static public ASN1 Attribute(string oid, ASN1 value) { ASN1 attr = new ASN1(0x30); attr.Add(ASN1Convert.FromOid(oid)); ASN1 aset = attr.Add(new ASN1(0x31)); aset.Add(value); return(attr); }
/* SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ private ASN1 SubjectPublicKeyInfo() { ASN1 keyInfo = new ASN1(0x30); if (aa is RSA) { keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.113549.1.1.1")); RSAParameters p = (aa as RSA).ExportParameters(false); /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER } -- e */ ASN1 key = new ASN1(0x30); key.Add(ASN1Convert.FromUnsignedBigInteger(p.Modulus)); key.Add(ASN1Convert.FromUnsignedBigInteger(p.Exponent)); keyInfo.Add(new ASN1(UniqueIdentifier(key.GetBytes()))); } else if (aa is DSA) { DSAParameters p = (aa as DSA).ExportParameters(false); /* Dss-Parms ::= SEQUENCE { * p INTEGER, * q INTEGER, * g INTEGER } */ ASN1 param = new ASN1(0x30); param.Add(ASN1Convert.FromUnsignedBigInteger(p.P)); param.Add(ASN1Convert.FromUnsignedBigInteger(p.Q)); param.Add(ASN1Convert.FromUnsignedBigInteger(p.G)); keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.10040.4.1", param)); ASN1 key = keyInfo.Add(new ASN1(0x03)); // DSAPublicKey ::= INTEGER -- public key, y key.Add(ASN1Convert.FromUnsignedBigInteger(p.Y)); } else { throw new NotSupportedException("Unknown Asymmetric Algorithm " + aa.ToString()); } return(keyInfo); }
/* * RSAPrivateKey ::= SEQUENCE { * version Version, * modulus INTEGER, -- n * publicExponent INTEGER, -- e * privateExponent INTEGER, -- d * prime1 INTEGER, -- p * prime2 INTEGER, -- q * exponent1 INTEGER, -- d mod (p-1) * exponent2 INTEGER, -- d mod (q-1) * coefficient INTEGER, -- (inverse of q) mod p * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ static public byte[] Encode(RSA rsa) { RSAParameters param = rsa.ExportParameters(true); ASN1 rsaPrivateKey = new ASN1(0x30); rsaPrivateKey.Add(new ASN1(0x02, new byte [1] { 0x00 })); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Modulus)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Exponent)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.D)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.P)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Q)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DP)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DQ)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.InverseQ)); return(rsaPrivateKey.GetBytes()); }
public byte[] GetBytes() { if (InnerList.Count < 1) { return(null); } ASN1 sequence = new ASN1(0x30); for (int i = 0; i < InnerList.Count; i++) { X509Extension x = (X509Extension)InnerList [i]; sequence.Add(x.ASN1); } return(sequence.GetBytes()); }
static public ASN1 FromString(string rdn) { if (rdn == null) { throw new ArgumentNullException("rdn"); } int pos = 0; ASN1 asn1 = new ASN1(0x30); while (pos < rdn.Length) { X520.AttributeTypeAndValue atv = ReadAttribute(rdn, ref pos); atv.Value = ReadValue(rdn, ref pos); ASN1 sequence = new ASN1(0x31); sequence.Add(atv.GetASN1()); asn1.Add(sequence); } return(asn1); }
public bool VerifySignature(AsymmetricAlgorithm aa) { if (aa == null) { return(false); } RSAPKCS1SignatureDeformatter r = new RSAPKCS1SignatureDeformatter(aa); r.SetHashAlgorithm(hashAlgorithm); HashAlgorithm ha = HashAlgorithm.Create(hashAlgorithm); byte[] signature = signerInfo.Signature; byte[] hash = null; if (mda) { ASN1 asn = new ASN1(0x31); foreach (ASN1 attr in signerInfo.AuthenticatedAttributes) { asn.Add(attr); } hash = ha.ComputeHash(asn.GetBytes()); } else { hash = ha.ComputeHash(contentInfo.Content[0].Value); } if (hash != null && signature != null) { return(r.VerifySignature(hash, signature)); } return(false); }
