key; keyStruct = new RsaPrivateKeyStructure( _key.Modulus, BigInteger.Zero, _key.Exponent, BigInteger.Zero, BigInteger.Zero, BigInteger.Zero, BigInteger.Zero, BigInteger.Zero); } return(new PrivateKeyInfo(algID, keyStruct.ToAsn1Object())); } if (key is ECPrivateKeyParameters) { ECPrivateKeyParameters priv = (ECPrivateKeyParameters)key; ECDomainParameters dp = priv.Parameters; int orderBitLength = dp.N.BitLength; AlgorithmIdentifier algID; ECPrivateKeyStructure ec; if (priv.AlgorithmName == "ECGOST3410") { if (priv.PublicKeyParamSet == null) { throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set"); } Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters( priv.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet); algID = new AlgorithmIdentifier(CryptoProObjectIdentifiers.GostR3410x2001, gostParams); // TODO Do we need to pass any parameters here? ec = new ECPrivateKeyStructure(orderBitLength, priv.D); } else { X962Parameters x962; if (priv.PublicKeyParamSet == null) { X9ECParameters ecP = new X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed()); x962 = new X962Parameters(ecP); } else { x962 = new X962Parameters(priv.PublicKeyParamSet); } // TODO Possible to pass the publicKey bitstring here? ec = new ECPrivateKeyStructure(orderBitLength, priv.D, x962); algID = new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, x962); } return(new PrivateKeyInfo(algID, ec)); } if (key is Gost3410PrivateKeyParameters) { Gost3410PrivateKeyParameters _key = (Gost3410PrivateKeyParameters)key; if (_key.PublicKeyParamSet == null) { throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set"); } byte[] keyEnc = _key.X.ToByteArrayUnsigned(); byte[] keyBytes = new byte[keyEnc.Length]; for (int i = 0; i != keyBytes.Length; i++) { keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // must be little endian } Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters( _key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet, null); AlgorithmIdentifier algID = new AlgorithmIdentifier( CryptoProObjectIdentifiers.GostR3410x94, algParams.ToAsn1Object()); return(new PrivateKeyInfo(algID, new DerOctetString(keyBytes))); } throw new ArgumentException("Class provided is not convertible: " + Platform.GetTypeName(key)); }
/// <summary> Generates a self signed certificate. </summary> /// <exception cref="PemException"> Thrown when a Pem error condition occurs. </exception> /// <param name="subjectName"> Name of the subject. </param> /// <param name="issuerName"> Name of the issuer. </param> /// <param name="issuerPrivKey"> The issuer priv key. </param> /// <param name="validTill"> The valid till Date/Time. </param> /// <param name="keyStrength"> (Optional) The key strength. </param> /// <returns> The self signed certificate. </returns> public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, DateTime validTill, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var subjectDn = new X509Name(subjectName); var issuerDn = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = validTill; certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // selfsign certificate var signatureFactory = new Asn1SignatureFactory(SignatureAlgorithm, issuerPrivKey); var certificate = certificateGenerator.Generate(signatureFactory); // correcponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)info.ParsePrivateKey(); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = ToDotNetKey(rsaparams); return(x509); }
internal static AsymmetricKeyParameter GetKeyParameterFormPrivateKey(string privateKey) { var keyStructure = RsaPrivateKeyStructure.GetInstance(Convert.FromBase64String(privateKey)); return(new RsaPrivateCrtKeyParameters(keyStructure.Modulus, keyStructure.PublicExponent, keyStructure.PrivateExponent, keyStructure.Prime1, keyStructure.Prime2, keyStructure.Exponent1, keyStructure.Exponent2, keyStructure.Coefficient)); }
/// <summary> /// Load an RSA private key from a OpenSSL style file (DER or PEM) /// </summary> /// <param name="keyFile">The file to load</param> /// <param name="password">The optional password</param> /// <param name="signature">Whether to load the key as a signature or key exchange</param> /// <returns>The RSA algorithm object</returns> public static RSA ImportPrivateKeyFromPEM(string keyFile, string password, bool signature) { RSA ret = null; byte[] data = File.ReadAllBytes(keyFile); RsaPrivateCrtKeyParameters keyParams = null; if (data.Length > 0) { if (data[0] != 0x30) { try { // Probably a PEM file using (StreamReader reader = new StreamReader(new MemoryStream(data))) { PemReader pem; if (password != null) { pem = new PemReader(reader, new PasswordFinderClass(password)); } else { pem = new PemReader(reader); } object o = pem.ReadObject(); while (o != null) { if (o is RsaPrivateCrtKeyParameters) { keyParams = o as RsaPrivateCrtKeyParameters; break; } else if (o is AsymmetricCipherKeyPair) { AsymmetricCipherKeyPair pair = o as AsymmetricCipherKeyPair; keyParams = pair.Private as RsaPrivateCrtKeyParameters; break; } o = pem.ReadObject(); } } } catch (InvalidCipherTextException) { // Catch this exception and convert to standard CryptographicException throw new CryptographicException("Cannot decrypt private key"); } } else { Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(data); if (seq.Count != 9) { throw new CryptographicException("Malformed ASN.1 Sequence"); } RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq); keyParams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); } if (keyParams != null) { ret = LoadKey(keyParams, signature); } } return(ret); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="subjectName">Name of the subject.</param> /// <param name="issuerName">Name of the issuer.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> /// <param name="keyStrength">The key strength.</param> /// <param name="signatureAlgorithm">The signature algorithm.</param> /// <param name="issuerPrivateKey">The issuer private key.</param> /// <param name="hostName">The host name</param> /// <returns>X509Certificate2 instance.