static public ASN1 FromString (string rdn) { if (rdn == null) throw new ArgumentNullException ("rdn"); int pos = 0; ASN1 asn1 = new ASN1 (0x30); while (pos < rdn.Length) { X520.AttributeTypeAndValue atv = ReadAttribute (rdn, ref pos); atv.Value = ReadValue (rdn, ref pos); ASN1 sequence = new ASN1 (0x31); sequence.Add (atv.GetASN1 ()); asn1.Add (sequence); } return asn1; }
// PKCS #1 v.2.1, Section 9.2 // EMSA-PKCS1-v1_5-Encode public static byte[] Encode_v15 (HashAlgorithm hash, byte[] hashValue, int emLength) { if (hashValue.Length != (hash.HashSize >> 3)) throw new CryptographicException ("bad hash length for " + hash.ToString ()); // DigestInfo ::= SEQUENCE { // digestAlgorithm AlgorithmIdentifier, // digest OCTET STRING // } byte[] t = null; string oid = CryptoConfig.MapNameToOID (hash.ToString ()); if (oid != null) { ASN1 digestAlgorithm = new ASN1 (0x30); digestAlgorithm.Add (new ASN1 (CryptoConfig.EncodeOID (oid))); digestAlgorithm.Add (new ASN1 (0x05)); // NULL ASN1 digest = new ASN1 (0x04, hashValue); ASN1 digestInfo = new ASN1 (0x30); digestInfo.Add (digestAlgorithm); digestInfo.Add (digest); t = digestInfo.GetBytes (); } else { // There are no valid OID, in this case t = hashValue // This is the case of the MD5SHA hash algorithm t = hashValue; } Buffer.BlockCopy (hashValue, 0, t, t.Length - hashValue.Length, hashValue.Length); int PSLength = System.Math.Max (8, emLength - t.Length - 3); // PS = PSLength of 0xff // EM = 0x00 | 0x01 | PS | 0x00 | T byte[] EM = new byte [PSLength + t.Length + 3]; EM [1] = 0x01; for (int i=2; i < PSLength + 2; i++) EM[i] = 0xff; Buffer.BlockCopy (t, 0, EM, PSLength + 3, t.Length); return EM; }
public byte[] GetBytes () { if (InnerList.Count < 1) return null; ASN1 sequence = new ASN1 (0x30); for (int i=0; i < InnerList.Count; i++) { X509Extension x = (X509Extension) InnerList [i]; sequence.Add (x.ASN1); } return sequence.GetBytes (); }
internal ASN1 GetASN1 (byte encoding) { byte encode = encoding; if (encode == 0xFF) encode = SelectBestEncoding (); ASN1 asn1 = new ASN1 (0x30); asn1.Add (ASN1Convert.FromOid (oid)); switch (encode) { case 0x13: // PRINTABLESTRING asn1.Add (new ASN1 (0x13, Encoding.ASCII.GetBytes (attrValue))); break; case 0x16: // IA5STRING asn1.Add (new ASN1 (0x16, Encoding.ASCII.GetBytes (attrValue))); break; case 0x1E: // BMPSTRING asn1.Add (new ASN1 (0x1E, Encoding.BigEndianUnicode.GetBytes (attrValue))); break; } return asn1; }
private byte[] Build (ASN1 tbs, string hashoid, byte[] signature) { ASN1 builder = new ASN1 (0x30); builder.Add (tbs); builder.Add (PKCS7.AlgorithmIdentifier (hashoid)); // first byte of BITSTRING is the number of unused bits in the first byte byte[] bitstring = new byte [signature.Length + 1]; Buffer.BlockCopy (signature, 0, bitstring, 1, signature.Length); builder.Add (new ASN1 (0x03, bitstring)); return builder.GetBytes (); }
internal ASN1 GetASN1() { if ((key == null) || (hashAlgorithm == null)) { return(null); } byte[] ver = { version }; ASN1 signerInfo = new ASN1(0x30); // version Version -> Version ::= INTEGER signerInfo.Add(new ASN1(0x02, ver)); // issuerAndSerialNumber IssuerAndSerialNumber, signerInfo.Add(PKCS7.IssuerAndSerialNumber(x509)); // digestAlgorithm DigestAlgorithmIdentifier, string hashOid = CryptoConfig.MapNameToOID(hashAlgorithm); signerInfo.Add(AlgorithmIdentifier(hashOid)); // authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, ASN1 aa = null; if (authenticatedAttributes.Count > 0) { aa = signerInfo.Add(new ASN1(0xA0)); authenticatedAttributes.Sort(new SortedSet()); foreach (ASN1 attr in authenticatedAttributes) { aa.Add(attr); } } // digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, if (key is RSA) { signerInfo.Add(AlgorithmIdentifier(PKCS7.Oid.rsaEncryption)); if (aa != null) { // Calculate the signature here; otherwise it must be set from SignedData RSAPKCS1SignatureFormatter r = new RSAPKCS1SignatureFormatter(key); r.SetHashAlgorithm(hashAlgorithm); byte[] tbs = aa.GetBytes(); tbs [0] = 0x31; // not 0xA0 for signature HashAlgorithm ha = HashAlgorithm.Create(hashAlgorithm); byte[] tbsHash = ha.ComputeHash(tbs); signature = r.CreateSignature(tbsHash); } } else if (key is DSA) { throw new NotImplementedException("not yet"); } else { throw new CryptographicException("Unknown assymetric algorithm"); } // encryptedDigest EncryptedDigest, signerInfo.Add(new ASN1(0x04, signature)); // unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL if (unauthenticatedAttributes.Count > 0) { ASN1 ua = signerInfo.Add(new ASN1(0xA1)); unauthenticatedAttributes.Sort(new SortedSet()); foreach (ASN1 attr in unauthenticatedAttributes) { ua.Add(attr); } } return(signerInfo); }
// Note: PKCS#8 doesn't define how to generate the key required for encryption // so you're on your own. Just don't try to copy the big guys too much ;) // Netscape: http://www.cs.auckland.ac.nz/~pgut001/pubs/netscape.txt // Microsoft: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt public byte[] GetBytes () { if (_algorithm == null) throw new CryptographicException ("No algorithm OID specified"); ASN1 encryptionAlgorithm = new ASN1 (0x30); encryptionAlgorithm.Add (ASN1Convert.FromOid (_algorithm)); // parameters ANY DEFINED BY algorithm OPTIONAL if ((_iterations > 0) || (_salt != null)) { ASN1 salt = new ASN1 (0x04, _salt); ASN1 iterations = ASN1Convert.FromInt32 (_iterations); ASN1 parameters = new ASN1 (0x30); parameters.Add (salt); parameters.Add (iterations); encryptionAlgorithm.Add (parameters); } // encapsulates EncryptedData into an OCTET STRING ASN1 encryptedData = new ASN1 (0x04, _data); ASN1 encryptedPrivateKeyInfo = new ASN1 (0x30); encryptedPrivateKeyInfo.Add (encryptionAlgorithm); encryptedPrivateKeyInfo.Add (encryptedData); return encryptedPrivateKeyInfo.GetBytes (); }
/* * SafeContents ::= SEQUENCE OF SafeBag * * SafeBag ::= SEQUENCE { * bagId BAG-TYPE.&id ({PKCS12BagSet}), * bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), * bagAttributes SET OF PKCS12Attribute OPTIONAL * } */ public byte[] GetBytes () { // TODO (incomplete) ASN1 safeBagSequence = new ASN1 (0x30); // Sync Safe Bag list since X509CertificateCollection may be updated ArrayList scs = new ArrayList (); foreach (SafeBag sb in _safeBags) { if (sb.BagOID.Equals (certBag)) { ASN1 safeBag = sb.ASN1; ASN1 bagValue = safeBag [1]; PKCS7.ContentInfo cert = new PKCS7.ContentInfo (bagValue.Value); scs.Add (new X509Certificate (cert.Content [0].Value)); } } ArrayList addcerts = new ArrayList (); ArrayList removecerts = new ArrayList (); foreach (X509Certificate c in Certificates) { bool found = false; foreach (X509Certificate lc in scs) { if (Compare (c.RawData, lc.RawData)) { found = true; } } if (!found) { addcerts.Add (c); } } foreach (X509Certificate c in scs) { bool found = false; foreach (X509Certificate lc in Certificates) { if (Compare (c.RawData, lc.RawData)) { found = true; } } if (!found) { removecerts.Add (c); } } foreach (X509Certificate c in removecerts) { RemoveCertificate (c); } foreach (X509Certificate c in addcerts) { AddCertificate (c); } // Sync done