</returns> /// <exception cref="PemException">Malformed sequence in RSA private key</exception> private static X509Certificate2 generateCertificate(string?hostName, string subjectName, string issuerName, DateTime validFrom, DateTime validTo, int keyStrength = 2048, string signatureAlgorithm = "SHA256WithRSA", AsymmetricKeyParameter?issuerPrivateKey = null) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var secureRandom = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), secureRandom); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var subjectDn = new X509Name(subjectName); var issuerDn = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); certificateGenerator.SetNotBefore(validFrom); certificateGenerator.SetNotAfter(validTo); if (hostName != null) { // add subject alternative names var nameType = GeneralName.DnsName; if (IPAddress.TryParse(hostName, out _)) { nameType = GeneralName.IPAddress; } var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(nameType, hostName) }; var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension); } // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(secureRandom, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Set certificate intended purposes to only Server Authentication certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)); if (issuerPrivateKey == null) { certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(true)); } var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerPrivateKey ?? subjectKeyPair.Private, secureRandom); // Self-sign the certificate var certificate = certificateGenerator.Generate(signatureFactory); // Corresponding private key var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // Set private key onto certificate instance var x509Certificate = withPrivateKey(certificate, rsaparams); if (!doNotSetFriendlyName) { try { x509Certificate.FriendlyName = ProxyConstants.CNRemoverRegex.Replace(subjectName, string.Empty); } catch (PlatformNotSupportedException) { doNotSetFriendlyName = true; } } return(x509Certificate); }
public static RSA ToRSA(RsaPrivateKeyStructure privKey) { return(CreateRSAProvider(ToRSAParameters(privKey))); }
private static void GenerateSigningCertificate(ICertificatePolicy certificatePolicy, out string thumbprint, out string pemPublicCert, out byte[] pkcs12Data, out System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); X509Name certName; if (certificatePolicy.X509NameDictionary == null || !certificatePolicy.X509NameDictionary.Any()) { certName = new X509Name("CN=" + certificatePolicy.CommonName); } else { var list = new Dictionary <string, string>(); AddSubjectNameItem(list, "CN", certificatePolicy.CommonName); foreach (var item in certificatePolicy.X509NameDictionary) { AddSubjectNameItem(list, item.Key, item.Value); } certName = new X509Name(GetSubjectNameItemString(list)); } BigInteger serialNo; serialNo = BigInteger.ProbablePrime(120, random); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotBefore(DateTime.UtcNow.AddHours(-2)); // go back 2 hours just to be safe gen.SetNotAfter(DateTime.UtcNow.AddDays(certificatePolicy.ValidForDays)); gen.SetSignatureAlgorithm("SHA256WithRSA"); gen.SetPublicKey(subjectKeyPair.Public); gen.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false)); gen.AddExtension(X509Extensions.KeyUsage.Id, true, new KeyUsage(KeyUsage.DigitalSignature)); // handle our key purposes if (!certificatePolicy.AllPurposes) { var purposes = new List <KeyPurposeID>(); if (certificatePolicy.ServerAuthentication) { purposes.Add(KeyPurposeID.IdKPServerAuth); } if (certificatePolicy.ClientAuthentication) { purposes.Add(KeyPurposeID.IdKPClientAuth); } if (certificatePolicy.CodeSigning) { purposes.Add(KeyPurposeID.IdKPCodeSigning); } if (purposes.Any()) { gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, true, new ExtendedKeyUsage(purposes.ToArray())); } } var certificate = gen.Generate(subjectKeyPair.Private, random); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key."); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // this is exportable to get the bytes of the key to our file system in an encrypted manner RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.PersistKeyInCsp = false; // do not persist rsaKey.ImportParameters(rsaParameters); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); x509.PrivateKey = rsaKey; // this is non-exportable CspParameters cspParametersNoExport = new CspParameters(); cspParametersNoExport.KeyContainerName = Guid.NewGuid().ToString(); cspParametersNoExport.Flags = CspProviderFlags.UseNonExportableKey; RSACryptoServiceProvider rsaKey2 = new RSACryptoServiceProvider(2048, cspParametersNoExport); rsaKey2.PersistKeyInCsp = false; // do not persist rsaKey2.ImportParameters(rsaParameters); x509Certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); x509Certificate2.PrivateKey = rsaKey2; //// Generating Random Numbers //var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!"; //var rnd = new Random(); //password = new string( // Enumerable.Repeat(chars, 15) // .Select(s => s[rnd.Next(s.Length)]) // .ToArray()); thumbprint = x509.Thumbprint.ToLower(); var publicKeyPem = new StringBuilder(); var utf8WithoutBom = new System.Text.UTF8Encoding(false); var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom)); publicKeyPemWriter.WriteObject(certificate); publicKeyPemWriter.Writer.Flush(); pemPublicCert = publicKeyPem.ToString(); pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx); }
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey) { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and SN var subjectDN = new X509Name(subjectName); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // SAN var subjectAltName = new GeneralNames(new GeneralName(GeneralName.DnsName, "localhost")); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); // Validity var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Public Key var keyGenerationParameters = new KeyGenerationParameters(random, KeyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Sign certificate var signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", issuerPrivKey, random); var certificate = certificateGenerator.Generate(signatureFactory); var x509 = new X509Certificate2(certificate.GetEncoded(), (string)null, X509KeyStorageFlags.Exportable); // Private key var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Invalid RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); var parms = DotNetUtilities.ToRSAParameters(rsaparams); var rsa1 = RSA.Create(); rsa1.ImportParameters(parms); // https://github.com/dotnet/runtime/issues/23749 var cert = x509.CopyWithPrivateKey(rsa1); return(new X509Certificate2(cert.Export(X509ContentType.Pkcs12))); }