if (_safeBags.Count > 0) { ASN1 certsSafeBag = new ASN1 (0x30); foreach (SafeBag sb in _safeBags) { if (sb.BagOID.Equals (certBag)) { certsSafeBag.Add (sb.ASN1); } } if (certsSafeBag.Count > 0) { PKCS7.ContentInfo contentInfo = EncryptedContentInfo (certsSafeBag, pbeWithSHAAnd3KeyTripleDESCBC); safeBagSequence.Add (contentInfo.ASN1); } } if (_safeBags.Count > 0) { ASN1 safeContents = new ASN1 (0x30); foreach (SafeBag sb in _safeBags) { if (sb.BagOID.Equals (keyBag) || sb.BagOID.Equals (pkcs8ShroudedKeyBag)) { safeContents.Add (sb.ASN1); } } if (safeContents.Count > 0) { ASN1 content = new ASN1 (0xA0); content.Add (new ASN1 (0x04, safeContents.GetBytes ())); PKCS7.ContentInfo keyBag = new PKCS7.ContentInfo (PKCS7.Oid.data); keyBag.Content = content; safeBagSequence.Add (keyBag.ASN1); } } // Doing SecretBags separately in case we want to change their encryption independently. if (_safeBags.Count > 0) { ASN1 secretsSafeBag = new ASN1 (0x30); foreach (SafeBag sb in _safeBags) { if (sb.BagOID.Equals (secretBag)) { secretsSafeBag.Add (sb.ASN1); } } if (secretsSafeBag.Count > 0) { PKCS7.ContentInfo contentInfo = EncryptedContentInfo (secretsSafeBag, pbeWithSHAAnd3KeyTripleDESCBC); safeBagSequence.Add (contentInfo.ASN1); } } ASN1 encapsulates = new ASN1 (0x04, safeBagSequence.GetBytes ()); ASN1 ci = new ASN1 (0xA0); ci.Add (encapsulates); PKCS7.ContentInfo authSafe = new PKCS7.ContentInfo (PKCS7.Oid.data); authSafe.Content = ci; ASN1 macData = new ASN1 (0x30); if (_password != null) { // only for password based encryption byte[] salt = new byte [20]; RNG.GetBytes (salt); byte[] macValue = MAC (_password, salt, _iterations, authSafe.Content [0].Value); ASN1 oidSeq = new ASN1 (0x30); oidSeq.Add (ASN1Convert.FromOid ("1.3.14.3.2.26")); // SHA1 oidSeq.Add (new ASN1 (0x05)); ASN1 mac = new ASN1 (0x30); mac.Add (oidSeq); mac.Add (new ASN1 (0x04, macValue)); macData.Add (mac); macData.Add (new ASN1 (0x04, salt)); macData.Add (ASN1Convert.FromInt32 (_iterations)); } ASN1 version = new ASN1 (0x02, new byte [1] { 0x03 }); ASN1 pfx = new ASN1 (0x30); pfx.Add (version); pfx.Add (authSafe.ASN1); if (macData.Count > 0) { // only for password based encryption pfx.Add (macData); } return pfx.GetBytes (); }
// Creates an encrypted PKCS#7 ContentInfo with safeBags as its SafeContents. Used in GetBytes(), above. private PKCS7.ContentInfo EncryptedContentInfo(ASN1 safeBags, string algorithmOid) { byte[] salt = new byte [8]; RNG.GetBytes (salt); ASN1 seqParams = new ASN1 (0x30); seqParams.Add (new ASN1 (0x04, salt)); seqParams.Add (ASN1Convert.FromInt32 (_iterations)); ASN1 seqPbe = new ASN1 (0x30); seqPbe.Add (ASN1Convert.FromOid (algorithmOid)); seqPbe.Add (seqParams); byte[] encrypted = Encrypt (algorithmOid, salt, _iterations, safeBags.GetBytes ()); ASN1 encryptedContent = new ASN1 (0x80, encrypted); ASN1 seq = new ASN1 (0x30); seq.Add (ASN1Convert.FromOid (PKCS7.Oid.data)); seq.Add (seqPbe); seq.Add (encryptedContent); ASN1 version = new ASN1 (0x02, new byte [1] { 0x00 }); ASN1 encData = new ASN1 (0x30); encData.Add (version); encData.Add (seq); ASN1 finalContent = new ASN1 (0xA0); finalContent.Add (encData); PKCS7.ContentInfo bag = new PKCS7.ContentInfo (PKCS7.Oid.encryptedData); bag.Content = finalContent; return bag; }
protected override ASN1 ToBeSigned (string oid) { // TBSCertificate ASN1 tbsCert = new ASN1 (0x30); if (version > 1) { // TBSCertificate / [0] Version DEFAULT v1, byte[] ver = { (byte)(version - 1) }; ASN1 v = tbsCert.Add (new ASN1 (0xA0)); v.Add (new ASN1 (0x02, ver)); } // TBSCertificate / CertificateSerialNumber, tbsCert.Add (new ASN1 (0x02, sn)); // TBSCertificate / AlgorithmIdentifier, tbsCert.Add (PKCS7.AlgorithmIdentifier (oid)); // TBSCertificate / Name tbsCert.Add (X501.FromString (issuer)); // TBSCertificate / Validity ASN1 validity = tbsCert.Add (new ASN1 (0x30)); // TBSCertificate / Validity / Time validity.Add (ASN1Convert.FromDateTime (notBefore)); // TBSCertificate / Validity / Time validity.Add (ASN1Convert.FromDateTime (notAfter)); // TBSCertificate / Name tbsCert.Add (X501.FromString (subject)); // TBSCertificate / SubjectPublicKeyInfo tbsCert.Add (SubjectPublicKeyInfo ()); if (version > 1) { // TBSCertificate / [1] IMPLICIT UniqueIdentifier OPTIONAL if (issuerUniqueID != null) tbsCert.Add (new ASN1 (0xA1, UniqueIdentifier (issuerUniqueID))); // TBSCertificate / [2] IMPLICIT UniqueIdentifier OPTIONAL if (subjectUniqueID != null) tbsCert.Add (new ASN1 (0xA1, UniqueIdentifier (subjectUniqueID))); // TBSCertificate / [3] Extensions OPTIONAL if ((version > 2) && (extensions.Count > 0)) tbsCert.Add (new ASN1 (0xA3, extensions.GetBytes ())); } return tbsCert; }
/* SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ private ASN1 SubjectPublicKeyInfo () { ASN1 keyInfo = new ASN1 (0x30); if (aa is RSA) { keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.113549.1.1.1")); RSAParameters p = (aa as RSA).ExportParameters (false); /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER } -- e */ ASN1 key = new ASN1 (0x30); key.Add (ASN1Convert.FromUnsignedBigInteger (p.Modulus)); key.Add (ASN1Convert.FromUnsignedBigInteger (p.Exponent)); keyInfo.Add (new ASN1 (UniqueIdentifier (key.GetBytes ()))); } else if (aa is DSA) { DSAParameters p = (aa as DSA).ExportParameters (false); /* Dss-Parms ::= SEQUENCE { * p INTEGER, * q INTEGER, * g INTEGER } */ ASN1 param = new ASN1 (0x30); param.Add (ASN1Convert.FromUnsignedBigInteger (p.P)); param.Add (ASN1Convert.FromUnsignedBigInteger (p.Q)); param.Add (ASN1Convert.FromUnsignedBigInteger (p.G)); keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.10040.4.1", param)); ASN1 key = keyInfo.Add (new ASN1 (0x03)); // DSAPublicKey ::= INTEGER -- public key, y key.Add (ASN1Convert.FromUnsignedBigInteger (p.Y)); } else throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ()); return keyInfo; }
internal ASN1 GetASN1() { // SignedData ::= SEQUENCE { ASN1 signedData = new ASN1(0x30); // version Version -> Version ::= INTEGER byte[] ver = { version }; signedData.Add(new ASN1(0x02, ver)); // digestAlgorithms DigestAlgorithmIdentifiers -> DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier ASN1 digestAlgorithms = signedData.Add(new ASN1(0x31)); if (hashAlgorithm != null) { string hashOid = CryptoConfig.MapNameToOID(hashAlgorithm); digestAlgorithms.Add(AlgorithmIdentifier(hashOid)); } // contentInfo ContentInfo, ASN1 ci = contentInfo.ASN1; signedData.Add(ci); if (!signed && (hashAlgorithm != null)) { if (mda) { // Use authenticated attributes for signature // Automatically add the contentType authenticated attribute ASN1 ctattr = Attribute(Oid.contentType, ci[0]); signerInfo.AuthenticatedAttributes.Add(ctattr); // Automatically add the messageDigest authenticated attribute HashAlgorithm ha = HashAlgorithm.Create(hashAlgorithm); byte[] idcHash = ha.ComputeHash(ci[1][0].Value); ASN1 md = new ASN1(0x30); ASN1 mdattr = Attribute(Oid.messageDigest, md.Add(new ASN1(0x04, idcHash))); signerInfo.AuthenticatedAttributes.Add(mdattr); } else { // Don't use authenticated attributes for signature -- signature is content RSAPKCS1SignatureFormatter r = new RSAPKCS1SignatureFormatter(signerInfo.Key); r.SetHashAlgorithm(hashAlgorithm); HashAlgorithm ha = HashAlgorithm.Create(hashAlgorithm); byte[] sig = ha.ComputeHash(ci[1][0].Value); signerInfo.Signature = r.CreateSignature(sig); } signed = true; } // certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL, if (certs.Count > 0) { ASN1 a0 = signedData.Add(new ASN1(0xA0)); foreach (X509Certificate x in certs) { a0.Add(new ASN1(x.RawData)); } } // crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, if (crls.Count > 0) { ASN1 a1 = signedData.Add(new ASN1(0xA1)); foreach (byte[] crl in crls) { a1.Add(new ASN1(crl)); } } // signerInfos SignerInfos -> SignerInfos ::= SET OF SignerInfo ASN1 signerInfos = signedData.Add(new ASN1(0x31)); if (signerInfo.Key != null) { signerInfos.Add(signerInfo.ASN1); } return(signedData); }
private ASN1 KeyBagSafeBag (AsymmetricAlgorithm aa, IDictionary attributes) { PKCS8.PrivateKeyInfo pki = new PKCS8.PrivateKeyInfo (); if (aa is RSA) { pki.Algorithm = "1.2.840.113549.1.1.1"; pki.PrivateKey = PKCS8.PrivateKeyInfo.Encode ((RSA)aa); } else if (aa is DSA) { pki.Algorithm = null; pki.PrivateKey = PKCS8.PrivateKeyInfo.Encode ((DSA)aa); } else throw new CryptographicException ("Unknown asymmetric algorithm {0}", aa.ToString ()); ASN1 safeBag = new ASN1 (0x30); safeBag.Add (ASN1Convert.FromOid (keyBag)); ASN1 bagValue = new ASN1 (0xA0); bagValue.Add (new ASN1 (pki.GetBytes ())); safeBag.Add (bagValue); if (attributes != null) { ASN1 bagAttributes = new ASN1 (0x31); IDictionaryEnumerator de = attributes.GetEnumerator (); while (de.MoveNext ()) { string oid = (string)de.Key; switch (oid) { case PKCS9.friendlyName: ArrayList names = (ArrayList)de.Value; if (names.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.friendlyName)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] name in names) { ASN1 attrValue = new ASN1 (0x1e); attrValue.Value = name; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; case PKCS9.localKeyId: ArrayList keys = (ArrayList)de.Value; if (keys.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.localKeyId)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] key in keys) { ASN1 attrValue = new ASN1 (0x04); attrValue.Value = key; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; default: break; } } if (bagAttributes.Count > 0) { safeBag.Add (bagAttributes); } } return safeBag; }
public byte[] GetBytes () { ASN1 privateKeyAlgorithm = new ASN1 (0x30); privateKeyAlgorithm.Add (ASN1Convert.FromOid (_algorithm)); privateKeyAlgorithm.Add (new ASN1 (0x05)); // ASN.1 NULL ASN1 pki = new ASN1 (0x30); pki.Add (new ASN1 (0x02, new byte [1] { (byte) _version })); pki.Add (privateKeyAlgorithm); pki.Add (new ASN1 (0x04, _key)); if (_list.Count > 0) { ASN1 attributes = new ASN1 (0xA0); foreach (ASN1 attribute in _list) { attributes.Add (attribute); } pki.Add (attributes); } return pki.GetBytes (); }
/* * RSAPrivateKey ::= SEQUENCE { * version Version, * modulus INTEGER, -- n * publicExponent INTEGER, -- e * privateExponent INTEGER, -- d * prime1 INTEGER, -- p * prime2 INTEGER, -- q * exponent1 INTEGER, -- d mod (p-1) * exponent2 INTEGER, -- d mod (q-1) * coefficient INTEGER, -- (inverse of q) mod p * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ static public byte[] Encode (RSA rsa) { RSAParameters param = rsa.ExportParameters (true); ASN1 rsaPrivateKey = new ASN1 (0x30); rsaPrivateKey.Add (new ASN1 (0x02, new byte [1] { 0x00 })); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Modulus)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Exponent)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.D)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.P)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Q)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DP)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DQ)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.InverseQ)); return rsaPrivateKey.GetBytes (); }
public virtual byte[] Sign (DSA key) { string oid = "1.2.840.10040.4.3"; ASN1 tbs = ToBeSigned (oid); HashAlgorithm ha = HashAlgorithm.Create (hashName); if (!(ha is SHA1)) throw new NotSupportedException ("Only SHA-1 is supported for DSA"); byte[] hash = ha.ComputeHash (tbs.GetBytes ()); DSASignatureFormatter dsa = new DSASignatureFormatter (key); dsa.SetHashAlgorithm (hashName); byte[] rs = dsa.CreateSignature (hash); // split R and S byte[] r = new byte [20]; Buffer.BlockCopy (rs, 0, r, 0, 20); byte[] s = new byte [20]; Buffer.BlockCopy (rs, 20, s, 0, 20); ASN1 signature = new ASN1 (0x30); signature.Add (new ASN1 (0x02, r)); signature.Add (new ASN1 (0x02, s)); // dsaWithSha1 (1 2 840 10040 4 3) return Build (tbs, oid, signature.GetBytes ()); }
private ASN1 CertificateSafeBag (X509Certificate x509, IDictionary attributes) { ASN1 encapsulatedCertificate = new ASN1 (0x04, x509.RawData); PKCS7.ContentInfo ci = new PKCS7.ContentInfo (); ci.ContentType = x509Certificate; ci.Content.Add (encapsulatedCertificate); ASN1 bagValue = new ASN1 (0xA0); bagValue.Add (ci.ASN1); ASN1 safeBag = new ASN1 (0x30); safeBag.Add (ASN1Convert.FromOid (certBag)); safeBag.Add (bagValue); if (attributes != null) { ASN1 bagAttributes = new ASN1 (0x31); IDictionaryEnumerator de = attributes.GetEnumerator (); while (de.MoveNext ()) { string oid = (string)de.Key; switch (oid) { case PKCS9.friendlyName: ArrayList names = (ArrayList)de.Value; if (names.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.friendlyName)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] name in names) { ASN1 attrValue = new ASN1 (0x1e); attrValue.Value = name; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; case PKCS9.localKeyId: ArrayList keys = (ArrayList)de.Value; if (keys.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.localKeyId)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] key in keys) { ASN1 attrValue = new ASN1 (0x04); attrValue.Value = key; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; default: break; } } if (bagAttributes.Count > 0) { safeBag.Add (bagAttributes); } } return safeBag; }
private ASN1 SecretBagSafeBag (byte[] secret, IDictionary attributes) { ASN1 safeBag = new ASN1 (0x30); safeBag.Add (ASN1Convert.FromOid (secretBag)); ASN1 bagValue = new ASN1 (0x80, secret); safeBag.Add (bagValue); if (attributes != null) { ASN1 bagAttributes = new ASN1 (0x31); IDictionaryEnumerator de = attributes.GetEnumerator (); while (de.MoveNext ()) { string oid = (string)de.Key; switch (oid) { case PKCS9.friendlyName: ArrayList names = (ArrayList)de.Value; if (names.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.friendlyName)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] name in names) { ASN1 attrValue = new ASN1 (0x1e); attrValue.Value = name; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; case PKCS9.localKeyId: ArrayList keys = (ArrayList)de.Value; if (keys.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.localKeyId)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] key in keys) { ASN1 attrValue = new ASN1 (0x04); attrValue.Value = key; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; default: break; } } if (bagAttributes.Count > 0) { safeBag.Add (bagAttributes); } } return safeBag; }